Track Overview

Security: Lessons Learned From Being Pwned

The Cyber is the Abominable Snow Monster chasing you down your perfect ski run. People get eaten by The Cyber every week. Most talk endlessly about the ever more ways it has developed of coming out of nowhere at and ruining your metaphorical SkiFree highscore. Instead, we talk about the times we almost got eaten whole, and, together we will learn how to fight it.


From this track

SESSION + Live Q&A Security

How to Backdoor Invulnerable Code

It is easy to think that securing a product relies on writing code without vulnerabilities and it's true that this is a very important aspect, but a secure product relies on more than just the code written. To an attacker every aspect involved in the development process, from the human element to...

Josh Schwartz

Director of Offensive Security @Salesforce

SESSION + Live Q&A Security

Building Secure Player Experiences At Riot Games

In this talk, David will give you an overview of the Riot Games Application Security program. The talk will focus on the tech and social aspects of the program and why David feels both are important when it comes to writing secure code. Specifically David will talk about how we define Application...

David Rook

Head of Application Security @RiotGames

SESSION + Live Q&A Security

This Will Cut You: Go's Sharper Edges

An expression of function within a software ecosystem is inextricably bound to the lexicon used to express it. I explore how distinct, exploitable misuse patterns arise in software languages, and through example in Go – in particular a quietly prevalent and worryingly effective denial of...

Thomas Shadwell

Security Engineer @Twitch

SESSION + Live Q&A Security

Out of the Browser Into the Fire

Authors: Shubs Shah, Matt Bryant, and Joe DeMesy The evolution of the web has blurred the line between traditional web applications and native clients. In an effort to allow web developers to build powerful desktop applications quickly, web technologies have been put into standalone...

Joe DeMesy

Security Associate @BishopFox

SESSION + Live Q&A Security

Making the Most out of a Bad Day as a Developer

You know how it goes. There is always someone that finds out how to break all the hard work you and your team have put in developing a kick-ass application. Nobody likes to receive security bug reports but they are a reality we have to deal with. Penetration testers, bug bounty programs,...

Wim Remes

CEO/Principal Consultant @NRJSecurity & Board Member (ISC)²

SESSION + Live Q&A Security

Security Open Space


Speakers from this track

Josh Schwartz

Director of Offensive Security @Salesforce

Josh Schwartz is a computer that knows how to computer. He leads the Red Team at Salesforce conducting high impact offensive security engagements and frequently creates propaganda memes.

Read more
Find Josh Schwartz at:

David Rook

Head of Application Security @RiotGames

David Rook is the Head of Application Security at Riot Games. He has held various application security roles in the financial services industry since 2006 before moving into the computer games industry in early 2014. He has contributed to several OWASP projects including the code review guide and...

Read more
Find David Rook at:

Thomas Shadwell

Security Engineer @Twitch

I am an application security engineer at Twitch. I'm best known for breaking things I like using including reporting 120 vulnerabilities in Steam, breaking Steam's login encryption or getting XSS, then remote code execution in Mr Robot's website. Breaking what I like using is also how I ended up...

Read more
Find Thomas Shadwell at:

Wim Remes

CEO/Principal Consultant @NRJSecurity & Board Member (ISC)²

CEO/Principal Consultant over at NRJ Security. He's also a board member for (ISC)² and co-organizes BruCON.

Read more

Track Host

Christina Camilleri

Security Solutions Specialist @@riotgames

Christina Camilleri works on the infosec team at Riot Games where she focuses on improving security awareness training for Rioters, running awareness tests, and making use of data to inform on Rioter behaviors around security. Christina’s primary areas of expertise are web application...

Read more
Find Christina Camilleri at:

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.