October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

O'Reilly Security Blog

Your field guide to getting the most out of Security—news, updates, and important resources.

The economics of security

I recently sat down with Fernando Montenegro, senior systems engineer at vArmour, to discuss how understanding the economics that drive security transactions (i.e., incentives, contract design, appropriate market mechanisms) can help achieve more effective security solutions. Here are some highlights from our talk.

Read More

This is how we do it: Behind the curtain of the O’Reilly Security Conference CFP

Since announcing the O’Reilly Security Conference we’ve had great interest from folks in the security industry, especially defenders who are looking forward to stepping out of the shadows and discussing what works with other like-minded professionals. We’ve also received many queries about our process for handling the call for proposals (CFP). In the spirit of sharing (a theme we’ll be seeing quite a bit of at the event), we want to present some data and feedback from the CFP process, a bit of our own version of “Behind the Music.” Tune in next week when we’ll follow up with a post on hacks for increasing your chances of getting your talk accepted next year. This first post shares our process and some basic stats around total proposals, acceptances, and rejections.

Read More

Meeting the ransomware challenge

I recently sat down with Ransomware co-authors Allan Liska, consulting systems engineer at Recorded Future, and Timothy Gallo, cyber security specialist engineer at Symantec, to discuss the challenges of ransomware and how to improve security against it. Here are some highlights from our talk.

Read More

Improving security team collaboration and productivity

I recently sat down with Laura Mather, Founder and CEO at Unitive, to discuss groupthink and how it hampers a security team’s ability to move quickly and better solve problems. Here are some highlights from our talk.

Read More

A DevOps approach to PCI compliance

I recently sat down with John Bullard and Benji Taylor from Distil Networks to discuss their path to Payment Card Industry (PCI) security standards compliance and the role DevOps played in their journey. Here are some highlights from our talk.

Read More

What High Reliability Organizations can teach us about security

I recently sat down with Lance Hayden, Chief Privacy Officer at ePatientFinder, to discuss how organizations can become more resilient and how this can help their security efforts. Here are some highlights from our talk.

Read More

Understanding Etsy's 411 alerting framework

I recently sat down with Kenneth Lee and Kai Zhong, security engineers at Etsy, to discuss their alerting framework 411, and best practices for monitoring and alerting. Here are some highlights from our talk.

Read More

Introducing the O’Reilly Security Conference

In a matter of just a few years, security has made its way from the IT back office to the global mainstage. As cyberattacks take up more and more of today’s headlines, protecting the information of individuals and organizations is becoming a top business objective. But the media’s focus and attention have leaned heavily on offensive security - the hacks and attacks that plague retail, health care, airlines and other major industries. While this is undeniably an important part of the story that the world deserves to hear about, it’s only half of the story. There’s a whole other half of the puzzle - defensive security - that needs to receive equal attention because it makes up a critical component of the security solution set.

Read More