Chris has been a security enthusiast for most of his life, starting back in middle school when he had to bypass parental security controls to play Mega Man X. He's been a penetration tester both full- and part-time, having advised security directors at companies both big and small on how to secure their assets. Around a year and a half ago, though, Chris started working full-time on his company Web Sight as a solo founder. In this journey, Chris has been responsible for the development of the Web Sight platform from front to back, getting his hands dirty with all sorts of distributed architectures and bleeding edge platforms. This talk will expound upon the journey from penetration tester to software developer, highlighting areas where the transition went smoothly and other areas where the opposite was the case. We will cover many easy pitfalls that developers and architects can make, and how knowing about those pitfalls at design time can relieve an immense amount of the burden of securing software down the line. We will also take a look at how security can be added to traditional development practices in novel ways, resulting in development and testing that ensures code security (in addition to code quality) does not regress to previous states. Through this talk, we hope our audience will leave with a number of handy new techniques for managing security in codebases as well as an improved eye for detecting security problems before they arise.
Christopher Grayson (OSCE) is the founder, CEO, and principal engineer at Web Sight.IO. In this role he handles all operations, software development, and research efforts.
Christopher is an avid computing enthusiast hailing from Atlanta, Georgia. Having made a habit of pulling things apart in childhood, Chris has found his professional home in information security. Prior to founding Web Sight.IO, Chris was a senior penetration tester at the security consultancy Bishop Fox, and a research scientist at the Georgia Institute of Technology. During his tenure at these organizations, Chris became a specialist in network penetration testing and in the application of academic tactics to the information security industry, both of which contributing to his current research focus of architecting and implementing high-security N-tier systems. Chris attended the Georgia Institute of Technology where he received a bachelor's degree in computational media, a master's degree in computer science, and where he organized and lead the Grey H@t student hacking organization.