QCon is one of my favorite technical conferences. The content is unbeatable—it’s curated and sourced talk-by-talk by experts who chair each track. The experience is top-notch for speakers and attendees, and the conference is structurally inclusive and welcoming. I spoke at QCon San Francisco last year, and I was slated to speak at QCon NYC this year—but I’m not able to. Instead, I reached out to my network (thanks!) and was introduced to a talented speaker I want you to know about.
Kelly Shortridge is currently VP of Product Strategy for Capsule8. Kelly is an amazing writer and speaker, building on an entrepreneurial and analytical background in product, finance, and investment banking to offer compelling insights into information security through the lens of behavioral economics. Kelly has spoken at many conferences internationally, including Black Hat USA, AusCERT, Hacktivity, Troopers, and ZeroNights. For a sample of Kelly’s speaking, check out this talk at DuraznoConf 2018.
And now Kelly Shortridge will be speaking at QCon NYC! The talk is titled Security Delusions, detailed as follows:
Security teams are frequently the gatekeepers of adopting new technology in the enterprise. In fact, information security represents perhaps the biggest tech laggard among technical functions today. “Because security” can understandably feel like an unsatisfying answer to why security teams are hesitant in embracing these technologies—particularly when there are ample benefits to productivity, performance, and stability for engineering teams.
Why do security teams so tightly clutch their pearls over modern tech? What are common enterprise security perspectives on potential risks inherent in fresh technology such as microservices—or even more conventional tech like cloud-based systems? This non-sales promo talk delves into the common delusions held by enterprise infosec, exploring the reasons why they opt for the rubber stamp of “no” to help inform how DevOps can assuage security’s concerns. We’ll also explore the “cheat codes” that can be presented to gain passage by the grumpy gatekeeper that is enterprise infosec.
Although Kelly’s talk isn’t formally part of the Trust, Safety, & Security track, I think people who attend that track will be interested in this talk too. Enjoy the talk!