Security means lots of things to lots of different people, at the end of the day it's about protecting people. What is security and how is it changing as more of our data is stored online and more of the systems that use it are powered by learning algorithms? Privacy, confidentiality, safety, security: learning from the frontlines.
Track: Trust, Safety, & Security
Location: Empire Complex, 7th fl.
Day of week: Tuesday
Track Host: Jarrod Overson
Software Engineer @ShapeSecurity
Jarrod has been developing on the web for over 15 years in both startups and global companies and currently works at Shape Security. He founded Gossamer to help bootstrap companies into developing for the modern web and has provided free community training on everything from node to backbone. Jarrod is an active proponent and contributor to open source, creator of Plato, and a member of the Grunt, Marionette, and ES-Analysis teams. @jsoverson
10:35am - 11:25am
From Developer to Security: How I Broke into Infosec
I've spent roughly 18 years building sites and apps for the web and while I always did my best to apply the basics of security, I never truly understood the many ways systems could be hacked. That changed when Wannacry hit and I decided to refocus my career to help secure not only systems, but people. In this talk I'll discuss the impetus for my career change, the challenges I faced as a new person to the community, how I forged relationships that helped me pave a solid path in the right direction and how I eventually broke into this amazing & competitive field. I hope that sharing this will help newcomers better navigate the murky waters of this community.
Rey Bango, Senior Security Advocate @Microsoft
11:50am - 12:40pm
Robot Social Engineering: Social Engineering Using Physical Robots
Physical robots, such as Roombas, Baxter, Pepper, and many others, can make use of social abilities such as authority, persuasion, empathy, and so on. These social abilities can be used by robots to social engineer humans into doing or saying things that are not in their best interest. This talk will cover some of the capabilities of physical robots, related human-robot interaction research, and the interfaces that can be used by a robot to social engineer humans. Come discuss the security, privacy, and ethical implications of social robots, the interfaces used to control them, and the techniques that can be used to prevent robot social engineering attacks.
Brittany Postnikoff, Computer Security and Privacy / Human-Robot Interaction Researcher
1:40pm - 2:30pm
Modern WAF Bypass Scripting Techniques for Autonomous Attacks
#Scripting and automation are absolutely critical to many aspects of an attacker’s effectiveness, whether you're scraping data from a competitors website, or arbitraging March Madness bets. Modern WAFs and “bot detections” often add a small layer of intelligence to their monitoring, attempting to determine whether or not an attack is being automated, and shut the bot/botnet down. This presentation will be a mini-tutorial on how the various forms of “bot detection” out there work, and the philosophies behind how to modify/spoof the necessary client environments to bypass nearly all of them using anything from Python and Javascript to Selenium, Puppeteer and beyond.
Johnny Xmas, Blade Runner & Director of Field Engineering (NA / EU) @kasada_io
Tracks
Monday, 24 June
-
Architectures You've Always Wondered About
Hard earned lessons from names you know on scalability, reliability, throughput, and performance.
-
Modern CS in the Real World
Thoughts pushing software forward, including consensus, CRDTs, formal methods, & probabilistic programming.
-
Machine Learning for Developers
Machine learning is more approachable than ever. Learn techniques and use cases with PyTorch, Keras and TensorFlow that will become foundational for moderan application developers.
-
Developing/Optimizing Clients for Developers
Electron, Flutter, JavaScript, GraphQL, Node/NPM. Web Workers, Wasm, WebVR, Speech/Alexia/Pipeline. More topics than room in this modern UI tech track.
-
Human Systems: Hacking the Org
Innovative approaches to organizational leadership and management to build unique company cultures.
Tuesday, 25 June
-
Microservices / Serverless (Patterns & Practices)
Evolving, observing, persisting, operating, and building modern architectures.
-
Modern Java Innovations
6 month cadence, cloud-native deployments, scale, Graal, Kotlin, and beyond. Learn how the role of Java as it is evolves for the next 20 years.
-
Data Engineering for the Bold
Explore the power of data systems & architectures
-
Non-Technical Skills for Technical Folks
Good engineers are great programmers. Amazing engineers are great collaborators.
-
Trust, Safety, & Security
Privacy, confidentiality, safety, security: Learnings from the frontlines
Wednesday, 26 June
-
Architecting For Failure
More than just building software, building deployable production ready software in the face of guaranteed failure.
-
21st Century Languages
Lessons learned from building languages like Rust, Go-lang, Swift, Kotlin, and more.
-
Building High-Performing Teams
What “high-performing team” means and how to build one effectively depends on context. This track will share different experiences of building high-performing teams in order to highlight how different contexts lead to different solutions but also what typically stays the same because we’re still dealing with humans trying to work together. How do different forces affect the building of high-performing teams.
-
Software Defined Infrastructure: Kubernetes, Service Meshes, & Beyond
Deploying, scaling, managing your services is undifferentiated heavy lifting. Hear stories, learn techniques, and dive deep into software infrastructure.
-
High-Performance Computing: Lessons from FinTech & AdTech
Killing latency and getting the most out of your hardware.