loading...

Upcoming Events

event image

Talk: Live Hacking: Breaking into Your Web App

Date:  
Time:   -  
Location: goto; Amsterdam

Add to Calendar 07 December 2020 14:20 UTC 07 December 2020 15:00 UTC America/New_York Live Hacking: Breaking into Your Web App Snyk Community community@snyk.io dev-event https://gotoams.nl/2020/sessions/1344/live-hacking-breaking-into-your-web-app 15

SPEAKER: BRIAN VERMEER

Join us for an captivating live hacking session with Brian Vermeer.

In Brian's opinion, open source modules are undoubtedly impressive. However, they also represent an undeniable and massive risk.

Within open source modules you are introducing someone else's code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data.

This talk will use a sample application, Goof, which uses various vulnerable dependencies, which together with Brian, you'll exploit as an attacker would. For each issue, Brian will explain why it happened, show its impact, and – most importantly – see how to avoid or fix it. Brian will live hack exploits like the classic struts vulnerability that recently made it famous, along with Spring Break and several others.

In this talk, you'll learn:

That security is important. Not only for your own code but also the frameworks and libraries you depend on
What might happen when using outdated libraries with known vulnerabilities

------ Link to attend - https://gotoams.nl/2020/sessions/1344/live-hacking-breaking-into-your-web-app

SPEAKER: BRIAN VERMEER

Join us for an captivating live hacking session with Brian Vermeer.

In Brian's opinion, open source modules are undoubtedly impressive. However, they also represent an undeniable and massive risk.

Within open source modules you are introducing someone else's code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data.

This talk will use a sample application, Goof, which uses various vulnerable dependencies, which together with Brian, you'll exploit as an attacker would. For each issue, Brian will explain why it happened, show its impact, and – most importantly – see how to avoid or fix it. Brian will live hack exploits like the classic struts vulnerability that recently made it famous, along with Spring Break and several others.

In this talk, you'll learn:

That security is important. Not only for your own code but also the frameworks and libraries you depend on
What might happen when using outdated libraries with known vulnerabilities

event image

Talk: CENTRALIZED POLICY ENFORCEMENT WITH OPA

Date:  
Time:   -  
Location: DevSecCon Community - Powered by Snyk

Add to Calendar 08 December 2020 17:00 UTC 08 December 2020 18:00 UTC America/New_York CENTRALIZED POLICY ENFORCEMENT WITH OPA Snyk Community community@snyk.io dev-event https://snyk.co/opa-policy-enforcement-SUC 15

The adoption of microservices architecture has continued to increase across the industry in recent years. Governing the behavior of microservices is rather challenging. In addition to our home-born microservices, we also have services that are part of our stack: API gateways, messaging brokers, orchestration tools, and service mesh solutions, to name a few.

Having such a large amount of services can decrease policy compliance’s consistency and make governance harder to maintain, forcing us to redeploy services on each policy change. Enter Open Policy Agent (OPA). OPA is a CNCF incubation project that makes our policy more consistent, and therefore gives us more control over the system. In this talk, we will discuss what is OPA, and explore OPAs’ integrations with all the levels of our cloud-native stack, along with on-stage demos. Join us on this journey to better microservices governance.

Technical Level: Intermediate

Additional Notes: This is a comprehensive talk with a demo, in this talk we will discuss the whole concept of OPA and how it handles authorization policies and governance.

------ Link to attend - https://snyk.co/opa-policy-enforcement-SUC

The adoption of microservices architecture has continued to increase across the industry in recent years. Governing the behavior of microservices is rather challenging. In addition to our home-born microservices, we also have services that are part of our stack: API gateways, messaging brokers, orchestration tools, and service mesh solutions, to name a few.

Having such a large amount of services can decrease policy compliance’s consistency and make governance harder to maintain, forcing us to redeploy services on each policy change. Enter Open Policy Agent (OPA). OPA is a CNCF incubation project that makes our policy more consistent, and therefore gives us more control over the system. In this talk, we will discuss what is OPA, and explore OPAs’ integrations with all the levels of our cloud-native stack, along with on-stage demos. Join us on this journey to better microservices governance.

Technical Level: Intermediate

Additional Notes: This is a comprehensive talk with a demo, in this talk we will discuss the whole concept of OPA and how it handles authorization policies and governance.

event image

AMA: Introducing the Prometheus Exporter for Snyk

Date:  
Time:   -  
Location: Introducing the Prometheus Exporter for Snyk

Add to Calendar 09 December 2020 17:00 UTC 09 December 2020 17:45 UTC America/New_York Introducing the Prometheus Exporter for Snyk Snyk Community community@snyk.io dev-event https://community.snyk.io/snyk/snyklive-09-dec-2020-introducing-the-prometheus-exporter-for-snyk-o86 15

Join the awesome Lunar team - Kasper Nissen and Bjørn Hald Sørensen, alongside Snyk's Matt Jarvis to talk about their open source project - a Prometheus Exporter for Snyk.

Find out more about the project here: https://community.snyk.io/phennex/introducing-the-prometheus-exporter-by-lunar-3emj

And join us for an excellent live event & demo on December 9th | 5PM GMT.

------ Link to attend - https://community.snyk.io/snyk/snyklive-09-dec-2020-introducing-the-prometheus-exporter-for-snyk-o86

Join the awesome Lunar team - Kasper Nissen and Bjørn Hald Sørensen, alongside Snyk's Matt Jarvis to talk about their open source project - a Prometheus Exporter for Snyk.

Find out more about the project here: https://community.snyk.io/phennex/introducing-the-prometheus-exporter-by-lunar-3emj

And join us for an excellent live event & demo on December 9th | 5PM GMT.

event image

Talk: Open Core Summit

Date:  
Time:   -  
Location: Open Core Summit Digital

Add to Calendar 16 December 2020 16:00 UTC 19 December 2020 02:00 UTC America/New_York Open Core Summit Snyk Community community@snyk.io dev-event https://2020.opencoresummit.com/#speakers 15

Speakers: Guy Podjarny, Founder & President @ Snyk, and Alyssa Miller, AppSec Advocate

------ Link to attend - https://2020.opencoresummit.com/#speakers

Speakers: Guy Podjarny, Founder & President @ Snyk, and Alyssa Miller, AppSec Advocate

event image

Talk: Community Summit Tel Aviv 2020

Date:  
Time:   -  
Location: Community Summit Tel Aviv 2020

Add to Calendar 17 December 2020 06:00 UTC 17 December 2020 16:00 UTC America/New_York Community Summit Tel Aviv 2020 Snyk Community community@snyk.io dev-event https://tlvcommunity.dev 15

Co-Organizers: Sharone Zitzman & Simon Maple

Call for Papers is still open until November 12th.

Register Here.

------ Link to attend - https://tlvcommunity.dev

Co-Organizers: Sharone Zitzman & Simon Maple

Call for Papers is still open until November 12th.

Register Here.

event image

Talk: TEDx LSSC - Alyssa Miller Speaking

Date:  
Time:   -  
Location: TEDx LSSC

Add to Calendar 12 February 2021 13:00 UTC 12 February 2021 19:00 UTC America/New_York TEDx LSSC - Alyssa Miller Speaking Snyk Community community@snyk.io dev-event http://tedxlssc.com/2021-tedxlssc-speakers/ 15

SPEAKER: ALYSSA MILLER

------ Link to attend - http://tedxlssc.com/2021-tedxlssc-speakers/

SPEAKER: ALYSSA MILLER

Past Events

event image

AMA: SnykLIVE: Docker & Snyk End-to-End Demo

Date:  
Time:   -  
Location: SnykLIVE: Docker & Snyk End-to-End Demo

Add to Calendar 30 November 2020 17:00 UTC 30 November 2020 17:45 UTC America/New_York SnykLIVE: Docker & Snyk End-to-End Demo Snyk Community community@snyk.io dev-event https://community.snyk.io/snyk/snyklive-30-nov-2020-docker-snyk-end-to-end-demo-4dli 15

What an exciting year for Snyk and Docker - with announcements starting May, and just recently at SnykCon about native integrations with both products, and now we want to show you all of that goodness in action.

Join Eric Smalling from Snyk and Peter McKee from Docker] for an end-to-end walkthrough and demo of all of the recent product integration announcements.

In this session, you'll learn how Docker and Snyk work together to ensure security from first pull of your Docker images all the way through deployment.

You won't want to miss it.

  • Learn more about what we're doing with Docker by following the tag
  • To add to your calendar click here

👉🏾👉🏾 REGISTER TO THE COMMUNITY to be able to participate.👈🏾👈🏾

------ Link to attend - https://community.snyk.io/snyk/snyklive-30-nov-2020-docker-snyk-end-to-end-demo-4dli

What an exciting year for Snyk and Docker - with announcements starting May, and just recently at SnykCon about native integrations with both products, and now we want to show you all of that goodness in action.

Join Eric Smalling from Snyk and Peter McKee from Docker] for an end-to-end walkthrough and demo of all of the recent product integration announcements.

In this session, you'll learn how Docker and Snyk work together to ensure security from first pull of your Docker images all the way through deployment.

You won't want to miss it.

  • Learn more about what we're doing with Docker by following the tag
  • To add to your calendar click here

👉🏾👉🏾 REGISTER TO THE COMMUNITY to be able to participate.👈🏾👈🏾

event image

Talk: Panel Discussion: Minimising Security Risks when Developing your Applications

Date:  
Time:   -  
Location: IBM Developer Meetup Group

Add to Calendar 24 November 2020 16:00 UTC 24 November 2020 18:00 UTC America/New_York Panel Discussion: Minimising Security Risks when Developing your Applications Snyk Community community@snyk.io dev-event https://www.meetup.com/IBM-Developers/events/274433761/?utm_content=145844621&utm_medium=social&utm_source=twitter&hss_channel=tw-2599580401 15

From developers, for developers.

United by our passion for Open Source, we are very excited to be teaming up with Payara for another panel event. In this session we will be discussing all things security. How can you minimise security risks when developing your applications? Let's discuss...

What to expect? An interactive discussion between cloud-native experts, Open Source contributors, and you.

What's on your mind? Join the conversation, ask us your burning questions.

On the panel, we are thrilled to welcome: Rudy De Busscher, Brian Vermeer, and Stefan Liesche.

Rudy De Busscher loves to create (web) applications with the Java EE platform and MicroProfile implementations and is currently working for Payara Services Limited in the Service Team. He helps customers, writes technical content, is part of some MicroProfile implementations and advocates the Payara Products in various ways.
He is active in the IT industry for more than 20 years and created many applications for customers. He is also a big fan of OpenSource and helped in various OpenSource projects like DeltaSpike, PrimeFaces, and Apache Myfaces. He is also passionate about Web Application Security using OAuth2, OpenID Connect, and JWT. He maintains the Octopus OpenSource project and is a member of the Jakarta EE Security API team.

Brian Vermeer, Developer Advocate for Snyk and Software Engineer with over a decade of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. Brian is an Oracle Groundbreaker Ambassador, Utrecht JUG Co-lead, Virtual JUG organizer and Co-lead at DevSecCon. He is a regular international speaker on mostly Java-related conferences like JavaOne, Devnexus, Devoxx, Jfokus, JavaZone and many more. Besides all that Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.

Stefan Liesche is the Architect for IBM Hybrid Cloud on Z. Stefan is focused on security, transparency and protection of data and services in flexible cloud environments. Stefan worked in various areas as Technical leader within IBM, most recently as Chief Architect for IBM Cloud Hyper protect Services and IBMs Watson Talent Portfolio where Stefan was building AI driven solutions that transform recruiting and career decisions within global organisations, that not only enhances quality of decisions, but also allows HR functions to enhance fairness and tackle biases. Stefan also innovated within the Exceptional Web Experience products for several years with a focus on open solutions and integration. Stefan has more than 20 years of experience as technical leader, collaborating with partners and customers through joint projects, as well as within IBM's product development organisation.

Jadon Ortlepp and Miriam Oglesby created this series of panel discussions. Bringing together experts and communities in the spirit of collaboration and open source to share, exchange and discuss hot developer topics.

Join us online.

We look forward to seeing you there!

Joining information:
Navigate to the Crowdcast link, click the 'Save my spot' button to register. Enter your email address or social media login. Check your email for a confirmation and a link to join the event, along with the option to add the event to your calendar.

Instructions on how to setup your device for Crowdcast can be found here: https://www.crowdcast.io/setup

Discover more:
Payara https://www.payara.fish/
Snyk https://www.snyk.io/
IBM Developer https://developer.ibm.com/

Register here for a free IBM Cloud account: https://ibm.biz/BdqUKm
(no credit card required)

------ Link to attend - https://www.meetup.com/IBM-Developers/events/274433761/?utm_content=145844621&utm_medium=social&utm_source=twitter&hss_channel=tw-2599580401

From developers, for developers.

United by our passion for Open Source, we are very excited to be teaming up with Payara for another panel event. In this session we will be discussing all things security. How can you minimise security risks when developing your applications? Let's discuss...

What to expect? An interactive discussion between cloud-native experts, Open Source contributors, and you.

What's on your mind? Join the conversation, ask us your burning questions.

On the panel, we are thrilled to welcome: Rudy De Busscher, Brian Vermeer, and Stefan Liesche.

Rudy De Busscher loves to create (web) applications with the Java EE platform and MicroProfile implementations and is currently working for Payara Services Limited in the Service Team. He helps customers, writes technical content, is part of some MicroProfile implementations and advocates the Payara Products in various ways.
He is active in the IT industry for more than 20 years and created many applications for customers. He is also a big fan of OpenSource and helped in various OpenSource projects like DeltaSpike, PrimeFaces, and Apache Myfaces. He is also passionate about Web Application Security using OAuth2, OpenID Connect, and JWT. He maintains the Octopus OpenSource project and is a member of the Jakarta EE Security API team.

Brian Vermeer, Developer Advocate for Snyk and Software Engineer with over a decade of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. Brian is an Oracle Groundbreaker Ambassador, Utrecht JUG Co-lead, Virtual JUG organizer and Co-lead at DevSecCon. He is a regular international speaker on mostly Java-related conferences like JavaOne, Devnexus, Devoxx, Jfokus, JavaZone and many more. Besides all that Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.

Stefan Liesche is the Architect for IBM Hybrid Cloud on Z. Stefan is focused on security, transparency and protection of data and services in flexible cloud environments. Stefan worked in various areas as Technical leader within IBM, most recently as Chief Architect for IBM Cloud Hyper protect Services and IBMs Watson Talent Portfolio where Stefan was building AI driven solutions that transform recruiting and career decisions within global organisations, that not only enhances quality of decisions, but also allows HR functions to enhance fairness and tackle biases. Stefan also innovated within the Exceptional Web Experience products for several years with a focus on open solutions and integration. Stefan has more than 20 years of experience as technical leader, collaborating with partners and customers through joint projects, as well as within IBM's product development organisation.

Jadon Ortlepp and Miriam Oglesby created this series of panel discussions. Bringing together experts and communities in the spirit of collaboration and open source to share, exchange and discuss hot developer topics.

Join us online.

We look forward to seeing you there!

Joining information:
Navigate to the Crowdcast link, click the 'Save my spot' button to register. Enter your email address or social media login. Check your email for a confirmation and a link to join the event, along with the option to add the event to your calendar.

Instructions on how to setup your device for Crowdcast can be found here: https://www.crowdcast.io/setup

Discover more:
Payara https://www.payara.fish/
Snyk https://www.snyk.io/
IBM Developer https://developer.ibm.com/

Register here for a free IBM Cloud account: https://ibm.biz/BdqUKm
(no credit card required)

event image

Talk: The Future of DevSecOps

Date:  
Time:   -  
Location: DevSecCon Community - Powered by Snyk

Add to Calendar 19 November 2020 17:00 UTC 19 November 2020 18:00 UTC America/New_York The Future of DevSecOps Snyk Community community@snyk.io dev-event https://snyk.co/future-devsecops-SUC 15

This talk provides a brief history of how development, operations and security testing have become highly complex. It continues to outline the key problems with traditional security solutions and why in 2020 companies around the world are still figuring out a good way to manage security as part of rapid development cycles. Specifically, the big challenge of introducing and fixing new security issues versus tackling the existing security dept of existing applications.

To quote Bishop Desmond Tutu, “There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they’re falling in.”

After setting the stage, the remainder of the talk will focus on the paradigm shift that security solutions have to incorporate in order to solve the problem of sustainably secure applications on all layers. This will explore how the elements of Speed, Just in time training, and Data science have to be leveraged to empower development teams around the globe to get ahead for once and finally become able to move fast and be safe at the same time.

The 3 core takeaways for the audience are:

1.) Where security practices have gone wrong so far.

2.) What new technologies will cause a paradigm shift in how security is applied at scale.

3.) How security will look like in 5-10 years.

------ Link to attend - https://snyk.co/future-devsecops-SUC

This talk provides a brief history of how development, operations and security testing have become highly complex. It continues to outline the key problems with traditional security solutions and why in 2020 companies around the world are still figuring out a good way to manage security as part of rapid development cycles. Specifically, the big challenge of introducing and fixing new security issues versus tackling the existing security dept of existing applications.

To quote Bishop Desmond Tutu, “There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they’re falling in.”

After setting the stage, the remainder of the talk will focus on the paradigm shift that security solutions have to incorporate in order to solve the problem of sustainably secure applications on all layers. This will explore how the elements of Speed, Just in time training, and Data science have to be leveraged to empower development teams around the globe to get ahead for once and finally become able to move fast and be safe at the same time.

The 3 core takeaways for the audience are:

1.) Where security practices have gone wrong so far.

2.) What new technologies will cause a paradigm shift in how security is applied at scale.

3.) How security will look like in 5-10 years.

event image

Talk: So Happy Together: Making the Promise of DevSecOps a Reality

Date:  
Time:   -  
Location: DevSecOps Summit

Add to Calendar 19 November 2020 17:00 UTC 19 November 2020 17:45 UTC America/New_York So Happy Together: Making the Promise of DevSecOps a Reality Snyk Community community@snyk.io dev-event https://agiledevopseast.techwell.com/program/devsecops-summit 15

SPEAKER: ALYSSA MILLER

It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application...

------ Link to attend - https://agiledevopseast.techwell.com/program/devsecops-summit

SPEAKER: ALYSSA MILLER

It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application...

event image

Talk: GitOps and Security

Date:  
Time:   -  
Location: GitOps Days 2020

Add to Calendar 12 November 2020 11:00 UTC 12 November 2020 12:00 UTC America/New_York GitOps and Security Snyk Community community@snyk.io dev-event https://www.gitopsdays.com/speaker/matt-jarvis/ 15

Speaker: Matt Jarvis

------ Link to attend - https://www.gitopsdays.com/speaker/matt-jarvis/

Speaker: Matt Jarvis

event image

Talk: Alyssa Miller Speaking

Date:  
Time:   -  
Location: IIA/ISACA CHICAGO CHAPTER’S 7TH ANNUAL HACKING CONFERENCE

Add to Calendar 09 November 2020 11:00 UTC 10 November 2020 21:00 UTC America/New_York Alyssa Miller Speaking Snyk Community community@snyk.io dev-event https://engage.isaca.org/chicagochapter/events/eventdescription?CalendarEventKey=7faa265a-2101-4d09-8d74-8a0c79130b27 15

SPEAKER: ALYSSA MILLER

Please save the date for the IIA/ISACA Chicago Chapter’s 7th Annual Hacking Conference. Last year’s record attendance was a huge success and we look forward to seeing everyone again!

Date: Monday/Tuesday, November 9-10, 2020

Time: 7-8 am Registration and Breakfast; 8 am-5 pm Educational Sessions; 5 pm Reception (9th only)

------ Link to attend - https://engage.isaca.org/chicagochapter/events/eventdescription?CalendarEventKey=7faa265a-2101-4d09-8d74-8a0c79130b27

SPEAKER: ALYSSA MILLER

Please save the date for the IIA/ISACA Chicago Chapter’s 7th Annual Hacking Conference. Last year’s record attendance was a huge success and we look forward to seeing everyone again!

Date: Monday/Tuesday, November 9-10, 2020

Time: 7-8 am Registration and Breakfast; 8 am-5 pm Educational Sessions; 5 pm Reception (9th only)

event image

Talk: Know thy neighbours: dependency management done right

Date:  
Time:   -  
Location: Devoxx Ukraine 2020

Add to Calendar 07 November 2020 14:20 UTC 07 November 2020 15:10 UTC America/New_York Know thy neighbours: dependency management done right Snyk Community community@snyk.io dev-event https://devoxx.com.ua/speaker-details/?id=6189 15

SPEAKER: BRIAN VERMEER

We all love scaffolders like Spring Boot Initialzr. It creates a brand new app with all the latest versions of the libraries we need to get going, enabling us to build awesome applications quickly. But after creating our initial application who is responsible for the dependency management and what happens over time when new features get added. How can we make sure this large proportion of your application gets the attention and testing needed to ensure we deliver and maintain a secure and functional application.

In this session, we look at the best practices of how to build a proper dependency management strategy. How to pick your application dependencies, keep them up to date, and clean out manifest files with tons of dependencies. And maybe even more important, what are the consequences of not being on top of this?

------ Link to attend - https://devoxx.com.ua/speaker-details/?id=6189

SPEAKER: BRIAN VERMEER

We all love scaffolders like Spring Boot Initialzr. It creates a brand new app with all the latest versions of the libraries we need to get going, enabling us to build awesome applications quickly. But after creating our initial application who is responsible for the dependency management and what happens over time when new features get added. How can we make sure this large proportion of your application gets the attention and testing needed to ensure we deliver and maintain a secure and functional application.

In this session, we look at the best practices of how to build a proper dependency management strategy. How to pick your application dependencies, keep them up to date, and clean out manifest files with tons of dependencies. And maybe even more important, what are the consequences of not being on top of this?

event image

Talk: From Barista to Cyber Security Pro, Breaking the Entry Level Barrier

Date:  
Time:   -  
Location: BSides Orlando

Add to Calendar 07 November 2020 14:00 UTC 07 November 2020 15:00 UTC America/New_York From Barista to Cyber Security Pro, Breaking the Entry Level Barrier Snyk Community community@snyk.io dev-event https://2020.bsidesorlando.org/#/speakers?lang=en&speakerId=17525000000674021 15

SPEAKER: ALYSSA MILLER
If you're a barista that has never worked in a tech job, how do you land a role in security? What if I told you there are skills you have that apply directly to roles in security. In this session we're going to get into some real talk about landing your first security gig. We will analyze the challenges that aspiring security professionals need to overcome in order to find their way into an entry level position. We'll look at the issues of job descriptions, certifications, degrees, and other job search related challenges. We'll analyze data from a recent primary research to better understand how education, certifications, mentoring, and other characteristics impact the job search. Finally we'll use that information to share tangible real strategies you can use to overcome those hiring obstacles.

------ Link to attend - https://2020.bsidesorlando.org/#/speakers?lang=en&speakerId=17525000000674021

SPEAKER: ALYSSA MILLER
If you're a barista that has never worked in a tech job, how do you land a role in security? What if I told you there are skills you have that apply directly to roles in security. In this session we're going to get into some real talk about landing your first security gig. We will analyze the challenges that aspiring security professionals need to overcome in order to find their way into an entry level position. We'll look at the issues of job descriptions, certifications, degrees, and other job search related challenges. We'll analyze data from a recent primary research to better understand how education, certifications, mentoring, and other characteristics impact the job search. Finally we'll use that information to share tangible real strategies you can use to overcome those hiring obstacles.

event image

Talk: SECURING CONTAINERS BY BREAKING IN

Date:  
Time:   -  
Location: JFALL Virtual

Add to Calendar 05 November 2020 15:10 UTC 05 November 2020 15:50 UTC America/New_York SECURING CONTAINERS BY BREAKING IN Snyk Community community@snyk.io dev-event https://jfall.nl/sessions/securing-containers-by-breaking-in/ 15

SPEAKER: BRIAN VERMEER

There’s no better way to understand container security than seeing some live hacking! This session introduces the state of docker security by reviewing vulnerabilities in Docker images and their impact on applications and demonstrates via hands-on live hacking. This session further provides the audience with security best practices when building docker container images, and each successful hack will help you better understand the mistakes you can make, their implications, and how you can avoid them.

------ Link to attend - https://jfall.nl/sessions/securing-containers-by-breaking-in/

SPEAKER: BRIAN VERMEER

There’s no better way to understand container security than seeing some live hacking! This session introduces the state of docker security by reviewing vulnerabilities in Docker images and their impact on applications and demonstrates via hands-on live hacking. This session further provides the audience with security best practices when building docker container images, and each successful hack will help you better understand the mistakes you can make, their implications, and how you can avoid them.

event image

Talk: So Happy Together: Making the promise of DevSecOps a reality

Date:  
Time:   -  
Location: ISACA - 2020 Virtual IT Security & Risk Symposium, Atlantic Provinces Chapter

Add to Calendar 02 November 2020 16:00 UTC 02 November 2020 16:45 UTC America/New_York So Happy Together: Making the promise of DevSecOps a reality Snyk Community community@snyk.io dev-event https://www.isacaconference.ca/schedule/ 15

SPEAKER: ALYSSA MILLER

It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application security advocate Alyssa Miller dives into the key issues that keep DevSecOps culture from becoming a reality. She’ll provide insights from recent studies that have looked at the state of DevSecOps and share evidence that organizations are still failing to mature their processes in order to achieve the ideals of a shared responsibility culture. Through her analysis, Alyssa identifies tangible, practical actions that organizations can take immediately to begin improving collaboration and enablement within the DevSecOps pipeline. Alyssa will demonstrate what steps can be taken to create mutual enablement between Development, Security, and Operations disciplines. Finally, Alyssa delivers a forward-looking viewpoint for what lies beyond DevSecOps, and how this culture can be cultivated and extended into the broader business.

------ Link to attend - https://www.isacaconference.ca/schedule/

SPEAKER: ALYSSA MILLER

It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application security advocate Alyssa Miller dives into the key issues that keep DevSecOps culture from becoming a reality. She’ll provide insights from recent studies that have looked at the state of DevSecOps and share evidence that organizations are still failing to mature their processes in order to achieve the ideals of a shared responsibility culture. Through her analysis, Alyssa identifies tangible, practical actions that organizations can take immediately to begin improving collaboration and enablement within the DevSecOps pipeline. Alyssa will demonstrate what steps can be taken to create mutual enablement between Development, Security, and Operations disciplines. Finally, Alyssa delivers a forward-looking viewpoint for what lies beyond DevSecOps, and how this culture can be cultivated and extended into the broader business.

event image

Talk: Keynote Speaker - Alyssa Miller

Date:  
Time:   -  
Location: WSC 7th Annual Cyberjutsu Awards

Add to Calendar 30 October 2020 21:00 UTC 30 October 2020 22:00 UTC America/New_York Keynote Speaker - Alyssa Miller Snyk Community community@snyk.io dev-event https://womenscyberjutsu.org/events/EventDetails.aspx?id=1427353&group= 15

SPEAKER: ALYSSA MILLER

Alyssa Miller (CISM) is a life-long hacker, security advocate, author, and public speaker with almost 15 years of experience in security roles. She has always had a passion for deconstructing technology, particularly since buying her first computer at the age of 12 teaching herself BASIC programming. In her career, Alyssa has performed all forms of security assessments but given her developer background, she has a dedication to application security. She specializes in working with business and security leaders to design and deploy effective security programs that strengthen enterprise security posture. She is currently an Application Security Advocate for London-based Snyk Ltd.

Alyssa is committed to advocating for improving security practices and the community. Not only does she speak internationally at various industry, vendor and corporate events, Alyssa also engages in the community through her online content, media appearances, and security community activism. Her journey through security was recently featured in Cybercrime Magazine. She’s also been recognized in Peerlyst’s e-Book “50 Influential Penetration Testers”. Alyssa is chapter leader for Women of Security (WoSEC), Advisory Board Member for BlueTeam Con, and a member of the WiCyS Racial Equity Committee.

------ Link to attend - https://womenscyberjutsu.org/events/EventDetails.aspx?id=1427353&group=

SPEAKER: ALYSSA MILLER

Alyssa Miller (CISM) is a life-long hacker, security advocate, author, and public speaker with almost 15 years of experience in security roles. She has always had a passion for deconstructing technology, particularly since buying her first computer at the age of 12 teaching herself BASIC programming. In her career, Alyssa has performed all forms of security assessments but given her developer background, she has a dedication to application security. She specializes in working with business and security leaders to design and deploy effective security programs that strengthen enterprise security posture. She is currently an Application Security Advocate for London-based Snyk Ltd.

Alyssa is committed to advocating for improving security practices and the community. Not only does she speak internationally at various industry, vendor and corporate events, Alyssa also engages in the community through her online content, media appearances, and security community activism. Her journey through security was recently featured in Cybercrime Magazine. She’s also been recognized in Peerlyst’s e-Book “50 Influential Penetration Testers”. Alyssa is chapter leader for Women of Security (WoSEC), Advisory Board Member for BlueTeam Con, and a member of the WiCyS Racial Equity Committee.

event image

Talk: Texas Container Massacre: Terrifying tales of containers and other stories from the field

Date:  
Time:   -  
Location: Software Circus: Nightmares on Cloud Street

Add to Calendar 29 October 2020 17:30 UTC 29 October 2020 18:00 UTC America/New_York Texas Container Massacre: Terrifying tales of containers and other stories from the field Snyk Community community@snyk.io dev-event https://www.softwarecircus.io/ 15

SPEAKER: ERIC SMALLING

Explore a world of dystopian examples where the dream of modernizing legacy applications with containers turned into implementation nightmares and how they clawed their way back out of the grave.
Examples:

  • Pharmaceutical web-app team miscalculates JVM heap and Java Garbage Collection drives Out-Of-Memory killings
  • Vendor application licensing costs skyrocket when run in an orchestrated container cluster
  • Bank learns how not to scan and patch vendor’s middleware platform in live running containers
  • Data scientists create Frankenstein’s monster treating containers like VMs
  • Financial company tries to cut corners licensing by putting all of their eggs containers in just a few baskets servers and is brought to its knees when disaster strikes
  • Never expose your network underbelly to your enemies; A.K.A. Just because your CNI can do clever tricks doesn’t mean you should!
------ Link to attend - https://www.softwarecircus.io/

SPEAKER: ERIC SMALLING

Explore a world of dystopian examples where the dream of modernizing legacy applications with containers turned into implementation nightmares and how they clawed their way back out of the grave.
Examples:

  • Pharmaceutical web-app team miscalculates JVM heap and Java Garbage Collection drives Out-Of-Memory killings
  • Vendor application licensing costs skyrocket when run in an orchestrated container cluster
  • Bank learns how not to scan and patch vendor’s middleware platform in live running containers
  • Data scientists create Frankenstein’s monster treating containers like VMs
  • Financial company tries to cut corners licensing by putting all of their eggs containers in just a few baskets servers and is brought to its knees when disaster strikes
  • Never expose your network underbelly to your enemies; A.K.A. Just because your CNI can do clever tricks doesn’t mean you should!
event image

Talk: Keynote: What’s In Your Software?

Date:  
Time:   -  
Location: Virtual CISO 360

Add to Calendar 28 October 2020 12:30 UTC 28 October 2020 13:00 UTC America/New_York Keynote: What’s In Your Software? Snyk Community community@snyk.io dev-event https://www.pulseconferences.com/conference/ciso-360-virtual/programme-ciso-360-virtual/ 15

SPEAKER: ALYSSA MILLER

Tracking the software and software components an organisation uses in its products and its operations is crucial for responding to emergency threats. However, building and maintaining these Software Bills of Materials (SBOMs) is very challenging, especially across large enterprises. In this session, Alyssa Miller discusses the hidden threats in the Software Supply Chain, and analyzes some of the unique challenges of open source software, IoT and Medical devices, and Industrial Control Systems. She’ll share real world strategies and risk mitigations that organizations should employ to address these threats and reduce the risks associated with them.

------ Link to attend - https://www.pulseconferences.com/conference/ciso-360-virtual/programme-ciso-360-virtual/

SPEAKER: ALYSSA MILLER

Tracking the software and software components an organisation uses in its products and its operations is crucial for responding to emergency threats. However, building and maintaining these Software Bills of Materials (SBOMs) is very challenging, especially across large enterprises. In this session, Alyssa Miller discusses the hidden threats in the Software Supply Chain, and analyzes some of the unique challenges of open source software, IoT and Medical devices, and Industrial Control Systems. She’ll share real world strategies and risk mitigations that organizations should employ to address these threats and reduce the risks associated with them.

event image

Talk: KEYNOTE ADDRESS: So Happy Together: Making the Promise of DevSecOps a Reality

Date:  
Time:   -  
Location: Information Security Summit

Add to Calendar 28 October 2020 07:00 UTC 28 October 2020 08:00 UTC America/New_York KEYNOTE ADDRESS: So Happy Together: Making the Promise of DevSecOps a Reality Snyk Community community@snyk.io dev-event https://whova.com/embedded/session/infor_202010/1065624/?view= 15

SPEAKER: ALYSSA MILLER

It wasn’t long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security.Hacker, former developer, and application security advocate Alyssa Miller dives into the key issues that keep DevSecOps culture from becoming a reality. She’ll provide insights from recent studies that have looked at the state of DevSecOps and share evidence that organizations are still failing to mature their processes in order to achieve the ideals of a shared responsibility culture.

------ Link to attend - https://whova.com/embedded/session/infor_202010/1065624/?view=

SPEAKER: ALYSSA MILLER

It wasn’t long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security.Hacker, former developer, and application security advocate Alyssa Miller dives into the key issues that keep DevSecOps culture from becoming a reality. She’ll provide insights from recent studies that have looked at the state of DevSecOps and share evidence that organizations are still failing to mature their processes in order to achieve the ideals of a shared responsibility culture.

event image

Talk: SnykCon 2020

Date:  
Time:   -  
Location: Online Event

Add to Calendar 21 October 2020 13:00 UTC 22 October 2020 19:10 UTC America/New_York SnykCon 2020 Snyk Community community@snyk.io dev-event https://snyk.co/snykcon-community 15

Snyk's very own, first-ever user conference. It will EPIC. Join us!

Join the world’s strongest community of DevSecOps practitioners and leaders for this two-day event.

------ Link to attend - https://snyk.co/snykcon-community

Snyk's very own, first-ever user conference. It will EPIC. Join us!

Join the world’s strongest community of DevSecOps practitioners and leaders for this two-day event.

event image

Talk: REALITY LOST: DEEPFAKES CHANGING THE FACE OF ATTACKS

Date:  
Time:   -  
Location: Hacker Halted

Add to Calendar 21 October 2020 02:00 UTC 21 October 2020 02:45 UTC America/New_York REALITY LOST: DEEPFAKES CHANGING THE FACE OF ATTACKS Snyk Community community@snyk.io dev-event https://www.hackerhalted.com/ 15

SPEAKER: ALYSSA MILLER

Deepfake media and the neural networks that create it, are fundamentally changing how we think about security defenses. Learn how this media is created, how it can be detected and possibly prevented, as well as methods to defend against the threats. We’ll even see how this tech can be used for good.

------ Link to attend - https://www.hackerhalted.com/

SPEAKER: ALYSSA MILLER

Deepfake media and the neural networks that create it, are fundamentally changing how we think about security defenses. Learn how this media is created, how it can be detected and possibly prevented, as well as methods to defend against the threats. We’ll even see how this tech can be used for good.

event image

Talk: Live Hack: Finding Security Vulnerabilities Before They Find You!

Date:  
Time:   -  
Location: Codemotion Online 2020

Add to Calendar 21 October 2020 00:00 UTC 22 October 2020 23:59 UTC America/New_York Live Hack: Finding Security Vulnerabilities Before They Find You! Snyk Community community@snyk.io dev-event https://www.codemotion.com/talks/live-hack-finding-security-vulnerabilities-before-they-find-you-15382 15

SPEAKER: BRIAN VERMEER

Open-source modules are undoubtedly awesome. However, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data. This talk will use a sample application, Goof, which uses various vulnerable dependencies, which we will exploit as an attacker would. For each issue, we'll explain why it happened, show its impact, and – most importantly – see how to avoid or fix it. We'll live hack exploits

------ Link to attend - https://www.codemotion.com/talks/live-hack-finding-security-vulnerabilities-before-they-find-you-15382

SPEAKER: BRIAN VERMEER

Open-source modules are undoubtedly awesome. However, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data. This talk will use a sample application, Goof, which uses various vulnerable dependencies, which we will exploit as an attacker would. For each issue, we'll explain why it happened, show its impact, and – most importantly – see how to avoid or fix it. We'll live hack exploits

event image

Talk: So Happy Together: Making the Promise of DevSecOps a Reality

Date:  
Time:   -  
Location: All Things Open

Add to Calendar 20 October 2020 16:30 UTC 20 October 2020 17:15 UTC America/New_York So Happy Together: Making the Promise of DevSecOps a Reality Snyk Community community@snyk.io dev-event https://community.snyk.io/live 15

SPEAKER: ALYSSA MILLER

------ Link to attend - https://community.snyk.io/live

SPEAKER: ALYSSA MILLER

event image

Talk: Hacktoberfest Tuesday

Date:  
Time:   -  
Location: Hacktoberfest Tuesday

Add to Calendar 20 October 2020 16:00 UTC 20 October 2020 19:00 UTC America/New_York Hacktoberfest Tuesday Snyk Community community@snyk.io dev-event https://nexmo.dev/36JlwmF 15

SPEAKER: LIRAN TAL

In this talk Liran discusses how a weekend side-project turned into 1500 stars github repository with over 21 contributors! How and why did it succeed?

------ Link to attend - https://nexmo.dev/36JlwmF

SPEAKER: LIRAN TAL

In this talk Liran discusses how a weekend side-project turned into 1500 stars github repository with over 21 contributors! How and why did it succeed?

event image

Talk: Know thy neighbors: dependency management done right

Date:  
Time:   -  
Location: GOTO Night

Add to Calendar 19 October 2020 17:00 UTC 19 October 2020 18:00 UTC America/New_York Know thy neighbors: dependency management done right Snyk Community community@snyk.io dev-event https://gotoams.nl/2020/pages/goto-night-know-thy-neighbors-dependency-management-done-right 15

SPEAKER: BRIAN VERMEER

We all love scaffolders. Creating a brand new app with all the latest versions of the libraries we need to get going, enabling us to build awesome applications quickly. But after creating our initial application who is responsible for the dependency management and what happens over time when new features get added.

How can we make sure this large proportion of your application gets the attention needed to ensure we keep a secure and functional application. In this session, we look at how to build a proper dependency management strategy. And what are the consequences of not being on top of this?

Agenda
17.00 | Welcome to this GOTO Night with Brian Vermeer
17.05 | Brian Vermeer's talk begins
17.30 | Live Q&A session with Brian Vermeer
17:55 | Thank you for joining us in this GOTO Night

------ Link to attend - https://gotoams.nl/2020/pages/goto-night-know-thy-neighbors-dependency-management-done-right

SPEAKER: BRIAN VERMEER

We all love scaffolders. Creating a brand new app with all the latest versions of the libraries we need to get going, enabling us to build awesome applications quickly. But after creating our initial application who is responsible for the dependency management and what happens over time when new features get added.

How can we make sure this large proportion of your application gets the attention needed to ensure we keep a secure and functional application. In this session, we look at how to build a proper dependency management strategy. And what are the consequences of not being on top of this?

Agenda
17.00 | Welcome to this GOTO Night with Brian Vermeer
17.05 | Brian Vermeer's talk begins
17.30 | Live Q&A session with Brian Vermeer
17:55 | Thank you for joining us in this GOTO Night