Late April throughout late June of 2018 was quite a hot time for the Cossack Labs team as we were actively developing our products, releasing feature after feature for Acra and Themis and also participated, spoken at, and hosted a number of conferences, meetups, and workshops. Want to see what it takes for an R&D team to actively participate in a conference circuit? Read on.
21/04 BSides Kyiv, Ukraine
The BSides Kyiv security conference kicked off the series of social events for Cossack Labs in this quarter. Dmytro Shapovalov, the man behind all of the Cossack Labs’ infrastructures, explained what it takes to build tools and processes for security products’ development in a talk "Delivering Security Products Without Shooting Yourself in a Foot". Our Product Engineer Anastasiia Vixentael spoke about using encryption to manage real-world data risks in a talk
23/04 DevExperience, Iasi, Romania
A large multi-track conference in small town Iasi where Anastasiia Vixentael was speaking about the typical mistakes software developers should look into before StackOverflow-ing AES parameters.
How to avoid late night commits, but to code in a 'fast and boring' way instead? How to select a fitting crypto-library and what are those libraries you can select from?.. To put it shortly: "Don’t waste time on learning cryptography: better use it properly".
24/04 API The Docs, Paris, France
The Mozilla HQ in Paris hosted the semi-annual API The Docs conference where Karen Sawrey, the Technical Writer at Cossack Labs, gave a talk “The Bad, The Ugly, The Good” on refactoring the existing GitHub documentation for the Cossack Labs products to move it to the beta-version of our own proprietary documentation server. You can find the recap of the conference (with videos and summaries) here.
27/04 GDPR - Get S*** done*, Kyiv, Ukraine
As a security company, we’ve been flooded with GDPR-related questions before this EU regulation came into full power (and we still are). Sure, Ukraine is not a part of the territory regulated by the GDPR, but Ukrainian companies also process the data belonging to the citizens of the EU (and the UK, for that matter).
To answer the questions we’ve been getting from many developers, jointly with our security-minded colleagues at RMRF we organized a small GDPR-related meetup. 4 talks about the various technical aspects of GDPR: an overview of the key articles, technical means for ensuring best compliance (which we recommend to use), live digital forensics, etc.
Eugene Pilyankevich, the СTО of Cossack Labs, and Karen Sawrey spoke from Cossack Labs, outlining various aspects of GDPR demands and possible compliance tactics.
* The name of the meetup partly hidden behind the asterisks is actually “Get Security Done”, don’t get any ideas ;)
12/05 Women Techmakers doIT Meetup #2, Lviv, Ukraine
The Lviv branch of the Google-ran Women Techmakers community invited Karen Sawrey to give a half-talk/half-Q&A session “Documenting the Secret” in the lovely Intellias Lviv office on creating and maintaining documentation for cryptographic software. Should it be surprising that besides the issues of information security, such things as basic self-care and sanity were also brought up? 😅 Well, “crypto is hard”.
12-16/05 UIKonf, Berlin, Germany
UIKonf is large two days conference for iOS developers that took place on May 13th – 16th in Berlin. Anastasiia Vixentael was sharing a list of must-have security things that mobile developers often forget to do, jumping headfirst into implementing cryptography/encryption, leaving easy-to-use vulnerabilities in their apps. You can browse the slides for “X Things You Need to Know before Implementing Cryptography” or watch the whole 40 min video of the talk (in English).
17/05 Kyiv Speakers’ Corner: Technical Writer’s Authoring Tools, Kyiv, Ukraine
A workshop by seasoned technical writers from various industries explaining the basics of the main tools they use for documenting software products. Karen Sawrey gave a talk on maintaining the open source GitHub documentation for the Cossack Labs GitHub repository.
The event took place in one of the Ciklum Kyiv’s offices.
17-18/05 NoName Conf 2018, Kyiv, Ukraine
NoNameCon – a large two-day cybersecurity conference created by the Ukrainian security community – took place mid-May. Eugene Pilyankevich was speaking on the second day about what it takes to make security decisions in a business environment, from both vendor and client perspective, urging security engineers not only to think outside the technical box but also outside the box of engineering thinking when facing real humans on the other side of the wire.
The Cossack Labs team force joined the NoNameCone conference where Anastasiia Vixentael was the technical moderator and MC. The conference was filled with learning new stuff and catching up with other security companies; not to forget a cool after-party.
You find Eugene’s slides here:
22/05 Women Who Code Kyiv Security Meetup, Kyiv, Ukraine
We are proudly supporting the Women Who Code Kyiv’s event initiatives! In May, Anastasiia and Karen, as active members of WWCode, spent their time organizing a data security meetup to speak about the aspects of GDPR for developers. The event was heavily overbooked (with at least ⅔ of the attendees women) and turned into a three-hour extensive discussion of GDPR, secure development practices, and cryptography.
24/05 mDevTalk, Prague, Czech Republic
A small local meetup for the mobile community in Prague. Hiding sensitive data from the screen, using strong TLS settings, avoiding asking users for unnecessary permissions, keeping an eye out for 3rd-party libraries, and other security basics for mobile apps were discussed. Anastasiia also learnt a couple of Czech words and discovered Prague for the first time. :D
31/05 IT Talks, Dnipro, Ukraine
Anastasiia Vixentael was invited to speak at the IT Talks meetup in Dnipro organized and hosted by DataArt Ukraine. The event covered the typical mistakes in the field of security as well as the requirements that applied programmers have towards the cryptographic tools, and which tools to choose (hardware crypto [HSM/TPM], software crypto, web crypto, etc.).
“It was a fun meetup. Mostly backend engineers in the audience, Those are interested in both general concepts and practical issues. So we skimmed across the theory, touched upon the hashing (even had to look some stuff up on Wikipedia), and then someone mentioned GDPR and that that was it, two extra hours were dedicated to the GDPR-related cryptography and app security” — Anastasiia Vixentael.
The slides from the event are here: “Don’t waste time on learning cryptography: better use it properly”.
21-22/06 Swift Aveiro, Portugal
Swift Aveiro is a small workshop-oriented conference for iOS developers in the lovely city Aveiro, Portugal. Anastasiia Vixentael taught the present developers about the concepts of Zero-Knowledge Architecture and how to use it in mobile applications. She prepared an example application for sharing notes and attendees were encrypting and storing their own notes on a Firebase backend. The main goal of this workshop was to show how to share encrypted notes with each other — the attendees built an easy key exchange scheme using asymmetric encryption and became able to read encrypted notes of their friends.
See the slides: “Zero Knowledge Architecture Approach for Mobile Developers”.
25 - 29/06 QConNYC 2018, New-York, USA
Mainly focused on senior developers, tech leads and enterprise architects, QConNYC attracts an incredible and very diverse audience. Talks for three days in a row with 6 tracks each day – this event is huge and highly recognised by IT professionals. Anastasiia Vixentael was speaking on the Security track about solving usability problems that we at Cossack Labs – as cryptographic software developers – run into when writing security software for non-security people.
Warning! Do not read the slides if you’re allergic to cats ;) 🐈😸 “Making Security Usable: Product Engineer Perspective”.
Many thanks to all the conference organisers, hosts, and all the lovely colleagues and friends (old and new) we’ve met along the way!
For the rest of the summer, we plan to stay put and get even more awesome cryptographic software out into the world.