James is a developer and security advocate whose biggest responsibility is leading developer security practices. He sets the standards and procedures for how the practice operates, and leads all client engagement efforts with regard to security. He also takes the lead in making sure that company staff are properly trained and following best practices with regard to security.
James also acts as a system and application architect, and oftentimes he evaluates application design as part of the security audits he performs. In a past life James was responsible for Architecture and developing solutions on multi-million implementation efforts. Key clients included the Eight Fortune 500 companies (Seven in the Fortune 100), as well as several well known non-profits and leaders in their industries. Vertices served included healthcare, transportation, financial services, retail, insurance, and energy.
In his free time James is involved with running BSidesBoulder and DC720 (Local DEFCON Group).
Software security isn't a tool or a library, everyone knows that you should check your parameters, and watch out for SQL injection, but is that really enough? If you have never had the opportunity to spend time hacking your own applications, you are really doing yourself a disservice. More than ever, the web is becoming an increasingly hostile environment, and because of it developers really need to step up their game. In this session we will go over some of the methodologies that we use internally to test applications, helping developers to think more strategically about designing applications for general security. As part of this conversation I will go over active attacks that we have seen against production sites using sterilized examples.
This conversation is an indepth dive into the Important parts of GDPR for software developers. Even though GDPR is a European standard, there's no denying that this is the direction that the software industry is going, more emphasis will be placed on protecting the data that customers and businesses rely on. In this conversation we will discuss the GDPR, the impacts of this law, and what can be done from the software development side to make sure we develop software that follow defense in depth practices.