The O’Reilly Security Podcast: The five stages of vulnerability disclosure grief, hacking the government, and the pros and cons of bug bounty programs.
Courtney Nash chairs multiple conferences for O'Reilly Media and is the strategic content director focused on areas of modern web operations, high performance applications, and security. An erstwhile academic neuroscientist, she is still fascinated by the brain and how it informs our interactions with and expectations of technology. She's spent 17 years working in the technology industry in a wide variety of roles, ever since moving to Seattle to work at a burgeoning online bookstore. Outside work, Courtney can be found biking, hiking, skiing, and photographing the Cascade Mountains near her home in Bellingham, Washington.
The O’Reilly Security Podcast: Focusing on defense, making security better for everyone, and how it takes a village.
The O’Reilly Security Podcast: Building systems that help humans, designing better tools through user studies, and balancing the demands of shipping software with security.
The O’Reilly Security Podcast: Speaking other people’s language, security for small businesses, and how shame is a terrible motivator.
The O’Reilly Security Podcast: The problem with perimeter security, rethinking trust in a networked world, and automation as an enabler.
The O’Reilly Security Podcast: Saving the Network Time Protocol, recruiting and building future open source maintainers, and how speed and security aren’t at odds with each other.
The O’Reilly Security Podcast: Human error is not a root cause, studying success along with failure, and how humans make systems more resilient.
From disclosure to machine learning to IoT, here are the security trends to watch in the months ahead.
What to watch for in distributed systems, SRE, serverless, containers and more.
The O’Reilly Security Podcast: Sniffing out fraudulent sleeper cells, incubation in money transfer fraud, and adopting a more proactive stance.
The O’Reilly Security Podcast: DRM in unexpected places, artistic and research hindrances, and ill-anticipated consequences.
The focus of the O'Reilly Velocity Conference is shifting from system administration to systems engineering.
The O’Reilly Security Podcast: Designing for security and privacy, noteworthy tools, and the real-world consequences of design.
The O’Reilly Security Podcast: Randomness, our dependence on entropy for security and privacy, and rating entropy sources for more effective encryption.
The O’Reilly Security Podcast: Thinking like an epidemiologist, using data and patterns, and escaping reactive tendencies.
Thoughts from O'Reilly Security Conference committee chairs Courtney Nash and Allison Miller on the New York event's spotlight on defenders, focus on supporting the defender community, and taking the event to Amsterdam.
Shining a light on this year’s defensive security heroes.
Tips for writing a successful proposal for the O'Reilly Security Conference.
The O’Reilly Security Podcast: Building cathedrals, empowering the watchers, and breaking out of the security monoculture.
Insider information on the O'Reilly Security Conference proposal process, including acceptance and rejection stats.
The O’Reilly Security Podcast: Coarse-grained security, embracing the ephemeral, and empathy for everyone.
Five questions for Laura Mather: Insights on how groupthink and heterogeneous teams impact decision-making.
Five questions for John Bullard and Benji Taylor: Insights on the challenges faced and the tools used to achieve PCI compliance.
The O’Reilly Security Podcast: Where bits and bytes meet flesh, misaligned incentives, and hacking the security industry itself.
Five questions for Ken Lee and Kai Zhong: Insights on building Etsy's alerting framework and best practices for monitoring and alerting.
The O’Reilly Security Podcast: Modern server hardening, institutional inertia, and new approaches to desktop security.
Five questions for Lance Hayden: Insights on High Reliability Organizations (HRO) and resilient approaches to dealing with failure.
Confronting the World Wide Web Consortium on the new digital rights management specification.
The O’Reilly Security Podcast: The origins of LangSec, rigidity vs. robustness, and using game theory to make security better for everyone.
The O’Reilly Security Podcast: The chilling effects of DRM, nascent pro-security industries, and the narrative power of machines.
The O’Reilly Security Podcast: Vulnerabilities in assembled software and the need for immediate developer feedback.
The O’Reilly Security podcast: DevOps, risk reduction, and vulnerabilities in open source.
The O’Reilly Security Podcast: Systems, design, and emergent social structures.
The O’Reilly Security Podcast: Statistical literacy, machine learning, and data visualization.
The O’Reilly Security Podcast: Language as a uniter (or divider), the illusion of control, and how security is made of people.
The O’Reilly Security Podcast: Risk as an emergent property of complex systems, the downsides of security by obscurity, and the new O’Reilly Security Conference.
Announcing the inaugural program committee for the O’Reilly Security conferences.
The new O’Reilly Security conferences will unite in-the-trenches defensive security practitioners and provide a forum for sharing concrete solutions.
Announcing the O’Reilly Security Conference, Oct. 31-Nov. 2 in New York City and Nov. 9-11 in Amsterdam.
As software becomes increasingly complex, a focus on resilience is critical to meeting customer expectations and business goals.
The secret to successful infrastructure automation is people.
The daily work of building and deploying complex software.
A "Coded Business" harnesses feedback loops, optimization, ubiquitous delivery, and other web-centric methods.
How do we manage systems that are too large to understand, too complex to control, and that fail in unpredictable ways?
Web design trends often carry hefty performance costs