Are you aspiring to break into cybersecurity or looking to take your career to the next level but don’t have a mentor to guide you? This talk is for you. We'll dive into practical advice to guide your career journey, based on real-world questions asked by my mentees.
A unique name server linked to Iran-nexus cyber activity reveals a broader set of malicious name servers with potential nation-state tires. Learn how passive DNS data connects a single typosquatting domain to multiple name servers being used to for malware distribution.
Network security is important, but what about the networks that serve your network?
In this talk I go over my methodology and findings performing a security audit of some local ISPs. I’ll outline how simple vulnerabilities and configuration mistakes are still making it to these production networks,
GraphQL APIs offer flexibility and efficiency but often introduce security risks that remain hidden in the shadows. In this session, we’ll share findings from scanning GraphQL APIs, revealing vulnerabilities like schema leaks, brute-force risks, and GraphQL-specific "bomb" attacks.
When an outside threat becomes an insider threat, are your hiring practices prepared to catch it? In this session, you’ll learn how to examine the tactics of fraudulent job seekers and how to collaborate with talent teams to secure your hiring pipeline *and* protect your organization.
Residential proxies are the weapon of choice for bots bypassing defenses by mimicking legit traffic. This talk unpacks how machine learning can expose and mitigate these threats at scale. Expect actionable insights for improving detections while minimizing false positives.
Explore the escalating issues in CVE data: inconsistent reporting, low-quality submissions, and outdated info. Learn why these threaten cybersecurity and what solutions can restore trust in this critical database.
Policymakers worldwide have recently taken up product security, making prominent topics like memory safety. In this talk, hear from former CISA Senior Advisor Jack Cable on lessons learned leading CISA's Secure by Design initiative, and what a shift towards product security means for the industry.
Condemning “check-box” vendor risk management and security questionnaires is a hot talking point nowadays. This talk will discuss the related but distinct problems in the TPRM space and offer practical, creative solutions to help deliver high-value outcomes via third-party risk management.
Security practitioners are put in tough positions whether you're new to security or an experienced CISO. Based on "Radical Candor", you'll leave this talk with new perspective on the way security teams are perceived by their peers and how to optimize the good and minimize the unavoidable bad.
In this talk, I’ll discuss hiring trends for Security Engineers and Leaders in 2024, covering metrics like time to hire, interview rounds, formats, and rejection trends. Data comes from 30+ placements at 10+ tech startups, mainly in SF, offering insights into the cybersecurity hiring landscape.
