
Micah Silverman
Director, Security Advocacy @ Snyk
Virginia Beach, Virginia, United States
Actions
Micah is Snyk's Director of Security Relations. With 30 years of Java Experience (yup, that's from the beginning) and 23 years as a security professional Micah's authored numerous articles, co-authored a Java EE book, and spoken at many conferences. He's a maker, who's built full-size MAME arcade cabinets and repaired old electronic games (http://afitnerd.com/2011/10/16/weekend-project-fix-dark-tower/). He brings his love of all things security and Java to a conference near you!
Area of Expertise
Topics
Kicking JavaScript to the Curb with Vaadin
I've been using Spring Boot for a very long time. I learned Vue.js in order to build a modern web app that's been in use for about 7 years.
I recently learned Vaadin and refactored the application so that it's end-to-end Java.
In this talk, I share the experience and dive into real-world challenges going from a frontend JavaScript to using Java all the way.
I cover coding, security, testing, debugging, and migrating. The pace is quick, but you learn a lot!
Breaking AI: Live coding and hacking applications with Generative AI
Is your organisation ready to revolutionize your coding experience with generative AI tools, like copilot, ChatGPT, or code whisperer? Do you know how to code safely with generative AI tools increasing your delivery speed without compromising security? In this session, we’ll discuss some of the dangers of generative AI, including hallucinations and security risks. We’ll live code a Spring coffee shop application using copilot, and ChatGPT, and live hack the results, showing how the generated code can be exploited in a running app. We’ll uncover generated SQL injections, Cross site scripting, directory traversal and more. Don't miss this electrifying opportunity to explore the cutting edge of coding technology. Join us and embark on a journey where velocity meets security, and innovation knows no bounds. Secure your spot now and get ready to code like never before! In this session you'll learn how you can leverage the power of AI to increase your velocity while mitigating risks and staying secure.
Capture the Flag 101
Capture the Flag events are exciting and competitive. But, they can be scary to developers and security practitioners who have never participated in them.
In this session, I introduce CTFs, discuss their benefits to developers, and examine an easy and medium-difficulty CTF challenge in depth.
Together, we walk through the wiley attacker's thought process and how to pick up clues based on the programming language and protocols involved. We google, form theories and test against what little information is provided in the challenge.
You don't need any prior knowledge of a specific programming language. Rather, we focus on developing the skills needed to participate in a Capture the Flag event.
After an introduction to Capture the Flag events, we dig into two challenges. These are real challenges from past CTF events.
For each challenge, we follow a pattern of discovery:
1. Introduce the challenge
2. Review clues from the challenge text and challenge interface
3. Give participants time to take on the challenge
4. Pause and review progress and give a hint
5. Give participants more time to solve the challenge
6. Review the solution and lessons learned
AI Board Game Experiments: Autonomy, Reasoning, and Deception
Following in the same vein as "Claude Plays Pokemon", I did a number of experiments with popular models to play board games. My goal was to make them as autonomous as possible. In this talk, I walk through the highlights of these different experiments. In some play-throughs, I tried to be as helpful to the AI as possible. In others, I did whatever the AI said without comment. And in others, I tried to actively deceive it. Which models did well, and which flopped? What level of autonomy was achieved? What does this reveal about the reasoning models? All this is answered during this talk. At the end, we'll take a poll of the participants to pick from among a few online board games. We'll then gather prompts from the audience to get as far into the game with an AI as time permits.
How I became a repo man for a day
In the summer of 2024, I became a repo man for a day. I legally recovered a vehicle without any confrontation or repercussions.
In this talk, I describe the circumstances that led to this eventful day. I approached this problem like I do a capture the flag event or other ethical hacking activities: Identify the problem, gather information, analyze the clues, consult other professionals and take action.
I go into detail on the upfront planning work I did, how I was able to legally retake ownership of the vehicle and then physically take possession of the vehicle all while doing my best to avoid any confrontation. I also cover the measures I took to ensure that this process couldn’t be re-implemented as a counter attack on me.
I wrap up the talk with how my adversary could have prevented this and talk in general about good personal security behaviors.
KCDC 2022 Sessionize Event
Devintersection & AngleBrackets Fall 2021 Sessionize Event
TechBash 2021 Sessionize Event
KCDC 2021 Sessionize Event
Destination: Zero-Trust Sessionize Event
DevFestAB 2020 Sessionize Event
DevSecOps Days Rockies - Virtual Sessionize Event
Camp Cloud Native Sessionize Event
DeveloperWeek 2020 Sessionize Event
Little Rock Tech Fest 2019 Sessionize Event
Music City Tech 2019 Sessionize Event
KCDC 2019 Sessionize Event
KCDC 2018 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top