The 2022 Attack Resistance Report

Nearly half of organizations lack confidence to close security gaps according to a new report.

Check out the report

Introducing Attack Resistance Management

Learn how to find and protect all your assets.

Discover how it works

Security@ 2022: Achieve Attack Resistance

Attend the 6th annual Security@ conference to learn exactly what you can do to protect your constantly evolving attack surface and stay ahead of emerging threats. 

October 12-13, San Diego | October 13, London

Register today

Meet with HackerOne at Black Hat August 6-11

Find and close your attack resistance gap.

Meet with HackerOne

Security@
Security@ Logo

Discover the best kept secret in cybersecurity.

Watch on demand

Select your region:

20th September

20th September

21st September

21st September

What you will learn

Just about anything you can imagine related to the best-kept secret of the cybersecurity industry: ethical hackers! Our 5th annual hacker-powered security conference—the only one of its kind—is better than ever before. Whatever your role—CISO, DevSecOps, compliance specialist—and whatever your industry (from tech, to financial services, retail, and ecommerce), we’ve got you covered with one jam-packed day of virtual sessions dedicated to all things security.

Our roster of rock-star presenters which includes security industry influencers, public- and private-sector leaders from the world’s most advanced security teams, and ingenious hackers from across the globe. Join them to:

  • Get new perspectives on security from HackerOne's latest Hacker-Powered Security Report
  • Explore the benefits of establishing security as a strategic differentiator
  • Discover approaches for integrating security research into software development life cycles
  • Gain insight into measuring ROI for cybersecurity initiatives
  • Hear stories from real-world orgs that have invited hackers into their systems to make them safer

Register now to be sure you’re in on the secret.

 

Bonus—When you register, you’ll be entered into a drawing for a chance to win one of three limited-edition prizes:

  • 40 winners: Anglepoise desk lamp, to shed light on your most important tasks
  • 150 winners: RFID wallet + pen set, for the ultimate security and style on the go
  • 200 winners: Heat-sensitive mug-and-coaster set that reveals a hidden message

Sponsored by

hackedu
SecurityScorecard
GitLab

Register Now

Unlock the secrets

Security Code for agenda
September 20, 2021

Training Sessions

Training - 7:00 AM

The Launch Process: How to engage internal stakeholders to launch your program

  • Tara Hooey, HackerOne, Manager, Program Management

How do you prepare your organization to work with hackers? As security continues to climb the ranks of importance, more decision makers and stakeholders are involved in interactions that were once solely owned by security teams. The vulnerability reports are coming. Ready or not. Are your executives, legal, PR, and procurement teams prepared so you can get your program off the ground?

Training - 8:00 AM

Leveraging Data: How to bolster security and development with program insight and benchmarking

  • Denzel Duncan, HackerOne, Enterprise Program Manager
  • Allie Lugton, HackerOne, Enterprise Program Manager

Is your organization making the right decisions to reduce risk? Industry leaders like Verizon Media are taking a data-centric approach to decision-making, leveraging HackerOne benchmarking data to determine the cost of a bug, see how others in the same industry are trending, and identify how to develop key program goals. Join this workshop to discover how you can leveraging benchmarking data to maximize your approach to hacker-powered security.

Training - 9:00 AM

How To Attract and Retain Top Hackers To Your Bug Bounty Program

  • Alek Relyea, HackerOne, Manager, Program Management
  • Douglas Day, Senior Product Security Engineer, Elastic

Getting the best hackers looking at your software is about more than just an invitation. Everything from how your program page is composed to how your program is scoped can make a difference. In this session, we'll hear from the Department of Defense on taking a phased approach to managing their programs in order to maximize hacker engagement.

September 21, 2021

Modernize Your Security

8:30-8:35 AM Business/Technical

Opening Remarks

  • Marten Mickos, CEO, HackerOne
8:35-9:00 AM Business/Technical

Keynote: The Best Kept Secret in Cybersecurity

  • Alissa Knight

Security@ welcomes Alissa Knight, renowned API hacker and published author, as the keynote speaker for 2021. In this presentation, Alissa will reveal her latest efforts to hack the APIs of healthcare, banking and automotive organizations. Find out how she discovered thousands of PHI records, demonstrated unauthorized financial transactions via compromised accounts, and gained remote control of connected cars, putting her on the front page of newspapers around the world.

9:00-9:30 AM Business/Technical

Securing the Software Supply Chain with Hacker-Powered Security

  • Alex Rice, CTO & Co-founder, HackerOne
  • Kayla Underkoffler, Senior Security Technologist
  • Chris Dickens, Security Engineer

Supply chain security management is inherently complex, and solving this issue has left the industry scrambling for an answer. Part of this complexity comes from open source and third-party software, which have become integral parts of software supply chains; the average supply chain uses more than 147 open source components. This has introduced risk into all digital environments, through vulnerabilities and weaknesses that are often unseen and outside the direct control of most organizations.

HackerOne CTO and Co-founder Alex Rice, Senior Security Technologist Kayla Underkoffler and Sales Engineer Chris Dickens dive into how organizations can reduce risk on their supply chains through hacker-powered security and propose how solutions, like the Internet Bug Bounty, can address vulnerabilities in open source software.

9:30-10:15 AM Business/Technical

How Hackers Can Strengthen Cloud Application Security

  • Tim Matthews, CMO, HackerOne
  • Josh Bressers, Head of Product Security, Elastic

As organizations digitally transform to meet their market needs, cloud adoption grows and cloud deployments expand, diversifying the attack surface. At the same time, multi cloud strategies that leverage more than one cloud service provider are also increasing, adding further complexity. Yet, cloud skills are exceptionally scarce, with 451 Research finding that 86% of companies experience a skills gap for implementing cloud. In this fireside chat, you’ll hear from Josh Bressers, Product Security Lead at Elastic to learn how they are reducing security risks in the cloud.

Key Takeaways:

  • How to identify risk caused by cloud and digital transformations, product releases, M&A, and more
  • How to integrate hacker-powered findings to accelerate risk reduction in cloud applications
  • How to best work with hackers to discover vulnerabilities, recommended fixes, and test in cloud environments
9:30-10:15 AM Technical

DevSecOps: Bridging Security with Development

  • Michael Hanley, CSO, GitHub
  • Pieter Ockers, Sr. Director, HackerOne
  • Paul Turner, VP, EMEA, HackerOne

Organizations are quickly adopting modern, transformative IT initiatives that are outpacing their security teams’ capacity to keep up. For security teams, this means constant change, disruptions with unknown consequences, increased risk, competing priorities, and a growing, disparate, and diverse IT ecosystem to protect. The challenge for cybersecurity teams is finding effective ways to deliver and scale security at the speed of digital transformation, ensuring that every new technology, digital process, customer, and partner interaction is protected. In this session, GitHub CSO Michael Hanley and HackerOne Senior Director, Technical Services, Pieter Ockers, will explore how leveraging data can help us turn security teams into enablement teams.

9:30-10:15 AM Business

Incentivizing vs Reacting: Using ROI to Make the Case for Hacker-Powered Security

  • Paris Zoumpouloglou, Senior Security Engineer, Riot Games
  • Valentin Lupu, Program Manager, UiPath
  • Nisha Woolfenden, Program Manager, HackerOne
  • John Repici, CTO, DoD DC3
  • Denzel Duncan, Program Manager, HackerOne

How do you measure a reduction in potential risk and how do you secure a budget for preventing something no one can even imagine? Security incidents are unpredictable and unique. When an incident occurs, your team may very well learn more in the first hour than in a year of planning. In this session, we will talk to leading HackerOne customers about how they demonstrate the value of their hacker-powered security programs within the context of their wider cybersecurity strategy.

10:15-10:30 AM Break

Scale Security with Global, Skilled Hackers

10:30-11:00 AM Business/Technical

From Disclosure to Pentest: Embedding Hackers at Each Step of the Development Lifecycle

  • Mike Zachman, CSO, Zebra
  • Marjorie Janiewicz, CRO, HackerOne
  • Paul Turner, VP, EMEA, HackerOne

How do you elevate your security from simple scanners to an advanced vulnerability management program? Join HackerOne Chief Revenue Officer Marjorie Janiewicz and Zebra Chief Security Officer Mike Zachman to learn more about how you can discover, assess, verify, and remediate vulnerabilities with a continuous and efficient process, as well as how to advance this process as your security matures.

11:00-11:45 AM Business

Financial Services, Market Volatility, and Defending the Supply Chain

  • Melanie Molina, Security Engineer, GoCardless
  • Teemu Ylhäisi, CISO, OP FInancial
  • Will Darbey, Account Manager, HackerOne
  • Amy Detzel, Adversary Modeling and Intelligence (AMI) Manager, HR Block
  • Jason Pubal, Director, Application Security, Visa
  • Will Kapcio, Solutions Engineer, HackerOne

The SolarWinds supply chain attack is one of the most impactful and widely discussed cybersecurity events in recent memory. For financial services organizations, the impacts of a breach of this scale, amplified by concern around volatile stocks and the crippling consequences of exploits on brand trust, are bringing security to the forefront. In this roundtable, security leaders will have the opportunity to discuss topical trends in financial services cybersecurity and best practices for preventing the next big breach.

11:00-11:45 AM Business

Retail + E-Commerce, Digital Transformation, Cloud Migration & Defending the Supply Chain

  • Dan Burns, Information Security Manager, Next
  • Matt Adams, Global Security Architect, Costa Coffee
  • Laurie Mercer, Manager, Solutions Architect, HackerOne
  • Jennifer Newton, Senior Application Security Engineer, Shopify
  • Michiel Prins, Co-founder, HackerOne

Over the past two years, no one has been pushed to innovate and digitize faster than the retail and eCommerce industry. With mass cloud migration and the supply chain compromised, attack surfaces have multiplied. As a result, security leaders must quickly and confidently make informed decisions about how to defend their expanding digital assets. Armed with the latest industry data, in this roundtable discussion, industry leaders will have a chance to pose challenges, share results, and establish best practices for scaling security at the pace of innovation.

11:00-11:45 AM Business/Technical

Personalizing Secure Coding Training at Scale - A Contemporary Approach to Securing Applications

  • Jared Ablon, CEO, HackEDU

Traditional, one-size-fits-all approaches to secure development training result in training that is often irrelevant to the developers who have to take it. The result? Unmotivated developers and low training completion rates. That can be challenging to compliance teams that have to meet secure coding training requirements for all their developers, and to security teams that want to improve the security of their applications. Customizing lesson plans for individual developers is the antidote to irrelevant training content, but it has been difficult to accomplish, until now. This webinar will show how adaptive training programs, tailored to teams or individual developers, can be created automatically, and at scale. The secret? Using the vulnerabilities found in your organization’s bug bounty program, and those found in your SAST and DAST scans.

11:45-12:45 PM Lunch + AMA with Hackers

Accelerate your Security with Hacker-Powered Security

12:45-1:45 PM Business/Technical

Product Strategy Overview

  • Rand Wacker, SVP, Product, HackerOne and team

As organizations digitally transform to meet their market needs, cloud adoption grows and cloud deployments expand, diversifying the attack surface. At the same time, multi cloud strategies that leverage more than one cloud service provider are also increasing, adding further complexity. Yet, cloud skills are exceptionally scarce, with 451 Research finding that 86% of companies experience a skills gap for implementing cloud. In this session, we’ll talk with Elastic’s Product Security Lead to learn how they are reducing security risks in the cloud.

1:45-2:00 PM Break

Go from Insights to Action

2:00-2:30 PM Business/Technical

How HackerOne and AWS Security Hub Fortify Cloud Application Security

  • Spencer Chin, Manager, Solutions Engineering
  • Aron Eidelman, Partner Solutions Architect, AWS

Gaining precise understanding of your cloud application vulnerabilities can transform protracted root cause analysis into streamlined remediation actions. HackerOne’s integration with AWS Security Hub shortens vulnerability investigation and remediation time by providing a unified console that consolidates event workflows and accelerates security actions. The integration exchanges vulnerability intelligence between HackerOne and AWS Security Hub, offering deeper insight into security risks so teams can better assess the security health of their AWS applications.

2:00-2:30 PM Business/Technical

Fostering Collaboration Between Developers and AppSec Teams with GitLab

  • Fernando Diaz, Senior Technical Marketing Manager, GitLab

DevSecOps is constantly evolving with new tools and scanners to make mitigating vulnerabilities easier than ever. But what are we doing to increase efficiency within teams and enhance developer education? At GitLab, security tools are integrated into one platform, where developers and AppSec engineers can work together to resolve application vulnerabilities. Effective collaboration accelerates vulnerability remediation while enhancing developer education to help teams reduce application risk. In this session, we will cover:

  • Scanning code for vulnerabilities
  • Developers viewing, dismissing, commenting, and creating issues on found vulnerabilities
  • AppSec engineers triaging vulnerabilities and assessing the security posture of a project
  • AppSec engineers and developers working together with these tools
2:30-3:15 PM Business

Insights from Intel's Bug Bounty Program

  • Katie Noble, Director PSIRT & Bug Bounty, Intel
  • Kate Samaraev, Account Manager, Enterprise, HackerOne

Intel knows that security doesn't just happen. “It’s the result of unwavering focus that guides everything we do to research, architect, build, and support products customers can trust.” Tune in to hear how bug bounty plays a role in Intel's security posture and how insights from their program leads to more secure products.

Key Takeaways:

  • Learn how Intel leverages insights from vulnerability reports to build secure products
  • Examples of how hacker-powered security has allowed Intel to turn insights into action
  • Practical advice on how to weave in hacker-powered security for development teams
2:30-3:15 PM Technical

Leveraging Assessments + Pentests to Manage Risk

  • Stu Hirst, CISO, Trustpilot
  • Gretchen Gratta, Senior Compliance Analyst, HackerOne

Any company that collects data on customers should be evaluating which regulations apply to their business and how they will comply. In this session, we'll share best practices for developing a cybersecurity program that employs an agile approach to managing business risk. Discover how Trustpilot is using hacker-powered security programs like bug bounty and pentesting to allow for flexibility and bolster defenses in tandem. This fireside chat will explore steps you can take to decrease the burden on IT, even with increasing audit and security compliance obligations.

Key Takeaways:

  • Best practices for making the most of your hacker-powered security assessments
  • Insights from security leaders who leverage hackers to manage risk
  • Using hacker-powered security to improve your organization’s security posture
3:15-3:30 PM Break

Modernize your Security

3:30-4:15 PM Business/Technical

Mapping your Hacker-Powered Security Journey

  • Amanda Berger, SVP Customer Success, HackerOne
  • Phil Venables, CISO & VP, Google Cloud
  • Sri Shivinanda, CTO, PayPal

The real problem with security today is that it's often described by a point in time. In reality, it will take a continuous approach and evolution to minimize risk. In this session, HackerOne SVP of Customer Success Amanda Berger will be joined by industry leader Phil Venables to explore how to map unique hacker-powered security journeys that enable business transformation.

4:15-4:30 PM Business/Technical

Closing Remarks: Discover Hackers. Secure your Business's Future

  • Marten Mickos, CEO, HackerOne

The real problem with security today is that it's often described by a point in time. In reality, it will take a continuous approach and evolution to minimize risk. In this session, HackerOne SVP of Customer Success Amanda Berger will be joined by industry leader Phil Venables to explore how to map unique hacker-powered security journeys that enable business transformation.