Warren Parad
CTO and Security Specialist @ Authress
Winterthur, Switzerland
Actions
Warren focuses on technology that helps teams automate security implementations. He has journeyed through many different locations, technologies, and industries from Health Care IT in Wisconsin to E-Commerce in Switzerland. Now, he is an AppSec specialist and CTO at Authress, building tools for seamless security, authentication, and authorization. He enjoys solving product and technical challenges, and ultimately delivering long term business impact by eliminating common obstacles.
Area of Expertise
Topics
Meeting Impossible SLAs: How we made our uptime 99.999%
Can a service even have a 99.999% uptime guarantee? It's easy to promise, but actually delivering on that is another challenge entirely. Testing, CI/CD, reviews--strategies to achieve three nines are no longer sufficient when components become critical.
Running critical components requires a completely different mindset when the required uptime is five nines, and there are many reasons to require high uptimes--regulatory needs, critical application dependencies, or in some situations your service could offer life-saving responsibilities. In these circumstances, it becomes critical to get this right, and never let your service go down.
In this talk, I'll dive into if five nines is even possible, a full review of the challenges we encountered building our mission critical service Authress, and iterate through the key trade-offs in elevating the reliability of our services.
Key Takeaways:
* The core components of a highly reliable solution
* Lessons learned in the process
* Understanding service reliability in the business context
* Architecture strategies to increase the reliability
What the @#!? is Auth
Authentication remains a complicated yet critical aspect of application security. In this talk, I'll demystify the core concepts, diving into access tokens, refresh tokens, and browser security mechanisms like WebAuthn for hardware-based authentication. Additionally, I'll explore techniques such as session handling, revocation strategies, silent authentication for improved security UX, and the usage scopes for controlling access granularity.
Finally, I'll delve into JSON Web Tokens (JWTs), the use of EdDSA signatures for enhanced security and performance, as well as the common pitfalls that seasoned pro and newcomer alike struggle with when it comes to auth. By the conclusion, you'll be equipped with some additional knowledge to navigate the complexities of auth and build secure, user-friendly systems.
Stopping all the attacks before they start: Building a security first API
Embrace a security-first mindset in API development to proactively prevent malicious attacks. Learn how to integrate fundamental security building blocks, authenticate requests, validate access control, implement secure communication channels, identify potentially dangerous actors, and dynamically prevent attacks as they happen.
Here, I’ll walk through building resilient APIs and platforms that thwart attacks from the beginning, protecting your users and your data. Join me as I introduce how to make security an integral part of our development process.
Meeting Impossible SLAs: How we made our uptime 99.999%
Can a service even have a 99.999% uptime guarantee? It's easy to promise, but actually delivering on that is another challenge entirely. Testing, CI/CD, reviews--strategies to achieve three nines are no longer sufficient.
Running critical components requires a completely different mindset when the required uptime is five nines, and there are many reasons to require high uptimes--regulatory needs, global application operations, or in some situations your service could offer life-saving responsibilities. In these circumstances, it becomes critical to get this right, and never let your service go down.
In this talk, I'll dive into if five nines is even possible, a full review of the challenges we encountered building our mission critical service Authress, and iterate through the key trade-offs in elevating the reliability of our services.
Key Takeaways:
* The core components of a highly reliable solution
* Lessons learned in the process
* Understanding service reliability in the business context
* Architecture strategies to increase the reliability
Why You Should Check Your Secrets Into Git
In any software, platform, or application that involves more than one user, you will have to deal with authentication. And when you have more than one service or microservices, you will have to deal with credentials. If getting credentials right can be a headache, then keeping them secure during events such as–production deployments, engineer offboarding, and credentials rotation–is a nightmare.
With the goal of limiting the impact of security incidents, credentials management is a critical component of any organization’s security posture. Here, we’ll explore the different ways to manage your secrets by discussing the advantages and best practices for keeping your sensitive information, private keys, and service clients secure.
Adding security to architecture one step at a time
It’s easy to make security an all or nothing approach. Often the focus is on engineering a perfect product vision or speed of delivery. Attention to security is left to the end and by that time it is too late.
Here, I’ll review the opportunities to inject a security mindset into your team, what components to use and when to use them, as well as how to grow a security culture as your company and product evolves.
Technical talk level: Intermediate
Incontro DevOps Italia (IDI) 2025 Sessionize Event
CloudX 2024 Sessionize Event
Developer Week '24 Sessionize Event
Codemotion Madrid 2023 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top