QCon10Years
Conference:March 7-9, 2016
Workshops:March 10-11, 2016
Sign up to be informed when registration opens for QCon London 2017 (3/6 - 3/10)

Speaker: Shubham Shah

Security Analyst @BishopFox
Shubham Shah is a Security Analyst at Bishop Fox, a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. Shubham’s primary areas of expertise are application security assessment, source code review, and mobile application security. Shubham is a former bug bounty hunter who has submitted high-critical risk bugs to the bug bounties of large corporations such as PayPal, Facebook, and Microsoft. The InfoSec Institute named him as one of “Fifteen Famous Bug Bounty Hunters.” He regularly conducts web application security research and frequently contributes to the security of open-source projects. He has presented at Ruxcon, Wahckon and Kiwicon. Shubham is known in Australia for his identification of high-profile vulnerabilities in the infrastructures of major mobile telecommunication companies. Prior to joining Bishop Fox, Shubham worked at EY. At EY, he performed web application security assessments and application penetration tests. Additionally, Shubham has been a contractor for companies such as Atlassian. As a contractor, he conducted external web application security penetration tests. Shubham also develops and maintains open-source projects such as Websec Weekly that assist the web application security industry.

Find Shubham Shah at

http://shubh.am/
@infosec_au
LinkedIn

Talk: Nihilist’s Guide to Wrecking Humans and Systems

Track: Security, Incident Response & Fraud Detection
Location: Windsor, 5th flr.
Day of week: Tuesday
Duration: 5:25pm - 6:15pm

The fault of the computer system is that it can only follow instructions. The fault of the human is that it can only make judgement calls. When we think about this in relation to information security, it presents an interesting opportunity to destructively combine the two and use it for evil.

We often assume that out of all the elements within our organisations and systems, people are most likely to expose us to risk. People create technical systems and people man these systems. The problem? We almost always focus on human and technical threats as separate risks and don’t consider the harm that can be done when combined.

Together, we will explore how social engineering can be used in conjunction with technical attacks to create sophisticated and destructive attack chains, share some real world scenarios and talk about what we’re doing wrong to protect against these threats. We will show you how a seemingly innocent phone call can lead to complete internal network compromise, how a purposely bad phishing email can be utilised to your benefit, and how people are generally bad at trust and computers.

Other talks from the same track

Security Open Space
Author of The Core Protocols: A Guide to Greatness
Richard Kasperowski
Automating Security at Slack
Security at Slack Technologies, Inc
Ryan Huber
Nihilist’s Guide to Wrecking Humans and Systems
Penetration Tester & Social Engineer @BishopFox
Christina Camilleri
Bitcoin Security: 1/10th cent to a billion dollars
Head of Special Projects @Coinbase
Olaf Carlson-Wee
Building a Modern Security Engineering Team
Founder & CSO @SignalSciences, Previously @Etsy
Zane Lackey
Real-Time Fraud Detection with Graphs
Chief Scientist @Neo4j
Jim Webber

Tracks

Covering innovative topics

Monday, 7 March

Tuesday, 8 March

Wednesday, 9 March

FULL SCHEDULE

Conference for Professional Software Developers

Follow QCon

Contact

Menu

QCons around the World

Qcon