You are viewing content from a past/completed QCon

Presentation: Security Panel

Track: Security: Lessons Attacking & Defending

Location: Pacific DEKJ

Duration: 2:55pm - 3:45pm

Day of week: Wednesday

Level: Intermediate

Persona: Security Professional

Share this on:

Abstract

The panel discusses how to integrate security teams into the development process, whether bounty programs make sense, risk analysis, how to get into security, and much more.

Speaker: Werner Schuster

InfoQ Editor Functional Programming, QCon PC, Wolfram

Werner Schuster focuses on languages, VMs and compilers, Wolfram Language, performance tuning, and recently cloud taming. He's on the PC for QCon NYC/SF/London

Find Werner Schuster at

Speaker: Marshall Kuypers

Director of Cyber Risk @QadiumInc

Dr. Marshall Kuypers is the Director of Cyber Risk at Qadium, an SF-based startup. He received his doctorate from Stanford, focusing on data-driven methods for quantifying cyber risk. Marshall was a fellow at the Center for International Security and Cooperation (CISAC) from 2014-2016 where he worked on projects ranging from policy to technical matters in computer security. Marshall has also modeled cyber risk for the Jet Propulsion Lab, and assessed supply chain risk in cyber systems with Sandia National Labs. He was also the Co-President of the Stanford Complexity Group while at Stanford.

Find Marshall Kuypers at

Speaker: William Bengtson

Security Researcher, Leader, Advisor @Netflix

Will Bengtson is senior security engineer at Netflix focused on security operations and tooling. Prior to Netflix, Bengtson led security at a healthcare data analytics startup, consulted across various industries in the private sector, and spent many years in the Department of Defense. Bengtson is on the BSidesSF and Bay Area OWASP leadership team. Bengtson contributes to numerous open source projects and has spoken on topics of security across the world.

Find William Bengtson at

Speaker: Travis McPeak

Sr. Cloud Security Engineer @Netflix

Travis is a Senior Cloud Security Engineer at Netflix. He enjoys applying automation to solving complex problems that can’t be addressed manually. Travis is currently the OWASP Bay Area chapter lead and a core developer of several open-source security tools including Bandit and Repokid. In the past he has led several initiatives on the OpenStack Security Team and was a founding member of the Cloud Foundry Security Team. When not geeking out on security he enjoys traveling and quality beer and food.

Find Travis McPeak at

Speaker: Jarrod Overson

Engineering Director @ShapeSecurity & JavaScript Expert

Jarrod has been developing on the web for over 15 years in both startups and global companies and currently works at Shape Security. Previously at Riot Games and Napster, Jarrod has worked in every corner of web technology and is an active proponent and contributor to open source, creator of Plato and co-author of Developing Web Components.

Find Jarrod Overson at

Tracks

  • Machine Learning for Developers

    AI/ML is more approachable than ever. Discover how deep learning and ML is being used in practice. Topics include: TensorFlow, TPUs, Keras, PyTorch & more. No PhD required.

  • Production Readiness: Building Resilient Systems

    Making systems resilient involves people and tech. Learn about strategies being used from chaos testing to distributed systems clustering.

  • Surviving Uncertainty: Regulation, Risk, and Compliance

    With so much uncertainty, how do you bulkhead your organization and technology choices? Learn strategies for dealing with uncertainty.

  • Languages of Infra

    This track explores languages being used to code the infrastructure. Expect practices on toolkits and languages like Cloudformation, Terraform, Python, Go, Rust, Erlang.

  • Building & Scaling High-Performing Teams

    Building, maintaining, and growing a team balanced for skills and aptitudes. Constraint theory, systems thinking, lean, hiring/firing and performance improvement

  • Evolving the JVM

    The JVM continues to evolve. We’ll look at how languages like Kotlin, Graal, Clojure, and Java are evolving the JDK. Expect polyglot, multi-VM, performance, and more in this track.

  • Trust, Safety & Security

    Privacy, confidentiality, safety and security: learning from the frontlines.

  • JavaScript & Transpiler/WebAssembly Track

    JavaScript is the language of the web. Latest practices for JavaScript development in and how transpilers are affecting the way we work. We’ll also look at the work being done with WebAssembly.

  • Modern Operating Systems

    Applied, practical & real-world deep-dive into industry adoption of OS, containers and virtualization, including Linux on.

  • Software Supply Chain

    Securing the container image supply chain (containers + orchestration + security + DevOps).

  • Modern CS in the Real World

    Thoughts pushing software forward, including consensus, CRDT's, formal methods & probabilistic programming.

  • Tech Ethics: The Intersection of Human Welfare & STEM

    What does it mean to be ethical in software? Hear how the discussion is evolving and what is being said in ethics.

  • Optimizing Yourself: Human Skills for Individuals

    Better teams start with a better self. Learn practical skills for IC.

  • Modern Data Architectures

    Today’s systems move huge volumes of data. Hear how places like LinkedIn, Facebook, Uber and more built their systems and learn from their mistakes.

  • Practices of DevOps & Lean Thinking

    Practical approaches using DevOps and a lean approach to delivering software.

  • Operationalizing Microservices: Design, Deliver, Operate

    What's the last mile for deploying your service? Learn techniques from the world's most innovative shops on managing and operating Microservices at scale.

  • Bare Knuckle Performance

    Killing latency and getting the most out of your hardware

  • Architectures You've Always Wondered About

    Next-gen architectures from the most admired companies in software, such as Netflix, Google, Facebook, Twitter, & more