Security
Past Presentations
Addressing Security Regression By Unit Testing
Regression in codebases is a significant problem that proportionally significant amounts of effort have already been spent addressing. Regression is a similarly large problem in the realm of security, yet de-facto standards and approaches for addressing the issue remain absent. Even when security...
Doorman - An Osquery Fleet Manager
Osquery allows you to easily ask questions about your Linux, Windows, and macOS infrastructure using standard SQL-based statements. But how? Organizations deploying osquery will need to engineer various solutions to accomplish this seemingly simple task. Enter Doorman. This simple...
Trusting Mobile Clients with Remote Attestation
Everyone knows that in client-server systems, you can't trust the client. However, remote attestation gives us a way to change this. As Square provides financial services on unmanaged mobile devices, building more visibility into the client's runtime environment helps us fight fraud and offer...
Defense in Depth: In Depth
Hindsight is often 20/20 for security vulnerabilities, and it is too easy to point fingers and cast blame when a security incident occurs. However, working to prevent a security compromise can feel like an unparalleled challenge, where no amount of planning can cover or foresee every point of...
Engineering Secure Products at Facebook
In this talk we'll discuss how we build secure products at Facebook. Our strategy includes building safe by default frameworks, using code analysis in creative and powerful ways, building meaningful relationships with whitehat researchers, and deeply understanding risks to specialized products...
Making Security Usable: Product Engineer Perspective
This is a story of going through typical security challenges: how to build products that reliably deliver security guarantees, avoid typical pitfalls, and are usable in a predictable fashion by real users. It's a tale of balancing religious adherence to security practices with keeping customer's...
Interviews
Defense in Depth: In Depth
What will this talk cover?
We'll essentially be looking at the different layers at which security can be compromised. So those layers are ranging from the codebase to architecture to the product. Basically, I'll be looking at where holes happen in between those layers.
Read Full InterviewData Security Dreams and Nightmares
What’s the focus of the work you do today?
We have done a lot of research over the years looking at information security, specifically around breaches. Whether it’s an honest mistake, a not so honest mistake, or pure negligence, breaches cause huge issues to a company and its victims. There’s a resulting correlation between good security and rewards.
Read Full Interview