(coming soon!)  
Oct 2018DevSecCon London 2018Building Effective DevSecOpsTeams
Through Role-Playing Games


Oct 2018(ISC)2 Security CongressDevOps Is Automation, DevSecOps Is People
Oct 2018STAR West Software Testing ConferenceMeasuring and Maximizing Crowdsourced Vuln Discovery


Feb 2018DevSecCon SingaporeMeasuring and Maximizing Vuln Discovery Efforts
Jan 2018OWASP AppSec Cali 2018DevOps Is Automation, DevSecOps Is People


Oct 2017DevSecCon LondonThe Flaws in Hordes, the Security in Crowds
Sep 2017(ISC)2 Security CongressCrowdsourced Security: The Good, the Bad, and the Ugly


Jun 2017RVASec 2017Managing Crowdsourced Security Testing


May 2017AppSec EU 2017The Flaws in Hordes, the Security in Crowds


Apr 2017SOURCE Boston 2017Crowdsourced Security — The Good, the Bad, and the Ugly
Nov 2016ISACA Silicon Valley 2016
Fall Conference
Evolving a Bug Bounty Program
Oct 2016SOURCE Seattle 2016Evolving a Bug Bounty Program

(preview on Brakeing Security podcast)

Oct 2015SOURCE Seattle 2015Battling Geologic Time
Jul 2014RSA APJ 2014CDS-W07 – Building and Breaking Privacy Barriers
Feb 2014RSA USA 2014DSP-R04A – Is your browser a User Agent, or a Double Agent?
Oct 2013Hack in the Box Kuala LumpurCSRF Lab & Session Origin Security
Sep 2013Hacker Halted USAUsing HTML5 to Make JavaScript (Mostly) Harmless
Jul 2013BlackHat USADissecting CSRF Attacks & Countermeasures
(co-speaker with @tukharian)
May 2013RVAsec 2013JavaScript Security & HTML5
Feb 2013RSA USA 2013ASEC-F41 – Using HTML5 WebSockets Securely
Feb 2013B-Sides San Francisco 2013JavaScript Security and HTML5


Dec 2012BayThreat 2012WebSockets Unplugged

(co-speaker with @sshekyan and @tukharian. video)

Oct 2012RSA Europe 2012ASEC-303 – Cases of JavaScript Misuse and How to Avoid Them
Aug 2012BlackHat USA 2012Hacking With WebSockets

(co-speaker with @sshekyan and @tukharian)

May 2012ITWeb Security SummitHTML5 Unbound: A Security & Privacy Drama

(Check out the supplemental article, then parts II, III, and IV.)

May 2012OWASP/ISSA Bletchley ParkGraveyards & Zombies: How HTML5 Improves
Security. Mostly.
Oct 2011RSA Europe 2011ASEC-201 – HTML5 Security Pitfalls
Feb 2010RSA USA 2010SPO1-203 – Does Web 2.0 Need Security 2.0?
Jan 2006IT Underground, Berlin 2006Automating SQL Injection Exploits

(Conference was canceled, but slides were finished.)

Podcasts & Webcasts

Mar 26, 2019Application Security WeeklyWins & Challenges in Appsec
Sept 11, 2018Humans of InfosecAn interview in purple — Ep 14 Tanya Janca: Hacking Purple and Defending Developers
Aug 7, 2018Humans of InfosecInterviewing a pen tester — Ep 12 Georgia Weidman: Writing books, riding horses, and starting companies
Feb 26, 2018Humans of InfosecKicking off the podcast — Ep. 1 – Mike Shema
Mar 2017A Promethean Struggle —
PCI’s Lessons for Passwords
slides | video (behind regwall) | notes
Feb 2017Out of the AppSec Abyss —
What’s making modern appsec effective?
slides | video (behind regwall) | notes

%d bloggers like this: