The 2016 O’Reilly Defender Awards
Shining a light on this year’s defensive security heroes.
Courtney Nash
Courtney Nash chairs multiple conferences for O'Reilly Media and is the strategic content director focused on areas of modern web operations, high performance applications, and security. An erstwhile academic neuroscientist, she is still fascinated by the brain and how it informs our interactions with and expectations of technology. She's spent 17 years working in the technology industry in a wide variety of roles, ever since moving to Seattle to work at a burgeoning online bookstore. Outside work, Courtney can be found biking, hiking, skiing, and photographing the Cascade Mountains near her home in Bellingham, Washington.
Radar
Content
Katie Moussouris on procuring and processing bug reports
The O’Reilly Security Podcast: The five stages of vulnerability disclosure grief, hacking the government, and the pros and cons of bug bounty programs.
Allison Miller on making security better and easier for everyone
The O’Reilly Security Podcast: Focusing on defense, making security better for everyone, and how it takes a village.
Scout Brody on crafting usable and secure technologies
The O’Reilly Security Podcast: Building systems that help humans, designing better tools through user studies, and balancing the demands of shipping software with security.
Jessy Irwin on making security understandable for everyone
The O’Reilly Security Podcast: Speaking other people’s language, security for small businesses, and how shame is a terrible motivator.
Doug Barth and Evan Gilman on Zero Trust networks
The O’Reilly Security Podcast: The problem with perimeter security, rethinking trust in a networked world, and automation as an enabler.
Susan Sons on maintaining and securing the internet’s infrastructure
The O’Reilly Security Podcast: Saving the Network Time Protocol, recruiting and building future open source maintainers, and how speed and security aren’t at odds with each other.
Steven Shorrock on the myth of human error
The O’Reilly Security Podcast: Human error is not a root cause, studying success along with failure, and how humans make systems more resilient.
5 trends in defensive security for 2017
From disclosure to machine learning to IoT, here are the security trends to watch in the months ahead.
Top 8 systems operations and engineering trends for 2017
What to watch for in distributed systems, SRE, serverless, containers and more.
Fang Yu on machine learning and the evolving nature of fraud
The O’Reilly Security Podcast: Sniffing out fraudulent sleeper cells, incubation in money transfer fraud, and adopting a more proactive stance.
Cory Doctorow on the real-life dangers of DRM
The O’Reilly Security Podcast: DRM in unexpected places, artistic and research hindrances, and ill-anticipated consequences.
Velocity: A new direction
The focus of the O'Reilly Velocity Conference is shifting from system administration to systems engineering.
Ame Elliot on designing for usable security and privacy
The O’Reilly Security Podcast: Designing for security and privacy, noteworthy tools, and the real-world consequences of design.
Richard Moulds on harnessing entropy for a more secure world
The O’Reilly Security Podcast: Randomness, our dependence on entropy for security and privacy, and rating entropy sources for more effective encryption.
Efrain Ortiz on digital disease control
The O’Reilly Security Podcast: Thinking like an epidemiologist, using data and patterns, and escaping reactive tendencies.
Building solutions at the first O’Reilly Security Conference and beyond
Thoughts from O'Reilly Security Conference committee chairs Courtney Nash and Allison Miller on the New York event's spotlight on defenders, focus on supporting the defender community, and taking the event to Amsterdam.
6 ways to hack the O’Reilly Security Conference CFP
Tips for writing a successful proposal for the O'Reilly Security Conference.
Brendan O’Connor on security as a monoculture
The O’Reilly Security Podcast: Building cathedrals, empowering the watchers, and breaking out of the security monoculture.
This is how we do it: Behind the curtain of the O’Reilly Security Conference CFP
Insider information on the O'Reilly Security Conference proposal process, including acceptance and rejection stats.
Dan Kaminsky on creating an NIH for the security industry
The O’Reilly Security Podcast: Coarse-grained security, embracing the ephemeral, and empathy for everyone.
Improving security team collaboration and productivity
Five questions for Laura Mather: Insights on how groupthink and heterogeneous teams impact decision-making.
A DevOps approach to PCI compliance
Five questions for John Bullard and Benji Taylor: Insights on the challenges faced and the tools used to achieve PCI compliance.
Josh Corman on the challenges of securing safety-critical health care systems
The O’Reilly Security Podcast: Where bits and bytes meet flesh, misaligned incentives, and hacking the security industry itself.
Understanding Etsy’s 411 alerting framework
Five questions for Ken Lee and Kai Zhong: Insights on building Etsy's alerting framework and best practices for monitoring and alerting.
Kyle Rankin on modern server hardening for the cloud
The O’Reilly Security Podcast: Modern server hardening, institutional inertia, and new approaches to desktop security.
What High Reliability Organizations can teach us about security
Five questions for Lance Hayden: Insights on High Reliability Organizations (HRO) and resilient approaches to dealing with failure.
Cory Doctorow on the problems with Encrypted Media Extensions
Confronting the World Wide Web Consortium on the new digital rights management specification.
Meredith Patterson on using language to build trustworthy systems
The O’Reilly Security Podcast: The origins of LangSec, rigidity vs. robustness, and using game theory to make security better for everyone.
Cory Doctorow on legally disabling DRM (for good)
The O’Reilly Security Podcast: The chilling effects of DRM, nascent pro-security industries, and the narrative power of machines.
Chris Eng on the challenges of improved application security
The O’Reilly Security Podcast: Vulnerabilities in assembled software and the need for immediate developer feedback.
Guy Podjarny on making open source more secure
The O’Reilly Security podcast: DevOps, risk reduction, and vulnerabilities in open source.
Eleanor Saitta on security as a product of shared human outcomes
The O’Reilly Security Podcast: Systems, design, and emergent social structures.
Jay Jacobs on the importance of statistical literacy in security
The O’Reilly Security Podcast: Statistical literacy, machine learning, and data visualization.
Jack Whitsitt on the need to band together to make security better for everyone
The O’Reilly Security Podcast: Language as a uniter (or divider), the illusion of control, and how security is made of people.
Allison Miller on the need for defenders to step out of the shadows and share their stories
The O’Reilly Security Podcast: Risk as an emergent property of complex systems, the downsides of security by obscurity, and the new O’Reilly Security Conference.
League of Extraordinary Defenders
Announcing the inaugural program committee for the O’Reilly Security conferences.
Security as a vector, not a point
The new O’Reilly Security conferences will unite in-the-trenches defensive security practitioners and provide a forum for sharing concrete solutions.
Building better defenses
Announcing the O’Reilly Security Conference, Oct. 31-Nov. 2 in New York City and Nov. 9-11 in Amsterdam.
5 ways to make your operations more resilient in 2016
As software becomes increasingly complex, a focus on resilience is critical to meeting customer expectations and business goals.
Ghosts in the machines
The secret to successful infrastructure automation is people.
Chop wood, carry water
The daily work of building and deploying complex software.
Business at web speed
A "Coded Business" harnesses feedback loops, optimization, ubiquitous delivery, and other web-centric methods.
Everything is distributed
How do we manage systems that are too large to understand, too complex to control, and that fail in unpredictable ways?
The altar of shiny
Web design trends often carry hefty performance costs