Apoorwa Joshi
Security Engineer at Amazon
Actions
Meet Apoorwa Joshi – Security Engineer, Code Whisperer & Threat Tamer at Amazon. With over 6 years in the trenches of application and cloud security at scale, she currently brings her talents to helping teams think like attackers before the attackers do. Armed with a Master’s degree, a knack for demystifying technical complexity, Apoorwa specializes in "shifting left"
Based in Austin, Texas, Apoorwa is part of a new wave of security professionals. Though this is her first time on the conference stage, she’s no stranger to leading conversations that matter from mentoring junior engineers to influencing cross-team architecture decisions.
When she’s not taming threats or refactoring risk, she enjoys playing ping pong and spending time with her cat.
Ask her about: threat modeling, secure architecture, DevSecOps, or how to sneak security into sprint planning without getting side-eyes.
Links
Chained Exploits: The Silent Takeover
The Chaining of Vulnerabilities session is essential for anyone serious about understanding real-world security threats. Attackers rarely rely on a single flaw - instead, attackers combine multiple low or medium-risk issues to breach systems and exfiltrate data. This session will reveal how these chains are built, and how overlooked weaknesses can lead to full system compromise. With practical case studies, attack flow breakdowns, and defense strategies, you’ll gain critical insight into offensive thinking and how to build more resilient systems. Whether you're a developer, security engineer, or red teamer, this session will sharpen your knowledge about how subtle flaws can be linked into powerful exploit chains.
Secure Yer Ship Before the Storm Hits
In an era where cyber threats lurk like sirens beneath the waves, relying solely on reactive measures is comparable to sailing without a map. The security posture of an organization is no longer just a matter of deploying firewalls and hoping for the best. In today's fast-paced development environments, treating security as an afterthought is no longer sustainable. This session makes the case for shifting left embedding proactive security practices such as threat modeling, secure-by-design architecture, and business-aligned risk calibration early in the lifecycle. We'll explore how to streamline developer workflows through paved paths, reduce friction between security and product teams, and foster a culture of shared ownership. Whether you're navigating complex tech stacks or managing competing launch pressures, this talk will equip you with practical strategies to build secure, resilient systems before the storm ever hits.
Empowering Software Developers to build secure applications
Security is no longer the sole responsibility of specialized team, it’s a shared imperative across the development lifecycle. This session explores how empowering software developers to build secure-by-default applications is key to reducing risk and enhancing organizational resilience. Attendees will learn how to embed security early in the SDLC through shift-left practices, leverage developer-friendly tooling, and establish secure defaults in frameworks and environments. We’ll also discuss how to foster a security-aware engineering culture through training, incentives, and collaboration across teams. This talk offers actionable insights for transforming security into a core development competency. Whether you're a developer, engineering leader, or security professional, this session will equip you with the strategies needed to make security a seamless and sustainable part of your development process.
AppSec Village - DEF CON 33 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top