Presentation: Engineering Secure Products at Facebook

Track: Real World Security

Location: Majestic Complex, 6th fl.

Duration: 4:10pm - 5:00pm

Day of week:

Level: Intermediate - Advanced

Persona: Architect, CTO/CIO/Leadership, Developer, Security Professional

More talks on:

Abstract

In this talk we'll discuss how we build secure products at Facebook. Our strategy includes building safe by default frameworks, using code analysis in creative and powerful ways, building meaningful relationships with whitehat researchers, and deeply understanding risks to specialized products and features. We’ll show examples of past bugs, and introduce the challenges we face going forward. Come find out our approach to securing 2+ billion people!

Speaker: Teddy Reed

Security Engineering Manager @Facebook NYC

Teddy is an engineering manager on Facebook’s Product Security team in New York. The Product Security team's mission to try to make Facebook's code free of security and privacy issues. Teddy is personally interested in symbolic and concolic execution techniques to assist fuzzing and bug finding. Prior to joining the Product Security team he managed the team that builds osquery -- in his spare time you may find him making small fixes and integrating LLVM sanitizers and other bug hunting tools.

Find Teddy Reed at

Speaker page

Similar Talks

Inside Job: How to Build Great Teams Within a Legacy Organization?

Qcon

Engineering Director @Meetup

Francisco Trindade

Self-Selection for Resilience and Better Culture

Qcon

Agile/DevOps Trainer & Founder of Agile Play Consulting, LLC

Dana Pylayeva

CockroachDB: Architecture of a Geo-Distributed SQL Database

Qcon

CockroachDB maintainer, Co-founder & CTO @CockroachDB

Peter Mattis

From Developer to Security: How I Broke into Infosec

Qcon

Senior Security Advocate @Microsoft

Rey Bango

Breaking Hierarchy - How Spotify Enables Engineer Decision Making

Qcon

Senior Engineering Manager, Data and Machine Learning Infrastructure @Spotify

Kristian Lindwall

Robot Social Engineering: Social Engineering Using Physical Robots

Qcon

Computer Security and Privacy / Human-Robot Interaction Researcher

Brittany Postnikoff

Context Matters: Improving the Performance and Wellbeing of Teams

Qcon

Director of IT @Etsy

Shawn Carney

Maintaining the Go Crypto Libraries

Qcon

Cryptogopher @Google

Filippo Valsorda

Modern WAF Bypass Scripting Techniques for Autonomous Attacks

Qcon

Blade Runner & Director of Field Engineering (NA / EU) @kasada_io

Johnny Xmas

Tracks

Tracks

Non-Technical Skills for Technical Folks

Trust, Safety, & Security

Data Engineering for the Bold

Machine Learning for Developers

Software Defined Infrastructure: Kubernetes, Service Meshes, & Beyond

21st Century Languages

High-Performance Computing: Lessons from FinTech & AdTech

Modern Java Innovations

Architecting for Success when Failure is Guaranteed

Building High-Performing Teams

Human Systems: Hacking the Org

Modern CS in the Real World

Developing/Optimizing Clients for Developers

Microservices / Serverless (Patterns & Practices)

Architectures You've Always Wondered About