security for senior managers
Data is a new security boundary
As a keynote speaker of this flagship event by OWASP, Anastasiia explains how developers and companies use cutting-edge cryptography and data security approaches when no perimeters and trusted zones exist anymore. In this talk, she starts with data security 101 and gets you through peculiarities of application level encryption (ALE), end-to-end encryption (E2EE), searchable encryption, zero knowledge architectures and zero trust. She demonstrates real-world cases of integrating application level encryption and supporting traditional security controls to protect customers' data. By the end of the talk, you can have a whole picture how “strong cryptography” becomes “real-world security boundary around sensitive data” and what it takes in different contexts.
Protecting data in ICS, SCADA and industrial IoT: goals, problems, solutions
Eugene shared our experience and lessons learnt of building secure data aggregation systems with hardware-based encryption, time-series processing and end-to-end security. Learn about our solutions that are integrated into ICS/SCADA networks of industrial operators, extract sensitive data, encrypt it “on the fly” and process separately.
Designing secure architectures, the modern way
In this talk, Eugene tried to cross the bridge between modern DevOps/SRE practices, systems architecture design and traditional security/risk management. It is driven by lessons learnt from building systems the modern way in high-risk environments with high reliability and security demands, drawing from the experience of protecting governmental secrets, critical infrastructure and preventing banking fraud at scale..
10 ways open source will hurt security and reliability
We all know how open source is useful. In this talk, Eugene describes the obvious and not very obvious risks that open source brings with it and what are the practical consequences. Learn what you need to pay attention to when selecting components for your new spacecraft to protect it from exploding during takeoff.
Cryptography & data security: protecting the data while reducing cost in distributed systems
Using cryptography for data protection is not exclusively reserved for “secure chats” and financial products. Modern cryptographic tools help to comply with the regulations and laws, help to improve control over the infrastructure, to prevent data leakages, and to reduce the risk of incidents. Eugene talked about the way modern cryptographic tools allow technology companies to reduce the security budget and to remain protected at the same time.
Marrying usability and security in large-scale infrastructures
Usability is often thought of as the opposite of security. However, most of the security controls inside operating systems and most of the security tools that run there are designed for being operated by humans. This talk is a summary of Eugene’s experience in building and seeing engineers integrate the security tooling – how security controls and tools are mis-designed and fail once used, how poorly integrated controls decrease the overall security of a system, and how lessons learned in reliability/infrastructure engineering apply to security tooling to fix that.
Getting secure against challenges or getting security challenges done
What it takes to make security decisions in a business environment, from the perspectives of both vendor and client, urging security engineers not only to think outside the technical box but also outside the box of engineering thinking when faced with real humans on the other side of the wire. Presented for security engineers at NoNameCon.
End-to-end data turnover: building Zero-knowledge software
Our CTO’s talk on the evolution of end-to-end software, survival within the “everything will be broken” model with the help of employing proper cryptography and trust management, plus a disclosure of some ideas and concepts behind Hermes.
Everything will be broken
Our CTO’s talk about the classic and emerging threat models, a proper understanding of security risks, perception of technical infrastructures ranging from idealistic to realistic, and adopting stronger techniques in the face of the vanishing perimeter and the (sadly) lowering standards of security tools and overall quality of the produced software.