TALKS
Beyond The Hype: Zero Trust From An Attacker's Perspective
Cutting through the zero trust marketing hype by examining what actually changes from an attacker's point of view.
Building Security Through Culture
Security as a cultural practice, not just a technical one. Co-presented with Destiny Montague.
The Art and Craft of a Meaningful Security Culture
Why security culture matters more than security tools, and how to cultivate it meaningfully.
Crafting an Effective Security Organisation
Updated version of the KiwiCon talk on building effective security teams, delivered as Director of Security at Etsy.
Crafting an Effective Security Organisation
How to build a security team that works — hiring, culture, trust, and the 'don't hire assholes' rule.
Continuously Deploying Culture 2.0
Deploying security culture at Etsy — building trust and collaboration between security and engineering teams.
</CLOUD>
Cloud security considerations for financial services. Co-presented with Ymir Vigfusson.
Hinn blakaldi sannleikur madur er alltaf ooruggur
Offensive techniques that inform defensive strategies. Analysis of CVE-2012-4792 and ROP-based DEP bypass on fully patched Windows 7.
Modern Post-Exploitation Strategies
Scalable post-exploitation strategies and a cross-platform RPC-based Python post-exploitation framework.
Pragmatic Approach to Breaking Mobile Apps
Rapidly validating mobile app security against a threat model. Case study: Nasdaq DirectorsDesk crypto flaws.
VAASeline: VNC Attack Automation Suite
Automating post-exploitation actions against VNC servers at scale.
Phlashdance: Discovering Permanent Denial of Service Attacks Against Embedded Systems
Permanent denial of service via firmware update vulnerabilities in embedded systems. Introduced the concept of 'phlashing'.
12 talks