Builders vs. Breakers is an interactive debate style talk with heavy audience participation with head to head debates on questions that pit software developers against security professionals (penetration testers). With specific detailed examples, such as how to avoid the problem with a default rails configuration that left github exposed, the goal is to deep dive into both sides of the story for problems that make security so hard in the real world. Questions for debate will be posted/gathered on google docs for preview and participation. Ultimately, this talk aims to be a fun way to raise security awareness with developers, raise developer concerns with security pros, and encourage more active collaboration.
Matt Konda has been building software for 15 years. For the last 8 years he has been a hands on architect - delivering code, running agile development teams and handling all aspects of product delivery. He recently founded Jemurai to help software developers build software more securely. In addition to consulting about secure development practices, Jemurai is building products to help developers visualize and understand security threats.
Jonathan Claudius is a Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security. He has eleven years of experience in the IT industry with the last nine years specializing in Security. At Trustwave, Jonathan works in the SpiderLabs Research Division where he focuses on vulnerability research, network exploitation and is the creator of the BNAT-Suite. Before joining SpiderLabs, Jonathan ran Trustwave's Global Security Operations Center. Before joining Trustwave, Jonathan was a Network Penetration Tester for a Top 10 Consulting and Accounting firm and worked for a US Department of Defense contractor in their Communications Electronics Warfare Division. Jonathan holds a Bachelor of Science in Applied Networking and System Administration from the Rochester Institute of Technology and is a Certified Information Systems Security Professional (CISSP).