What we're about
Upcoming events (1)
Come along to our next OWASP Wellington Meetup, there will be pizza, people, and presentations!
Arrive from 5:30pm, and we'll start around 5:45pm. Dave is a first time speaker, which is AWESOME! Olly is a super knowledgeable & friendly local infosec pro.
Given the removal of COVID Traffic Lights we're making masks optional, and bringing back pizza and fizz! Please only attend if you are well, and please only RSVP if you're coming so that we order the right amount of food & drink.
❤️This event is kindly hosted by the good people at RedShield.❤️
Talk 1: Breaking Into Infosec
Working in Infosec is a fascinating and rewarding career like no other. However, despite news stating there is a shortage of skills in the industry, competition is high and gaining the skills and experience to succeed is challenging. This talk covers not only technical demonstrations which explore penetration testing of web applications, but questions the idea of red-teaming altogether. Follow along Dave's global journey about breaking into the infosec industry, with insights from taking down Russian criminals with the RIPE NCC, chasing a security internship at Google, and the countless challenges and considerations before finally landing a job as Security Consultant.
Dave Reeves works as a penetration tester at Aura Information Security, based out of Wellington, NZ. He has used computers from an early age, has professional experience in industrial systems and robotics, knowledge in software engineering, cloud, machine learning, digital forensics, and has studied Mandarin Chinese for more than 10 years.
Talk 2: Keeping secrets secret
Having worked with a range of teams and organisations, from serverless startups, to big banks, to scientific organisations - I know there’s no one-size-fits-all approach to secrets management. I also know there are so many code bases out there with API Keys hard coded into them (I know, I’ve found my fair share!).
In this talk I lay out the fundamentals of good secrets management, identity and access management and the building blocks for workload identity. I’ll introduce some open-source tools and resources that will help enable teams to improve their secrets management with minimal time and effort. I’ll answer the question of how do you move from committing keys to source control, to modern secrets management (e.g. HashiCorp Vault) in small, meaningful, approachable steps.
Olly is a Cloud Native Security Engineer at Control Plane. He helps teams improve the security and automation of their Platforms and Pipelines.