October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

About the O'Reilly Security Conference

Why attend | Experience Security | Who should attend | Program committee

Security Conference

Every company now has a website live on the Internet, meaning every company is now vulnerable to an attack. And for most companies, the website is the tip of the iceberg when it comes to technology they're depending on. How can you fend off the malware and spear-phishers and DDos attacks without burning out the team or breaking the budget? The O'Reilly Security Conference is the best place for security professionals like you to connect with people who do what you do day in and day out, exchange ideas with experts, and share best practices and lessons learned.

Hear more about what you can expect at the O'Reilly Security Conference

Security Conference Security Conference

Why attend

Better defend your online world
The O'Reilly Security Conference provides you with real-world best practices for securing your organization, helping you create and maintain customer trust and a rock-solid bottom line.

Quality time with experts
Take advantage of this rare opportunity to meet face-to-face with a cadre of industry leaders who are taking security to the next level. Bring your entire team to share ideas and get your toughest questions answered by the experts.

Three intense days devoted to defensive security
Security packs a wealth of big ideas, know-how, and connections into three concentrated days. You'll be able to apply what you've learned immediately and you'll be well prepared for what lies ahead.

Experience Security

Security Conference
  • Inspirational keynote presentations that bring clarity to thorny issues and new perspectives on the state of the art
  • Immersive training courses and tutorials addressing critical topics and technologies
  • Two days of technical sessions covering both practical and emerging issues
  • A Sponsor Pavilion featuring dozens of the latest tools and products
  • Fun evening events, Birds of a Feather sessions, and plenty of networking opportunities
Security Conference

Who should attend

  • Defensive security professionals seeking to improve their skills, make valuable connections, and advance their careers
  • Security, forensic, malware, and risk analysts
  • Security engineers
  • Software developers
  • System and network administrators
  • CISOs, CSOs and Chief Security Data Scientists
  • Security admins
  • Incident responders
  • Governance/policy makers
  • Researchers, both academic and industry-focused

Program Chairs

Allison Miller

Allison Miller works in product management at Google, mitigating risks to Google and end-users. Prior to her current role, Allison held technical and leadership roles in security, risk analytics, and payments/commerce at Electronic Arts, Tagged.com, PayPal/eBay, and Visa International. Miller is a proven innovator in the security industry, and regularly presents research on risk analytics, cybersecurity, and economics. She is known for her expertise in designing and implementing real-time risk prevention and detection systems running at internet-scale.

Courtney Nash

Courtney Nash chairs multiple conferences for O'Reilly Media and is the strategic content director focused on areas of modern web operations, high performance applications, and security. An erstwhile academic neuroscientist, she is still fascinated by the brain and how it informs our interactions with and expectations of technology. She's spent 17 years working in the technology industry in a wide variety of roles, ever since moving to Seattle to work at a burgeoning online bookstore. Outside work, Courtney can be found biking, hiking, skiing, and photographing the Cascade Mountains near her home in Bellingham, Washington.

Committee members

Heather Adkins (Google)Heather Adkins (Google) is a 14-year Google veteran and founding member of the Google Security Team. As Director of Information Security, she has built a global team responsible for maintaining the safety and security of Google’s networks, systems and applications. The Google Security Team, now numbering in the hundreds, is involved in every facet of the business, including launching new products, mergers and acquisitions, building security infrastructure, responding to security threats, and evangelism. She has an extensive background in systems and network administration with an emphasis on practical security, and has worked to build and secure some of the world’s largest infrastructure for web information systems. She now focuses her time primarily on the defense of Google’s computing infrastructure and working with both the Google Incident Response Team and outside entities to tackle some of the industry’s greatest security challenges.

Laura Bell (SafeStack)Laura Bell (SafeStack) has almost a decade of experience in software development, penetration testing and information security, Laura specialises in bringing security practices into high growth, agile and start-up organisations. Known for her no-nonsense, plain English approach, she has made a career from challenging traditional fear based formal governance approaches and making security engaging. An experienced conference speaker and regular panel member, Laura has spoken at a range of events including Kiwicon, Linux Conf AU, Microsoft TechEd, BlackHat and Velocity on the subjects of privacy, covert communications, agile security and security mindset. She is the founder and lead consultant at SafeStack, and the Vice Chair of the New Zealand Internet Task Force (NZITF).

Michael Brunton-Spall (UK GDS)Michael Brunton-Spall (UK GDS) is the lead security architect for Government Technology, Government Digital Service. He helps set and assess security standards and advises on building secure services within government. Previously Michael has worked in the news industry, the gaming industry, the finance industry and the gambling industry.

Josh Corman (Sonatype)Josh Corman (Sonatype) is the CTO for Sonatype. Previously, Corman was a security researcher/strategist at Akamai Technologies, The 451 Group, and IBM Internet Security Systems. He co-founded Rugged DevOps and I_Am_the_Cavalry to encourage new DevOps/security approaches. He's adjunct faculty for Carnegie Mellon’s Heinze College, IANS Research, and Ponemon Institute Fellow.

Chris Eng (Veracode)Chris Eng (Veracode) is vice president of research at Veracode. In this role, he leads the team responsible for integrating security expertise into all aspects of Veracode’s technology. Throughout his career, he has led projects breaking, building, and defending web applications and commercial software for some of the world’s largest companies. Chris is a frequent speaker at premier industry conferences, and he has been interviewed by Bloomberg, Fox Business, CBS, and other media outlets worldwide. He is an unabashed supporter of the Oxford comma and hates it when you use the word “ask” as a noun.

Dan Glass (American Airlines)Dan Glass (American Airlines) is Chief Information Security Officer and Director, Information System Security for American Airlines, a worldwide leader in travel with nearly 7,000 daily flights to 338 airports in 53 countries. Dan is responsible for all aspects of the global Information Security program at American including governance; technology risk management; monitoring and response; and security engineering. Prior to his role as CISO, Glass oversaw the Information Security department at AA before its merger with US Airways and helped integrate the two security teams into a single organization. Glass joined the airline in 2007 as an information security architect and helped design and build many of the security controls that are currently protecting the airlines’ digital assets. Glass is a co-founder and current board of director member of the Aviation Information Security Analysis Center (A-ISAC) – a forum that facilitates security information sharing and analysis between companies within the aviation sector.

Marc Goodman (Self)Marc Goodman (Self) is a New York Times Best-Selling author, global strategist and consultant focused on the profound change technology is having on security, business and international affairs. He is the founder of the Future Crimes Institute and currently serves as the Chair for Policy, Law and Ethics at Silicon Valley’s Singularity University. Over the past twenty years, he has built his expertise in international cyber crime and terrorism working with organizations such as INTERPOL, the UN Counterterrorism Task Force, NATO and the US Government. Marc frequently advises industry leaders, security executives and global policy makers on transnational cyber risk and intelligence and has operated in more than 70 countries around the world. His professional experiences include working as a street police officer, undercover investigator and counter-terrorism strategist, as well as briefing myriad cabinet ministers and heads of government, including the White House. Mr. Goodman’s current areas of research include the security implications of emerging technologies such as artificial intelligence, big data, robotics, crypto-currencies, synthetic biology, virtual reality and the Internet of Things.

Christopher HoffChristopher Hoff has more than 20 years experience in high-profile global roles in network and information security architecture, engineering, operations and management. He currently works at a large financial services company leading the global Cyber Security Technology team. In previous roles, Hoff has served as Security CTO and Global Chief Security Architect of the Advanced Technology Team at Juniper Networks. Prior to Juniper, Hoff was Director of Cloud and Virtualization Solutions at Cisco Systems and has had numerous other roles in large companies and startups alike.

Jay Jacobs (BitSight)Jay Jacobs (BitSight) is a Senior Data Scientist at BitSight Technologies, the Standard in Security Ratings, and prior to that he was the lead data analyst at Verizon and a co-author of the Data Breach Investigations Report. Jay is also the co-author of "Data Driven Security" a book covering data analysis and visualizations for information security, and a co-founder of the Society of Information Risk Analysts. He is a co-host on both the Risk Science podcast and Data Driven Security podcast. Jay can be found on twitter as @jayjacobs. He holds a bachelor's degree in technology and management from Concordia University in Saint Paul, Minnesota, and a graduate certificate in Applied Statistics from Penn State.

Dan Kaminsky (White Ops)Dan Kaminsky (White Ops) is an internationally respected technologist who has spent almost two decades protecting the Internet. He is is one of the seven "key shareholders" able to restore the Internet's Domain Name System if necessary. Dan is known for his work in finding a core flaw in the Internet, and then leading the charge to repair it. An invited expert to the W3C, the guiding organization for the Web, he is co-founder and Chief Scientist of White Ops, a cybersecurity firm.

Zane Lackey (Signal Sciences)Zane Lackey (Signal Sciences) is the Founder/CSO at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. Prior to Signal Sciences, Zane was the Director of Security Engineering at Etsy and a Senior Security Consultant at iSEC Partners. He has been featured in notable media outlets such as the BBC, Associated Press, Forbes, Wired, CNET, Network World, and SC Magazine. A frequent speaker at top industry conferences, he has presented at BlackHat, RSA, USENIX, Velocity, Microsoft BlueHat, SANS, OWASP, QCon, and has given invited lectures at Facebook, Goldman Sachs, IBM, and the Federal Trade Commission. He is a contributing author of Mobile Application Security (McGraw-Hill), a co-author of Hacking Exposed: Web 2.0 (McGraw-Hill), and a contributing author/technical editor of Hacking VoIP (No Starch Press). He holds a Bachelor of Arts in Economics with a minor in Computer Science from the University of California, Davis.

Jason Leuenberger (Starbucks)Jason Leuenberger (Starbucks) leads Governance, Risk & Compliance for Starbucks. Previously he held information security and risk management consulting positions at EY and a number of other firms. Building off a technical background in perimeter security and intrusion analysis, he’s built and led Blue Teams focused on implementing or improving defense technologies or response plans. Right now he’s focused on people-centric security, GRC Kaizen, and measuring all of the risk things.

Morgan Marquis-Boire (First Look Media)Morgan Marquis-Boire (First Look Media) is a Senior Researcher at the Citizen Lab, University of Toronto. He is the Director of Security for First Look Media and a contributing writer for The Intercept. Prior to this, he worked on the security team at Google. He is a Special Advisor to the Electronic Frontier Foundation in San Francisco and an Advisor to the United Nations Inter-regional Crime and Justice Research Institute. In addition to this, he serves as a member of the Freedom of the Press Foundation advisory board and as an advisor to Amnesty International. In 2012, SC Magazine named him one of the influential minds of IT Security. In 2014 he was named one of Italian WIRED’s 50 people of 2014. In March of 2015, he was appointed a Young Global Leader by the World Economic Forum. A frequent speaker at universities and conferences around the world (Harvard, MIT, Stanford, Milan, Toronto, et al), his work has been featured in numerous print and online publications including on the front pages of The New York Times and The Washington Post.

Ramses Martinez (Apple)Ramses Martinez (Apple) is a senior leader with the Apple information security team. Prior to Apple he was the Sr. Director of intelligence, Investigations and Response at Yahoo, he also led the Information Security team at Version for over four years. Ramses has over twenty years of experience in information security. During this time he has worked with a number of companies creating security programs and solutions to protect their network infrastructure. This work included designing and implementing large-scale systems to deal with Denial of Service attacks, malware, and network intrusions. Ramses has been steering committee member of the Anti-phishing working group (APWG). He has also been a cyber security advisor for a number of international organizations such as the Council of Europe, the United Nations, and the East West Institute.

Katie Moussouris (HackerOne)Katie Moussouris (HackerOne) is a noted authority on vulnerability disclosure and advises companies, lawmakers, and governments on the benefits of hacking and security research to help make the internet safer for everyone. Katie is a hacker - first hacking computers, now hacking policy and regulations. Her earlier Microsoft work encompassed industry-leading initiatives such as Microsoft's bug bounty programs & Microsoft Vulnerability Research. She is also a subject matter expert for the US National Body of the International Standards Organization (ISO) in vuln disclosure (29147), vuln handling processes (30111), and secure development (27034). Katie is a visiting scholar with MIT Sloan School, doing research on the vulnerability economy and exploit market. She is a New America Foundation Fellow and Harvard Belfer Affiliate.

Wendy Nather (Retail Cyber Intelligence Sharing Center)Wendy Nather (Retail Cyber Intelligence Sharing Center) is Research Director at the Retail Cyber Intelligence Sharing Center (R-CISC), where she is responsible for advancing the state of resources and knowledge to help organizations defend their infrastructure from attackers. She was previously Research Director of the Information Security Practice at independent analyst firm 451 Research, covering the security industry in areas such as application security, threat intelligence, security services, and other emerging technologies.

Wendy has served as a CISO in both the private and public sectors. She led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), as well as for the Texas Education Agency. She speaks regularly in locations around the world on topics ranging from threat intelligence to identity and access management, risk analysis, incident response, data security, and societal and privacy issues. Wendy is co-author of The Cloud Security Rules, and was listed as one of SC Magazine's Women in IT Security "Power Players" in 2014. She is an advisory board member for the RSA Conference, and serves on the board of directors for Securing Change, an organization that helps provide free security services to nonprofit groups. She is based in Austin, Texas, and you can follow her on Twitter as @RCISCwendy.

Meredith Patterson (Nuance Communications)Meredith Patterson (Nuance Communications) is a mild-mannered software engineer at Nuance Communications by day, and the leader of the Langsec Conspiracy by night. She wrote and maintains the Hammer parser generator library, and is currently working on Tongs, a “standard library” of reference implementations of protocol, file format, and message format parsers. When not traveling to far too many infosec conferences, she enjoys bicycling, cooking, and target shooting.

Guy Podjarny (Synk.io)Guy Podjarny (Synk.io) is a cofounder at Snyk.io focusing on the security risk in your dependencies. Guy was previously CTO at Akamai and founder of Blaze.io. Guy is a frequent conference speaker, the author of Responsive & Fast (O'Reilly Media), and the creator of Mobitest. He also writes on Guypo.com and Medium.

Eleanor Saitta (Dymaxion)Eleanor Saitta (Dymaxion) is a security consultant specializing in architectural security for large-scale systems, integrating security into the development lifecycle, and cross-domain security for news organizations and NGOs targeted by nation states. Eleanor is a co-founder and developer for Trike, an open source threat modeling methodology and tool, contributes to the Briar and Mailpile secure messaging projects, and is a frequent speaker.

Window Snyder (Fastly)Window Snyder (Fastly) is Chief Security Officer at Fastly. She previously spent five years at Apple working on security and privacy strategy and features for OS X and iOS. A security industry veteran, Ms. Snyder was the Chief Security Something-or-Other at Mozilla, responsible for security engineering, communication, and strategy. As a senior security strategist at Microsoft, she owned security sign-off for Windows and the outreach strategy for security vendors and security researchers. Ms. Snyder was also a founding team member at Matasano and Director of Security Architecture at @stake, where she developed application security analysis methodologies and led the Application Security Center of Excellence. Ms. Snyder is co-author of Threat Modeling..

Adi Sharabani (Skycure)Adi Sharabani (Skycure) is the CEO and co-founder of Skycure. A world-renowned security expert with years of experience in enterprise software, Adi was formerly the leader of security for IBM software products. He came to IBM through the acquisition of Watchfire, a market leader in the field of application security, where Adi built and led its security and research group. Adi holds more than 25 patents in the security space, and his works, presentations and keynotes are regularly given the highest accolades at prestigious conferences. Adi earned a BSc in Mathematics and Physics from Tel Aviv University, and is a fellow in Professor Yuval’s workshop for science, technology and security. Committed to cyber security education, Adi has been a teacher and education advisor, playing a key role in the vision and implementation of the cyber defense curriculum for high school students in Israel majoring in cyber security. After compiling decades of leadership in cyber security, Adi co-founded Skycure with the central idea of improving mobile security with a more proactive and predictive Mobile Threat Defense solution. In an interview for the RSA Conference blog, Adi notes, “Organizations [need] the ability to evolve to address the changing nature of [mobile security] attacks… for the most part, devices are simply running naked.” Adi embraces cyber security research and development, realizing that only through targeted research and continuous innovation can mobile security evolve into intelligent and highly active security for organizations.

Richard Smith (Etsy)Richard Smith (Etsy) is Director of Security Engineering at Etsy, leads a fearless band of cyber-guardians in defending Etsy's members, sellers, and knitted goods from the evils of the Interwebs. Cross-site-stitching and sequin-injection are all taken in stride daily. Prior to his role at Etsy, Rich co-founded Syndis, Iceland’s premier technical security consultancy, where he continues to be an advisor and board member. Rich previously led Kyrus Technology's Commerical Attack Services, held the role of Vice President of Cyber Threat at Morgan Stanley, was a senior researcher at Immunity Inc, and led the Research In Offensive Technologies and Threats group at Hewlett-Packard Research Labs.

Jack Whitsitt (EnergySec)Jack Whitsitt (EnergySec) is a senior strategist at EnergySec. As a 14 year veteran of both the "Information" and "Cyber" security worlds, he has written open source honeypot tools, operationalized security data visualization theories, had national control system incident response responsibilities, led large scale public/private risk management initiatives on behalf of the government, occasionally consults on matters of international policy, and teaches his own class at EnergySec on using frameworks to bridge the business/technology risk divide.

Stay Connected

Follow Security on Twitter Facebook Group Google+ LinkedIn Group

Watch the keynote presentations from 2016

O'Reilly Security Conference Keynote

O’Reilly Media

Tech insight, analysis, and research