Build resilient systems at scale
May 27–29, 2015 • Santa Clara, CA

security conference sessions

2:40pm–3:20pm Thursday, 05/28/2015
Tim Prendergast (
The rise of programmatic infrastructure and services has created a rift in the industry between business acceleration and risk aversion/mitigation. The rate at which technology teams consume, manipulate, and iterate infrastructure now far exceeds traditional security technologies. A new approach to security, a DevOps approach, can marry these aspects of business together again in amazing ways.
9:00am–10:30am Wednesday, 05/27/2015
Michael Brunton-Spall (Bruntonspall Ltd)
Slides:   1-PDF 
As we move towards architectures designed to cope with changing requirements, and eternal services that go live and iterate, how can we manage change in a secure way? How can we possibly build secure systems in this environment?
1:45pm–2:25pm Thursday, 05/28/2015
Eric Lawrence (Google)
Slides:   1-PPT    external link
Securing your websites and services using HTTPS has never been more important, or more complicated. Learn the best practices for using HTTPS today, from ciphers and hash algorithms to new browser features like HSTS and PKP. Explore how attackers circumvent HTTPS, and what you can do to help protect your visitors.
4:10pm–4:50pm Thursday, 05/28/2015
Douglas Barth (Stripe)
With systems moving to the cloud, securing network traffic is becoming more difficult using traditional hub-and-spoke architectures because the network layout might not be under your control. PagerDuty solved this problem using an IPSec mesh network. Come find out how we did it.
5:05pm–5:45pm Thursday, 05/28/2015
Lukasz Pater (CERN)
The Large Hadron Collider at CERN (Geneva, Switzerland) is the ultimate blackboard for physicists all over the world. The maintenance of the biggest machine ever built wouldn't be possible without dedicated mobile interfaces used by technicians every day. Discover our techniques, lessons learned, and solutions to quickly deliver robust mobile applications in this very challenging environment.
11:50am–12:30pm Thursday, 05/28/2015
Jen Andre (Komand)
Are you using Docker today or looking to dip your toes in? Maybe you’ve heard some debate about whether or not Docker is ‘secure’ enough for production deployments. What does this mean? Jen will give you an overview of the Docker security model, a dive into the potential risks, and the tools that are available within the Docker ecosystem to help run Docker containers securely.
5:05pm–5:45pm Thursday, 05/28/2015
Mike Arpaia (Kolide)
There's a common misconception in information security that trade secrets, institutional knowledge, and internal software all need to stay secret in order to maintain a strong level of security and safety from malicious hackers. In this session, we'll discuss osquery, a popular Facebook open source project, which supports organizations taking their security into their own hands.
9:35am–9:55am Thursday, 05/28/2015
Laura Bell (SafeStack)
Slides:   1-PPTX 
Sometimes the best way to build a resilient application is to repeatedly break it. What if building secure applications needs the same sort of destructive play? This talk explains why, to protect organizations and applications from modern security threats, we don’t just need to defend our applications--we need to destroy them first.
11:00am–12:30pm Wednesday, 05/27/2015
Kurt Andersen (LinkedIn)
Slides:   external link
The email world has been changing over the last 10 years to thwart its exploitation by abusers and spammers. Domain authentication is the biggest step in this evolution. This tutorial will help you know what to require of vendors or to implement in your own systems to ensure that you can effectively deliver your message to your end users--reliably, safely, and while protecting your brand identity.

Related blog posts

One of the sessions featured at this year’s Velocity conference in Santa Clara is titled, HTTPS in 2015, and it’s likely to cause most web engineers to recall Heartbleed and recent other SSL/TLS security issues. But does HTTPS really matter beyond protecting web logins, user accounts and traditionally secured content? Eric Lawrence, former security program manager for the Internet Explorer Browser, says it does. . Read more
Laura Bell has nearly a decade of information security experience and specializes in bringing security survival skills, practices and culture into organizations of every shape and size, and she will be keynoting at Velocity in Santa Clara. I recently had the opportunity to speak with Laura and learn more about eradicating the human problem, her thoughts on blamelessness, and how we can be more secure.. Read more