Showing: 1 - 10 of 13 RESULTS
We Broke the Code – Now Let’s Rewrite the OS!

We Broke the Code – Now Let’s Rewrite the OS!

Women have made great strides since we entered the workforce. We have a foot firmly in the door, and are scrambling for seats at the table. Now that we are in the system, it’s painfully obvious that the rules weren’t written with our requirements in mind and the code is woefully outdated.

How do we adapt the mad skills we developed to break into a male dominated industry, to find our niche and encourage more women to join the ranks? Are we going to settle for minor bug fixes and a superficial graphics refresh, or are we going to work together to rewrite the operating system?

We may not be able to accomplish everything at once but we can do something at once. We can start by re-programing ourselves, open-sourcing that code, and building a self-healing network and an operating system that is resilient enough to support our growing community. Let’s get started now!

Ethics in Social Engineering – Destroying the Target is Not the Goal

Ethics in penetration testing and specifically social engineering is a topic that is rarely addressed and frequently left up to the individuals involved. What is the difference between morals, ethics, and culture? Why do those distinctions matter. This presentation discusses best practices and the potential adverse impacts of unethical behavior. Why should the Social Engineer care about the target and why should the client care about the Social Engineers ethical values and approach.

Status: Ready – Preparing for your next Infosec Role

What happens when you are tired of your current InfoSec role, experience an unexpected layoff or if you would like to move on or up in your career? Instead of waiting to land a new job to learn new skills you can already be getting a head start on being the perfect candidate for your next role! This talk will discuss self-learning and taking the initiative to learn new skills on your own time for free or at a discounted price. I want to encourage others not to wait for their employer, university or a Bootcamp to get new skills. I will be providing resources and strategies that can be used to advance in your InfoSec career. Key factors to advancing in your InfoSec career include Never stop learning, your future job title, networking, and investing in yourself. After this talk, you will gain the confidence and the resources to prepare for your next InfoSec role.

Inside Out Security – Building Castles not Warehouses

Medieval castle builders made effective use of simple design principles to defend the most valuable assets in their castles. Centuries later there are clearly lessons we’ve forgotten that could help when it comes to how we defend our IT assets. From the moment we started to enable multi-user systems, we’ve gone about defending our information in all the wrong ways. In this session we’ll look at a completely different approach to designing security into our systems. We’ll look at new ways to understand what assets are, what threats those assets face, and how to leverage three basic types of defense mechanisms to effectively protect what we hold most dear. Ultimately you’ll learn how to bring technology and offensive security practices together into a cohesive defense approach that works. It’s time to defend your crown jewels inside a fortified castle rather than a thinly constructed warehouse.

Winning at workplace politics

Chances are, you’re frustrated that your ideas, solutions, and advice just don’t seem to get through to the decision-makers you work with. This happens to everyone from time to time, but if it’s a regular occurrence for you, you might need to learn to increase your influence at work.

Influence is the difference between that person at work whose team always seems to get extra staffing, or that developer who always gets to choose the tech, and those that don’t.

It isn’t magic, it isn’t luck, and it isn’t just natural ability. You can learn how to increase your influence through some simple planning, framing and delivery steps.

These skills are important if you want to make sure your expert opinion is understood and considered by those making crucial decisions about budgets, time frames, architecture, security and even everyday things like the air-conditioning temperature.

In this interactive workshop I will explain the basics of influence in a workplace, talk you through the steps, and walk you through addressing a real problem in your real workplace.

Why won’t they just get password managers already? User empathy for better security

Empathy as a security tool has been trending lately, mostly regarding attackers. But what does it look like to be empathetic to our users? Toward developers? Toward those who make the bugs, cut the corners, reuse their passwords and decline 2FA? And where do you even start?

I will make the case that empathetic security design and communication will:

  • increase take-up of security behaviors by users and developers
  • improve your ability, as a security professional, to communicate security concepts to developers, decision-makers, designers and users, and
  • help you design better tools and tips for users.

The core of the talk will focus on understanding users and developers. I will give three key concepts to guide you toward empathy, and I will present some entertaining and enlightening research on the beliefs, feelings and threat models that inform user behavior, and answer the question “why won’t users just get password managers already?” (It’s probably not what you think!)

To finish, I will give you some practical techniques for teasing out the reasons behind the reasons why your target audience, be they users, developers, or others, act the way they do, and tools for turning those reasons into incentives for better behavior and mutually agreeable outcomes.

Call Center Authentication

You’ve built login for your application—maybe you even have 2FA—but what happens when a customer calls the support number listed on your website or product?

Security teams and app developers have thought a lot about online authentication, but we haven’t applied the same rigor to designing systems for authenticating over the phone. At Twilio, product and engineering teams have spent the last year thinking about this problem and how to make the experience better for both the customer and the call center agent. In that time, I’ve called dozens of contact centers to learn about how everyone from startups to Fortune 50 companies attempt to identify and authenticate the end user. This talk will take a look at that research and outline best practices you can use in your own call centers. You’ll leave the session understanding what information should be made available to the agent and what kind of product features you can build into your web or mobile application that can facilitate phone authentication.

Backwards and In Heels: You Must Know the Business to Secure the Business

Security teams spend a lot of time focused on the results and impact of what happens when there’s a security failure. In turn, we have a bad habit of ‘Monday-Morning-Quarterback’ing all the things that should have happened to prevent the security failure in the first place. But have you ever attempted to fully implement all of the security advice that’s out there in conjunction with business priorities? Well, I did. In this presentation, I will share what I learned about what it takes to get application security right from design to delivery, how to communicate about REAL risk (without the FUD) and why we should eliminate the word “just” from our solutioning.

Tell Me About Yourself: Perfecting Your Elevator Pitch

Almost every interview has a version of the request, “Tell Me About Yourself.” People often have trouble articulating their journey and how it has made them a great employee. After my recent experiences having to answer it myself innumerable times as well as mentoring others at all career levels, I have developed tips for turning vague stories into a polished pitch. As a software engineer who went to art school, it’s critical that I articulate my skills clearly before I am dismissed by technical recruiters. This workshop starts with a presentation, but then quickly becomes interactive. I start with a warm-up question, then ask for a volunteer to tell their story. I give direct feedback which helps everyone absorb the main points by connecting it with the live example.

The key takeaways are: Everyone is better than they were before. At every job you were in, you learned something, even if technically you moved laterally or even down. If you worked as a barista, you learned customer service, multi-tasking and problem solving. Your skills are more important than how you used them. Instead of focusing on the task (e.g. folding clothes at a retail store), turn it into the skill (in that example, attention to detail and quality control). Remember that you are interviewing them as well. If a manager cannot appreciate your diverse skills, find the one who can.

Be The Change – She/They Strategies for Ascending to a Level of Tech Influence to Change the World

This presentation will talk about four specific things you can do to prevent burnout, manage the inequity in a way that works to your advantage, and have the staying power so that future generations will have the benefit of standing on your shoulders. You will leave with practices and your personal roadmap for navigating the US “brotropia” whether you are an executive, a senior tech pro, or just getting started in tech.