You are viewing content from a past/completed QCon Plus - May 2021

Track Overview

Building Secure Systems

In this track, we discuss application-layer security in both its traditional forms and more cutting-edge forms like advanced encryption and the Internet of Things.

We'll also look at supply chain security, a topic that's increasingly important with modern software development methods.


From this track

Session + Live Q&A Security

Securing the Development & Supply Chain of Open Source Software (OSS)

Thursday May 20 / 09:10AM EDT

Open Source Software (OSS) is everywhere today. Unfortunately, all software (OSS and not) is under attack. This talk will briefly discuss how OSS is developed & distributed as a supply chain (SC) model, which then gives insights into how OSS is attacked and some countermeasures. We then...

David Wheeler

Director of Open Source Supply Chain Security @linuxfoundation

Session + Live Q&A Security

Depending On If I Had Coffee Or Not Your Application May Be High Risk

Thursday May 20 / 10:10AM EDT

Security practitioners are often espresso'ing risk with qualitative measurements. We use broad, imprecise risk measurements such as high, medium, and low while applying them inconsistently if we haven't had our first cup. We struggle to measure if security work is driving down risk,...

Shannon Morrison

Senior Security Engineer - Detection Engineering @Netflix

Scott Behrens

Senior Security Engineer @Netflix

Session + Live Q&A Security

Application-Layer Encryption Basics for Developers

Thursday May 20 / 11:10AM EDT

Application-layer encryption should be a tool in every developer's toolbox. In this talk, I cover the basics of encryption, what are application-layer and infrastructure-layer encryption, when to use asymmetric and symmetric keys, and how to do key management. Finally, we review a...

Isaac Potoczny-Jones

Founder @Tozny & Authentication and Privacy Specialist

PANEL DISCUSSION + Live Q&A Security

Panel: Secure Systems

Thursday May 20 / 12:10PM EDT

In this panel, we will continue the conversation on security for the software supply chain and software security risk measurement.

Shannon Morrison

Senior Security Engineer - Detection Engineering @Netflix

Michael Fagan

Computer Scientist @NIST (National Institute of Standards and Technology)

Matt Jones

Vice President, Global Engineering @WindRiver


Speakers from this track

David Wheeler

Director of Open Source Supply Chain Security @linuxfoundation

Dr. David A. Wheeler is an expert on open source software (OSS) and on developing secure software. His works on OSS include "Publicly Releasing Open Source Software Developed for the U.S. Government", and "Open Source Software is Commercial". He also helped develop the U.S....

Read more
Find David Wheeler at:

Shannon Morrison

Senior Security Engineer - Detection Engineering @Netflix

Shannon Morrison is a senior security engineer on the Detection Engineering team at Netflix, where she builds data-driven detections. Previously, she was a data scientist building anomaly detection models and a container-based machine learning platform at a Fortune 50 insurance company. She also...

Read more
Find Shannon Morrison at:

Scott Behrens

Senior Security Engineer @Netflix

Scott Behrens is a senior security engineer that drives technical strategy for the Product and Application Security organization at Netflix. Before Netflix, Scott worked as a senior security consultant at Neohapsis (Cisco) and as an adjunct professor at DePaul University. Scott's expertise...

Read more
Find Scott Behrens at:

Isaac Potoczny-Jones

Founder @Tozny & Authentication and Privacy Specialist

Isaac is the founder and CEO of Tozny, LLC, a privacy and security company specializing in easy to use cryptographic toolkits for developers. Isaac’s work in cybersecurity spans open source, the public sector, and commercial companies. His projects have included end-to-end encryption for...

Read more
Find Isaac Potoczny-Jones at:

Michael Fagan

Computer Scientist @NIST (National Institute of Standards and Technology)

Mike Fagan is a computer scientist working with the Cybersecurity for IoT Program, which aims to develop guidance toward improving the cybersecurity of IoT devices and systems. Mike holds a Ph.D. in computer science and engineering from the University of Connecticut and a bachelor’s degree...

Read more

Matt Jones

Vice President, Global Engineering @WindRiver

Matt Jones is responsible for the global R&D team at Wind River. In this role, he leads the delivery of innovative products that are enabling and accelerating the digital transformation of our customers across market segments, ranging from aerospace to industrial, defense to medical, and...

Read more
Find Matt Jones at:

Track Date

Thursday May 20 / 09:00AM EDT

Topics

Security

Share

Track Host

Isaac Potoczny-Jones

Founder @Tozny & Authentication and Privacy Specialist

Isaac is the founder and CEO of Tozny, LLC, a privacy and security company specializing in easy to use cryptographic toolkits for developers. Isaac’s work in cybersecurity spans open source, the public sector, and commercial companies. His projects have included end-to-end encryption for...

Read more
Find Isaac Potoczny-Jones at: