Talks & sessions.
Application security in the AI era, account-takeover defense, and what it takes to govern agents — on stages from BSidesSF to OWASP. Recordings below where they exist.
Featured recordings
Leaked credentials turned account takeover into an industrial-scale problem. This talk is about automating the defensive side — turning credential intelligence into protection that moves faster than the attackers reusing those passwords.
Teams adopt AI faster than security can govern it. A practical playbook for getting from ungoverned shadow AI to securely sanctioned agents — without losing the speed that made people adopt AI in the first place.
All sessions
- Log In Through the Front Door: Automating Defense Against ATOBSidesSF · Conference2025
- 2025
- OWASP Bay Area MeetupBay Area OWASP chapter · Meetup2025
- M3AAWG 65th ConferenceMessaging, Malware and Mobile Anti-Abuse Working Group · Conference2025
- Adobe Hackfest, HamburgConference2025
- Security webinarBrightTALK · Webinar2024
What I speak about.
Conferences, meetups, podcasts, and internal engineering events — if your audience cares about the intersection of AppSec and AI, we'll have plenty to talk about.
Securing AI-assisted development
What changes for AppSec when code is generated instead of typed — and how shift-left has to evolve with it.
From shadow AI to governed agents
A pragmatic path from ungoverned AI use to secure, sanctioned agents inside a large organization.
Automating ATO defense
Leaked-credential intelligence and identity protection at consumer scale.
Phishing defense & brand trust
Building anti-phishing and brand-protection programs that hold up at high volume.