Track Overview
Scaling Security, from Device to Cloud
Implementing an effective security strategy is vitally important, regardless of where you are deploying software applications. But in the security world, "nothing is really secure" and "everything will be broken".
The question is – how do we build our systems in a way that security incidents won't happen even if some components fail. Security engineers know that failure of single security control is a question of time, failure of security system is a question of design.
This track is about security architecture and engineering: how to build secure, yet usable, systems.
From this track
Designing Secure Architectures the Modern Way, Regardless of Stack
This talk aims to attack two typical conflicts any security architect is well familiar with: 1. Most of the design thinking for preventing security incidents and performance bottlenecks focuses on avoiding known risks in a known way. However, most of the time this approach leads to...
Eugene Pilyankevich
CTO @cossacklabs, Building Applied Cryptographic / Data Security Tooling
Reconciling Performance and Security in High Load Environments
Most perceive security fixes and improvements as a necessary evil, because security is much “less tangible” than primary product functionality in terms of potential revenue. On top of not bringing any “meaningful” value to the overall system, security comes at a cost of...
Ignat Korchagin
Cryptographer, & Security Software Engineer @Cloudflare
Keep Calm and Secure Your CI/CD Pipeline
Shifting left significantly reduces costs and diminishes release delays. Continuous security validation should be added at each step from development through production to help ensure the application is always secure. We can then switch the conversation with the security team from approving each...
Sonya Moisset
Lead Security Engineer @Photobox / Tech Lead @PrideInLondon
Security Vulnerabilities Decomposition
In most companies security is driven by compliance regulations. The policies are designed to contain the CWEs each company is interested to comply with. The result of this approach is a high number of insecure applications are still produced and injection is still King. Is there another way...
Katy Anton
Principal Application Security Consultant @Veracode
The Quantum Risk & Future Post-Quantum Standards
This talk will describe the risk of quantum computing to cryptography, in a way suitable to an audience without quantum physics nor cryptography background. We will present the mitigations available today thanks to research in the field of post-quantum cryptography, and we'll...
Jean-Philippe Aumasson
Author of "Serious Cryptography", Designer of Hash Functions BLAKE3 and BLAKE2
Speakers from this track
Eugene Pilyankevich
CTO @cossacklabs, Building Applied Cryptographic / Data Security Tooling
Eugene is CTO at Cossack Labs, a data security engineering company, where his job includes almost everything (as you can imagine a CTO of a small company does): defining product strategy, designing internal products and customer solutions, driving R&D efforts, ensuring the steady cycle...
Read more
Ignat Korchagin
Cryptographer, & Security Software Engineer @Cloudflare
Ignat is a systems engineer at Cloudflare working mostly on platform and hardware security. Ignat’s interests are cryptography, hacking, and low-level programming. Before Cloudflare, Ignat worked as a senior security engineer for Samsung Electronics’ Mobile Communications Division....
Read moreFind Ignat Korchagin at:
Sonya Moisset
Lead Security Engineer @Photobox / Tech Lead @PrideInLondon
Sonya is a lifelong traveler who lived in the Middle-East, North Africa and Asia and is always looking for new challenges. She has made a career switch from International Business Consultant in Saudi Arabia and Singapore to Full Stack Software Engineer in South Korea to Lead Security...
Read moreFind Sonya Moisset at:
Katy Anton
Principal Application Security Consultant @Veracode
Katy Anton is a security professional with a background in software development. An international public speaker, she enjoys speaking about software security and how to secure software applications.In her previous roles she led software development teams and implemented security best...
Read moreFind Katy Anton at:
Jean-Philippe Aumasson
Author of "Serious Cryptography", Designer of Hash Functions BLAKE3 and BLAKE2
Jean-Philippe (JP) Aumasson is the founder and managing director of Teserakt, a Swiss-based company specialised in IoT security and offering an end-to-end encryption solution. He is an expert in cryptography and the author of the reference book Serious Cryptography (No Starch Press, 2017). He...
Read moreFind Jean-Philippe Aumasson at:
Track Host
Anastasiia Voitova
Head of Customer Solutions, Security Software Engineer @CossackLabs
Anastasiia is a software engineer with a wide background, she started her career as a mobile developer, then deepen into security engineering. Now she has focused on cryptography/applied security, she helps companies to build secure yet usable systems (oh yes, it takes efforts). Anastasiia...
Read more