BSides Cape Town 2023 Playlist
BSides Cape Town 2023 Schedule from the website
Just like the other chapters of BSides around the world, BSides Cape Town is an annual Information / Security conference that is different. We are a volunteer organised event, put on by and for the community.
Modern Security Podcast: Jamie Finnigan on How HashiCorp Secures Their Products
In this episode of the Modern Security Podcast we were joined by Jamie Finnigan, Director of Product Security @HashiCorp, and discussed how the security team prioritizes their time, rolling out developer-friendly security tooling, and much more.
2:08 - Intro to Jamie Finnigan
7:41 - The Product Security Org at HashiCorp
11:27 - How do you determine what to focus on?
16:40 - What does success look like for security at HashiCorp
20:50 - The difference between outputs and outcomes
25:52 - The Creation of Bandit
30:37 - HashiCorp Product Security Model
34:14 - Developer-Friendly Security Tooling
39:56 - Tool selection
46:09 - Eliminating SSRF via Secure Defaults
53:22 - Overview of the Secure Defaults Approach
59:16 - Empathy in Security
AI and Everything Else - Benedict Evans | Slush 2023
For two decades, Benedict Evans has been cutting through the noise to figure out what’s really unfolding in the tech industry. The highlight of his work has long been an annual presentation, digging into the most pertinent ongoing macroscopic trends. This year, Benedict will be launching his annual presentation at Slush.
Slush is the most founder-focused event on earth delivering actionable company-building advice and bringing together the who’s who in the ecosystem.
The Art of Code by Dylan Beattie (2022)
Software and technology has changed every aspect of the world we live in. At one extreme are the ‘mission critical’ applications - the code that runs our banks, our hospitals, our airports and phone networks. Then there’s the code we all use every day to browse the web, watch movies, create spreadsheets… not quite so critical, but still code that solves problems and delivers services.
But what about the code that only exists because somebody wanted to write it? Code created just to make people smile, laugh, maybe even dance? Maybe even code that does nothing at all, created just to see if it was possible? Join Dylan Beattie - programmer, musician, and creator of the Rockstar programming language - for an entertaining look at the art of code. We’ll look at the origins of programming as an art form, from Conway's Game of Life to the fractal geometry and deep dream algorithms. We’ll talk about esoteric languages and quines - how DO you create a program that prints its own source code? We’ll look at quine relays and obfuscated coding competitions, and we’ll explore the phenomenon of live coding as performance - from the pioneers of electronic music to modern algorock and live coding platforms like Sonic Pi.
Join us at Devoxx UK 2022 for even more great quality content. https://www.devoxx.co.uk
Shaping our children's education in computing" by Simon Peyton Jones
Few things matter more to us than the education we give our children, to equip them for life in a rapidly changing world.
In our subject discipline, everything is in flux. England, for example, has radically overhauled the school computing curriculum, and is now facing the challenge of helping our teachers to teach an entirely new school subject. Most other countries are in the midst of a similar revolution.
But our childrens' education is much too important to leave to governments and policymakers. There is much to play for, and we need to roll up our sleeves and get involved. How can we do that? In my talk I'll share a bit about our journey in the UK, and talk about what we can do, including some concrete examples: Project Quantum, and Excel.
Speaker: Simon Peyton Jones
"The most dangerous thought you can have as a creative person is to think you know what you're doing." Presented at Dropbox's DBX conference on July 9, 2013.
Bret Victor The Future of Programming
For his recent DBX Conference talk, Victor took attendees back to the year 1973, donning the uniform of an IBM systems engineer of the times, delivering his presentation on an overhead projector. The '60s and early '70s were a fertile time for CS ideas, reminds Victor, but even more importantly, it was a time of unfettered thinking, unconstrained by programming dogma, authority, and tradition. 'The most dangerous thought that you can have as a creative person is to think that you know what you're doing,' explains Victor. 'Because once you think you know what you're doing you stop looking around for other ways of doing things and you stop being able to see other ways of doing things. You become blind.' He concludes, 'I think you have to say: "We don't know what programming is. We don't know what computing is. We don't even know what a computer is." And once you truly understand that, and once you truly believe that, then you're free, and you can think anything.'"
HT What's the best conference talk you've ever seen?
DEF CON 23 - Chris Domas - Repsych: Psychological Warfare in Reverse Engineering
25 Dec 2015 Your precious 0-day? That meticulously crafted exploit? The perfect foothold? At some point, they'll be captured, dissected, and put on display. Reverse engineers. When they begin snooping through your hard work, it pays to have planned out your defense ahead of time. You can take the traditional defensive route - encryption, obfuscation, anti-debugging - or you can go on the offense, and attack the heart and soul of anyone who dare look at your perfect code. With some carefully crafted assembly, we'll show how to break down a reverse engineer by sending them misleading, intimidating, and demoralizing messages through the control flow graphs of their favorite RE tools - turning their beloved IDA (Hopper, BinNavi, Radare, etc) into unwitting weapons for devastating psychological warfare in reverse engineering.
Speaker bio: Chris is an embedded systems engineer and cyber security researcher, focused on innovative approaches to low level hardware and software RE and exploitation.
All Quiet On The Western Front: Your First 100 Days As A CISO
Jim Djoka
The aim of the session is to present the role of the CISO and (hopefully in an entertaining way) share the known and less known aspects of its mission, it's role towards the business and other stakeholders, required skills and advised training and education, how to handle the first 100 days but also aspects to check out before saying yes to the mission. For dramatical purpose, light analogies to warfare may be included for better audience experience.
