Keynotes
Simon Bennetts
Simon Bennetts released OWASP ZAP in 2010 and since then has shepherded it to become the world's most popular web vulnerability scanner. He is very active in OWASP and sits on the OWASP Project Committee. He has talked about and demonstrated ZAP at conferences all over the world, including Blackhat, JavaOne, FOSDEM and OWASP AppSec EU, USA & AsiaPac. Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them.
Talk: OWASP - Whats the Point?
Abstract:Is OWASP Still Relevant? Do people want to go to conferences and chapter meetings in the aftermath of COVID? Do we need 260+ projects? Does anyone get past the titles of the Top 10? In this talk Simon will explain why he thinks OWASP is still very relevant and a much needed force for good. But this will be interactive and you will get a chance to have your say!
Simon Bennetts released OWASP ZAP in 2010 and since then has shepherded it to become the world's most popular web vulnerability scanner. He is very active in OWASP and sits on the OWASP Project Committee. He has talked about and demonstrated ZAP at conferences all over the world, including Blackhat, JavaOne, FOSDEM and OWASP AppSec EU, USA & AsiaPac. Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them.
Talk: OWASP - Whats the Point?
Abstract:Is OWASP Still Relevant? Do people want to go to conferences and chapter meetings in the aftermath of COVID? Do we need 260+ projects? Does anyone get past the titles of the Top 10? In this talk Simon will explain why he thinks OWASP is still very relevant and a much needed force for good. But this will be interactive and you will get a chance to have your say!
Anna Westelius
Anna Westelius is a passionate security leader and former security researcher, analyst, and hacking enthusiast. Anna is currently the Director of Security Engineering at Netflix, leading teams who ensure we address top security risks while maintaining overall business agility, velocity, and scale.
Talk: Construction Work Ahead: A Lesson in Paving Paths for Security
Abstract:In this talk, we’ll discuss scaling security programs through technology and secure-by-defaults in an evolving engineering ecosystem. We’ll share lessons learned from “paving roads” for security over the years, how to find opportunities, create shared accountability with engineering partners, and ultimately reduce security risks.
Anna Westelius is a passionate security leader and former security researcher, analyst, and hacking enthusiast. Anna is currently the Director of Security Engineering at Netflix, leading teams who ensure we address top security risks while maintaining overall business agility, velocity, and scale.
Talk: Construction Work Ahead: A Lesson in Paving Paths for Security
Abstract:In this talk, we’ll discuss scaling security programs through technology and secure-by-defaults in an evolving engineering ecosystem. We’ll share lessons learned from “paving roads” for security over the years, how to find opportunities, create shared accountability with engineering partners, and ultimately reduce security risks.
Jim Manico
Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see https://www.linkedin.com/in/jmanico.
Talk: The Abridged History of OWASP and Application Security
Abstract:Application Security began in the early '60s, when plaintext password storage, poor password policies, poor access control, weak or non-existent cryptography, and other massive security problems were the norm. This talk will review the history of application security and OWASP to help illustrate how much application security has gotten better and how the rate of positive change has been getting better over the past 60 years. This fun ride through the history of application security will help inspire those who work in this very stressful security industry. Security professionals often look closely at failure and insecurity as part of their work, which can be exhausting on many levels. But when we look at our industry historically, we can all see how genuinely things are improving.
Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see https://www.linkedin.com/in/jmanico.
Talk: The Abridged History of OWASP and Application Security
Abstract:Application Security began in the early '60s, when plaintext password storage, poor password policies, poor access control, weak or non-existent cryptography, and other massive security problems were the norm. This talk will review the history of application security and OWASP to help illustrate how much application security has gotten better and how the rate of positive change has been getting better over the past 60 years. This fun ride through the history of application security will help inspire those who work in this very stressful security industry. Security professionals often look closely at failure and insecurity as part of their work, which can be exhausting on many levels. But when we look at our industry historically, we can all see how genuinely things are improving.
Swathi Joshi
Swathi Joshi currently leads the SaaS Information Security team at Oracle. Before that she led Netflix's Detection and Response team which focuses on managing the inevitable security incidents that arise and building detection pipelines. Prior to Netflix, she was at Mandiant, helping companies defend against Advanced Persistent Threats (APT). Swathi was born in Mangalore, India. She received her Master's degree in Information Security and Assurance from George Mason University and sits on the board of https://sdie.org and https://forte-group.org/.
Talk: Building a Security Program No Buzzwords Allowed
Abstract:In a world full of magic quadrants, acronyms, slicing and dicing of security product market share let’s go back to basics and discuss building and maturing a security program with a focus on foundational building blocks. Let’s put the buzzwords, tools overload aside and talk about the mammoth task of securing applications, building a team,failing and hopefully maturing along the way. It’s gonna be a ride!
Swathi Joshi currently leads the SaaS Information Security team at Oracle. Before that she led Netflix's Detection and Response team which focuses on managing the inevitable security incidents that arise and building detection pipelines. Prior to Netflix, she was at Mandiant, helping companies defend against Advanced Persistent Threats (APT). Swathi was born in Mangalore, India. She received her Master's degree in Information Security and Assurance from George Mason University and sits on the board of https://sdie.org and https://forte-group.org/.
Talk: Building a Security Program No Buzzwords Allowed
Abstract:In a world full of magic quadrants, acronyms, slicing and dicing of security product market share let’s go back to basics and discuss building and maturing a security program with a focus on foundational building blocks. Let’s put the buzzwords, tools overload aside and talk about the mammoth task of securing applications, building a team,failing and hopefully maturing along the way. It’s gonna be a ride!