a sneak preview of some of them
traditionally talking in the library is illegal but somehow these people are getting away with it
it is simply not possible to learn everything you need to know about cybersecurity in a 20 minute talk slot, but we're going to do it anyway
Liam started his career in cyber so long ago that it was still called infosec. He worked for many years as a software engineer before discovering that breaking things could be more fun than building things and jumped the fence to offensive security. He has worked as a pentester for over 10 years. Liam is enthusiastic about ducks
grug dislikes complex software (and security model) which is like ball with million spikes, makes grug brain sore just by holding. instead grug thinks treat whole ball like sandpaper, all together low-level spiky. grug will permit small number of big spikes because easier to understand where actual risky bits are, like bear cave over there.
I have opinionsβ’
Have you been feeling more stressed and exhausted lately? You're not alone.
Feeling burnout is a sign that something needs to change. This talk explores the common burnout causes and symptoms, and discusses practical strategies for recovery.
Ash is an engineer working in incident response and product security. They are passionate about creating an inclusive and supportive tech community where everyone can thrive. Between responding to security incidents and advocating for secure coding, they can be found climbing mountains, and teaching computer science to school students.
Any outcome works better if the teams involved work together instead of against each other. But many teams I've worked in have had longstanding issues, misunderstandings or grudges, which caused stress and poorer work outcomes for all involved.
We'll talk through some tips, resources and mindsets i've found useful when working on repairing team relationships, both as a newcomer and when trying to reset my own mindset.
cait lives in Naarm Melbourne with their cat Mickey and works as a consultant with Red Hat. they do Linux and security stuff, and try to empathise and enable teams to improve their culture and impact.
OAuth can feel like a big, scary monster full of techy jargon and tricky standards. But it doesn't have to be that way! Ever clicked "Connect with Apple" or allowed an app to access your calendar? Thatβs OAuth in action! Join us for a friendly and easy-to-understand exploration of OAuth, specially crafted for beginners.
In this talk, we'll break down the most important bits from the official documents (RFCs) and take you on a quick tour through OAuth historyβfrom OAuth1 to current best practices. We'll delve into what OAuth is, how it works, and why it has evolved over the years.
Laura and Angus are best friends, and Application Security Engineers at Canva. Laura is passionate about good security education and wholesome security vibes (oh, and permaculture, fermenting, and rescue greyhounds). Angus loves diving into hands-on security and helping others do the same, as well as hiking, biking and traveling. Both have mildly cursed vocabularies from years of memes that turned from ironic to regular speech π.
if you've been particularly eagle-eyed, you might've noticed that within the past year or so, the lock icon disappeared from Chrome's address bar. this is the story of why and how that happened, and maybe it's secretly a story about HTTPS and the web ecosystem and the sisyphean task of securing the web as a whole......
it's just an icon, michael. how hard could it be to remove?
serena is an ex-physicist and mathematician, once teen magazine editor-in-chief, foosball enthusiast and hacker at heart. for her day job she's cyber aesthetics doctor at google chrome, leading UX for chrome security.
Have you ever wondered exactly how people pirate software? What are the tools and techniques they used? At Atlassian, every new penetration tester writes a crack for Jira during their first couple of weeks. Why? Because those same tools and techniques used to pirate software are critical skills needed to perform effective security tests & research. In this talk, Iβm going to teach some of those techniques to you too! Weβll dive into Jira DC together with a hacker mindset, reverse engineering the logic behind its license check and exploring how we can modify and debug it.
Hi! Iβm Giuliana, a Security Testing engineer at Atlassian (or pentester, cartoon character, or whatever else suits you). Aside from poking at things on my laptop until it does something itβs not supposed to, I like everything fashion, food and friends, so come say hi!
Metrics are an often misunderstood valuable tool in conducting defensive cyber security operations. From understanding the workload of your staff, to understanding the effectiveness of your controls, being able to have quantitative evidence to support your business and operational decisions is critical.
This talk will discuss some of the ways to generate relevant and effective metrics for your cyber security function, taking lessons from recent changes in metrics for bushfire ratings, the Essential 8, as well as other fields. We'll also talk about metric fatigue and the crying wolf problem - how the wrong metrics can have a significantly detrimental effect on your cyber efficacy.
Iain is the Full Spectrum Cyber Practice Lead for Leidos Australia, providing oversight and support to all of Leidos' Australian programs for cyber security including its military platform work. Iain has previously worked as a Cyber Research Engineer and an Assistant Director for Cyber Threat Intelligence within the Department of Defence. Iain is one of the founders of ComfyCon AU, a virtual conference founded in response to the cancellation of cyber security conferences due to the COVID-19 pandemic.
This talk is aimed at those new to security. Every year (financial year) organisations send out tax summaries. Undesirably some of these are vulnerable to Insecure Direct Object Reference. This talks provides an intro to this area of security and how to avoid it
A software engineer with a passion for security