You are viewing content from a past/completed QCon

Track: Security: Lessons Attacking & Defending

Location: Pacific DEKJ

Day of week: Wednesday

Security: Lessons Attacking and Defending brings together stories about various successful approaches to security. Come learn what has worked to protect others while being targeted by increasingly sophisticated adversaries. Come ask questions about how to make good security tradeoffs when writing software. And do all of this with some of the top security practitioners in the industry today!

Track Host: Werner Schuster

InfoQ Editor Functional Programming, QCon PC, Wolfram

Werner Schuster focuses on languages, VMs and compilers, Wolfram Language, performance tuning, and recently cloud taming. He's on the PC for QCon NYC/SF/London

10:35am - 11:25am

Security & Psychology: Demotivating Persistent Threats

Jarrod Overson, Engineering Director @ShapeSecurity & JavaScript Expert

11:50am - 12:40pm

Using Data to Measure Risk in Cyber Systems

Risk analysis in cyber systems remains an immature field with significant potential. Despite widespread belief that cyber can't be quantified, the tools and data already exist to significantly improve risk management. In this talk, we'll review the literature on risk quantification and discuss examples of data-driven risk analysis.

Marshall Kuypers, Director of Cyber Risk @QadiumInc

1:40pm - 2:30pm

Taking the Canary Out of the Coal Mine

In this talk, we'll discuss how canaries can take all shapes and sizes: Web servers, network devices, cloud instances, and numerous token variants. We'll dig into what actually is a canary, modern canary tools and services, how deploying canaries will provide an early warning against even the most careful attackers - and perhaps most importantly - how automating their deployment can give every device in your environment a means to let you know they're being tampered with; intrusion detection at scale.

Mike Ruth, Staff Security Engineer @Cruise Automation

2:55pm - 3:45pm

Security Panel

Werner Schuster, InfoQ Editor Functional Programming, QCon PC, Wolfram
Marshall Kuypers, Director of Cyber Risk @QadiumInc
William Bengtson, Security Researcher, Leader, Advisor @Netflix
Travis McPeak, Sr. Cloud Security Engineer @Netflix
Jarrod Overson, Engineering Director @ShapeSecurity & JavaScript Expert

4:10pm - 5:00pm

Reducing Risk of Credential Compromise @Netflix

William Bengtson, Security Researcher, Leader, Advisor @Netflix
Travis McPeak, Sr. Cloud Security Engineer @Netflix

Proposed Tracks

  • Architectures You've Always Wondered About

    Next-gen architectures from the most admired companies in software, such as Netflix, Google, Facebook, Twitter, & more

  • Machine Learning without a PhD

    AI/ML is more approachable than ever. Discover how deep learning and ML is being used in practice. Topics include: TensorFlow, TPUs, Keras, PyTorch & more. No PhD required.

  • Production Readiness: Building Resilient Systems

    Making systems resilient involves people and tech. Learn about strategies being used from chaos testing to distributed systems clustering.

  • Building Predictive Data Pipelines

    From personalized news feeds to engaging experiences that forecast demand: learn how innovators are building predictive systems in modern application development.

  • Modern Languages: The Right Language for the Job

    We're polyglot developers. Learn languages that excel at very specific tasks and remove undifferentiated heavy lifting at the language level.

  • Delivering on the Promise of Containers

    Runtime containers, libraries and services that power microservices.

  • Evolving Java & the JVM

    6 month cadence, cloud-native deployments, scale, Graal, Kotlin, and beyond. Learn how the role of Java and the JVM is evolving.

  • Trust, Safety & Security

    Privacy, confidentiality, safety and security: learning from the frontlines.

  • Beyond the Web: What’s Next for JavaScript

    JavaScript is the language of the web. Latest practices for JavaScript development in and out of the browser topics: react, serverless, npm, performance, & less traditional interfaces.

  • Modern Operating Systems

    Applied, practical & real-world deep-dive into industry adoption of OS, containers and virtualization, including Linux on.

  • Optimizing You: Human Skills for Individuals

    Better teams start with a better self. Learn practical skills for IC.

  • Modern CS in the Real World

    Thoughts pushing software forward, including consensus, CRDT's, formal methods & probabilistic programming.

  • Human Systems: Hacking the Org

    Power of leadership, Engineering Metrics and strategies for shaping the org for velocity.

  • Building High-Performing Teams

    Building, maintaining, and growing a team balanced for skills and aptitudes. Constraint theory, systems thinking, lean, hiring/firing and performance improvement

  • Software Defined Infrastructure: Kubernetes, Service Meshes & Beyond

    Deploying, scaling and managing your services is undifferentiated heavy lifting. Hear stories, learn techniques and dive deep into what it means to code your infrastructure.

  • Practices of DevOps & Lean Thinking

    Practical approaches using DevOps and a lean approach to delivering software.

  • Operationalizing Microservices: Design, Deliver, Operate

    What's the last mile for deploying your service? Learn techniques from the world's most innovative shops on managing and operating Microservices at scale.

  • Developer Experience: Level up your Engineering Effectiveness

    Improving the end to end developer experience - design, dev, test, deploy and operate/understand.

The all-new QCon app!

Available on iOS and Android

The new QCon app helps you make the most of your conference experience. Easily browse and follow the conference schedule, star the talks you want to attend, and keep tabs on your personal itinerary. Download the app now for free on iOS and Android.