Dwayne McDaniel
Developer Advocate at GitGuardian and huge fan of open source
Chicago, Illinois, United States
Actions
Dwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.
Badges
Area of Expertise
Topics
Who Goes There? Actively Detecting Intruders With Cyber Deception Tools
Intrusion detection works best when you can discover the attacker while they are still in the system. Finding out after the fact does little to protect your systems and your data.
Ideally, you would want to set an alarm that an attacker would trigger while limiting the damage to your environment. We can use these behavioral patterns to our advantage by engaging in defensive cyber deception.
You might already be familiar with the concept of honeypots, false systems, or networks meant to lure and ensnare hackers. There is a subclass of honeypots, called honeytokens, that require almost none of the overhead, are simple to deploy, are used by many industries, and lure attackers to trigger alerts while they are trying to gain further access.
Takeaways:
- Analysis of recent breaches for common attack behaviors
- A history of cyber deception and the evolution of honeypots in defensive strategies.
- Understanding how honeytokens work
- Maximizing the impact of honeytokens
Solving Secrets Sprawl Takes More Than Security: Why Machine Identity Is Everyone's Problem
When a security event occurs, most teams tend to jump into a circle of blame. Everyone takes their turn saying, "It can't be my fault." Unfortunately, for many companies, the Security team is ultimately seen as at fault when a breach happens; after all, it is a security incident.
Long-lived credential leaks, aka secrets sprawl, are possibly the single largest security risk every organization is currently facing. No security team can solve this growing issue on its own. This is going to take a full team effort and rethinking some of the relationships and silos we have become accustomed to in the tech world. There has never been a better time to rethink how we build complex applications and how they interact with the world.
In this talk, you will:
- Get an update on the latest secrets security research
- Ask who really owns security and identity
- Map possible routes for a secrets-free future
- Rethink git and pull requests workflows and see why that is more involved than you think
Secrets Security End-To-End
Credentials allow human-to-machine and machine-to-machine communication. According to recent research, 93% of organizations had two or more identity-related breaches in the past year. It is clear that we need to address this growing issue. Unfortunately, many organizations are OK with using plaintext credentials, which we should all know not to do by now.
These go beyond just adding these credentials to build systems and into our code. Secrets sprawl into our local scripts, communication tools, and project management tickets daily. Attackers know this and are counting on you not getting a handle on the problem by the time they break in.
Given the scope of the problem, what can we do? Let's make a plan!
- Secrets Detection
- Secrets Management
- Developer Workflows
- Secrets Scanning
- Automatic Rotation
By the end of this session, you should have a clear roadmap for taming the machine identity mess in your code and pipelines.
I'm A Machine, And You Should Trust Me: The Future Of Non-Human Identity
Security boils down to trust. Trusting that the code will do what is expected and is free from vulnerabilities. Trusting that the entities interacting with our data and resources have the right to access those resources. Our current approach to both human and non-human access uses the same basic flawed pattern: long-lived credentials.
This approach to trusted access does not take into account who or what is requesting that resource. These secrets, which quite often leak, are an attacker's best friend and are how attackers think about getting into and moving throughout your system.
What if instead of simply asking for a security key or credential to gain access, our applications, workloads, and resources asked "Who are you and how can you prove that?" Humans can move towards leveraging our non-changing characteristics, like biometrics. But what about machines? Especially in the world where pods and workloads last for only hours or days?
Hidden Dangers Of AI In Developer Workflows: Navigating Security Risks with Human Insight
AI tools like ChatGPT and Copilot have become indispensable in developers' daily workflows. Whether it is for code samples and scaffolding, prototyping, or documentation, AI can help eliminate a lot of toil from the developer's day-to-day.
However, there are hidden dangers that AI have introduced that are worth exploring. The good news is that for most of these concerns the answer is not more tech or tools, but something we have been getting right for generations - humans in the loop!
This presentation will explore the critical security challenges associated with AI-enhanced development workflows and the essential role of human oversight in mitigating these risks.
We'll look into three major areas of concern:
1. The AI told me to do it that way…
2. Hallucinations everywhere
3. Where did my data go?
Join this talk to see some real examples of AI getting it wrong, but stay for a discussion on how you can leverage already existing tools to make the best use of the most valuable resource in the company…your team's time. Expect to leave with a fresh perspective on how bright a future we can build as people fostering more secure and efficient development practices.
Stop Committing Your Secrets - GIt Hooks To The Rescue!
No one wants their keys and secrets on GitHub, but one bad push can mean you are suddenly exposed. In the best-case scenario, you discover the issue and fix it before something bad happens, but in the worse case, you don’t find out until it is far too late.
Most devs are familiar with using .gitignore files to prevent Git from tracking specific files and folders, but did you know that you can leverage Git hooks and some open source awesomeness to keep you from accidentally committing your secrets in the first place?
If you are not actively using Git hooks in your workflows, then this talk is for you. Let's look into the .git folder and unlock a whole world of automation possibilities!
While this talk is primarily aimed at junior devs who are still learning the ropes of security and repo hygiene, anyone who is using Git only at the surface level can benefit from a deeper dive into the possibilities Git can really offer.
Demystifying Git - Version Control From First Principles
Git is the defacto standard version control system in use today. Every developer learns the basics of add, commit, branch, merge, pull, and push, and that is about all they learn about Git.
However, if you ask how Git actually works under the covers, most people will tell you they don't really know. Worse yet, when most developers see Git output messages like "detached HEAD state" or "CONFLICT (content): Merge conflict", they get a stress-induced panic.
This session will peel back the shroud of mystery that envelops Git, showing that there is nothing overly complex or terrifying about the inner workings of the world's most popular version control system. This talk is for everyone, from the complete Git novice to folks who have been pushing code for years but maybe have never stopped to look at how Git does its thing.
In this session we will cover:
- A tour of .git folder
- Branches might not be what you think they are
- Rebase is your friend, I swear!
- How reflog can save the day
- The power of Git bisect
- And more....
This session is aimed at beginners and advanced Git users alike and is meant to remove the fear of Detached HEAD state and the other terrifying messages Git tends to present.
PHP Tek 2025 Sessionize Event
Devnexus 2025 Sessionize Event
CodeMash 2025 Sessionize Event
Chattanooga DevOpsDays 2024 Sessionize Event
AI Summit Vancouver Sessionize Event
BSides Orlando 2024 Sessionize Event
Agile + DevOpsDays Des Moines 2024 Sessionize Event
DevSecCon 2024 : Developing AI Trust Sessionize Event
Drupal GovCon 2024 Sessionize Event
AppSec Village - DC32 Sessionize Event
Agile2024 Sessionize Event
CloudNativeSecurityCon North America 2024 Sessionize Event
BSides Boulder 2024 Sessionize Event
php[tek] 2024 Sessionize Event
Atlanta Cloud Conference 2024 Sessionize Event
Civo Navigate North America 2024 - Austin, TX Sessionize Event
HashiTalks: Deploy Sessionize Event
Cloud With Chris Sessionize Event
Live! 360 Orlando 2023 Sessionize Event
TechBash 2023 Sessionize Event
2023 All Day DevOps Sessionize Event
API World 2023 Sessionize Event
Momentum 2023 Sessionize Event
DevOpsDays DC 2023 Sessionize Event
dev up 2023 Sessionize Event
DeveloperWeek CloudX 2023 Sessionize Event
DevOpsDays Seattle 2023 Sessionize Event
SEI Secure Software by Design Sessionize Event
php[tek] 2023 Sessionize Event
HashiTalks: Secure Sessionize Event
Nashville DevOpsDays 2023 Sessionize Event
WeAreDevelopers Live 2023 (Season 5) Sessionize Event
CloudConnect 2023 Sessionize Event
BSides SLC Sessionize Event
Devfest Florida 2022 Sessionize Event
HashiTalks: Deploy Sessionize Event
Automation + DevOps Summit 2022 Sessionize Event
Festive Tech Calendar 2022 Sessionize Event
DeveloperWeek Enterprise 2022 Sessionize Event
GitKon 2022
This unique virtual conference presented by GitKraken will bring together developers, technical teams, managers, executives and thought leaders, united by their passion for software development and team collaboration, which Git empowers.
Get ready for 3 days of lively, informative sessions:
2 days for developers and teams
1 day for dev team leads and tech executives
We’ll keep the sessions brief (think TikTok style) and the days short (we’re talking only 3 hours of your time each day), so you’ll walk away feeling educated, energized and inspired, rather than overloaded and burned out. Here’s the kicker: it’s 100% free!
Day 1 topics will be all about Git:
Git tips & tricks
Git internals & concepts
Git with services & frameworks
Day 2 will be about teams and DevOps:
Distributed team collaboration
DevOps/GitOps best practices
Security at every step
Program/platform specific talks
Day 3 topics will be presented by a variety of notable tech executives:
Lessons learned building/scaling efficient teams
Developer productivity & DORA metrics
Leading teams & promoting effective teamwork in chaotic times
Emerging trends
Apply to speak at https://gitkon.com/call-for-speakers/
JConf.dev 2022 Sessionize Event
DevOpsDays Chicago 2022 Sessionize Event
RMISC 2022 Conference Sessionize Event
JCON 2022 ONLINE (virtual) Sessionize Event
WorldFestival 2022 Sessionize Event
SQL Start! 2022 Sessionize Event
Mautic Conference Global 2022 Sessionize Event
Azure Spring Clean 2022 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top