Dorota Parad
Founder and CEO at Authress
Winterthur, Switzerland
Actions
Dorota is the CEO at Authress. With two decades of experience in different software roles, from coding, testing, UX, through product and engineering management, to business operations, she brings a down-to-earth perspective to complex topics people prefer to avoid.
Area of Expertise
Topics
Security or convenience - why not both?
Traditionally, security is all about creating obstacles and making it difficult to access data. All too often it means obstacles and difficulties not just for the attackers, but for our own team members. This leads to wasted time, frustration, or clever workarounds that expose parts of our system we meant to protect. But modern security doesn’t have to be this way.
I’m going to share a simple framework that will help you replace some of the annoying security practices with ones that don’t get in your way, talk about how to avoid wasting time implementing practices that make no sense, explain what your CISO wants, and when to push back.
Unintended consequences of well-meaning changes
As engineers, we’re used to thinking in algorithms where causality is clear and the same set of actions always produces the same results. When we apply algorithmic thinking to complex systems, however, our well-meaning actions often result in unintended consequences. Whether driving organizational change or fixing a small bug in your monitoring system, it’s not enough to consider the most immediate and direct result.
In this talk, I’ll go over examples of simple changes causing large scale unintended consequences, explain how to recognize when your actions could impact more than you wish for, share techniques for anticipating ripple effects so you can use them to your advantage, and help you become more adept at reasoning about complex systems.
Priorities - the art of saying no
There is always more work than time. We’re getting requests from leadership, co-workers, customers, all the while dealing with bugs, tech debt, and things we actually want to do.
Sometimes everything seems urgent and has to be done yesterday, yet it’s impossible to do it all.
In this talk, I’ll share how to recognize what work is worth doing, when to say no, and how to avoid getting stuck in a firefighting loop.
Calculating the unquantifiable? How to estimate ROI on security
How to put a number on the cost of something that may not even happen? How to assign value to abstract and subjective constructs like “brand reputation” or “customer trust”? How do we know if we’re spending enough on security, and how to tell if we’re spending too much?
Assuming we have the budget for software security, where should we invest it? And in the absence of a budget, what can we do to obtain it?
In this talk, I’ll demonstrate a few basic techniques used in finance that we can use to gauge what is a reasonable spend in software security. I’ll also show how to recognize high-value activities, how to tell them apart from security theater, and share my tips for communicating your numbers with the executives.
Build, buy, or use open source? All your answers in one chart
All of us have an approach for deciding whether to build that next thing in house, get something off the shelf, or use an open source solution. I’d like to share a method I’ve used and refined over the years to simplify such decisions, and I’ve distilled it into a flowchart. Say goodbye to overthinking, decision paralysis, and projects that are doomed to fail!
I’ll go over key questions to ask yourself when deciding, talk about the nuances and distractions, explain when and how to come up with numbers, and how to recognize that we’re wasting time.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top