Ted is a leader of ethical hackers, helping companies build better, more secure software.
He’s an author, keynote speaker, consultant, and podcast host, specializing in penetration testing, secure software development, and related areas of cybersecurity.
The point is: you’re in good hands.
Ted wrote a book called HACKABLE: How to Do Application Security Right, and am the Executive Partner at Independent Security Evaluators (ISE).
They are a company of ethical hackers most commonly known for our work hacking cars, medical devices, web applications, and password managers.
They’ve helped hundreds of companies fix tens of thousands of security vulnerabilities, including Google, Amazon, and Netflix.
They founded and organize IoT Village, an event whose hacking contest is a three-time DEF CON Black Badge winner.
Talks & Topics
Ted takes your audience to the front lines of ethical hacking and security research. He helps them experience the wild, unexpected, often shocking stories of both companies who got security right, and those who didn’t.
He then extracts the key insights from those stories, translating them into advice your audience can go implement. (Much of which, he covers in his book Hackable).
Your audience will learn exactly what to do, why to do it, and how.
The Lies (and Truths) about Application Security
There’s lots of good advice out there. Some of it is even good advice. Much of it, though, is straight up wrong.
Don’t think like a defender, think link an attacker. Don’t hoard information, share it. Don’t rely on the basics, seek the advanced tactics. Don’t rely on “annual” testing, get it more frequently.
With so many misconceptions running rampant, how are you to know what to trust and what to reject?
In this program, you’ll learn how to identify the common falsehoods, and what to replace them with instead.
Start With The Right Mindset and the Right Partner
Security can feel uncertain, but it doesn’t need to be that way. It all starts with how you think, and how well you pair that with an outside expert to help you produce explosive results.
But how do you know what to look for?
In this program, you learn the foundation that leads to security excellence, including:
- Why it’s not just about doing security, it’s about security excellence
- What to look for in a security partner, and how to vet their capabilities
- How to identify the common falsehoods, and what to replace them with instead.
Get The Right Security Testing
If you have valuable assets to protect, you need to test your software system for security vulnerabilities. This has probably led you to seek out penetration testing.
But what if that’s not even what you’re actually getting?
This session exposes the common misconceptions around penetration testing, including especially the fact that you’re usually sold something else (vulnerability scanning) yet usually need yet another thing entirely (vulnerability assessments). You’ll learn:
The difference between penetration testing, vulnerability scanning, vulnerability assessments, and bug bounty programs
How to pick which one is right for you
Fix Your Security Vulnerabilities
Once you find those vulnerabilities. next you need to fix them.
But developers are already overloaded, deadlines are looming, and there just isn’t time to add remediation work.
However, if you don’t fix the vulnerabilities, you’ve wasted the money, effort, and time invested in finding them in the first place — all while leaving a vulnerable system unnecessarily exposed.
How is a busy team to handle this conundrum?
In this program, you’ll learn how to:
- Prioritize Vulnerabilities by Severity
- Remediate Vulnerabilities
- Verify Remediations
Build Security In
Developers are under intense pressure, deadlines are looming, and anything that can be deferred must be. Security is often seen as one of those things.
How can an overloaded team also tackle security, in addition to the many other development priorities?
It’s actually much simpler than you think. Not only is it more effective, it’s less expensive, too! In this session you’ll learn:
- The difference between “build it in” vs. “bolt it on.”
- Why it’s more effective & less expensive to “build it in.”
- Why security does not slow you down.
- How to build it in, whether you use a linear-sequential methodology (like Waterfall) or an iterative one (like Agile)
Use Security to Win Sales
People often think of security as a tax on the business. But that’s wrong: security is a sales enabler.
In this program, you learn about the most commonly overlooked aspect of security, including:
- Why security is a competitive advantage
- How to use your security assessment report and your security consultant in the sales process
- How to make security questionnires become your sales tool
- How to build an effective security page on your website