Track: Trust, Safety, & Security

Location: Empire Complex, 7th fl.

Day of week: Tuesday

Security means lots of things to lots of different people, at the end of the day it's about protecting people. What is security and how is it changing as more of our data is stored online and more of the systems that use it are powered by learning algorithms? Privacy, confidentiality, safety, security: learning from the frontlines.

Track Host: Jarrod Overson

Software Engineer @ShapeSecurity

Jarrod has been developing on the web for over 15 years in both startups and global companies and currently works at Shape Security. He founded Gossamer to help bootstrap companies into developing for the modern web and has provided free community training on everything from node to backbone. Jarrod is an active proponent and contributor to open source, creator of Plato, and a member of the Grunt, Marionette, and ES-Analysis teams. @jsoverson

10:35am - 11:25am

From Developer to Security: How I Broke into Infosec

I've spent roughly 18 years building sites and apps for the web and while I always did my best to apply the basics of security, I never truly understood the many ways systems could be hacked. That changed when Wannacry hit and I decided to refocus my career to help secure not only systems, but people. In this talk I'll discuss the impetus for my career change, the challenges I faced as a new person to the community, how I forged relationships that helped me pave a solid path in the right direction and how I eventually broke into this amazing & competitive field. I hope that sharing this will help newcomers better navigate the murky waters of this community.

Rey Bango, Senior Security Advocate @Microsoft

11:50am - 12:40pm

Robot Social Engineering: Social Engineering Using Physical Robots

Physical robots, such as Roombas, Baxter, Pepper, and many others, can make use of social abilities such as authority, persuasion, empathy, and so on. These social abilities can be used by robots to social engineer humans into doing or saying things that are not in their best interest. This talk will cover some of the capabilities of physical robots, related human-robot interaction research, and the interfaces that can be used by a robot to social engineer humans. Come discuss the security, privacy, and ethical implications of social robots, the interfaces used to control them, and the techniques that can be used to prevent robot social engineering attacks.

Brittany Postnikoff, Computer Security and Privacy / Human-Robot Interaction Researcher

1:40pm - 2:30pm

Modern WAF Bypass Scripting Techniques for Autonomous Attacks

#Scripting and automation are absolutely critical to many aspects of an attacker’s effectiveness, whether you're scraping data from a competitors website, or arbitraging March Madness bets. Modern WAFs and “bot detections” often add a small layer of intelligence to their monitoring, attempting to determine whether or not an attack is being automated, and shut the bot/botnet down. This presentation will be a mini-tutorial on how the various forms of “bot detection” out there work, and the philosophies behind how to modify/spoof the necessary client environments to bypass nearly all of them using anything from Python and Javascript to Selenium, Puppeteer and beyond.

Johnny Xmas, Blade Runner & Director of Field Engineering (NA / EU) @kasada_io


Monday, 24 June

Tuesday, 25 June

Wednesday, 26 June

  • Architecting For Failure

    More than just building software, building deployable production ready software in the face of guaranteed failure.

  • 21st Century Languages

    Lessons learned from building languages like Rust, Go-lang, Swift, Kotlin, and more.

  • Building High-Performing Teams

    What “high-performing team” means and how to build one effectively depends on context. This track will share different experiences of building high-performing teams in order to highlight how different contexts lead to different solutions but also what typically stays the same because we’re still dealing with humans trying to work together. How do different forces affect the building of high-performing teams.

  • Software Defined Infrastructure: Kubernetes, Service Meshes, & Beyond

    Deploying, scaling, managing your services is undifferentiated heavy lifting. Hear stories, learn techniques, and dive deep into software infrastructure.

  • High-Performance Computing: Lessons from FinTech & AdTech

    Killing latency and getting the most out of your hardware.