Ben Dechrai
Disaster Postponement Officer
Kansas City, Missouri, United States
Actions
Ben Dechrai is a technologist with a strong focus on security and privacy, recognised as an MVP for his exceptional contributions to the community. Known for his ability to distil complex technical concepts into engaging, digestible portions, Ben empowers developers through a deep understanding of design principles, security considerations, and coding practices. With over two decades of experience in software engineering, security, and architecture, Ben is a published author and has consulted for companies and investors across numerous industries. He is deeply involved in the tech community, running technology conferences and workshops to share his expertise.
Badges
Area of Expertise
Topics
AI Killed Your Privacy Tools
Privacy-breaking pattern analysis isn't new - but AI has just made it accessible to everyone. Tools that were once complex, specialized, and limited to well-resourced actors are now available to anyone with access to large language models. Your carefully crafted privacy protections, designed to withstand traditional analysis, are about to face a wave of AI-powered pattern recognition that puts sophisticated privacy-breaking capabilities into everyone's hands.
Through live demonstrations, you'll watch as simple AI tools reconstruct user identities from "anonymous" chat data, rebuild social networks from encrypted messages, and expose organizational structures from metadata we thought was safe. What once required deep expertise in statistical analysis can now be done with a few prompts to an LLM.
We'll explore how traditional privacy approaches fail against these democratized threats, and examine modern defenses like differential privacy and federated learning. You'll leave understanding both the scale of this new challenge and practical steps to protect your systems. Whether you're building communication tools, handling sensitive data, or protecting user privacy, this talk will show you why yesterday's privacy tools won't survive in a world where sophisticated pattern analysis is available to all.
Key Takeaways:
- How traditional privacy and anonymization tools fail against basic AI analysis
- Understanding the new ways AI can reconstruct identities and relationships
- Practical architectures and techniques for building AI-resistant privacy systems
Building Rock-Solid Encrypted Applications
Building secure applications requires more than just adding encryption. Through live demos and real-world examples, we'll explore how to properly implement security features like end-to-end encryption, perfect forward secrecy, and secure device migration. You'll see how to protect both data and metadata, at rest and in transit, and learn about the common pitfalls that can compromise seemingly secure systems.
Using a chat application as our example, we'll walk through the evolution from basic encryption to a robust security system. We'll examine how real-world applications handle key management, protect against traffic analysis, and manage secure device enrollment. You'll learn the architectural patterns that make applications truly secure at scale.
Whether you're building a messenger, a document store, or any application that needs to protect user data, you'll leave with practical knowledge of how to implement encryption correctly and make informed security decisions in your own projects.
Ten Key Steps for Enhanced Web App Security
This talk provides developers with a strategic approach to bolstering web application security. This talk focuses on key areas including securing client-side code, ensuring data integrity, and protecting against web vulnerabilities.
Through practical advice and live demonstrations, attendees will learn how to implement effective security practices across their applications, from managing external data sources to safeguarding user interactions.
Join us, and elevate your frontend security game against the backdrop of today's cyber threats.
Is Application Security an Illusion?
The first worm in cyberspace wasn't just quietly roaming the digital frontier – it was a wake-up call to security issues. Its benign intentions famously backfired, bringing the early Internet to its knees for days!
Fast forward to today, and the cyber landscape is a thriller with a plot that thickens daily. From targeting elections to threatening entire democracies, malicious attacks have taken centre stage in our global narrative!
It's tempting to view this as a dystopian tech saga, where the odds are stacked against us – a world where a thousand rights are overshadowed by a single wrong, a solitary vulnerability. Sounds like a nail-biter, doesn't it?
But let's flip the script and look at the reality. I'm here to lead you through a story of resilience and preparedness, a tale where we're not just bystanders but heroes in our own right. Join me in unravelling why this cyber challenge is not just another cliffhanger but a saga we're well-equipped to conquer and discover how YOU are a key character in this epic cybersecurity adventure.
Fine Grained Authorisation with Relationship-Based Access Control
Who can tag me in a post? If I move this file to another folder, who now has access? If my owner breaks up with his friend, will I still get a bone?
Whether you're a human, or a dog, let's face it, authorisation is hard. Role-based access control is a great starting point but hard to scale. Attribute-based access control scales better, but neither are much good at answering more complex conditions, like whether friends-of-friends can read your posts, or knowing if your dental hygiene is going to suffer. For such situations, we generally have to wrap this up into business logic.
This is where relationship-based access control (ReBAC) comes in, offering a nuanced approach to accessing resources without codifying that into the applications.
In this session, we'll look at how to define these relationships, experience live demos, and discover how we can deploy our own fine-grained authorisation service. Expect some tail-wagging insights and a few laughs as we explore access control from a canine's point of view.
Building Rock-Solid Encrypted Applications (Workshop)
Building secure applications requires more than just adding encryption. Key management, metadata protection, and traffic analysis defences are just some of the challenges you'll need to tackle. This workshop takes you from basic encryption to advanced protection mechanisms. You'll learn how to secure data both at rest and in transit, implement perfect forward secrecy, and handle secure device migration.
Through practical implementations and architectural deep-dives, you'll learn the patterns and practices that make applications truly secure. We'll focus on real-world security engineering, emphasising approaches that work at scale.
You'll learn:
- Basic end-to-end encryption setup
- Group encryption fundamentals
- Metadata protection techniques for data at rest
- Traffic analysis protection and metadata in transit
- Perfect forward secrecy and key rotation
- Secure device migration approaches
- Key management best practices
Through a combination of hands-on implementation and architectural theory, you'll end the workshop having built a working encrypted application and gained the knowledge to make informed security decisions in your own projects.
Prerequisites
Familiarity with JavaScript and basic API consumption. Experience building web applications is helpful but not required.
What to bring
You'll need a laptop with a modern web browser. The workshop is designed to run in a cloud environment using Gitpod, removing the need for local setup. However, if you prefer working locally, you can use any environment with Node.js 20 or later, a code editor (VS Code recommended), and Git installed.
Optional:
- Basic understanding of public key cryptography
- Experience with Next.js or similar full-stack frameworks
KCDC 2023 Sessionize Event
NDC Oslo 2023 Sessionize Event
NDC Sydney 2022 Sessionize Event
NDC Melbourne 2022 Sessionize Event
DDD Perth 2021 Sessionize Event
NDC Sydney 2019 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top