Track: Fraud Detection and Hack Prevention


Day of week:

It's not a question of if your site will be attacked, but when. Are you ready?

Herein lie stories from the very people who fight the forces of evil -- the people who protect the Internet from spammers, hackers, abusers, and fraudsters. Come learn about real world fire fights and the secrets of the bad guys. Learn how to prevent an attack, how to defend your site from attack, and how to recover after an attack.

10:35am - 11:25am

by Armon Dadgar
Creator of Consul and Co-founder of Hashicorp

Secrets management is a complex problem that all organizations ranging from startups to large enterprises face. Securely distributing of secrets is only a small part of the challenge, as operators and security teams must reason about key rolling, auditing, and incident management during a compromise.

Vault is a new tool designed to tackle these problems by centralizing secrets, access control and auditing policies.

In this talk we discuss the problems faced in secrets...

11:50am - 12:40pm

by Paul Moreno
Security Team Lead at Pinterest

This session will educate you on how to federate AWS IAM permissions, roles, and users with a directory service such as LDAP or Active Directory with an Identity Provider. Using the open-source IdP software Shibboleth, we'll describe how this uses the AWS Security Token Service to reduce the need for long lived credentials for both the Web Console and CLI. The CLI federation uses an open-source project, written in Python; code named Aeris, that runs on linux environments.

2:55pm - 3:45pm

by Alex Holden
Founder and Chief Information Security Officer at Hold Security, LLC

Hackers are on the offense and they take time to understand our defenses. We, on the defense, do not always have time to understand the offenders. Taking a snapshot of the current threat landscape, we will derive practical lessons by analyzing a number of high profile breaches. We will examine hackers’ techniques, skills, and shortfalls. At the end, we should know more about our enemies to build better defenses against them.

4:10pm - 5:00pm

by Rich Smith
Director of Security at Etsy

Understanding people, and not just technology, is critical in building a successful Security team. Much has been spoken about Etsy's engineering culture, and how continuous deployment and 'devops' have been embraced and developed, but how does security operate in such an environment? This presentation will discuss the progressive approaches taken by the Etsy security team to provide security while not destroying the freedoms of the Etsy engineering culture that are loved so much.


5:25pm - 6:15pm

by Olaf Carlson-Wee
Head of Risk at Coinbase

Bitcoin is psuedonymous, instant, and digital. While these characteristics are core aspects of what make bitcoin valuable, it also renders bitcoin companies and their customers ideal targets for the hackers and scammers of the world. A variety of creative tactics have emerged in attempts to steal from bitcoin companies and their customers. Many bitcoin companies have failed due to some combination of security vulnerabilities, exploitation, and fraud.

From stolen bank credentials and...

Host: Rob Witoff Head of Data Science at Coinbase (form. NASA)


Wednesday Jun 10

Thursday Jun 11

Friday Jun 12