RPG miniatures on a grid

Oct 2018 DevSecCon London 2018 Building Effective DevSecOps Teams Through Role-Playing Games

Oct 2018 (ISC)2 Security Congress DevOps Is Automation, DevSecOps Is People
Oct 2018 STAR West Software Testing Conference Measuring and Maximizing Crowdsourced Vuln Discovery
Feb 2018 DevSecCon Singapore Measuring and Maximizing Vuln Discovery Efforts
Jan 2018 OWASP AppSec Cali 2018 DevOps Is Automation, DevSecOps Is People

Oct 2017 DevSecCon London The Flaws in Hordes, the Security in Crowds
Sep 2017 (ISC)2 Security Congress Crowdsourced Security: The Good, the Bad, and the Ugly

Jun 2017 RVASec 2017 Managing Crowdsourced Security Testing

May 2017 AppSec EU 2017 The Flaws in Hordes, the Security in Crowds

Apr 2017 SOURCE Boston 2017 Crowdsourced Security – The Good, the Bad, and the Ugly
Nov 2016 ISACA Silicon Valley 2016
Fall Conference
Evolving a Bug Bounty Program
Oct 2016 SOURCE Seattle 2016 Evolving a Bug Bounty Program

(preview on Brakeing Security podcast)
Oct 2015 SOURCE Seattle 2015 Battling the Geologic Timescale of SAST
Jul 2014 RSA APJ 2014 CDS-W07 - Building and Breaking Privacy Barriers
Feb 2014 RSA USA 2014 DSP-R04A - Is your browser a User Agent, or a Double Agent?
Oct 2013 Hack in the Box Kuala Lumpur CSRF Lab & Session Origin Security
Sep 2013 Hacker Halted USA Using HTML5 to Make JavaScript (Mostly) Harmless
Jul 2013 BlackHat USA Dissecting CSRF Attacks & Countermeasures

(co-speaker with @tukharian)
May 2013 RVAsec 2013 JavaScript Security & HTML5

Feb 2013 RSA USA 2013 ASEC-F41 - Using HTML5 WebSockets Securely
Feb 2013 B-Sides San Francisco 2013 JavaScript Security & HTML5

Dec 2012 BayThreat 2012 WebSockets Unplugged

(video, co-speaker with @sshekyan and @tukharian)
Oct 2012 RSA Europe 2012 ASEC-303 - Cases of JavaScript Misuse and How to Avoid Them
Aug 2012 BlackHat USA 2012 Hacking With WebSockets

(co-speaker with @sshekyan and @tukharian)
May 2012 ITWeb Security Summit HTML5 Unbound: A Security & Privacy Drama

(Check out the supplemental article, then parts two, three, and four.)
May 2012 OWASP/ISSA Bletchley Park Graveyards & Zombies: How HTML5 Improves Security. Mostly.
Oct 2011 RSA Europe 2011 ASEC-201 - HTML5 Security Pitfalls
Feb 2010 RSA USA 2010 SPO1-203 - Does Web 2.0 Need Security 2.0?
Jan 2006 IT Underground, Berlin 2006 Automating SQL Injection Exploits

(Slides complete, but conference was canceled.)

Podcasts & Webcasts

Mar 26, 2019 Application Security Weekly Wins & Challenges in Appsec
Sept 11, 2018 Humans of Infosec An interview in purple -- Ep 14 Tanya Janca: Hacking Purple and Defending Developers
Aug 7, 2018 Humans of Infosec Interviewing a pen tester -- Ep 12 Georgia Weidman: Writing books, riding horses, and starting companies
Feb 26, 2018 Humans of Infosec Kicking off the podcast -- Ep. 1 - Mike Shema