Start with Security - San Francisco

Panel 1: Starting up Security: Building a Security Culture

Devdatta Akhawe is a security engineer at Dropbox. Before joining Dropbox, he was a graduate student at UC Berkeley working on application security. At Dropbox, Mr. Akhawe is involved in all aspects of the Secure Development Lifecycle and is part of the team that implemented advanced security features like Content Security Policy, pinning, and HTTP Strict Transport Security. He has published at top academic conferences and spoken at top industry conferences such as Blackhat and the Open Web Application Security Project (OWASP) AppSec Cali. He is also an editor of the World Wide Web Consortium’s Subresource Integrity specification.

Jonathan Carter is an application security professional with over 15 years of security expertise within Canada, the U.S., Australia, and England. As a software engineer, Mr. Carter produced software for online gaming systems, payment gateways, SMS messaging gateways, and other solutions requiring a high degree of application security. Mr. Carter’s technical background in artificial intelligence and static code analysis has led him to a diverse number of security roles: enterprise security architect, web application penetration tester, Fortify security researcher, and security governance lead. He is an active member of the OWASP Mobile Security Group and is project owner of a number of other OWASP security projects.

Frank Kim is the Chief Information Security Officer at SANS Institute where he leads the security risk function for the most trusted source of computer security training, certification, and research in the world. He also helps shape, develop, and support the next generation of security leaders through teaching, developing courseware, and leading the management and software security curricula. Prior to the SANS Institute, Mr. Kim was Executive Director of Cyber Security at Kaiser Permanente, the nation's largest not-for-profit health plan and integrated health care provider. In recognition of his work, Mr. Kim is a two-time recipient of the CIO Achievement Award for business enabling thought leadership. Mr. Kim holds degrees from the University of California at Berkeley and is a SANS certified instructor as well as the author of popular courseware on strategic planning, leadership, and application security.

Window Snyder is Chief Security Officer at Fastly. She previously spent five years at Apple working on security and privacy strategy and features for OS X and iOS. A security industry veteran, Ms. Snyder was the Chief Security Something-or-Other at Mozilla, responsible for security engineering, communication, and strategy. As a senior security strategist at Microsoft, she owned security sign-off for Windows and the outreach strategy for security vendors and security researchers. Ms. Snyder was also a founding team member at Matasano and was Director of Security Architecture at @stake, where she developed application security analysis methodologies and led the Application Security Center of Excellence. Ms. Snyder is co-author of Threat Modeling, a manual for security architecture analysis in software.

Panel 2: Scaling Security: Adapting Security Testing for DevOps and Hyper-growth

Michael Coates is the Trust & Information Security Officer at Twitter and a member of the OWASP board of directors. Mr. Coates has worked in the security industry for over a decade and has experience building risk and security programs to protect fast moving tech companies, such as Twitter and Mozilla. He is also the founder of the OWASP AppSensor project, an initiative to provide applications with real time defense capabilities to identify and repel threats. Featured as one of SC Magazine’s 2012 Influential IT security minds, Mr. Coates is a frequent speaker at security conferences, government security events, and enterprise security sessions. Mr. Coates also provides security strategy to emerging startups. He holds an MS in Computer, Information and Network Security from DePaul University and a B.S in Computer Science from the University of Illinois.

Zane Lackey is the founder and Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the U.S. State Department-backed Open Technology Fund. Prior to Signal Sciences, Mr. Lackey was the Director of Security Engineering at Etsy and a Senior Security Consultant at iSEC Partners. He has been featured in notable media outlets such as the BBC, Associated Press, Forbes, Wired, CNET, Network World, and SC Magazine. A frequent speaker at top industry conferences, Mr. Lackey has presented at BlackHat, RSA, USENIX, Velocity, Microsoft BlueHat, SANS, OWASP, QCon, and has given invited lectures at Facebook, Goldman Sachs, New York University, and Reykjavik University.

Jeff Williams is the co-founder and Chief Technology Officer of Contrast Security. Mr. Williams brings more than 20 years of security leadership to his role at Contrast. In 2002, Mr. Williams co-founded and became CEO of Aspect Security, a successful and innovative consulting company focused on application security. Mr. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Mr. Williams has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Investing in Security: Fireside Chat with Accel Partner Arun Mathew

Arun Mathew is from Nashville, TN and joined Accel in 2009.  Mr. Mathew is actively involved in Accel's enterprise software, security, big data and consumer internet practices, having led investments in areas like data collection/protection (Qualtrics, Code42), security (Bettercloud, Tenable Network Security), horizonal/vertical SaaS (Squarespace, Yapstone, Dealer.com) and consumer internet (Groupon). He also helps to lead the firm's Big Data and Tech Council initiatives and spends a significant portion of his time in emerging markets, including India, Brazil and Southeast Asia. He is on the board and active with Accel's international investments in Flipkart, BookMyShow, Ola, Freshdesk, MindLab and Portea. Mr. Mathew graduated from the University of Pennsylvania and holds an MBA from Stanford's Graduate School of Business.

Panel 3: Bugs and Bounties: Vulnerability Disclosure and Response

Raymond Forbes is a security engineer at Mozilla working on browser security. Building fuzzing and other tools, Mr. Forbes spends his time looking for vulnerabilities in the Firefox platform. Mr. Forbes is also part of the team that manages the Mozilla Bug Bounty Program. His previous experience includes work at Microsoft, Hewlett-Packard, and Disney. Mr. Forbes has also been a trainer and speaker for Blackhat, Defcon, and other security conferences.

Paul Moreno is the Security Engineering Lead at Pinterest, a visual bookmarking tool for saving and discovering creative ideas. At Pinterest, Mr. Moreno has spent his tenure establishing the Security Engineering foundation and assembling a core security team. As a recognized technology generalist with extensive experience working for startups and public companies, Mr. Moreno delivers data-driven solutions for modern cloud security threats. Prior to joining Pinterest, Mr. Moreno was an early employee at ngmoco:), a breakthrough mobile gaming company acquired for $300 million in October 2010. He has been invited to participate on multiple customer advisory boards, including Digicert and OpenDNS.

Katie Moussouris is the Chief Policy Officer for HackerOne, a platform provider for coordinated vulnerability response and structured bounty programs. She is a noted authority on vulnerability disclosure and advises lawmakers, customers, and researchers to legitimize and promote security research and help make the internet safer for everyone. Ms. Moussouris’ earlier work at Microsoft encompassed industry-leading initiatives such as Microsoft's bounty programs and Microsoft Vulnerability Research. She is also a subject matter expert for the U.S. National Body of the International Standards Organization (ISO) in vulnerability disclosure (29147), vulnerability handling processes (30111), and secure development (27034). Ms. Moussouris is a visiting scholar with MIT Sloan School, doing research on the vulnerability economy and exploit market, and a New America Foundation Fellow. She is an ex-hacker, ex-Linux developer, and persistent disruptor.

Panel 4: Beyond Bugs: Embracing Security Features

Pierre Far is a product manager at Google for an upcoming ad product for publishers. Previously, he was part of Google Search as a Webmaster Trends Analyst, helping site owners build better websites that are secure, mobile-optimized, and follow best practices for user- and search-friendliness. Prior to joining Google, Mr. Far held several roles in the technology sector, including community and product management, innovation consulting, and online marketing. He has a PhD in bacterial genetics from the University of Cambridge, U.K.

Jon Oberheide is the co-founder and Chief Technology Officer of Duo Security, responsible for leading product vision and the Duo Labs advanced research team. Before starting Duo, Mr. Oberheide was a self-loathing academic, completing his PhD at the University of Michigan in the realm of cloud security. In a prior life, Mr. Oberheide enjoyed offensive security research and generally hacking the planet. Mr. Oberheide was recently named to Forbes "30 under 30" list for his mobile security hijinks.

Yan Zhu is a security engineer at Yahoo, mostly working on end-to-end email encryption and improving TLS usage. She is also a Technology Fellow at EFF and a core developer of Let's Encrypt, HTTPS Everywhere, Privacy Badger Firefox, and SecureDrop. She got a BS from MIT in 2012 and is a proud PhD dropout from Stanford. Ms. Zhu has been a speaker at HOPE, DEFCON 22, jQuerySF, Real World Crypto, SXSW, and various other human gatherings.