Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

About the O'Reilly Security Conference

Why attend | Experience Security | Who should attend | Program chairs & committee

Security Conference

Every company now has a website live on the Internet, meaning every company is now vulnerable to an attack. And for most companies, the website is the tip of the iceberg when it comes to technology they're depending on. How can you fend off the malware and spear-phishers and DDos attacks without burning out the team or breaking the budget? The O'Reilly Security Conference is the best place for security professionals like you to connect with people who do what you do day in and day out, exchange ideas with experts, and share best practices and lessons learned.

Hear more about what you can expect at the O'Reilly Security Conference

Security Conference Security Conference

Why attend

Better defend your online world
The O'Reilly Security Conference provides you with real-world best practices for securing your organization, helping you create and maintain customer trust and a rock-solid bottom line.

Quality time with experts
Take advantage of this rare opportunity to meet face-to-face with a cadre of industry leaders who are taking security to the next level. Bring your entire team to share ideas and get your toughest questions answered by the experts.

Three intense days devoted to defensive security
Security packs a wealth of big ideas, know-how, and connections into three concentrated days. You'll be able to apply what you've learned immediately and you'll be well prepared for what lies ahead.

Experience Security

Security Conference
  • Inspirational keynote presentations that bring clarity to thorny issues and new perspectives on the state of the art
  • Immersive training courses and tutorials addressing critical topics and technologies
  • Two days of technical sessions covering both practical and emerging issues
  • A Sponsor Pavilion featuring dozens of the latest tools and products
  • Fun evening events, Birds of a Feather sessions, and plenty of networking opportunities
Security Conference

Who should attend

  • Defensive security professionals seeking to improve their skills, make valuable connections, and advance their careers
  • Security, forensic, malware, and risk analysts
  • Security engineers
  • Software developers
  • System and network administrators
  • CISOs, CSOs and Chief Security Data Scientists
  • Security admins
  • Incident responders
  • Governance/policy makers
  • Researchers, both academic and industry-focused

Program Chairs

Allison Miller

Allison Miller works in product management at Google, mitigating risks to Google and end-users. Prior to her current role, Allison held technical and leadership roles in security, risk analytics, and payments/commerce at Electronic Arts,, PayPal/eBay, and Visa International. Miller is a proven innovator in the security industry, and regularly presents research on risk analytics, cybersecurity, and economics. She is known for her expertise in designing and implementing real-time risk prevention and detection systems running at internet-scale.

Courtney Nash

Courtney Nash chairs multiple conferences for O'Reilly Media and is the strategic content director focused on areas of modern web operations, high performance applications, and security. An erstwhile academic neuroscientist, she is still fascinated by the brain and how it informs our interactions with and expectations of technology. She's spent 17 years working in the technology industry in a wide variety of roles, ever since moving to Seattle to work at a burgeoning online bookstore. Outside work, Courtney can be found biking, hiking, skiing, and photographing the Cascade Mountains near her home in Bellingham, Washington.

Committee members

Justine Bone (Secured Worldwide)Justine Bone (Secured Worldwide) is an information security and technology expert with background in software security, information security governance, and identity management. She is Executive Director and CTO with Secured Worldwide, a commodity-based financial technology company, where she helps drive the product roadmap and security strategy along with overall technology management and other business development responsibilities. Previously Justine was Chief Information Security Officer at at Dow Jones, a News Corporation company and publisher of the Wall Street Journal, and Global Head of Risk Management at Bloomberg L.P. Her experience also includes several years as CEO of security research firm Immunity Inc, penetration tester and vulnerability researcher with Internet Security Systems (now IBM) X-Force, and as a security analyst with New Zealand’s Government Communications Security Bureau. She also has a background in the performing arts as an ex-dancer with the Royal New Zealand Ballet company.

Michael Brunton-Spall (Government Digital Service)Michael Brunton-Spall (Government Digital Service) is technical architect at the Government Digital Service. He travels the country helping government agencies and services embrace the digital now. Previously Michael worked at the Guardian for six years, helping to build and scale the website, building the API, helping run the platform team, and acting as developer advocate, talking at conferences and events.

Dhillon Kannabhiran (Hack in The Box)Dhillon Kannabhiran (Hack in The Box) is the Founder and Chief Executive Officer of Hack in The Box, organiser of the HITBSecConf series of network security conferences which has been held annually for the past decade in various countries including Malaysia, The Netherlands and the UAE.

HITBSecConf routinely brings together some of the world's leading subject matter experts, law enforcement officials and independent researchers to discuss the next generation of attack and defense methods. Celebrating it's 10th year anniversary in 2012, HITBSecConf is today one of the most highly anticipated, must-attend annual events for network security gurus, researchers and enthusiasts.

Ben Laurie (Google)Ben Laurie (Google) is a software engineer, protocol designer and cryptographer working for Google in London on various projects, currently focused on Certificate transparency. He is a founding director of The Apache Software Foundation, a core team member of OpenSSL, a member of the Shmoo Group, a director of the Open Rights Group, Director of Security at The Bunker Secure Hosting, Trustee and Founder-member of FreeBMD, Visiting Fellow at Cambridge University's Computer Laboratory, a committer at FreeBSD and Advisory Board member of As well as his obvious involvement with free software, he's also obsessed with security and privacy, particularly on the net. In his copious spare time, he writes stuff, sometimes code, sometimes words.

Morgan Marquis-Boire (First Look Media)Morgan Marquis-Boire (First Look Media) is a Senior Researcher at the Citizen Lab, University of Toronto. He is the Director of Security for First Look Media and a contributing writer for The Intercept. Prior to this, he worked on the security team at Google. He is a Special Advisor to the Electronic Frontier Foundation in San Francisco and an Advisor to the United Nations Inter-regional Crime and Justice Research Institute. In addition to this, he serves as a member of the Freedom of the Press Foundation advisory board and as an advisor to Amnesty International. In 2012, SC Magazine named him one of the influential minds of IT Security. In 2014 he was named one of Italian WIRED’s 50 people of 2014. In March of 2015, he was appointed a Young Global Leader by the World Economic Forum. A frequent speaker at universities and conferences around the world (Harvard, MIT, Stanford, Milan, Toronto, et al), his work has been featured in numerous print and online publications including on the front pages of The New York Times and The Washington Post.

Katie Moussouris (HackerOne)Katie Moussouris (HackerOne) is a noted authority on vulnerability disclosure and advises companies, lawmakers, and governments on the benefits of hacking and security research to help make the internet safer for everyone. Katie is a hacker - first hacking computers, now hacking policy and regulations. Katie's earlier Microsoft work encompassed industry-leading initiatives such as Microsoft's bug bounty programs and Microsoft Vulnerability Research. She is also a subject matter expert for the US National Body of the International Standards Organization (ISO) in vuln disclosure (29147), vuln handling processes (30111), and secure development (27034). Katie is a visiting scholar with MIT Sloan School, doing research on the vulnerability economy and exploit market. She is a New America Foundation Fellow and Harvard Belfer Affiliate.

Meredith Patterson (Nuance Communications)Meredith Patterson (Nuance Communications) by day is a software engineer at Nuance Communications, by night the leader of the Langsec Conspiracy, Meredith L. Patterson lives in Brussels, Belgium. She wrote and maintains the Hammer parser generator library, and is currently working on Tongs, a “standard library” of reference implementations of protocol, file format, and message format parsers. When not traveling to far too many infosec conferences, she enjoys bicycling, cooking, and target shooting.

Guy Podjarny (Snyk)Guy Podjarny (Snyk) is a cofounder at focusing on the security risk in your dependencies. Guy was previously CTO at Akamai and founder of Guy is a frequent conference speaker, the author of Responsive & Fast (O'Reilly Media), and the creator of Mobitest. He also writes on and Medium.

Wim Remes (Rapid7)Wim Remes (Rapid7) is the manager of Strategic Security Services for Rapid7 in EMEA. He leverages 15+ years of security leadership experience to advise clients on reducing their risk posture by solving complex security problems and by building resiliency into their organizations. He delivers expert guidance on reducing the high cost of IT security failures, both financially and in terms of brand reputation combining his deep expertise in network security, identity management, policy design, risk assessment, and penetration testing to develop innovative approaches to enterprise security. Before joining Rapid7, Wim was a managing consultant at IOActive and previously has worked as a manager of Information Security for Ernst and Young and as a security consultant for Bull, where he gained valuable experience building security programs for enterprise class clients. Wim has been engaged in various infosec community initiatives such as the co-development of the Penetration Testing Execution Standard (PTES), InfosecMentors, and organizing the BruCON security conference. He has been a featured speaker at international conferences such as Excaliburcon (China), Black Hat Europe, Source Boston, Source Barcelona and SecZone (Colombia). He was also a member of the (ISC)2 Board of Directors (2012 until 2014), and chairperson in 2014.

Eleanor Saitta ( Saitta ( is a security consultant specializing in architectural security for large-scale systems, integrating security into the development lifecycle, and cross-domain security for news organizations and NGOs targeted by nation states. Eleanor is a co-founder and developer for Trike, an open source threat modeling methodology and tool, contributes to the Briar and Mailpile secure messaging projects, and is a frequent speaker.

Stephan Somogyi (Google)Stephan Somogyi (Google) works in security and privacy product management at Google. His remit includes Safe Browsing, Google’s system that protects over a billion users worldwide from malware and phishing; End-To-End, a project to make strong encryption more usable; and a variety of other security and privacy efforts. Stephan is an advisor to Google Ventures, and also chairs the Privacy and Public Policy Working Group of the FIDO Alliance.

Prior to joining Google, Stephan consulted in a variety of global security and product management roles, including stints at VMWare and Infineon. He was previously the director of products at PGP Corporation, and has also worked in brand strategy and information design. In a former life, he was a business, technology, and design journalist, writing for the Economist, the Financial Times, Wired, and I.D. Magazine, among others. He can be found on Twitter @thinkpanzer.

Stay Connected

Follow Security on Twitter Facebook Group Google+ LinkedIn Group

Watch the keynote presentations

O'Reilly Security Conference Keynote

O’Reilly Media

Tech insight, analysis, and research