Kashif Memon
Security Engineer | OSCP
Austin, Texas, United States
Actions
Security professional with 7 years of hands-on experience in red team operations, cloud security, and DevSecOps. Currently working in vulnerability management, impact & risk management, and security automation. OSCP and AWS Certified.
Links
Area of Expertise
Topics
Shift Left, But Don’t Look Left Only: The Blind Spots in Modern Security
The phrase "shift left" has become a cornerstone of modern security thinking—encouraging teams to catch and fix issues earlier in the development lifecycle. But is early always better? In this session, we’ll challenge the overreliance on shift-left strategies and explore what happens when security theory meets real-world complexity. From legacy systems and third-party code to overwhelmed developers and business pressures, we’ll look at why shifting left isn’t always feasible—or effective. Attendees will walk away with a more balanced, practical approach to building security in continuously, rather than relying on a one-size-fits-all solution.
The Illusion of Security: Are We Prioritizing the Right Metrics?
Is your organization really secure, or are you just checking boxes? Security metrics often focus on issue resolution within SLAs, but this doesn’t guarantee true protection. In this session, we’ll expose the illusion of security that SLAs create, revealing the real risks hidden beneath the surface. You’ll learn how business priorities—third-party dependencies, legacy systems, and resource constraints—force compromises, leaving critical vulnerabilities unaddressed. Get ready to challenge conventional security metrics and discover how to measure real risk, optimize security health, and balance business goals with protection. This talk is a must for leaders, practitioners, and anyone eager to rethink how security should be measured and managed.
Unleashing AI's Potential: A Roadmap to Optimized Vulnerability Management
Managing vulnerabilities at scale is a significant challenge for modern security teams. With increasing volumes of vulnerabilities, the need to prioritize issues effectively and reduce operational burdens has never been more critical. Artificial Intelligence (AI) is emerging as a transformative solution, offering tools to enhance vulnerability detection, prioritize risks, and streamline remediation processes.
This session will delve into the practical applications of AI in vulnerability management, showcasing how it can reduce false positives, accelerate decision-making, and optimize resource allocation. We will also discuss the limitations of AI, including biases in data, the need for business-context awareness, and the dangers of overreliance on automation. Through examples and actionable insights, attendees will gain a clear understanding of how AI can complement human expertise to build a balanced and effective vulnerability management strategy. Whether you’re just exploring AI’s potential or looking to refine its use, this session will equip you with the knowledge to harness AI’s capabilities responsibly.
Scaling Vulnerability Management: A Blueprint for Efficiency and Effectiveness
This session dives into conquering the challenge of vulnerability management by exploring methods for implementing a scalable program. During this session, I will discuss automated patching streamlined communication, and actionable insights, providing a blueprint for building a program that empowers proactive risk management and prioritization of remediation efforts. This session equips attendees with the tools and strategies to implement a robust vulnerability management program, regardless of their organization's size.
Embracing the Cadence: Synchronizing Security and Builder Momentum
In today’s fast-paced development environments, balancing security and builder momentum is a constant challenge. Strict security measures can hinder innovation, while prioritizing speed over security exposes organizations to risks. This session explores practical strategies to balance these competing priorities, fostering a culture where security and development work in tandem. Attendees will learn how to:
* Align security practices with development cycles.
* Leverage automation to streamline workflows.
* Cultivate collaboration and shared responsibility across teams.
* Implement metrics to measure and optimize security and efficiency.
Through case studies and actionable insights, this talk equips participants to improve their existing processes to build secure, high-velocity software systems that maintain innovation while safeguarding against threats.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top