Skip to main content

SnykCon 2021 is almost here!

Written by:

Randall Degges

August 24, 2021

0 mins read

The wait is over! The SnykCon 2021 call for papers has officially closed, all the sessions have been reviewed and sorted, and the agenda is now live.

SnykCon is our annual developer conference that helps you learn how to build applications securely. SnykCon brings together some of the best speakers in the developer and security worlds to cover topics around building software securely, governing and empowering your teams, and the best tools and services to help you find and fix security issues across your organization. This year also has in-depth workshops where you’ll have a chance to interact with some of the brightest minds in the industry, lightning talks (where you can learn lots of interesting things in short, five minute sessions), and a whole lot more.

If you haven’t been to SnykCon before, you won’t want to miss it. It’s one of the few events that brings together developers, security professionals, and cybersecurity enthusiasts for a few days of fun, learning, and friendship. And we’re extremely excited about our first ever SnykCon CTF: Fetch the Flag.

Haven’t registered yet? What are you waiting for — it’s free! Register here

Exciting talks at SnykCon 2021

I’m excited about all of this year’s talks, but as a developer and security practitioner for many years, I specifically wanted to highlight a few of the talks I’m most excited to see myself this year.

Because SnykCon has a variety of tracks, I’m going to go through three of my favorite talks for each.

Main Stage talks

Twitter VP and CISO, Rinki Sethi, along with Snyk Field CTO (and my good friend!), Simon Maple, will be sitting down together to chat about The Transformation of the Developer/Security Relationship, where they’ll be discussing how organizations need to change in order to scale security through the development process and what this means for everyone involved. This is an immensely important topic that is becoming more and more relevant every day.

Troy Hunt, the well-known developer and security researcher responsible for building Have I Been Pwned, is going to be giving an interesting talk on the lessons he’s learned from building Have I been Pwned and processing more than 11 billion records of breached data. He’s going to be discussing how some of these breaches happened, as well as the immense amount of fallout these incidents can cause. If you haven’t seen Troy speak before, he’s incredible, so you certainly won’t want to miss this!

Keren Elazari, the famous security analyst, researcher, author and speaker will be giving a talk titled, The Future of Cyber Security from a Friendly Hacker’s Perspective. I’ve been a huge fan of Keren’s ever since I saw her TED talk, Hackers: The Internet’s Immune System, many years ago!

Code & Build talks

Maud Nalpas, who focuses on privacy and security at Google on the Chrome team will be giving an incredibly interesting talk titled “Haunted: Chrome’s Vision for Post-Spectre Web Development”, which will cover newer browser security headers and how to use them, how Chrome is shifting an from opt-in security model to security-by-default, and other security measures Chome will be adopting in the future! Since Chrome makes up approximately 70% of browser share worldwide, you won’t want to miss this.

Zbyszek “Zb” Tenerowicz, of JavaScript security fame, will be giving a talk titled, My NPM Package Will Eat Your Lunch, which discusses how simple it is to get malicious packages hosted on widely used package managers like NPM, as well as how to prevent a lot of these security issues in your own environment. Regardless of whether or not you’re a JavaScript developer, this talk will leave you with a lot to think about!

Snyk’s very own Matt Jarvis (well-known in the DevOps community) will be giving a talk titled Cracking the Kernel: Adventures with Kernel Exploits in Kubernetes. Matt’s going to be discussing kernel privilege escalation attacks, showcasing one, and discussing the various ways you can mitigate these issues in the real world. If you’re at all interested in low-level security concepts and how they can have a massive impact, don’t miss this one!

Govern & Empower talks

Tanya Janca, one of my personal AppSec heroes and founder of We Hack Purple (an online learning academy teaching security), will be giving a talk discussing how you can build and foster a security champion program in your own organization. She’s going to talk about how to attract the right people, train them, engage with them, motivate them, and generally: how to run a successful program!

Per Olsson, a well-known AppSec engineer and public speaker will be giving a talk discussing the lessons he’s learned from building a developer-first AppSec program at his organization. He’s going to discuss all the nitty gritty details: Where do you start? How do you get your organization’s support? How much time and money will an appsec program cost? How do you get traction? How do you measure success? All important topics that everyone can benefit from knowing more about.

Snyk product talks

In addition to talks about various development and security topics, Snyk’s product leaders will also be running sessions discussing ways you can use Snyk to better secure your own applications and infrastructure!

In particular, I’m looking forward to the following Snyk-specific talks:

  • Falling in Love with Static Analysis, by Elad Yaakov and Noa Moshe, which is a topic I’m really looking forward to as static analysis is something I love quite a bit <3

  • The Deep Code Analysis & ML Powering Snyk, which is going to get deep into the ways Snyk uses deep code analysis and machine learning to power our products, and

  • You chose...wisely. Making informed open source package decisions, which will take an in-depth look at the health of open source ecosystems through security-tinted glasses

Workshops

Grant Ongers, the Co-Founder of Secure Delivery and OWASP Global Board Member, will be running an hour-long workshop titled Never Get Pwned! Understanding the OWASP Top 10, in which he’ll be walking you through the OWASP top 10 most common vulnerabilities and discussing how to mitigate them. Prepare to get your hands dirty! As an aside, Grant has one of the greatest beards I’ve ever seen. I wish I had those beard genetics!

Oliver Crawford from SkyScannerwill be running an hour-long workshop titled Applying the Developer Approach to a Fully Automated Security Lifecycle. In this workshop, you’ll learn how to incorporate security detection into each layer of your stack, how to contextualize all your security data, how to think about (and build!) automated tooling, and how to close the loop between engineering and security. As someone who’s struggled through a lot of these things on my own, I’m very much looking forward to hearing more about Oliver’s experiences!

We’ll  also be running a 90-minute Getting Started with Snyk workshop. I’d be remiss if I didn’t call this one out, as you’ll get to learn about all of Snyk’s products and how to make the best possible use of them. Plus, you’ll be learning from Waleed Arshad, one of Snyk’s incredible community managers (who’s also very funny!).

BONUS: Lightning Talks

In addition to full sessions, we’ve also got quite a few interesting 5-minute lightning talks! I won’t get into these in-depth, but here are a few of my favorites:

  • CSP is Leaking…. (about the Content Security Policy header) by Avishai Shafir

  • 3 Things You (Probably) Don’t Know About SSH by Kim Schlesinger

  • Your Personal Brand Speaks Louder Than Your CV! is a session by Farah Hawa that’s all about taking control of your professional career by turning your interests into your job

Be sure to watch all of Snyk’s lightning talks! They’re short and fun — and I’ll be watching all of them!

I want to attend SnykCon!

Great! We’d love to have you. As with last year, SnykCon will be fully virtual, so you can attend from the comfort of your couch!

Once you’ve registered and have looked at the agenda, let us know via Twitter (@snyksec) which talks you’re most excited to attend. Be sure to use the #SnykCon hashtag!

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.