Presentation: Making Security Usable: Product Engineer Perspective

Track: Real World Security

Location: Majestic Complex, 6th fl

Duration: 10:35am - 11:25am

Day of week: Friday

Level: Intermediate

Persona: Developer, Security Professional

Share this on:

Abstract

This is a story of going through typical security challenges: how to build products that reliably deliver security guarantees, avoid typical pitfalls, and are usable in a predictable fashion by real users. It's a tale of balancing religious adherence to security practices with keeping customer's needs in mind at all time inside the development team; listening to the customers and observing actual behavior outside in the wild; and trying to make the best decisions to empower customers with easy tools for encrypting data in their apps securely and without pain.   

We'll take a look at the process through the eyes of one of our customers, who made all the things wrong before doing things right, and through the eyes of product engineer, responsible for learning the lessons to make security products even more usable and reliable for non-security-focused engineers. 

Key takeaways: 

Attendees will go through several stages of inception and implementation of database encryption/intrusion detection tools. They will see the "behind the scenes" work inside a cryptographic engineering company, will see how customers are one of the most useful people to learn from, and how getting over "we tell you what to do" mentality makes security tools better.

Speaker: Anastasiia Voitova

Security Focused Product Engineer @CossackLabs & Co-Organizer CocoaHeads Ukraine

Anastasiia is a software engineer with plenty of experience in building mobile apps. She developed many applications, frequently taking care of both mobile and server sides of the product. At some point, she realized how much sensitive data users do put into their apps, and mobile developers mostly don't care about security, believing that "Apple/Google will take care of us". 

Security is her topic of interest since forever, so she joined the forces of Cossack Labs first as open source contributor and mobile consultant, then fully immersing into the world of data security and cryptography.

Anastasiia is maintaining open-source security library Themis, that allows developers to integrate encryption into their apps and infrastructures easily. She is conducting workshops and consulting teams about applied data protection design.

Find Anastasiia Voitova at

Tracks