At the foundation of Security lies a command of change. This talk identifies the best way a CTO can support security in their organization by managing the speed and cost of change. Recorded for the virtual 2020 CTO Summit.
I spent some time with Matias Madou, CTO and co-founder of Secure Code Warrior on the Software Security Gurus Podcast discussing regulation, compliance, security culture, and rigor in software development.
Microservices bring about a series of architectural shifts. One of the most powerful is true separation of concerns. This change brings with it incredible security opportunities. Join Aaron as he demonstrates how to identify and execute on these opportunities. In this session you will explore service and data classification techniques, authentication and access control, and service interface design that respects classification boundaries. If you are interested in, building, or currently using Microservices, this session is a must see!
I had the privilege of presenting at GOTO Chicago 2017. I hosted the security track at the conference and gave a talk on the evolution of Threat Modeling and Risk. This talk builds a basic foundation of what makes up Threat Modeling and how it plays into improving the quality of Risk analysis. The talk goes on to explain the evolution of manual Threat Modeling and Risk Analysis and talks about how to automate systems to arrive at a state of continuous analysis of systems.
I was invited to speak once again at Windy City Rails. I enjoy this conference because they do a great job with it. It remains a single track conference which I really enjoy. The venue was nice and the people were great. A link to the slides can be found here.
I recently had the pleasure of meeting the fine folks at CrossChx and presenting at their monthly scaletech meetup . I talked about some of the challenges present in securing web applications and what we can do to improve security as we scale. I hope you enjoy the video below. The slides are available here.
As humans we process information as it is presented to us. We use the information presented to us to decide on how to react and possibly adapt to the current situation. This trait has a lot of advantages and has served us well over many years. Our approach to the security of our systems should be much the same. This presentation introduces patterns for processing potentially malicious activity and weaving an adaptive security system.
Designing secure systems is a very difficult task. Even the smallest issues can have devastating consequences. As designers of these systems we have to do everything in our power to ensure that these systems function as intended. Join Aaron as he demonstrates techniques for formally verifying security systems. These tools demonstrate the power of functional languages as verification systems against both functional and imperative software systems. You will learn how to create functional models and use them to prove the correctness of your security systems.
Keeping a multi-faceted system running is hard work. It’s even harder when you have to deal with the day to day nonsense that happens on the web. Gathering the data you need to drive your business is also a tricky game. It is made even more complicated by all of the bots running around messing up the place. And the attacks. Oh the attacks. Every day all day with the attacks…
This talk explains how to write custom modules for NGINX in C. It goes into detail about how NGINX handles requests and how and where to insert your modules to get the desired result.