When: April 24-26, 2019

What is it about:  This training has been created with the objective of understanding both offensive and defensive security for container orchestrated and serverless deployments. It will be a 3 day program that will detail through specific theory elements with extensive hands-on exercises that are similar to real-world threat scenarios.

Where: Brucon 2019. Register here

When: Aug 3-4, 2019

What is it about: This training is a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline. The training is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.

Where: Black Hat USA 2019. Register here

When did this happen: January 22-23, 2019

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

Where did it happen: AppSec Cali 2019, USA

When did it happen: October 15 & 16, 2018

What was it: Two full days of intensive, hands-on learning that enabled attendees incorporate robust and resilient application security practices within a continuous delivery pipeline. 

Where did it happen: OWASP AppSecDay 2018, Melbourne Australia.

When was it: October 17, 2018

What was it about: Informative talk that aimed to provide a holistic perspective on finding and fixing some uncommon flaws in Python Web Applications.

Where: DJANGOCON 2018, San Diego.

When: October 22, 2018

What: Talk centred on the importance of Threat Modeling and how best to integrate it to the Software Development Life Cycle(SDLC).

Where: SANS Secure DevOps Summit & Training 2018, Denver. 

When did this happen: October 23 & 24, 2018

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

Where did it happen: LASCON 2018, Austin.

When: October 19, 2018

From the Speaker : Talk Overview

Threat Models, although critical for Product Security Engineering, is often relegated to the status of a Best Practice document that is good to have. I believe that Threat Models are playbooks of Product Security Engineering. The best way to do threat modeling is to integrate it into the Software Development Lifecycle (SDL). They should produce actionable outputs that can be acted up on by various teams within an organization.

To address this divide, I have developed ‘ThreatPlaybook’, an open source ‘Threat Modeling as Code’ framework that allows product teams to capture User Stories, Abuse Stories, Threat Models and Security Test Cases in YAML Files (like Ansible) and with the help of Test Automation Frameworks (in this case, Robot Framework). ‘ThreatPlaybook’ allows product engineering and penetration testing teams to not only capture Threat Models as code, but also trigger specific security test cases.

Where: AppSec Australia, Melbourne. Learn more here

When Did This Happen: October 17 & 18, 2018

What Was Discussed: Two full days of intensive, hands-on learning to best equip attendees with platform and technology agnostic remediation strategies against application security vulnerabilities.

The course focused on core application security principles aimed at the engineering community such as developers, architects and quality assurance testers. 

Where: AppSecDay Melbourne, Australia.

When did it happen : October 29 & 30, 2018

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

Where was it : Code Blue 2018, Japan.

When was it : October 29 & 30, 2018

What was it about : Two full days of intensive, hands-on learning that enabled attendees incorporate robust and resilient application security practices within a continuous delivery pipeline. 

Where did it happen : Code Blue 2018, Japan.