Training Developers to Code Securely: Theory and Practice
Lisbon, Portugal, April 2024, for EnCyCriS/SVM.
A presentation based on my research on software security training for developers. Over half of software developers in industry are not even offered software security training, and when they are it can be sub-standard or irrelevant.
Unhelpful Assumptions in Software Security Research
Copenhagen, Denmark, November 2023, for CCS.
A presentation based on my review of the academic secure-coding literature. When researching secure coding, researchers sometimes make unwarranted assumptions. I discussed some of these and their implications for the field.
There’s Nothing Funny About Being a PhD Student
Limerick, Ireland, November 2023, for the ADVANCE CRT First Cohort Celebration.
There is nothing humorous in the PhD experience, as I pointed out to my exhausted and traumatised fellow academic travellers at the end of our doctoral journey.
Assessing Secure Coding Practice and Culture
Online, September 2023, for the SEAD and SPARE Research Group.
I presented my research so far on secure coding practice and culture to this welcoming and engaged group of researchers. They gave valuable and thought-provoking feedback.
Centring the Environment in Developer Centred Security
Bolzano, Italy, July 2023, for the International School on Software Engineering.
My first attempt to condense my research journey into a coherent narrative, pending completing my PhD thesis and attempting to defend it. The attendees were very kind.
Measuring Secure Coding Practice and Culture: A Finger Pointing at the Moon is not the Moon
Melbourne, Australia, May 2023, for ICSE.
A presentation based on my research on secure coding and culture, for ICSE. I presented the CA Score, or Ryan metric, to measure software security practice. I also considered questions that could help to identify a poor security culture in organisations.
Studying Secure Coding in the Laboratory: Why, What, Where, How, and Who?
Melbourne, Australia, May 2023 for EnCyCriS.
A presentation on conducting secure-coding laboratory studies, based on my review of the academic literature. I described methods used by researchers to select subjects and assign tasks; what has worked and what seems problematic.
The State of Secure Coding Practice: Small
Organisations and ‘Lone, Rogue Coders’”
Melbourne, Australia, May 2023 for ICSE EnCyCriS.
A presentation based on my research on levels of secure coding amongst lone and isolated developers. Levels of security practice are generally low. Tool use is also disappointingly low in these cohorts, who could use tools to access community security knowledge.
Faith, and Trust, and Pixie Dust: The Significance of Software Security
Dublin, Ireland, May 2022, for the ADVANCE Research Colloquium.
A presentation on the important role that software security plays in the contemporary world. I considered software security issues in the light of the UN Sustainable Development Goals.
Insecure Software on a Fragmenting Internet
Galway, Ireland, April 2022, for Cyber-RCI.
A presentation based on my research on the impact of poor software security on the increasingly fragmented Internet. I argued that unless chronically insecure software is addressed, Internet fragmentation will accelerate.
Secure This!
Online, November 2021, for the PASS Data Summit 2021.
A talk to professional database administrators and developers on considerations for securing your database server and web app.
This was banging the security drum at a basic level to a packed – virtual – room… MFA, patching, no defaults, isolation, defense in depth and more. Spreading the security word, one room at a time.
Understanding Developer Security Archetypes
Online, June 2021, for ICSE EnCyCriS.
A presentation based on my understanding of how developers’ software security stance is influenced by their level of software security enthusiasm and the environmental support they receive.
The Dos and Don’ts of Consulting
Dublin, Ireland, November 2014, for the Dublin Web Summit.
A look at the delights, perils and pitfalls of software consulting, with some reminiscences from my own career.
Interrogation at Crime Always Pays
An interview about my novel by the inimitable Declan Burke.