Luring developers with candy and other evil tricks

Presented at Kiwicon X: The Truth is In Here (2016), Nov. 18, 2016, 10:15 a.m. (30 minutes)

Security teams have historically been the scary people in black with stompy boots off in the corner, not talking to anyone. We're not talking to anyone because they're scared of us, and that fear has caused more bugs than we've ever fixed. It's also stopping us from talking to the teams that can do more to help us than anyone else, designers. Wait, designers, really? And what's this about candy? Lemme tell you a story about a different way, why you'd really like to change how you work, and how you get there. You don't even have to get rid of the boots, I promise.


  • Eleanor Saitta
    Eleanor Saitta has been fucking around with the Internet since 1994, when she had the unfortunate experience of learning FORTRAN 77 on IRIX. It's mostly been uphill since then, including eight years working for a string of consultancies (IOActive, Security Innovation, iSec Partners, and Stach & Liu), a few years doing security support and toolbuilding for NGOs and news organizations targeted by nation states, a lot of work on the Trike threat modeling tool, and a bunch of conference talks (ToorCon, CCC, Hack-in-the-Box,, O'Reilly Velocity, &c). She's now a staff engineer and the security architect for Etsy.


Similar Presentations: