Speaker: Angelo Prado
Angelo Prado is the Senior Director of Application Security at Jet.com / Walmart. Prior to his current role he was a Director of Product Security at Salesforce, led a Security Engineering team and managed one of the largest Bug Bounty Programs in the industry. Mr. Prado has also worked as a Software Engineer at Microsoft and Motorola, delivering key contributions to their security product lines.
Mr. Prado is one of the authors of BREACH, a security exploit against SSL which leverages a compression side channel to derive secrets from the cipher-text in an HTTPS stream. As a thought leader of the security community, Mr. Prado frequently speaks at major conferences worldwide, including Black Hat USA (2017, 2014, 2013), Black Hat Asia (2015), ToorCon (2013, 2015), SecTor, Hacker Halted, TakeDownCon, SC Congress, Georgetown University and more.
Mr. Prado also serves as an strategic advisor to HackerOne and as a member of the advisory board at COMFIE, a 501(c) 3 non-profit educational organization. In his spare time, he teaches a graduate class as an associate professor at Universidad Pontificia Comillas, Madrid, eats Spanish ham and has personally discovered and contributed to over a dozen CVEs.
Find Angelo Prado at
Talk : 7 Strategies for Scaling Product Security
Other talks from track Real World Security


Tracks
-
Microservices: Patterns & Practices
Evolving, observing, persisting, and building modern microservices
-
Developer Experience: Level up Your Engineering Effectiveness
Improving the end to end developer experience - design, dev, test, deploy, operate/understand. Tools, techniques, and trends.
-
Modern Java Reloaded
Modern, Modular, fast, and effective Java. Pushing the boundaries of JDK 9 and beyond.
-
Modern User Interfaces: Screens and Beyond
Zero UI, voice, mobile: Interfaces pushing the boundary of what we consider to be the interface
-
Practical Machine Learning
Applied machine learning lessons for SWEs, including tech around TensorFlow, TPUs, Keras, Caffe, & more
-
Ethics in Computing
Inclusive technology, Ethics and politics of technology. Considering bias. Societal relationship with tech. Also the privacy problems we have today (e.g., GDPR, right to be forgotten)
-
Architectures You've Always Wondered About
Next-gen architectures from the most admired companies in software, such as Netflix, Google, Facebook, Twitter, Goldman Sachs
-
Modern CS in the Real World
Thoughts pushing software forward, including consensus, CRDT's, formal methods, & probalistic programming
-
Container and Orchestration Platforms in Action
Runtime containers, libraries, and services that power microservices
-
Finding the Serverless Sweetspot
Stories about the pains and gains from migrating to Serverless.
-
Chaos, Complexity, and Resilience
Lessons building resilient systems and the war stories that drove their adoption
-
Real World Security
Practical lessons building, maintaining, and deploying secure systems
-
Blockchain Enabled
Exploring Smart contracts, oracles, sidechains, and what can/cannot be done with blockchain today.
-
21st Century Languages
Lessons learned from languages like Rust, Go-lang, Swift, Kotlin, and more.
-
Empowered Teams
Safely running inclusive teams that are autonomous and self-correcting