talks

a sneak preview of some of them




traditionally talking in the library is illegal but somehow these people are getting away with it

everything you need to know about cyber ​

it is simply not possible to learn everything you need to know about cybersecurity in a 20 minute talk slot, but we're going to do it anyway

Liam ​

Liam started his career in cyber so long ago that it was still called infosec. He worked for many years as a software engineer before discovering that breaking things could be more fun than building things and jumped the fence to offensive security. He has worked as a pentester for over 10 years. Liam is enthusiastic about ducks


the dangers of serverless & IAM proliferation ​

grug dislikes complex software (and security model) which is like ball with million spikes, makes grug brain sore just by holding. instead grug thinks treat whole ball like sandpaper, all together low-level spiky. grug will permit small number of big spikes because easier to understand where actual risky bits are, like bear cave over there.

Sam Thorogood ​

I have opinionsβ„’


Burnout: From Recognition to Recovery ​

Have you been feeling more stressed and exhausted lately? You are not alone.

Experiencing burnout is a sign that something needs to change. This talk explores common burnout causes and symptoms, and discusses practical strategies for recovery.

Ash ​

Ash is an engineer working in product security and incident response. They are passionate about creating an inclusive and supportive tech community where everyone can thrive. When not putting out security fires, they can be found teaching computer science to school students, and climbing mountains.


tips to build and repair empathy with other teams ​

Any outcome works better if the teams involved work together instead of against each other. But many teams I've worked in have had longstanding issues, misunderstandings or grudges, which caused stress and poorer work outcomes for all involved.

We'll talk through some tips, resources and mindsets i've found useful when working on repairing team relationships, both as a newcomer and when trying to reset my own mindset.

cait m ​

cait lives in Naarm Melbourne with their cat Mickey and works as a consultant with Red Hat. they do Linux and security stuff, and try to empathise and enable teams to improve their culture and impact.


Where Did It Come From, Where Did It Go? What the Heck is an OAuth Flow? ​

OAuth can feel like a big, scary monster full of techy jargon and tricky standards. But it doesn't have to be that way! Ever clicked "Connect with Apple" or allowed an app to access your calendar? That’s OAuth in action! Join us for a friendly and easy-to-understand exploration of OAuth, specially crafted for beginners.

In this talk, we'll break down the most important bits from the official documents (RFCs) and take you on a quick tour through OAuth historyβ€”from OAuth1 to current best practices. We'll delve into what OAuth is, how it works, and why it has evolved over the years.

Laura Wratten and Angus Cornall ​

Laura and Angus are best friends, and Application Security Engineers at Canva. Laura is passionate about good security education and wholesome security vibes (oh, and permaculture, fermenting, and rescue greyhounds). Angus loves diving into hands-on security and helping others do the same, as well as hiking, biking and traveling. Both have mildly cursed vocabularies from years of memes that turned from ironic to regular speech πŸ˜‚.


πŸ™‹β“πŸ™‹ whyβ“πŸ€” chrome 🌐 πŸ™…πŸš« removed πŸš«πŸ™… the πŸ”’ lock 🫨 icon 🀷🀷 ​

if you've been particularly eagle-eyed, you might've noticed that within the past year or so, the lock icon disappeared from Chrome's address bar. this is the story of why and how that happened, and maybe it's secretly a story about HTTPS and the web ecosystem and the sisyphean task of securing the web as a whole......

it's just an icon, michael. how hard could it be to remove?

serena chen ​

serena is an ex-physicist and mathematician, once teen magazine editor-in-chief, foosball enthusiast and hacker at heart. for her day job she's cyber aesthetics doctor at google chrome, leading UX for chrome security.


It’s easier to Pirate with an Atlas…sian ​

Have you ever wondered exactly how people pirate software? What are the tools and techniques they used? At Atlassian, every new penetration tester writes a crack for Jira during their first couple of weeks. Why? Because those same tools and techniques used to pirate software are critical skills needed to perform effective security tests & research. In this talk, I’m going to teach some of those techniques to you too! We’ll dive into pirating software together, exploring how we can modify and debug code.

Giuliana ​

Hi! I’m Giuliana, a Security Testing engineer at Atlassian (or pentester, cartoon character, or whatever else suits you). Aside from poking at things on my laptop until it does something it’s not supposed to, I like everything fashion, food and friends, so come say hi!


Data breaches: your casual end of year security problem ​

This talk is aimed at those new to security. Every year (financial year) organisations send out tax summaries. Undesirably some of these are vulnerable to Insecure Direct Object Reference. This talks provides an intro to this area of security and how to avoid it

Adam Black ​

A software engineer with a passion for security


plugins on fire ​

If you're new to security code review or bug bounties, finding vulnerabilities in WordPress plugins could be a gentle entrypoint that allows you to learn by doing, while racking up CVEs and a bit of money along the way - not to mention you'll be improving the security of thousands (or even millions!) of sites that rely on these plugins.

Come along to find out more about how you can get started (or just come for the memes, you do you). This is not a hardcore hacking talk, but there will be recommended resources for you to dive as deep as you want for homework

Colin ​

heh