Brendan O'Leary
Head of Community @ ProjectDiscovery
Annapolis, Maryland, United States
Brendan O'Leary is Head of Community at ProjectDiscovery, on a mission to democratize security, and an advisor to various startups. Having worked in software his entire career, Brendan has had the privilege of working with many customers. Previously at GitLab and a board member of the CNCF – it is clear, every company is a software company. That means every company needs software and security operational excellence. Outside of work, you'll find Brendan with 1 to 4 kids hanging off of him at any given time or occasionally finding a moment alone to build something in his workshop.
Links
Awards
Area of Expertise
Topics
The imperative to stop being lazy and do better
There are a lot of challenging, unsolved problems in software. Building accessible, inclusive, smart software is a solved one...do better.
My last name is valid. Despite what countless apps and websites have tried to tell me over the previous few decades, it is reasonable to have an apostrophe in a name. I get it; SQL can be hard. Many "solve" this problem through form validation, saying, "Please enter a valid last name." Talk about *invalidating* someone's experience in life.
And that's not even that big of a deal. I've learned to live with it. My father doesn't even try to enter the apostrophe anymore. But this kind of carelessness is all too common in tech. Many other people's identities are marginalized even more severely when developers add forms with "gender" questions that contain no sensitivity to folks with diverse gender identities. Putting "other" doesn't make your form inclusive...it makes it worse. The internet and technology were supposed to be the great equalizer - everyone's ability to contribute, have their voices heard and participate. Yet, we struggle to this day, making our applications fully accessible to those who are differently-abled than us. And a lack of tech diversity can lead to further marginalizing people of color and other minority groups.
We can and must do better. In this talk, we'll examine examples of each of these types of inclusion. And then, we'll show how these issues have already been solved; it just requires the determination and compassion to choose to make our products more accessible and more inclusive.
The Asynchronous Enterprise
The one question I'm asked more than any other when talking about working at GitLab is: wait, you don't have any offices? That is often followed by a confused look or the direct question: How?
Writing down decisions, asynchronous communication, measuring results, not hours. Companies often aspire to these goals...however in an all-remote company, they aren't aspirational - they are requirements. GitLab has grown from 9 people in 2014 to over 900 people in 55 different countries with a valuation of almost $3 billion.
In this talk, we'll discover some of the not-so-secret sauce that GitLab has leveraged to achieve this growth. On this journey, our values have remained the same. We value collaboration, results, efficiency, diversity & inclusion, iteration, and transparency. And we've done all that without having any office, headquarters, or anything that looks like one.
The best defense is a good offensive security program
This session delves into the power of offensive security engineering in today's cyber landscape. We aim to highlight the crucial shift from traditional reactive methods to anticipatory strategies in cybersecurity. By emphasizing attack surface management and identifying vulnerabilities before they can be exploited, we will illustrate the potency of proactivity. Attendees will learn how adopting an attacker's perspective through practices like penetration testing and red teaming can strengthen defense mechanisms. Drawing from real-world examples, our talk aspires to arm participants with the knowledge to improve their own cybersecurity infrastructure.
Shakespeare, Bacon, and the NSA
A code-breaking Quaker poet from Indiana who hunted Nazi spies? All right, that sounds like some sort of comic-book superhero. And what is this superhero's origin story? Oh, they just were plucked from a library in Chicago to the secretive lair of an eccentric billionaire to study a secret code in the writings of Shakespeare that talks of a hidden heir to the English crown? Now it *must* be the latest in a series of multiverse-based superhero movies, right?
As always, truth is stranger than fiction, and this is the actual life of Elizebeth Smith Friedman, who had a hand in not only breaking codes during both World Wars but, along with her husband, is credited as a founder of modern cryptology. Elizebeth's extraordinary life can serve as a lesson to all of us about what it takes to change the world. Even a poet can end up founding a science that today backs the entirety of technology and inspire some of the most sophisticated government agencies ever conceived of by humanity.
In this talk, we'll follow Elizebeth's journey, learn the history of cryptography, and apply those lessons to how we should view technology and technologists today.
I'm not technical enough to give this talk
I don't have a computer science degree. I haven't ever been paid to write code for a living. In fact, the only programming "class" I've ever taken was a VB business school class 15 years ago.
In this talk, I'll prove that the qualifications to learn, teach, and talk about technology are not the "traditional" ones. No one should feel that their opinion or experience is less than someone who has more of a typical software engineering resume. By giving three mini-demos of technology that I have no right talking about, I'll show that being self-taught doesn't mean you shouldn't share your knowledge with others. The only requirement is a little creativity and a lot of curiosity, and anyone can stand up on stage or write a blog or teach their coworkers something new.
Failure is not an option: What Apollo 11 can teach us about DevOps
Many software development professionals think of themselves as cutting edge innovators who explore new and exciting frontiers. Contrarily, concepts that may be considered contemporary innovations are actually ideas that were conceived decades ago when humans strived to explore the REAL final frontier - space. Over fifty years ago, Neil Armstrong and Buzz Aldrin walked on the surface of the moon. But behind this amazing human accomplishment was the work of countless individuals who collaborated to make the impossible happen. In this talk, we’ll re-examine what we can learn from the Apollo program and how that knowledge can help avoid pitfalls today. While shipping code directly into production might be scary for you, imagine if that code was shipped into the vacuum of space and could only use 24K of storage and 1K of memory.
All I need to know about DevOps I learned from XKCD
XKCD describes itself as “a webcomic of romance, sarcasm, math, and language.” What if it is more? What if XKCD and it’s creator Randall Munroe have slowly been revealing what software development, DevOps and team collaboration are all about.
In this talk, we’ll take a look at some recurring themes in XKCD comics - and how they hit home with recurring themes in DevOps. From regular expressions, vim vs. emacs to user experiences so bad...they are literally a joke XKCD finds ways to express simply the thoughts we’ve all had. We will examine these comics for their deeper meaning (deeper even than just the tooltip text Randall leaves behind) and learn from them how to make better software.
Black Mirror Season 5: DevOps
Black Mirror presents a haunting view of how modern technology places society a “minute away” from a dystopian future. DevOps and those of us that practice it find ourselves in a similar situation - partially mature technologies whose implications we don’t yet fully understand. Heartbleed, Equifax and now Meltdown & Spectre can make us feel like there is no escaping this dark future. But just as Black Mirror examines the extremes of these concepts as a canary in the mine shaft for society, we too can carefully employ practices that will prevent season 5 from featuring Site reliability engineer, DevOps engineer, or CISO characters.
In this talk, we’ll learn how to use the powerful concepts and tools behind DevOps for good…with great power comes great responsibility….but also great opportunity to do good for our businesses, each other and our world. By working together with product, business, and external teams; embedding security into how we operate; and measuring everything we do we can empower our teams to thrive.
As Strong as the Weakest Link: Securing the Software Supply Chain
The Solarwinds breach at the end of 2020 is an event that we won't truly understand the breadth and depth of for some time - if ever. But already, several discussions we've been having in the abstract for years have become very concrete. Firstly, the systems we use to develop, code, build and deploy our code are all essential production systems - and should be treated as such. And second, securing the software supply chain is one of the most underrated aspects of security and is often overlooked.
All software today is built with dependencies. The vast availability of incredible open source tooling has allowed all of us to stand on the shoulders of giants and build software better and faster than we could have ever dreamed, even 5 or 10 years ago. However, a discussion of these dependencies - both explicit and transient - as links in the software supply "chain" couldn't be more accurate. And the truth is, a chain is only as strong as its weakest link.
In this talk, we'll examine what is known of the complexities and sophisticated tradecraft from the Solarwinds / Sunburst attack. But perhaps more importantly, we'll delve into the simple, practical security measures that were missed, allowing the attack to get a foothold in the first place.
Democratizing the Language of Cybersecurity
In the rapidly evolving realm of cybersecurity, clear communication is key but often overlooked. Traditional reliance on CVE numbers has left gaps in understanding, particularly among stakeholders like developers and CISOs. Nuclei templates have emerged as a transformative solution, offering a machine- and human-readable format that succinctly encapsulates vulnerability details. This universal template fosters clarity, ensuring aligned strategies across teams. Being open source adds to this, and the community-driven approach further accelerates vulnerability response times. By democratizing the language of security, Nuclei templates bridge the communication gap between security teams and engineers, facilitating swift, informed action to secure our future.
2023 All Day DevOps Sessionize Event
Bsides NoVa 2023 Sessionize Event
2021 All Day DevOps Sessionize Event
DeveloperWeek 2021 Sessionize Event
2020 All Day DevOps Sessionize Event
JSConf: Hawaii 2020 Sessionize Event
Brendan O'Leary
Head of Community @ ProjectDiscovery
Annapolis, Maryland, United States
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top