© Mapbox, © OpenStreetMap

Speaker

Jonatan Männchen

Jonatan Männchen

CISO @ Erlang Ecosystem Foundation

Speicher, Switzerland

Actions

As the Chief Information Security Officer at the Erlang Ecosystem Foundation (EEF), I drive security initiatives across Erlang, Elixir, Gleam, and the broader community. My role involves analyzing and implementing data protection, compliance, and secure development practices—particularly focusing on requirements like EU CRA/CISA and supply chain integrity. I maintain the EEF’s CNA (CVE Numbering Authority), ensuring vulnerability disclosures are managed effectively. I also collaborate closely with volunteer working groups, design software solutions for security challenges, and actively engage in fundraising activities.

Area of Expertise

  • Finance & Banking
  • Information & Communications Technology

Topics

  • Security
  • Elixir
  • Erlang
  • OpenID Connect

Unlock the Power of OpenID Connect on the BEAM

In an increasingly interconnected digital world, ensuring robust security and seamless user experiences is paramount. OpenID Connect, a proven authentication framework, stands at the forefront of this challenge. This conference talk delves deep into the realm of OpenID Connect, shedding light on its myriad benefits and showcasing practical techniques to effortlessly integrate it into your Erlang and Elixir web applications and APIs.

Discover the foundational concepts that make OpenID Connect a compelling choice for identity authentication. Explore how it simplifies the process of verifying user identities while enhancing security. We'll explore the benefits of Single Sign-On (SSO), identity federation, and secure user data exchange, all facilitated by OpenID Connect.

Blogpost: https://dev.to/maennchen/openid-connect-an-introduction-4p4b
Talk Recording: https://www.youtube.com/watch?v=4mTrqRSttyo
GitHub: https://github.com/erlef/oidcc

From Freakout to Fix: Navigating a Security Disaster

Picture this: you’re chugging coffee late at night when you realize your beloved library has a massive security hole. Worse yet, someone’s already posted a proof-of-concept exploit for the world to see. Suddenly, thousands of projects are at risk, and you’re the one holding the bag. That’s exactly the scenario this talk tackles: the rush of panic, the scramble to inform everyone, and ultimately the hero’s journey to patch things up.

We’ll step through how to file vulnerabilities through official channels (like the CVE system) and bring clarity to the confusion of those first chaotic hours. You’ll see how simple tools, vulnerability scanners, and a clear emergency plan can make the difference between an all-nighter of sweaty debugging and a smoother return to stability. Along the way, we’ll talk best practices for preventing these disasters in the first place—from well-defined security policies to having the right people on speed dial.

And here’s the kicker: vulnerability disclosure isn’t something to hide under the rug. Handled well, it’s proof that you take security seriously, and that alone can earn respect. By the end of this session, you’ll have the knowledge (and the confidence) to handle your very own “Oh no!” moment with a lot less panic and a lot more rock ‘n’ roll.

Target Audience
* Maintainers of libraries and anyone running a production project.
* People curious about the basics of handling real-world security incidents.

Base Level of Knowledge
* No deep security expertise required; this talk will serve as an introductory crash course on vulnerability disclosure processes, common tooling, and best practices to keep your code (and your sanity) intact.

COVID-19 contact tracing on the BEAM

COVID-19 contact tracing on the BEAMTracing a pandemic's spread throughout society presents its unique challenges. This talk will cover the history of «Hygeia», an application on the BEAM, built from scratch for the sole purpose of empowering health workers in managing the pandemic and its impact on the lives of the affected.

We will cover the story of how technologies such as Phoenix, LiveView, ecto, gen_smtp, Surface, and Docker/Kubernetes empowered us to develop a viable application in a highly dynamic field and how we discovered and overcame many pitfalls along the way.

Talk Recording: https://www.youtube.com/watch?v=7ypfyCOfwLo
GitHub: https://github.com/jshmrtn/hygeia

Code BEAM V EU 2021

Code BEAM America 2024 Sessionize Event

March 2024 San Francisco, California, United States

Code BEAM V EU 2021

May 2021 Speicher, Switzerland

Jonatan Männchen

CISO @ Erlang Ecosystem Foundation

Speicher, Switzerland

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top