Wednesday, October 12, 2022

5:00 PM -
7:30 PM

Welcome Reception

Join us for food, drinks and entertainment overlooking the San Diego Bay! 

Thursday, October 13, 2022

7:00 AM


General Session

8:30 AM

Marriott Grand Ballroom

HackerOne Opening Keynote: Achieving Attack Resistance

Marten Mickos, HackerOne

Digital transformation and cloud adoption have challenged traditional approaches to cybersecurity. The need for organizations to respond to competitive market conditions through continuous innovation, coupled with new complexities in governing decentralized business operations, has widened protection gaps and turned risk management on its head. And as security teams face the challenges of governing the spread of unknown or unmanaged assets because of this mounting complexity, bad actors have become exceptionally efficient at responding to new vulnerabilities. In this session, we will introduce a new approach to help organizations strengthen resistance to attack by focusing their teams' efforts on addressing the gap between the assets they currently know about and protect, and their full attack surface.

8:45 AM

Marriott Grand Ballroom

Innovating the Attack Resistance Management Platform

Ashish Warty, HackerOne

HackerOne is on a mission to simplify and innovate our platform to help our customers achieve their security goals. Join us to learn about the evolution of our roadmap and get a peek at the Attack Resistance Management platform in action.

9:15 AM

Marriott Grand Ballroom

How Human Experts Give you a Security Advantage

Chris Evans, HackerOne  |  Alex Rice, HackerOne

Achieving actual attack resistance is hard. Security teams are stretched thin, attack surfaces are expanding, and digital threats are increasingly difficult to detect. Automated security can find vulnerabilities in unknown assets. However, visibility alone doesn’t drive meaningful remediation. Findings from automation often lack context and force security teams to spend time combing through false positives to find the few critical vulnerabilities that require fixing. In this session, Chris Evans, CISO and Chief Hacking Officer, will discuss his security strategy for combining the power of automated scanning with the security expertise of ethical hackers to drive down risk and achieve Attack Resistance Management for HackerOne.

9:45 AM

Partner Keynote Session

10:30 AM

Digital Futurist Guest Keynote – Gigatrends: 7 Tech Trends Changing Everything

Thomas Koulopoulos, Delphi Group

Gigatrends looks at the greatest technological shifts of the 21st century and lays out a roadmap to navigate the change, disruption, and opportunities they will create. From the Metaverse and Web 3.0 to the emergence of digital workers, from frictionless commerce to blockchain, and from the global healthcare crisis to Generation Alpha, Gigatrends sheds a bright and insightful light on the many unanticipated ways that technology will shape the future; connecting the dots between what are often confusing and disconnected trends to make them understandable and actionable. And all of this directly from Tom’s unique perspective of more than four decades on the front lines of the technology revolution. At a time when uncertainty seems to be looming large over every aspect of our lives. Gigatrends sets a course for the future that is realistic, fascinating, and above all, hopeful.

11:30 AM

Customer + Hacker Panel

Modern organizations are seeing their attack surfaces expand faster than ever. Business transformation, diverse technology environments, and digital product deployments create visibility gaps that result in unknown risks—which means your resistance to a cyber attack is lower than you might think. Your security team must understand how to find, manage, and close your organization's gaps before a risk turns into an attack. Learn how teams from different industries analyze and understand their entire attack surface, then take action to remediate the most severe risks first.

12:00 PM

Strengthen Your Security Posture with a Continuous Cycle of Vulnerability Intelligence—featuring Hyatt Hotels and DoD’s Defense Cyber Crime Center (DC3)

Benjamin Vaughn, Hyatt

Melissa Vice, DoD/DC3

As the vulnerability landscape changes through application deployment, cloud migrations, product launches, mergers and acquisitions, and more, detecting security risks before they become threats is critical to effectively defending your attack surface. Even when armed with security risk insights, what are the best ways to maximize efficacy and strengthen your security posture? Join Hyatt Hotels and the DoD's Defense Cyber Crime Center (DC3) to learn how they use vulnerability trends to inform security actions and apply those actions throughout the SDLC for a stronger security posture.

As the vulnerability landscape changes through application deployment, cloud migrations, product launches, mergers and acquisitions, and more, detecting security risks before they become threats is critical to effectively defending your attack surface. Even when armed with security risk insights, what are the best ways to maximize efficacy and strengthen your security posture? Join Hyatt Hotels and the DoD to learn how they use vulnerability trends to inform security actions and apply those actions throughout the SDLC for a stronger security posture.

12:30 PM

Lunch & Expo Hall

Featuring our partner sponsors:

1:30 PM

Breakout Sessions

Build Resistance to Attacks by Unlocking the Value of Ethical Hackers

Sean Ryan, HackerOne

Spencer Chin, HackerOne

Attack surfaces are expanding, spurred on by the continuous release of new digital services and business transformation. In this session you will learn why it’s time to implement an Attack Resistance Management strategy to find unknown risks that automated tools miss, then unlock the security expertise of ethical hackers to close critical gaps, rank risks, and prioritize remediations across your attack surface. This session will include live demos of HackerOne's Attack Resistance Management portfolio.

OpenASM Series: Modernizing Attack Surface Management with Hadrian

Ben Sadeghipour, Hadrian

Attack Surface Management has gained a lot of momentum in today’s digital world. With organizations growing their presence online, it is harder to track and have visibility into an organization's digital footprint. Whether you are on the defensive or offensive side, join Hadrian's VP of Research & Community, Ben Sadeghipour (@NahamSec), in this session to understand the modern attacker’s perspective on approaching a company's digital assets and finding vulnerabilities within them. Additionally, he’ll demonstrate the ways you can implement a comprehensive attack surface management program to reduce your organization’s risk by leveraging Hadrian and HackerOne.

Why Isn't Anyone Paying Bounties for Zero Days?

Chris Evans, HackerOne

Rotem Bar, Hacker

Maddie Stone, Hacker, Project Zero

What’s your definition of a zero day? Exactly what a zero day is, and how one should be tackled when it comes to bug bounty, has been a contentious issue for years. Along hacker, Rotem Bar, and Google Project Zero researcher, Maddie Stone, HackerOne CISO and Chief Hacking Officer Chris Evans will explore why zero days have been rewarded inconsistently in bug bounty programs and why Log4j served as an inflection point for many customers. The panel will debate the challenges and solutions to protecting organizations from the most unexpected of threats, and examine the philosophy of a "pay for value" approach to zero days.

2:30 PM

Breakout Sessions

How to Find Unknown Risks to Create a Stronger Cloud


Whether cloud-native or cloud-migrated, organizations need fast, effective ways to approach an evolving attack surface in the cloud without slowing down innovation. Cloud services present unique challenges for organizations, their ease of access enables accounts to be created quickly with little oversight or security considerations. The vast number of options available to configure these cloud services can lead to common misconfigurations and exposed assets on the internet. And fundamentally, while these highly ephemeral microservices-based architectures offer boundless flexibility for the business, they present difficult trade-offs for security teams when managing risk for the organization. Join a cloud expert guest speaker to learn how they reduce cloud exploitability by collaborating with hackers to find and fix gaps, ensure compliance, and prevent attacks on their cloud assets.

Hacker One Enterprise Pentest: Your Road to Continuous Assessments

Denny Deaton, HackerOne

Traditionally pentesting has been slow and shallow, making it difficult for modern security organizations to keep pace with innovation and compliance demands. This, coupled with the frequency of security incidents, is making enterprise security teams realize the increasing need for on-demand access to high-quality pentesting resources—and traditional consulting firms are unable to deliver due to limited FTE teams, slow launch times, delayed results, and manual reporting efforts. In this session we will cover the advantages the HackerOne platform provides to customers conducting pentests, including an easy and fast way to scope and launch a pentest, real-time results so that your teams can remediate issues faster, and transparency and direct communication with pentesters during testing. We’ll also provide insights into the future of the HackerOne platform.

3:30 PM

Breakout Sessions

All Your Data Belongs to You: Utilizing the HackerOne API to Power ML/AI and Custom Analytics

Roy Davis, Zoom

Coming Soon!

Secure Code Review: Catching Vulnerabilities at the Source

Dan Mateer, HackerOne

Colin Lee, Senior Android Engineer, Meetup

Security vulnerabilities discovered in applications are almost always rooted in security flaws in source code. Here, weaknesses may be logical errors, missing validation, insufficient logging, poor secrets management, missing user permissions checks, unsafe string concatenation, misconfigurations, and much more. In this session, you'll learn the importance of incorporating secure code review in the software development lifecycle. While automated scans are helpful and powerful tools, they're no replacement for code review by human experts.

4:15 PM

Breakout Sessions

Web3 Bug Bounty and the Decentralized World: Pitfalls and Strategies

Dane Sherrets, HackerOne

Web3 is a technology that excites, scares, and divides the tech community. But what really is Web3, what are the threats, and what is the use case for Attack Resistance Management? Web3 hacker, Sam Curry, and Senior Software Engineer at OpenSea, Edric Barnes, will join HackerOne's Security Architect, Dane Sherrets, to dissect Web3’s relationship to cryptocurrency and blockchain, and the security mistakes companies are making as they adopt the technology. Drawing on real examples and data from Web3 bug bounty programs, the panel will cover how ethical hackers view the technology, whether a radically different approach needs to be taken when hacking Web3, and best practices for including Web3 in the scope of your Attack Resistance Management strategy.

Lessons Learned in the Race to Secure Open Source

Alex Rice, Hackerone
Xavier René-Corail, GitHub
Aaron Patterson, Ruby Core Team Lead

Last year at Security@, HackerOne announced the newest iteration of the Internet Bug Bounty: an initiative founded to crowdsource security resources for open source projects and maintainers. And earlier this year, Log4Shell flagrantly exposed how threats to open source can have wide-reaching consequences. In this session, join the Director of GitHub Security Labs Xavier Rene-Corail, hacker and CTO of WebSign Ryan Lester, Ruby Core team leader Aaron Patterson, and HackerOne Co-founder and CTO Alex Rice to discuss key learnings from their time securing open source, and what the future holds for open source security.

4:45 PM

Expo Hall Open

6:30 PM


*Agenda subject to change.