Speaker: Christina Camilleri

Penetration Tester & Social Engineer @BishopFox

Christina Camilleri is a Security Analyst at Bishop Fox, a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. Christina’s primary areas of expertise are web application penetration testing, open-source intelligence (OSINT), and social engineering -- not only the psychological and physical involvement of social engineering, but also the manipulation and social influencing techniques that are able to exploit the behavior of others. She has attended and presented at local and international conferences on social engineering and has won highest scoring OSINT report for two years in a row in the DEFCON Social Engineering CTF. She’s an active and passionate contributor in the infosec industry, and a strong believer in user privacy, free expression, and innovation. Prior to joining Bishop Fox, Christina worked as an associate and senior information security consultant at BAE Systems Applied Intelligence, where she primarily concentrated her efforts in social engineering, digital forensics, and application and infrastructure penetration testing.

Find Christina Camilleri at

@0xkitty

Security Analyst at Bishop Fox

Talk: Securing Code through Social Engineering

Track: The Dark Side of Security

Location: Seacliff A/B

Duration: 5:25pm - 6:15pm

The weakest link in a security chain is often between keyboard and chair. We have a natural instinct as humans to trust someone’s word and although various technical means have been developed to cope with security threats, human factors have been comparatively neglected. As the infosec industry matures, security attacks are relying more on targeting people personally, often through social engineering. People can’t be fixed the same way a bug in your software can -- they can’t be maintained and they can't always be trusted. As software developers, we are spending a lot of time designing, perfecting and testing code. We’re taught to anticipate the behavior of a user and interact with it accordingly – a sort of trust between the end user and our creation. However, security vulnerabilities often stem from attackers finding the unexpressed possibilities in code and challenging the edge cases; constantly asking ‘what if I do this?’. In this talk I will explore what software developers are overlooking and explore the processes and technical controls that can be used to achieve a strong social engineering defense. Let me turn the tables and show you how social engineering should change the way we weave security into our testing, operations, and development workflows and be used to better secure code against human threats.

Other talks from the same track

Android Apps, an Attacker’s Perspective

Creator of QARK and Mobile Security Lead @ Linkedin

Tony Trummer

Applications through an attacker’s lens

Trust & Information Security Officer @Twitter

Michael Coates

Scammers, hackers, and fraud on the blockchain

Head of Risk @Coinbase

Olaf Carlson-Wee

Improving Cloud Security with Attacker Profiling

LibVMI Creator, OpenStack Security Co-Founder, & Platform Security Team Lead @Netflix

Bryan Payne

Tracks

Covering innovative topics

Monday Nov 16

Architectures You've Always Wondered About

Silicon Valley to Beijing: Exploring some of the world's most intrigiuing architectures
Applied Machine Learning

How to start using machine learning and data science in your environment today. Latest and greatest best practices.
Browser as a platform (Realizing HTML5)

Exciting new standards like Service Workers, Push Notifications, and WebRTC are making the browser a formidable platform.
Modern Languages in Practice

The rise of 21st century languages: Go, Rust, Swift
Org Hacking

Our most innovative companies reimagining the org structure
Design Thinking

Level up your approach to problem solving and leave everything better than you found it.

Tuesday Nov 17

Containers in Practice

Build resilient, reactive systems one service at a time.
Architecting for Failure

Your system will fail. Take control before it takes you with it.
Modern CS in the Real World

Real-world Industry adoption of modern CS ideas
The Amazing Potential of .NET Open Source

From language design in the open to Rx.NET, there is amazing potential in an Open Source .NET
Optimizing You

Keeping life in balance is always a challenge. Learning lifehacks
Unlearning Performance Myths

Lessons on the reality of performance, scale, and security

Wednesday Nov 18

Streaming Data @ Scale

Real-time insights at Cloud Scale & the technologies that make them happen!
Taking Java to the Next Level

Modern, lean Java. Focuses on topics that push Java beyond how you currently think about it.
The Dark Side of Security

Lessons from your enemies
Taming Distributed Architecture

Reactive architectures, CAP, CRDTs, consensus systems in practice
JavaScript Everywhere!

Javascript is Everywhere. Learn why
Culture Reimagined

Lessons on building highly effective organizations

Schedule

Find Christina Camilleri at

Talk: Securing Code through Social Engineering

Other talks from the same track

Tracks

Covering innovative topics

Monday Nov 16

Tuesday Nov 17

Wednesday Nov 18

Conference for Professional Software Developers

Follow QCon

Contact

Menu

QCons around the World