Presentation: Making Security Usable: Product Engineer Perspective

Track: Real World Security

Location: Majestic Complex, 6th fl.

Duration: 10:35am - 11:25am

Day of week:

Slides: Download Slides

Level: Intermediate

Persona: Developer, Security Professional

More talks on:

This presentation is now available to view on InfoQ.com

Watch video

Abstract

This is a story of going through typical security challenges: how to build products that reliably deliver security guarantees, avoid typical pitfalls, and are usable in a predictable fashion by real users. It's a tale of balancing religious adherence to security practices with keeping customer's needs in mind at all time inside the development team; listening to the customers and observing actual behavior outside in the wild; and trying to make the best decisions to empower customers with easy tools for encrypting data in their apps securely and without pain.   

We'll take a look at the process through the eyes of one of our customers, who made all the things wrong before doing things right, and through the eyes of product engineer, responsible for learning the lessons to make security products even more usable and reliable for non-security-focused engineers. 

Key takeaways: 

Attendees will go through several stages of inception and implementation of database encryption/intrusion detection tools. They will see the "behind the scenes" work inside a cryptographic engineering company, will see how customers are one of the most useful people to learn from, and how getting over "we tell you what to do" mentality makes security tools better.

Speaker: Anastasiia Voitova

Security Focused Product Engineer @CossackLabs & Co-Organizer CocoaHeads Ukraine

Anastasiia is a software engineer with plenty of experience in building mobile apps. She developed many applications, frequently taking care of both mobile and server sides of the product. At some point, she realized how much sensitive data users do put into their apps, and mobile developers mostly don't care about security, believing that "Apple/Google will take care of us". 

Security is her topic of interest since forever, so she joined the forces of Cossack Labs first as open source contributor and mobile consultant, then fully immersing into the world of data security and cryptography.

Anastasiia is maintaining open-source security library Themis, that allows developers to integrate encryption into their apps and infrastructures easily. She is conducting workshops and consulting teams about applied data protection design.

Find Anastasiia Voitova at

Speaker page

@vixentael
https://www.linkedin.com/in/anastasiiavoitova

Similar Talks

From Developer to Security: How I Broke into Infosec

Qcon

Senior Security Advocate @Microsoft

Rey Bango

Robot Social Engineering: Social Engineering Using Physical Robots

Qcon

Computer Security and Privacy / Human-Robot Interaction Researcher

Brittany Postnikoff

Modern WAF Bypass Scripting Techniques for Autonomous Attacks

Qcon

Blade Runner & Director of Field Engineering (NA / EU) @kasada_io

Johnny Xmas

Privacy Tools and Techniques for Developers

Qcon

Privacy Technical Lead at Schellman & Company, LLC

Amber Welch

How Much Does It Cost to Attack You?

Qcon

Software Engineer @ShapeSecurity

Jarrod Overson

Security Delusions (Not a Sales Pitch!)

Qcon

VP of Product Strategy @capsule8

Kelly Shortridge

Tracks

Tracks

Non-Technical Skills for Technical Folks

Trust, Safety, & Security

Data Engineering for the Bold

Machine Learning for Developers

Software Defined Infrastructure: Kubernetes, Service Meshes, & Beyond

21st Century Languages

High-Performance Computing: Lessons from FinTech & AdTech

Modern Java Innovations

Architecting for Success when Failure is Guaranteed

Building High-Performing Teams

Human Systems: Hacking the Org

Modern CS in the Real World

Developing/Optimizing Clients for Developers

Microservices / Serverless (Patterns & Practices)

Architectures You've Always Wondered About