Past Presentations

How to Backdoor Invulnerable Code

It is easy to think that securing a product relies on writing code without vulnerabilities and it's true that this is a very important aspect, but a secure product relies on more than just the code written. To an attacker every aspect involved in the development process, from the human element to...

Josh Schwartz Director of Offensive Security @Salesforce
The Evolving Practice of Security

As technology has evolved from on-premise data centres to cloud native systems, the practices of managing that technology has evolved giving us benefits like continuous integration and deployment and configuration as code and cloud orchestration platforms. But security practices have generally...

Michael Brunton-Spall Independent Security Consultant, previously Deputy Director for Technology and Operation, & Head of CyberSecurity of Government Digital Service
Building Secure Player Experiences At Riot Games

In this talk, David will give you an overview of the Riot Games Application Security program. The talk will focus on the tech and social aspects of the program and why David feels both are important when it comes to writing secure code. Specifically David will talk about how we define Application...

David Rook Head of Application Security @RiotGames
The Three Faces of DevSecOps

DevSecOps is the buzzword du jour in the world of security. Organisations increasingly understand that if you transform development and embrace DevOps, you must transform security as well. Failing to do so would either leave you insecure, or make your security controls negate the speed you aimed...

Guy Podjarny Co-founder @SnykSec, previously CTO @Akamai
This Will Cut You: Go's Sharper Edges

An expression of function within a software ecosystem is inextricably bound to the lexicon used to express it. I explore how distinct, exploitable misuse patterns arise in software languages, and through example in Go – in particular a quietly prevalent and worryingly effective denial of...

Thomas Shadwell Security Engineer @Twitch
Designing Secure Architectures the Modern Way, Regardless of Stack

This talk aims to attack two typical conflicts any security architect is well familiar with: 1. Most of the design thinking for preventing security incidents and performance bottlenecks focuses on avoiding known risks in a known way. However, most of the time this approach leads to...

Eugene Pilyankevich CTO @cossacklabs, Building Applied Cryptographic / Data Security Tooling


Marisa Fagan Product Security Lead @Synopsys

Security Champions: Only YOU Can Prevent File Forgery

What is the focus of the work that you do today?

Right now I'm working at Synopsis on a team called Product Security, and the focus of our work is to increase the amount of security activities that the engineering team is doing for our products. Our goal is to make the most secure product possible and to increase the security mindset of our employees in the engineering department for...

Read Full Interview
Moritz Lipp Researcher in Information Security at Graz University of Technology

How Performance Optimizations Shatter Security Boundaries

What is the focus of your work today?

The work of our Secure Systems group at Graz University of Technology focuses on the secure and efficient implementation of (cryptographic) algorithms, security architectures as well as side-channel and fault attacks. Personally, my main focus is on microarchitectural side-channel attacks on personal computers and mobile devices. We...

Read Full Interview
Sonya Moisset Lead Security Engineer @Photobox / Tech Lead @PrideInLondon

Keep Calm and Secure Your CI/CD Pipeline

What is the work that you are doing today?

In my day job, I'm the lead security engineer at Photobox. I'm in charge of application security, cloud security and network security within my team. And for Pride in London, I'm the tech lead and the security manager. I take care of the website and the application, manage a team of fifteen developers and implement features...

Read Full Interview
Katy Anton Principal Application Security Consultant @Veracode

Security Vulnerabilities Decomposition

What is the work you're doing today?

Today I work as an application security consultant at Veracode. As part of my job, I help developers and software architects to secure their software. I work with development teams and help them fix correctly the security flaws identified by automated tools, to ensure that they have been remediated in a secure manner.

Read Full Interview
Jean-Philippe Aumasson Author of "Serious Cryptography", Designer of Hash Functions BLAKE3 and BLAKE2

The Quantum Risk & Future Post-Quantum Standards

What is the work that you're doing today?

My specialty is applied cryptography and more generally, information security. I'm running a startup company called Teserakt, which specializes in security for IoT systems. We do a new type of protocol to provide end-to-end encryption in the IoT context to protect data from the data producer to the data consumer.

Read Full Interview
Want to keep in touch with more QCon London 2021 announcements?