Web Security Training

Navigating the web security landscape

Navigating the web security landscape


2016 in Review

The holiday season is upon us, and 2016 is coming to an end. About time to take a look at the past couple of months, and reflect on our achievements.

The image below condenses a year of trainings and speaking engagements in a few numbers and quotes. The kinds of events I talk at are a mix between highly customized trainings to small groups of developers, and public speaking engagements to packed conference rooms. Both are a tremendous amount of fun, albeit in totally different ways.

The fun thing about training is the depth you can go into. All attendees are there because they want to elarn about security, and during the lab sessions, we often have one-on-one discussions about specific problems they’re having. Conference and meetup talks are entirely different, since a part of the audience is not too familiar with security, and still needs to be convinced about the importance. However, from the overwhelmingly positive feedback on my presentations, it seems that I’m definitely making a difference. Only a couple of million more developers to go :)

Aside from speaking engagements, I also started writing the websec digest, a bi-weekly newsletter highlighting about 5 of the most important security stories of the past two weeks. From the reactions, it seems that people were waiting for such a condensed view on security, simply because the amount of information out there is overwhelming

I also started DistriNet R&D Bites, an informal series of evening events centered around the research topics of my employer, the imec-DistriNet research group of the University of Leuven. In these events, we bring industry and academia together, to talk about state-of-the-art technologies, both in industry and in research. We started this series in December with an event on Software Defined Networking, and continue in February with an event on the impact of the GDPR, the new privacy regulations of the EU.

Looking towards 2017

The list of events and training assignments for 2017 is already growing, and the gaps in my schedule for the first half of the year are getting scaringly scarce. Here’s an overview of the public events where you can find me:

  • On February 23rd, I’ll be speaking about Frontend Security at the JSBE meetup (23/02/2017)
  • From February 27th till March 3rd, I will be at SecAppDev 2017, where I will be taking care of the practical details, and talk about various Web Security topics
  • In March, I will be participating in the first Devoxx US, where I will talk about Spring Security Headers
  • Right after Devoxx US, I am giving a workshop on Secure OAuth 2.0 at EmberConf, together with the awesome Balint Erdi.

Apart from that, I’m also working on an online course about web security, which will be released in the second half of 2017. More details on that will follow shortly!

As you can see, plenty of exciting things. If you haven’t done so already, make sure you subscribe to the mailing list to stay informed.


Comments & Discussion