Watch Ted's demo reel

Why Ted?

Stories

Insights

Action

Ted takes your audience to the front lines of ethical hacking and security research. He helps them experience the wild, unexpected, often shocking stories of both companies who got security right, and those who didn't.

He then extracts the key insights from those stories, translating them into advice your audience can go implement. (Much of which, he covers in his book Hackable).

Your audience will learn exactly what to do, why to do it, and how.

Ted%20Speaking%20Clip%20Thumbnail%2001_e

Format & Options

Main Stage Keynotes

Workshops

Live Events

Virtual Events

Want to see Ted in action?

Want to read some examples?

Ready to discuss further?

My commitment to you:
Be the easiest speaker you've ever worked with. 
My commitment to your audience:
Help you think differently, and teach you how to act on it.

Ted is represented exclusively by BrightSight Speakers

headshot option 5.jpg

Programs

Image by Christian Wiediger
The Lies (and Truths) about Application Security

There's lots of good advice out there. Some of it is even good advice. Much of it, though, is straight up wrong.

 

Don't think like a defender, think link an attacker. Don't hoard information, share it. Don't rely on the basics, seek the advanced tactics. Don't rely on "annual" testing, get it more frequently.

With so many misconceptions running rampant, how are you to know what to trust and what to reject?

In this program, you'll learn how to identify the common falsehoods, and what to replace them with instead.

 
Image by XPS
Start With The Right Mindset and the Right Partner

Security can feel uncertain, but it doesn't need to be that way. It all starts with how you think, and how well you pair that with an outside expert to help you produce explosive resutls.

But how do you know what to look for?

In this program, you learn the foundation that leads to security excellence, including:

  • Why it's not just about doing security, it's about security excellence

  • What to look for in a security partner, and how to vet their capabilities

 
Image by Joshua Aragon
Choose The Right Assessment Methodology

When working with outside security consultants, people often think it's best to withhold information from them. After all, the attackers don't have that info and you want to emulate the attackers, right?

Wrong.

 

In this program, you learn how to get the most value out of your security partner, including:

  • The difference between white-box and black-box testing

  • Why information is a shortcut your attackers don't have

  • How to exponentially multiply your rate of vulnerability discovery

 
Programming Console
Get The Right Security Testing

If you have valuable assets to protect, you need to test your software system for security vulnerabilities. This has probably led you to seek out penetration testing.

But what if that's not even what you're actually getting?

This session exposes the common misconceptions around penetration testing, including especially the fact that you're usually sold something else (vulnerability scanning) yet usually need yet another thing entirely (vulnerability assessments). You'll learn:

  • The difference between penetration testing, vulnerability scanning, vulnerability assessments, and bug bounty programs

  • How to pick which one is right for you

 
Computer Keyboard
Hack Your System

Your security vulnerabilities exist. The question is simply whether you find (and fix) them before your attackers exploit them. So, you get yourself some security testing.

But are you going deep enough?

 

Most testing programs are not going deep enough. In this program, you'll learn the core ideas behind effective security testing, including:

  • Why vulnerability scanning isn't enough

  • Why system design matters

  • How you win if you abuse functionality, chain exploits, and seek the unknown unknowns

 
Image by Goran Ivos
Fix Your Security Vulnerabilities

Once you find those vulnerabilities. next you need to fix them.  But developers are already overloaded, deadlines are looming, and there just isn't time to add remediation work. However, if you don't fix the vulnerabilities, you've wasted the money, effort, and time invested in finding them in the first place -- all while leaving a vulnerable system unnecessarily exposed. 

 

How is a busy team to handle this conundrum?

In this program, you'll learn how to:

  • Prioritize Vulnerabilities by Severity

  • Remediate Vulnerabilities

  • Verify Remediations

 
Image by vipul uthaiah
Hack It Again

Once you find vulnerabilities, are you done? No. Now you need to hack the system again.

But how can it also save money?

 

In this program, you learn some of the most unexpected aspects about security reassessments, including:

  • Why you'll keep find critical vulnerabilities

  • How the right cadence gets you more, better secure, for less money

  • What the right cadence even Is

 
Image by Jp Valery
Spend Wisely

You need to secure your software system and then prove that it's secure. However, you also have tremendous competing demands on the same resources of time and money it would take to do that.

How do you know how much to spend?

In this session, you'll learn:

  • What happens when you spend too little (and when you spend too much)

  • How to find "just right"

  • Benchmarks to help establish your security budgets

 
Image by Tamara Gak
Establish Your Threat Model

A threat model is the core to every defense plan... yet most companies don't even know what it is, let alone have one implemented. A threat model is important because outlines the battle you're in.

If you don't understand the battle you're in, how can you possibly win?!

 

In this program, you'll learn the core ideas behind threat modeling, including:

  • What a threat model is, and how to establish one

  • How to think about assets, adversaries, and attack surfaces

  • How to think about misuse and abuse cases

 
Image by Tianyi Ma
Build Security In

Developers are under intense pressure, deadlines are looming, and anything that can be deferred must be. Security is often seen as one of those things.

How can an overloaded team also tackle security, in addition to the many other development priorities?

 

It's actually much simpler than you think. Not only is it more effective, it's less expensive, too! In this session you'll learn:

  • The difference between "build it in" vs. "bolt it on."

  • Why it's more effective & less expensive to "build it in."

  • Why security does not slow you down.

  • How to build it in, whether you use a linear-sequential methodology (like Waterfall) or an iterative one (like Agile)

 
Image by Sharon McCutcheon
Use Security to Win Sales

People often think of security as a tax on the business. But that's wrong: security is a sales enabler.

But how?

 

In this program, you learn about the most commonly overlooked aspect of security, including:

  • Why security is a competitive advantage

  • How to use your security assessment report and your security consultant in the sales process

  • How to make security questionnires become your sales tool

  • How to build an effective security page on your website

 
Logo - Full Color - on BLACK.png

1431 Pacific Coast Hwy, Suite 300

San Diego, CA 92101

+1 (619) 535-9677

© 2021 by Ted Harrington

linkedin (1).png
twitter (1).png