OWASP Meetup - SF January 2020

Security time, courtesy of our hosts Insight Engines! We will have three exciting talks, lots of people to meet, and great food.

• 5:30 - Doors open
• 6:00-6:15 - Intro/welcome
• 6:15-6:45 - The Changing World of Security as we go to the Cloud (Grant Wernick)
• 6:50-7:20 - Dear Security, You're Wasting the Company's Money (Daniel Davis)
• 7:25-7:55 - How Coinbase Scales Security Automation (Nishil Shah)

Talk 1: The Changing World of Security as we go to the Cloud (Grant Wernick)

Grant Wernick, co-founder & CEO of Insight Engines, will lead a discussion on migrating to the cloud in 2020. This will be an active discussion with audience participation encouraged sharing our biggest security concerns and issues with the cloud.

Bio:
Grant Wernick is the co-founder & CEO of Insight Engines. Insight Engines empowers organizations to do deeply technical investigations of their data in minutes that today take days. Their cyber security focused natural language search products are used daily by some of the largest healthcare, finance, and government organizations to investigate beyond their SIEM to mitigate risk and solve incidents over 10x faster than today. Grant has over a decade of experience founding companies to bring together amazing teams to solve big hard problems, and push the boundaries of the possible.

Talk 2: Dear Security, You're Wasting the Company's Money (Daniel Davis)

Unless you work for a government agency or a non-profit, you probably are employed by a for-profit company. In other words, you exist to make someone money (even better if it's you). Oh, I know what you're thinking, "but I work in security!" Yeah...about that. Your job is still to make the company money. Ever had to fight to the bloody end for support for you security efforts? Ever had to endlessly explain why what you're doing is important? Don't! Instead, show your company how what you're doing makes them money. Spoiler alert: people like money.

Bio:
From researching photonic crystals to military aerospace to military aerial networks and then autonomous vehicles, Daniel is now at Lyft championing risk science to enable efficient security decisions. Despite the eclectic background, Daniel's focus has always been on making timely, defensible, and data-driven decisions. Whether it's for the safety of a joint USAF/NATO program or prioritizing security efforts at a rideshare company, quantifying risk is the common enabler for success.

Talk 3: How Coinbase Scales Security Automation (Nishil Shah)

At Coinbase, we use a combination of human-driven code reviews and automated scans to mitigate developer errors. One of those automated tools that we maintain is Salus, a docker container that decides which FOSS security scanners to run, coordinates their configuration, and compiles the output into a single report. We'll even go over some of the over our successes and failures stories about running Salus in production for two years.

Bio:
Nishil currently works on the Application Security team at Coinbase where he works on securing payments infrastructure along with maintaining Salus, Coinbase's security scanning orchestration tool.