Past Presentations

How Performance Optimizations Shatter Security Boundaries

With the customers demand of high-performance computing, CPU manufacturers deploy more and more sophisticated optimizations in their processors to increase the performance as much as possible. However, these performance optimizations often come with the downside of enabling side-channel attacks...

Moritz Lipp Researcher in Information Security at Graz University of Technology
Guardians of the Galaxy: Architecting a Culture of Secure Software

We are living in the age of technology. We are the engineers that will build the incredible machines, once the realm of science fiction. These systems will process our most sensitive information and help us stay healthier, more sustainable and explore the universe. As we embark on this...

Laura Bell Founder of SafeStack
A Continuation of Devops: Policy as Code

Organisations large and small are embracing devops and agile practices and transforming themselves into software companies. As part of that movement many organisations have embraced infrastructure as code, the idea that rather than systems administrators managing...

Gareth Rushgrove Product Manager @Docker
Speed The Right Way: Design and Security in Agile

“Blame the programmer” was an emerging theme in the security breaches of the last year placing coders and “their bugs” squarely in the security spotlight. But what is upstream of implementation bugs of causing these security issues? Application architecture and design. Effective...

Kevin Gilpin Enterprise Software Engineer
Securing Services Using SSO

As BuzzFeed transitioned to microservices it needed to secure a growing number of internal tools. Our first solution was an open source auth service deployed in front of each app, but this approach had a number of scaling issues. The talk will discuss sso, our open-source, homegrown, centralized...

Shraya Ramani Software Engineer @BuzzFeed
How to Backdoor Invulnerable Code

It is easy to think that securing a product relies on writing code without vulnerabilities and it's true that this is a very important aspect, but a secure product relies on more than just the code written. To an attacker every aspect involved in the development process, from the human element to...

Josh Schwartz Director of Offensive Security @Salesforce


Moritz Lipp Researcher in Information Security at Graz University of Technology

How Performance Optimizations Shatter Security Boundaries

What is the focus of your work today?

The work of our Secure Systems group at Graz University of Technology focuses on the secure and efficient implementation of (cryptographic) algorithms, security architectures as well as side-channel and fault attacks. Personally, my main focus is on microarchitectural side-channel attacks on personal computers and mobile devices. We...

Read Full Interview
Sonya Moisset Lead Security Engineer @Photobox / Tech Lead @PrideInLondon

Keep Calm and Secure Your CI/CD Pipeline

What is the work that you are doing today?

In my day job, I'm the lead security engineer at Photobox. I'm in charge of application security, cloud security and network security within my team. And for Pride in London, I'm the tech lead and the security manager. I take care of the website and the application, manage a team of fifteen developers and implement features...

Read Full Interview
Katy Anton Principal Application Security Consultant @Veracode

Security Vulnerabilities Decomposition

What is the work you're doing today?

Today I work as an application security consultant at Veracode. As part of my job, I help developers and software architects to secure their software. I work with development teams and help them fix correctly the security flaws identified by automated tools, to ensure that they have been remediated in a secure manner.

Read Full Interview
Jean-Philippe Aumasson Author of "Serious Cryptography", Designer of Hash Functions BLAKE3 and BLAKE2

The Quantum Risk & Future Post-Quantum Standards

What is the work that you're doing today?

My specialty is applied cryptography and more generally, information security. I'm running a startup company called Teserakt, which specializes in security for IoT systems. We do a new type of protocol to provide end-to-end encryption in the IoT context to protect data from the data producer to the data consumer.

Read Full Interview
Marisa Fagan Product Security Lead @Synopsys

Security Champions: Only YOU Can Prevent File Forgery

What is the focus of the work that you do today?

Right now I'm working at Synopsis on a team called Product Security, and the focus of our work is to increase the amount of security activities that the engineering team is doing for our products. Our goal is to make the most secure product possible and to increase the security mindset of our employees in the engineering department for...

Read Full Interview
Want to keep in touch with more QCon London 2021 announcements?