Presentations

RPG miniatures on a grid

Oct 2018	DevSecCon London 2018	Building Effective DevSecOps Teams Through Role-Playing Games (video)
Oct 2018	(ISC)² Security Congress	DevOps Is Automation, DevSecOps Is People
Oct 2018	STAR West Software Testing Conference	Measuring and Maximizing Crowdsourced Vuln Discovery
Feb 2018	DevSecCon Singapore	Measuring and Maximizing Vuln Discovery Efforts
Jan 2018	OWASP AppSec Cali 2018	DevOps Is Automation, DevSecOps Is People (video)
Oct 2017	DevSecCon London	The Flaws in Hordes, the Security in Crowds
Sep 2017	(ISC)² Security Congress	Crowdsourced Security: The Good, the Bad, and the Ugly (video)
Jun 2017	RVASec 2017	Managing Crowdsourced Security Testing (video)
May 2017	AppSec EU 2017	The Flaws in Hordes, the Security in Crowds (video)
Apr 2017	SOURCE Boston 2017	Crowdsourced Security – The Good, the Bad, and the Ugly
Nov 2016	ISACA Silicon Valley 2016 Fall Conference	Evolving a Bug Bounty Program
Oct 2016	SOURCE Seattle 2016	Evolving a Bug Bounty Program (preview on Brakeing Security podcast)
Oct 2015	SOURCE Seattle 2015	Battling the Geologic Timescale of SAST
Jul 2014	RSA APJ 2014	CDS-W07 - Building and Breaking Privacy Barriers
Feb 2014	RSA USA 2014	DSP-R04A - Is your browser a User Agent, or a Double Agent?
Oct 2013	Hack in the Box Kuala Lumpur	CSRF Lab & Session Origin Security
Sep 2013	Hacker Halted USA	Using HTML5 to Make JavaScript (Mostly) Harmless
Jul 2013	BlackHat USA	Dissecting CSRF Attacks & Countermeasures (co-speaker with @tukharian)
May 2013	RVAsec 2013	JavaScript Security & HTML5 (video)
Feb 2013	RSA USA 2013	ASEC-F41 - Using HTML5 WebSockets Securely
Feb 2013	B-Sides San Francisco 2013	JavaScript Security & HTML5 (video)
Dec 2012	BayThreat 2012	WebSockets Unplugged (video, co-speaker with @sshekyan and @tukharian)
Oct 2012	RSA Europe 2012	ASEC-303 - Cases of JavaScript Misuse and How to Avoid Them
Aug 2012	BlackHat USA 2012	Hacking With WebSockets (co-speaker with @sshekyan and @tukharian)
May 2012	ITWeb Security Summit	HTML5 Unbound: A Security & Privacy Drama (Check out the supplemental article, then parts two, three, and four.)
May 2012	OWASP/ISSA Bletchley Park	Graveyards & Zombies: How HTML5 Improves Security. Mostly.
Oct 2011	RSA Europe 2011	ASEC-201 - HTML5 Security Pitfalls
Feb 2010	RSA USA 2010	SPO1-203 - Does Web 2.0 Need Security 2.0?
Jan 2006	IT Underground, Berlin 2006	Automating SQL Injection Exploits (Slides complete, but conference was canceled.)

Podcasts & Webcasts

Oct 9, 2024	SC Media	A More Ironclad AppSec: Forecast and Guidance Late 2024 and Early 2025 (sponsored)
Aug 28, 2024	SC Media	8 ways attackers target mobile apps to steal your data (and how to stop them) (sponsored)
Aug 27, 2024	SC Media Virtual Conference	Application security: Key trends, tools and techniques (sponsored)
Mar 26, 2019	Application Security Weekly	Wins & Challenges in Appsec
Sept 11, 2018	Humans of Infosec	An interview in purple -- Ep 14 Tanya Janca: Hacking Purple and Defending Developers
Aug 7, 2018	Humans of Infosec	Interviewing a pen tester -- Ep 12 Georgia Weidman: Writing books, riding horses, and starting companies
Feb 26, 2018	Humans of Infosec	Kicking off the podcast -- Ep. 1 - Mike Shema