Most Active Speaker

Dwayne McDaniel

Dwayne McDaniel

Developer Advocate at GitGuardian and huge fan of open source

Chicago, Illinois, United States

Actions

Dwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.

Badges

  • Most Active Speaker 2024
  • Most Active Speaker 2023
  • Most Active Speaker 2022

Area of Expertise

  • Information & Communications Technology

Topics

  • DevOps
  • security
  • cyber security
  • secrets management
  • Secrets scanning
  • API secrets
  • Security & Compliance
  • DevSecOps
  • InfoSec
  • Automated Security
  • web security
  • Cloud Security
  • Security
  • IT Security
  • Cloud App Security
  • Enterprise Security
  • Kubernetes Security
  • OWASP
  • Open Source Software
  • IAM
  • Access Management
  • Machine identity
  • non-human identities
  • Identity & Access Management
  • Identity Governance
  • identity & authentication

Who Goes There? Actively Detecting Intruders With Cyber Deception Tools

Intrusion detection works best when you can discover the attacker while they are still in the system. Finding out after the fact does little to protect your systems and your data.

Ideally, you would want to set an alarm that an attacker would trigger while limiting the damage to your environment. We can use these behavioral patterns to our advantage by engaging in defensive cyber deception.

You might already be familiar with the concept of honeypots, false systems, or networks meant to lure and ensnare hackers. There is a subclass of honeypots, called honeytokens, that require almost none of the overhead, are simple to deploy, are used by many industries, and lure attackers to trigger alerts while they are trying to gain further access.

Takeaways:
- Analysis of recent breaches for common attack behaviors
- A history of cyber deception and the evolution of honeypots in defensive strategies.
- Understanding how honeytokens work
- Maximizing the impact of honeytokens

Solving Secrets Sprawl Takes More Than Security: Why Machine Identity Is Everyone's Problem

When a security event occurs, most teams tend to jump into a circle of blame. Everyone takes their turn saying, "It can't be my fault." Unfortunately, for many companies, the Security team is ultimately seen as at fault when a breach happens; after all, it is a security incident.

Long-lived credential leaks, aka secrets sprawl, are possibly the single largest security risk every organization is currently facing. No security team can solve this growing issue on its own. This is going to take a full team effort and rethinking some of the relationships and silos we have become accustomed to in the tech world. There has never been a better time to rethink how we build complex applications and how they interact with the world.

In this talk, you will:
- Get an update on the latest secrets security research
- Ask who really owns security and identity
- Map possible routes for a secrets-free future
- Rethink git and pull requests workflows and see why that is more involved than you think

Secrets Security End-To-End

Credentials allow human-to-machine and machine-to-machine communication. According to recent research, 93% of organizations had two or more identity-related breaches in the past year. It is clear that we need to address this growing issue. Unfortunately, many organizations are OK with using plaintext credentials, which we should all know not to do by now.

These go beyond just adding these credentials to build systems and into our code. Secrets sprawl into our local scripts, communication tools, and project management tickets daily. Attackers know this and are counting on you not getting a handle on the problem by the time they break in.

Given the scope of the problem, what can we do? Let's make a plan!
- Secrets Detection
- Secrets Management
- Developer Workflows
- Secrets Scanning
- Automatic Rotation

By the end of this session, you should have a clear roadmap for taming the machine identity mess in your code and pipelines.

I'm A Machine, And You Should Trust Me: The Future Of Non-Human Identity

Security boils down to trust. Trusting that the code will do what is expected and is free from vulnerabilities. Trusting that the entities interacting with our data and resources have the right to access those resources. Our current approach to both human and non-human access uses the same basic flawed pattern: long-lived credentials.

This approach to trusted access does not take into account who or what is requesting that resource. These secrets, which quite often leak, are an attacker's best friend and are how attackers think about getting into and moving throughout your system.

What if instead of simply asking for a security key or credential to gain access, our applications, workloads, and resources asked "Who are you and how can you prove that?" Humans can move towards leveraging our non-changing characteristics, like biometrics. But what about machines? Especially in the world where pods and workloads last for only hours or days?

Hidden Dangers Of AI In Developer Workflows: Navigating Security Risks with Human Insight

AI tools like ChatGPT and Copilot have become indispensable in developers' daily workflows. Whether it is for code samples and scaffolding, prototyping, or documentation, AI can help eliminate a lot of toil from the developer's day-to-day.

However, there are hidden dangers that AI have introduced that are worth exploring. The good news is that for most of these concerns the answer is not more tech or tools, but something we have been getting right for generations - humans in the loop!

This presentation will explore the critical security challenges associated with AI-enhanced development workflows and the essential role of human oversight in mitigating these risks.

We'll look into three major areas of concern:
1. The AI told me to do it that way…
2. Hallucinations everywhere
3. Where did my data go?

Join this talk to see some real examples of AI getting it wrong, but stay for a discussion on how you can leverage already existing tools to make the best use of the most valuable resource in the company…your team's time. Expect to leave with a fresh perspective on how bright a future we can build as people fostering more secure and efficient development practices.

Stop Committing Your Secrets - GIt Hooks To The Rescue!

No one wants their keys and secrets on GitHub, but one bad push can mean you are suddenly exposed. In the best-case scenario, you discover the issue and fix it before something bad happens, but in the worse case, you don’t find out until it is far too late.

Most devs are familiar with using .gitignore files to prevent Git from tracking specific files and folders, but did you know that you can leverage Git hooks and some open source awesomeness to keep you from accidentally committing your secrets in the first place?

If you are not actively using Git hooks in your workflows, then this talk is for you. Let's look into the .git folder and unlock a whole world of automation possibilities!

While this talk is primarily aimed at junior devs who are still learning the ropes of security and repo hygiene, anyone who is using Git only at the surface level can benefit from a deeper dive into the possibilities Git can really offer.

Demystifying Git - Version Control From First Principles

Git is the defacto standard version control system in use today. Every developer learns the basics of add, commit, branch, merge, pull, and push, and that is about all they learn about Git.

However, if you ask how Git actually works under the covers, most people will tell you they don't really know. Worse yet, when most developers see Git output messages like "detached HEAD state" or "CONFLICT (content): Merge conflict", they get a stress-induced panic.

This session will peel back the shroud of mystery that envelops Git, showing that there is nothing overly complex or terrifying about the inner workings of the world's most popular version control system. This talk is for everyone, from the complete Git novice to folks who have been pushing code for years but maybe have never stopped to look at how Git does its thing.

In this session we will cover:
- A tour of .git folder
- Branches might not be what you think they are
- Rebase is your friend, I swear!
- How reflog can save the day
- The power of Git bisect
- And more....

This session is aimed at beginners and advanced Git users alike and is meant to remove the fear of Detached HEAD state and the other terrifying messages Git tends to present.

PHP Tek 2025 Sessionize Event

May 2025 Chicago, Illinois, United States

Devnexus 2025 Sessionize Event

March 2025 Atlanta, Georgia, United States

CodeMash 2025 Sessionize Event

January 2025 Sandusky, Ohio, United States

Chattanooga DevOpsDays 2024 Sessionize Event

November 2024 Chattanooga, Tennessee, United States

AI Summit Vancouver Sessionize Event

November 2024 Vancouver, Canada

BSides Orlando 2024 Sessionize Event

October 2024 Orlando, Florida, United States

Agile + DevOpsDays Des Moines 2024 Sessionize Event

October 2024 Des Moines, Iowa, United States

DevSecCon 2024 : Developing AI Trust Sessionize Event

October 2024

Drupal GovCon 2024 Sessionize Event

August 2024 College Park, Maryland, United States

AppSec Village - DC32 Sessionize Event

August 2024 Las Vegas, Nevada, United States

Agile2024 Sessionize Event

July 2024 Dallas, Texas, United States

CloudNativeSecurityCon North America 2024 Sessionize Event

June 2024 Seattle, Washington, United States

BSides Boulder 2024 Sessionize Event

June 2024 Boulder, Colorado, United States

php[tek] 2024 Sessionize Event

April 2024 Chicago, Illinois, United States

Atlanta Cloud Conference 2024 Sessionize Event

March 2024 Marietta, Georgia, United States

Civo Navigate North America 2024 - Austin, TX Sessionize Event

February 2024 Austin, Texas, United States

HashiTalks: Deploy Sessionize Event

December 2023

Cloud With Chris Sessionize Event

December 2023

Live! 360 Orlando 2023 Sessionize Event

November 2023 Orlando, Florida, United States

TechBash 2023 Sessionize Event

November 2023 Mount Pocono, Pennsylvania, United States

2023 All Day DevOps Sessionize Event

October 2023

API World 2023 Sessionize Event

October 2023 Santa Clara, California, United States

Momentum 2023 Sessionize Event

October 2023 Cincinnati, Ohio, United States

DevOpsDays DC 2023 Sessionize Event

September 2023 Washington, District of Columbia, United States

dev up 2023 Sessionize Event

August 2023 St. Louis, Missouri, United States

DeveloperWeek CloudX 2023 Sessionize Event

August 2023 San Mateo, California, United States

DevOpsDays Seattle 2023 Sessionize Event

August 2023 Seattle, Washington, United States

SEI Secure Software by Design Sessionize Event

June 2023 Arlington, Virginia, United States

php[tek] 2023 Sessionize Event

May 2023 Chicago, Illinois, United States

HashiTalks: Secure Sessionize Event

May 2023

Nashville DevOpsDays 2023 Sessionize Event

April 2023 Nashville, Tennessee, United States

WeAreDevelopers Live 2023 (Season 5) Sessionize Event

April 2023

CloudConnect 2023 Sessionize Event

February 2023 Oakland, California, United States

BSides SLC Sessionize Event

December 2022 Sandy, Utah, United States

Devfest Florida 2022 Sessionize Event

December 2022 Miami, Florida, United States

HashiTalks: Deploy Sessionize Event

December 2022

Automation + DevOps Summit 2022 Sessionize Event

December 2022 Nashville, Tennessee, United States

Festive Tech Calendar 2022 Sessionize Event

December 2022

DeveloperWeek Enterprise 2022 Sessionize Event

November 2022

GitKon 2022

This unique virtual conference presented by GitKraken will bring together developers, technical teams, managers, executives and thought leaders, united by their passion for software development and team collaboration, which Git empowers.

Get ready for 3 days of lively, informative sessions:

2 days for developers and teams
1 day for dev team leads and tech executives

We’ll keep the sessions brief (think TikTok style) and the days short (we’re talking only 3 hours of your time each day), so you’ll walk away feeling educated, energized and inspired, rather than overloaded and burned out. Here’s the kicker: it’s 100% free!

Day 1 topics will be all about Git:

Git tips & tricks
Git internals & concepts
Git with services & frameworks

Day 2 will be about teams and DevOps:

Distributed team collaboration
DevOps/GitOps best practices
Security at every step
Program/platform specific talks

Day 3 topics will be presented by a variety of notable tech executives:

Lessons learned building/scaling efficient teams
Developer productivity & DORA metrics
Leading teams & promoting effective teamwork in chaotic times
Emerging trends

Apply to speak at https://gitkon.com/call-for-speakers/

October 2022

JConf.dev 2022 Sessionize Event

September 2022 Chicago, Illinois, United States

DevOpsDays Chicago 2022 Sessionize Event

September 2022 Chicago, Illinois, United States

RMISC 2022 Conference Sessionize Event

September 2022 Denver, Colorado, United States

JCON 2022 ONLINE (virtual) Sessionize Event

September 2022

WorldFestival 2022 Sessionize Event

August 2022

SQL Start! 2022 Sessionize Event

June 2022

Mautic Conference Global 2022 Sessionize Event

June 2022

Azure Spring Clean 2022 Sessionize Event

March 2022

Dwayne McDaniel

Developer Advocate at GitGuardian and huge fan of open source

Chicago, Illinois, United States

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top