Security means lots of things to lots of different people, at the end of the day it's about protecting people. What is security and how is it changing as more of our data is stored online and more of the systems that use it are powered by learning algorithms? Privacy, confidentiality, safety, security: learning from the frontlines.
Track: Trust, Safety, & Security
Location: Empire Complex, 7th fl.
Day of week: Tuesday
Track Host: Jarrod Overson
Software Engineer @ShapeSecurity
Jarrod is a Director of Engineering at Shape Security where he led the development of Shape's Enterprise Defense. Jarrod is a frequent speaker on modern web threats and cybercrime and has been quoted by Forbes, the Wall Street Journal, CNET among others. He’s the co-author of O’Reilly’s Developing Web Components, creator of Plato, a static analysis tool for web applications, and frequently writes and records topics about reverse engineering and automation.
10:35am - 11:25am
From Developer to Security: How I Broke into Infosec
I've spent roughly 18 years building sites and apps for the web and while I always did my best to apply the basics of security, I never truly understood the many ways systems could be hacked. That changed when Wannacry hit and I decided to refocus my career to help secure not only systems, but people. In this talk I'll discuss the impetus for my career change, the challenges I faced as a new person to the community, how I forged relationships that helped me pave a solid path in the right direction and how I eventually broke into this amazing & competitive field. I hope that sharing this will help newcomers better navigate the murky waters of this community.
Rey Bango, Senior Security Advocate @Microsoft
1:40pm - 2:30pm
Robot Social Engineering: Social Engineering Using Physical Robots
Physical robots, such as Roombas, Baxter, Pepper, and many others, can make use of social abilities such as authority, persuasion, empathy, and so on. These social abilities can be used by robots to social engineer humans into doing or saying things that are not in their best interest. This talk will cover some of the capabilities of physical robots, related human-robot interaction research, and the interfaces that can be used by a robot to social engineer humans. Come discuss the security, privacy, and ethical implications of social robots, the interfaces used to control them, and the techniques that can be used to prevent robot social engineering attacks.
Brittany Postnikoff, Computer Security and Privacy / Human-Robot Interaction Researcher
2:55pm - 3:45pm
Modern WAF Bypass Scripting Techniques for Autonomous Attacks
#Scripting and automation are absolutely critical to many aspects of an attacker’s effectiveness, whether you're scraping data from a competitors website, or arbitraging March Madness bets. Modern WAFs and “bot detections” often add a small layer of intelligence to their monitoring, attempting to determine whether or not an attack is being automated, and shut the bot/botnet down. This presentation will be a mini-tutorial on how the various forms of “bot detection” out there work, and the philosophies behind how to modify/spoof the necessary client environments to bypass nearly all of them using anything from Python and Javascript to Selenium, Puppeteer and beyond.
Johnny Xmas, Blade Runner & Director of Field Engineering (NA / EU) @kasada_io
4:10pm - 5:00pm
Privacy Tools and Techniques for Developers
Most of us care about the protection of end users’ personal information, but isn’t this a problem for security and legal teams? How could developers help with privacy? This talk is a developer’s survey of privacy engineering, from foundational principles like privacy by design and the OWASP Top 10 Privacy Risks to advanced techniques such as federated learning and differential privacy in machine learning, as well as upcoming technologies like homomorphic encryption. Each tool or technique will have an introductory explanation and example use cases with a description of the benefits and limitations. Recommended sources for further learning about each concept will be provided.
Amber Welch, Privacy Technical Lead at Schellman & Company, LLC
5:25pm - 6:15pm
How Much Does It Cost to Attack You?
How much does it cost to attack you and what are attackers getting out of it? Attacks, breaches, exploits, and malware are nearly a daily occurrence. Why aren’t billion-dollar products solving the problems we’ve had for decades? The problem is two-fold, attacks are getting cheaper to perform and the value of an attack is increasing daily. This is leading to increasingly sophisticated tools attacking platforms that have not kept up.
In this session, Jarrod will describe the cost vs value justification of an attack, how it shifts over time, and why it means that silver bullets just don’t exist. We’ll walk through the evolution of one of the cheapest modern attacks, credential stuffing, and see what attackers do after they have data and access.
Attackers are clever fraudsters, when you see how cheap it is to exploit you and how much value they wring out of your data it will help you prioritize better protection for yourself and in the software you write.
Jarrod Overson, Software Engineer @ShapeSecurity
2019 Tracks
Monday, 24 June
-
Architectures You've Always Wondered About
Hard earned lessons from names you know on scalability, reliability, throughput, and performance.
-
Modern CS in the Real World
Thoughts pushing software forward, including consensus, CRDTs, formal methods, & probabilistic programming.
-
Machine Learning for Developers
Machine learning is more approachable than ever. Learn techniques and use cases with PyTorch, Keras and TensorFlow that will become foundational for moderan application developers.
-
Developing/Optimizing Clients for Developers
Electron, Flutter, JavaScript, GraphQL, Node/NPM. Web Workers, Wasm, WebVR, Speech/Alexia/Pipeline. More topics than room in this modern UI tech track.
-
Human Systems: Hacking the Org
Innovative approaches to organizational leadership and management to build unique company cultures.
-
Speaker AMAs (Ask Me Anything)
Tuesday, 25 June
-
Microservices / Serverless (Patterns & Practices)
Evolving, observing, persisting, operating, and building modern architectures.
-
Modern Java Innovations
6 month cadence, cloud-native deployments, scale, Graal, Kotlin, and beyond. Learn how the role of Java as it is evolves for the next 20 years.
-
Data Engineering for the Bold
Explore the power of data systems & architectures
-
Non-Technical Skills for Technical Folks
Good engineers are great programmers. Amazing engineers are great collaborators.
-
Trust, Safety, & Security
Privacy, confidentiality, safety, security: Learnings from the frontlines
-
Speaker AMAs (Ask Me Anything)
Wednesday, 26 June
-
Architecting for Success when Failure is Guaranteed
More than just building software, building deployable production ready software in the face of guaranteed failure.
-
21st Century Languages
Lessons learned from building languages like Rust, Go-lang, Swift, Kotlin, and more.
-
Building High-Performing Teams
What “high-performing team” means and how to build one effectively depends on context. This track will share different experiences of building high-performing teams in order to highlight how different contexts lead to different solutions but also what typically stays the same because we’re still dealing with humans trying to work together. How do different forces affect the building of high-performing teams.
-
Software Defined Infrastructure: Kubernetes, Service Meshes, & Beyond
Deploying, scaling, managing your services is undifferentiated heavy lifting. Hear stories, learn techniques, and dive deep into software infrastructure.
-
High-Performance Computing: Lessons from FinTech & AdTech
Killing latency and getting the most out of your hardware.
-
Speaker AMAs (Ask Me Anything)