Speaker: Angelo Prado

Senior Director, Application Security Engineering @Jet

Angelo Prado is the Senior Director of Application Security at Jet.com / Walmart. Prior to his current role he was a Director of Product Security at Salesforce, led a Security Engineering team and managed one of the largest Bug Bounty Programs in the industry. Mr. Prado has also worked as a Software Engineer at Microsoft and Motorola, delivering key contributions to their security product lines.     

Mr. Prado is one of the authors of BREACH, a security exploit against SSL which leverages a compression side channel to derive secrets from the cipher-text in an HTTPS stream. As a thought leader of the security community, Mr. Prado frequently speaks at major conferences worldwide, including Black Hat USA (2017, 2014, 2013), Black Hat Asia (2015), ToorCon (2013, 2015), SecTor, Hacker Halted, TakeDownCon, SC Congress, Georgetown University and more.     

Mr. Prado also serves as an strategic advisor to HackerOne and as a member of the advisory board at COMFIE, a 501(c) 3 non-profit educational organization. In his spare time, he teaches a graduate class as an associate professor at Universidad Pontificia Comillas, Madrid, eats Spanish ham and has personally discovered and contributed to over a dozen CVEs.

Find Angelo Prado at

@PradoAngelo
Linkedin

Talk : 7 Strategies for Scaling Product Security

Track : Real World Security
Location : Majestic Complex, 6th fl
Day of week : Friday
Duration : 2:55pm - 3:45pm

Product Security and Application Security Engineering teams are tasked with fixing and preventing security vulnerabilities, developing security controls, building meaningful security automation, maintaining security review processes, building security capabilities into existing products and leveraging the collective skills of the research community, whilst being the guardians of customer data.

Beyond Penetration Testing – In this presentation, we will cover seven different high-ROI strategies for resource-constrained Product Security teams that need to scale to support thousands of developers. We will dig deep into different tenets that help build and grow a high-functioning security engineering practice, including secret management, automation services, vulnerability management, reporting and operational excellence, bug bounty programs, training, engagement and product defense strategies.

Attendees will be provided with actionable technical strategies and time-tested lessons to build a comprehensive Secure SDL program and increase their organization's product security maturity in just a few months.

Other talks from track Real World Security

Data Security Dreams and Nightmares
Founder and Chief Information Security Officer @HoldSecurity
Alex Holden
Making Security Usable: Product Engineer Perspective
Security Focused Product Engineer @CossackLabs & Co-Organizer CocoaHeads Ukraine
Anastasiia Voitova
Engineering Secure Products at Facebook
Security Engineering Manager @Facebook NYC
Teddy Reed
Defense in Depth: In Depth
Software Engineer @HashiCorp
Chelsea Komlo

Tracks

Schedule