Speaker

James McKee

James McKee

Consultant @ Withstand Security

Evanston, Illinois, United States

James is a developer and security advocate who has lead developer security practices. He set the standards and procedures for how the engineering practices operate, and lead client engagement efforts with regard to cyber security. He also has lead company staff training to promote best practices with regard to security.

James has acted as a system and application architect, and evaluates application design as part of the security audits. In a past James was responsible for Architecture and developing solutions on multi-million implementation efforts. Key clients included the Eight Fortune 500 companies (Seven in the Fortune 100), as well as several well known non-profits and leaders in their industries. Vertices served included geospatial healthcare, transportation, financial services, retail, insurance, and energy.

In his free time James is involved with running BSides Boulder and AppSec Village @ DEFCON.

Area of Expertise

  • Information & Communications Technology

Topics

  • Application Security
  • Web Application Security
  • mobile application security
  • Windows Application security

Unveiling Hard Truths in Application Security: Navigating the Realities for Resilience

When dealing with the challenges of engineering, it is imperative to confront the hard truths embedded within AppSec practices. In this talk will discuss the human element of application security bringing in the indispensable role of education, culture, and accountability. Drawing upon real-world case studies and industry insights, by confronting uncomfortable truths surrounding developer practices, organizational inertia, and the limitations of technology, participants will be empowered to implement pragmatic solutions that prioritize security without stifling innovation.

Encryption for Developers

Encryption has become a major part of the implementation of many products, but how many of us really understand what is going on behind the scenes. During your implementation, do you really know what an initialization vector does? What is the difference betwen AES-CBC and AES-CFB, and when should you use one over the other? How do you store the decryption key to prevent the same code leaking both the data and the key?

In this breakout section we will talk through some of the history of encryption, the different types of encryption, its appropriate uses, and the key elements that we are required to include encryption in your products.

How to Succeed in Application Security without even trying

We all know that Application Security is one of those things that we should worry about. The time to worry about it is not at 3am when the production server is down. But finding the right places to get started and getting success, or something that feels like success can be absolutely excruciating. Which is one of the reasons that it falls just above documentation in the list of priorities for most development teams. In this session we will talk about the ways that we can GREATLY improve the security of our applications, while playing games, making small changes, and light process changes.

James McKee

Consultant @ Withstand Security

Evanston, Illinois, United States