Anastasiia Voitova

Speaker: Anastasiia Voitova

Security Focused Product Engineer @CossackLabs & Co-Organizer CocoaHeads Ukraine

Anastasiia is a software engineer with plenty of experience in building mobile apps. She developed many applications, frequently taking care of both mobile and server sides of the product. At some point, she realized how much sensitive data users do put into their apps, and mobile developers mostly don't care about security, believing that "Apple/Google will take care of us".

Security is her topic of interest since forever, so she joined the forces of Cossack Labs first as open source contributor and mobile consultant, then fully immersing into the world of data security and cryptography.

Anastasiia is maintaining open-source security library Themis, that allows developers to integrate encryption into their apps and infrastructures easily. She is conducting workshops and consulting teams about applied data protection design.

Find Anastasiia Voitova at

@vixentael

Talk : Making Security Usable: Product Engineer Perspective

Track : Real World Security

Location : Majestic Complex, 6th fl

Day of week : Friday

Duration : 10:35am - 11:25am

This is a story of going through typical security challenges: how to build products that reliably deliver security guarantees, avoid typical pitfalls, and are usable in a predictable fashion by real users. It's a tale of balancing religious adherence to security practices with keeping customer's needs in mind at all time inside the development team; listening to the customers and observing actual behavior outside in the wild; and trying to make the best decisions to empower customers with easy tools for encrypting data in their apps securely and without pain.

We'll take a look at the process through the eyes of one of our customers, who made all the things wrong before doing things right, and through the eyes of product engineer, responsible for learning the lessons to make security products even more usable and reliable for non-security-focused engineers.

Key takeaways:

Attendees will go through several stages of inception and implementation of database encryption/intrusion detection tools. They will see the "behind the scenes" work inside a cryptographic engineering company, will see how customers are one of the most useful people to learn from, and how getting over "we tell you what to do" mentality makes security tools better.

Other talks from track Real World Security

Data Security Dreams and Nightmares

Founder and Chief Information Security Officer @HoldSecurity

Alex Holden

7 Strategies for Scaling Product Security

Senior Director, Application Security Engineering @Jet

Angelo Prado

Engineering Secure Products at Facebook

Security Engineering Manager @Facebook NYC

Teddy Reed

Defense in Depth: In Depth

Software Engineer @HashiCorp

Chelsea Komlo

Tracks

Microservices: Patterns & Practices

Evolving, observing, persisting, and building modern microservices
Developer Experience: Level up Your Engineering Effectiveness

Improving the end to end developer experience - design, dev, test, deploy, operate/understand. Tools, techniques, and trends.
Modern Java Reloaded

Modern, Modular, fast, and effective Java. Pushing the boundaries of JDK 9 and beyond.
Modern User Interfaces: Screens and Beyond

Zero UI, voice, mobile: Interfaces pushing the boundary of what we consider to be the interface
Practical Machine Learning

Applied machine learning lessons for SWEs, including tech around TensorFlow, TPUs, Keras, Caffe, & more

Ethics in Computing

Inclusive technology, Ethics and politics of technology. Considering bias. Societal relationship with tech. Also the privacy problems we have today (e.g., GDPR, right to be forgotten)
Architectures You've Always Wondered About

Next-gen architectures from the most admired companies in software, such as Netflix, Google, Facebook, Twitter, Goldman Sachs
Modern CS in the Real World

Thoughts pushing software forward, including consensus, CRDT's, formal methods, & probalistic programming
Container and Orchestration Platforms in Action

Runtime containers, libraries, and services that power microservices
Finding the Serverless Sweetspot

Stories about the pains and gains from migrating to Serverless.

Chaos, Complexity, and Resilience

Lessons building resilient systems and the war stories that drove their adoption
Real World Security

Practical lessons building, maintaining, and deploying secure systems
Blockchain Enabled

Exploring Smart contracts, oracles, sidechains, and what can/cannot be done with blockchain today.
21st Century Languages

Lessons learned from languages like Rust, Go-lang, Swift, Kotlin, and more.
Empowered Teams

Safely running inclusive teams that are autonomous and self-correcting

Schedule