Loading…
BSidesSF 2023 has ended
Simple
Expanded
Grid
By Venue
Map
AMC Theatre 15 [clear filter]
Saturday, April 22
 

11:05am PDT

No Adversaries: Getting Users on Your Side for Tough Transformations
Technical problems need technical solutions but often require a more human approach to communication and implementation. We’ll look at relating complex technical information to varied audiences, including reluctant ones, and how to reach them using motivations that make sense to them.
Speakers
avatar for Breanne Boland

Breanne Boland

Product security engineer - security partner, Gusto
Breanne Boland is a product security engineer with the Security Partnerships team at Gusto. Before moving into security, she was a site reliability engineer and an infrastructure engineer, working in healthcare and govtech. Prior to that, she was a professional writer, and she still... Read More →
AM

Amy Martin

San Francisco Digital Services- City and County of San Francisco
Amy Martin became a project manager at San Francisco Digital Services after almost 2 decades as a public librarian. She specializes in government website migrations and also likes drawing.

Saturday April 22, 2023 11:05am - 11:30am PDT
AMC Theatre 15
  Talk  Presentation

11:35am PDT

Gamify security best practices to scalably improve engineering culture
Engineers don’t always know how to make code secure. Security teams are tired of asking engineers to make security fixes. Leaders have low visibility into security posture.

At Chime, we gamified our security best practices which resulted in improved engineering culture and security observability.
Speakers
avatar for David Trejo

David Trejo

Chime, Inc
Security Engineering @ Chime. Chime is the top challenger fintech taking on the big banks with greatly improved customer experience for the average American (free overdraft up to $200, get paid 2 days early, credit building). Ask me how to cook a mind-blowing steak :) 🥩Security... Read More →

Saturday April 22, 2023 11:35am - 12:00pm PDT
AMC Theatre 15
  Talk  Presentation

1:30pm PDT

What Does it Mean to Build a Proactive Security Culture in an Organization
If your company doesn't like your security team then nothing else you do matters, you will never be successful. In this talk we'll share what strategies have worked exceptionally well for instilling a security culture within our company, and what strategies have been colossal failures.
Speakers
avatar for Mukund Sarma

Mukund Sarma

Chime
A Security generalist with hands-on experience in Application Security, Security Architecture, and Platform Security. I enjoy building security programs and I've had some experience doing so. I'm currently the Senior Director of Product Security at Chime. In this capacity, I oversee... Read More →
AT

Arkadiy Tetelman

Chime
Hi there, I'm Arkadiy and I'm a security enthusiast with a passion for all things technical. My areas of expertise include application security, cloud security, reverse engineering, and detection & response. I've had the opportunity to share my knowledge and speak at conferences across... Read More →

Saturday April 22, 2023 1:30pm - 1:55pm PDT
AMC Theatre 15
  Talk  Presentation

2:00pm PDT

Tracking Meaningful Security Product Metrics
Many security teams struggle to quantify and demonstrate the value that they bring to their company. The right metrics are an effective way to communicate cross-functionally and can help your security organization demonstrate that you are both mitigating risk, and driving revenue growth.
Speakers
avatar for Leif Dreizler

Leif Dreizler

Senior Engineering Manager, Semgrep
Leif Dreizler is an information security professional with over a decade of experience. He is currently leading two product engineering teams at Semgrep. Previously, Leif was a Senior Engineering Manager at Twilio Segment where his team was focused on building customer-facing security... Read More →

Tracking meaningful product security metrics pdf
Saturday April 22, 2023 2:00pm - 2:25pm PDT
AMC Theatre 15
  Talk  Presentation

2:30pm PDT

New Apps, Good Snacks: Effective Threat Modeling for New Territory
You’ve fostered good security culture in your eng org: great! But what happens when a team proposes a new and very different feature for new devices? We’ll walk through team education, explaining security to diverse audiences, and threat modeling something new in a way everyone can understand.
Speakers
avatar for Breanne Boland

Breanne Boland

Product security engineer - security partner, Gusto
Breanne Boland is a product security engineer with the Security Partnerships team at Gusto. Before moving into security, she was a site reliability engineer and an infrastructure engineer, working in healthcare and govtech. Prior to that, she was a professional writer, and she still... Read More →

Saturday April 22, 2023 2:30pm - 2:55pm PDT
AMC Theatre 15
  Talk  Presentation

3:00pm PDT

Life of a Bug (an insight on the GitHub bounty program)
GitHub's Bug Bounty and PSIRT teams partner to investigate security findings submitted by external researchers through our HackerOne bounty program. From triage to notification, this talk will include the roles of both teams and full incident response process with the walkthrough of a mock bug.
Speakers
avatar for Jeffrey Guerra

Jeffrey Guerra

GitHub
Jeff Guerra is a Sr. Product Security Engineer at GitHub who enjoys bounties, application security, and much more. He is an avid advocate for vulnerability disclosure programs and the effectiveness and community engagement that comes with it. He's a curious and passionate security... Read More →
CB

Caitlin Buckshaw

GitHub
Caitlin Buckshaw is a Product Security Engineer at GitHub. With over a decade of experience in the IT/Security domain, she has channeled her skills into product security and incident response in recent years. Her mission is to employ a data-driven approach, along with an emphasis... Read More →

Saturday April 22, 2023 3:00pm - 3:25pm PDT
AMC Theatre 15
  Talk  Presentation

3:30pm PDT

Overwatch: A serverless approach to orchestrating your security automation
We've gleaned many benefits from shifting security left, but some problems it has brought upon security teams include managing a plethora of CI files, or actively maintaining infra across a lean team. To simplify this we built Overwatch, our serverless security orchestration approach written in Go.
Speakers
SJ

Sanchay Jaipuriyar

Chime
Sanchay Jaipuriyar is a Senior Security Engineer at Chime, where he spends most of his time working on security engineering problems to creatively eliminate classes of security issues at scale. You'll regularly find him writing code, tinkering with new technologies, researching... Read More →

Saturday April 22, 2023 3:30pm - 3:55pm PDT
AMC Theatre 15
  Talk  Presentation

4:00pm PDT

When is a vulnerability not a vulnerability? Overcoming the inundation of noisy supply chain security alerts
This talk presents a counterintuitive approach to strengthening security: one that ignores over 90% of security vulnerability alerts. Using specific examples, it illustrates how orgs can ignore alerts with high confidence, and how this enables a marked shift in security workflows and behavior.
Speakers
avatar for Adam Berman

Adam Berman

Head of Semgrep Supply Chain, Semgrep
Adam Berman is Head of Semgrep Supply Chain. In this role, he focuses on developing new products to help security teams work hand-in-hand with developers and scale their security programs. Previous to Semgrep, Adam led the engineering team for Meraki Insight at Cisco Meraki. Adam... Read More →

Saturday April 22, 2023 4:00pm - 4:25pm PDT
AMC Theatre 15
  Talk  Presentation

4:30pm PDT

Container vuln management with (hopefully) minimal burnout
In a microservice architecture, it's difficult to tell if a service's vulnerability was inherited from a base image (most cases) or introduced by the service itself. This talk shows how we used a graph approach to know precisely how to fix our vulns across 1000+ services at Lyft.
Speakers
avatar for Alex Chantavy

Alex Chantavy

Software Engineer, Lyft
Alex Chantavy is a proudly homesick Hawaii boy who works as a Software Engineer at Lyft and maintains an open source graph tool called cartography. In previous roles, he's worked as a red teamer at Microsoft and as a [REDACTED] for the Department of Defense.

Saturday April 22, 2023 4:30pm - 4:55pm PDT
AMC Theatre 15
  Talk  Presentation

5:00pm PDT

Scalable security: how to win friends and not burn out everyone
Brandon and Eric have been involved in numerous security efforts over the last 5 years at Google. Some successfully, others… less so. Hear lessons learned scaling processes for lots of users, pissing off as few coworkers as possible, and (when we’re lucky) doing a little bit of security.
Speakers
avatar for Eric Chiang

Eric Chiang

Google
Eric is a Senior Software Engineer in Google’s Security org, where he leads management of Google’s internal network ACLs. He’s previously worked on a range of topics, including Linux fleet security, device hardware attestation, and Kubernetes auth. Eric is a Bay Area native... Read More →
BW

Saturday April 22, 2023 5:00pm - 5:25pm PDT
AMC Theatre 15
  Talk  Presentation
 
Sunday, April 23
 

11:05am PDT

HALT AND CATCH FIRE: Social Engineering CTFs for fun to a job as a Professional Red Team Social Engineer
HCF. Reboot. - Coming from Social Engineering Competitions, to Social Engineering in the context of a consulting engagement, a lot of tactics and strategies had to be torn down and rebuild. While the contests were fun and seemingly glamorous, the reality of SE for money was much different.
Speakers
avatar for Alethe Denis

Alethe Denis

Senior Security Consultant, Bishop Fox
https://alethedenis.com

Sunday April 23, 2023 11:05am - 11:30am PDT
AMC Theatre 15
  Talk  Presentation

11:35am PDT

Windows 11 At Your Service
Win 11 ships with a nifty feature which lets users automate mundane processes. Users can build custom processes and hand them to Microsoft, which in turn ensures they are distributed to all user machines, executed successfully and reports back to the cloud. You can probably see where this is going...
Speakers
avatar for Michael Bargury

Michael Bargury

CTO, Zenity
Michael Bargury is a security researcher passionate about all things related to cloud, SaaS and low-code security, and spends his time finding ways they could go wrong. He is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code / no-code apps. In the past... Read More →

Sunday April 23, 2023 11:35am - 12:00pm PDT
AMC Theatre 15
  Talk  Presentation

1:30pm PDT

(Canceled) Malware Hunting - Discovering techniques in PDF malicious
This talk has been canceled by the presenter. We apologize for the inconvenience.
Sunday April 23, 2023 1:30pm - 2:20pm PDT
AMC Theatre 15
  Deep Dive  Presentation

2:30pm PDT

Space and Cyberspace at the White House
The White House’s Office of the National Cyber Director (ONCD), is leading the charge on a range of cybersecurity issues for the nation, including space systems cybersecurity. ONCD will discuss its approach toward space and cybersecurity in line with the Biden-Harris Administration’s new National Cybersecurity Strategy.
Speakers
TS

Tanya Simms

White House’s Office of the National Cyber Director (ONCD)
Tanya Simms is the Director for Cyber Policy and Programs at the White House’s Office of the National Cyber Director (ONCD), focusing on critical infrastructure and critical systems cybersecurity. She joins ONCD from the National Security Agency (NSA), where she has spent more than... Read More →
LW

Lauryn Williams

White House’s Office of the National Cyber Director (ONCD)
Lauryn Williams is a senior advisor for strategy in the White House Office of the National Cyber Director (ONCD) and focuses on space systems cybersecurity. She joined ONCD from the Department of Defense, where she served in the Office of the Assistant Secretary of Defense for Space... Read More →

Sunday April 23, 2023 2:30pm - 3:20pm PDT
AMC Theatre 15
  Deep Dive  Presentation

3:30pm PDT

Placeholder for Dayzzz
Support systems and live chat services use placeholders to make it easier for agents to reply to ticket. In this talk, identify how Rojan was able to identify vulnerabilities in numerous companies by abusing placeholders as a regular user to extract sensitive data of other users and more.
Speakers
RR

Rojan Rijal

Ophion Security
Rojan Rijal is founder of Ophion Security, a pentest and research focused firm. I like digging through source codes for vulnerabilities and writing automation tools to help me in security assessments and vulnerability management. In my free time, I enjoy watching and playing soccer... Read More →

Sunday April 23, 2023 3:30pm - 4:20pm PDT
AMC Theatre 15
  Deep Dive  Presentation

4:30pm PDT

MTV Reboot — my Super Sweet 16-bit malware ~*MS-DOS Edition*~ [TSR Remix]
This talk is a deep-dive analysis of MS-DOS malware with a reverse-engineering focus.
It covers the various infection/stealth/persistence techniques of notable samples, highlighting both the technical complexity and the flare for dazzling graphical displays in 16-bit DOS malware.
Speakers
NK

Nika Korchok Wakulich

Leviathan Security Group
Nika (ic3qu33n) is a Security Consultant at Leviathan Security Group where she works on a range of penetration testing engagements, with a focus on hardware and embedded security. Outside of work, she combines her artistic practice (woodcut prints, painting, drawing, etc.) with her... Read More →

Sunday April 23, 2023 4:30pm - 5:20pm PDT
AMC Theatre 15
  Deep Dive  Presentation
 
Filter sessions
Apply filters to sessions.
Saturday, April 22
Sunday, April 23
AMC Theatre 10
AMC Theatre 12
AMC Theatre 13
AMC Theatre 14
AMC Theatre 15
Après Village (Embarcadero)
City View Terrace
Coat Check
Lobby
Mezzanine (AMC)
Participation Hall
Twin Peaks
  • Closing Ceremony
  • CTF
  • Deep Dive
  • Food & Drink
  • General
  • Keynote
  • Lightning
  • Panel
  • Presentation
  • Simulcast
  • Talk
  • Village
  • Workshop
  • Popular