June 19, 2020 — Keeping your site secure is difficult, and often times knowing where to start is the hardest step. With terms and acronyms like cross site scripting (XSS), cross site request forgery (CSRF) and others, it’s hard to know just what to do to keep your site secure.
Sometimes the best way to know how to protect a site is to hack one yourself! In this talk we’ll all join forces and become hackers for a short time to hack a live site and learn just what these various attacks are. Most importantly, we’ll also discuss how to protect your site from being exploited.

December 19, 2019 — As developers, we are capable of many amazing feats. We can create experiences that touch the lives of millions, brings aid to the corners of the world, empowers new businesses and bring a voice to the voiceless. WordPress powers over 30% of the entire web! However with this capability, we must also take on the responsibility for the people, and data, we interact with.

During this session, we’ll discuss how a culture of security can benefit not only your organization but also protect your end users and yes even the world. We’ll look at the ethics of privacy, secure web design and architecture, and the impact our decisions have on the community and our users. Mixed in will be best practices for secure coding, how to manage sensitive data from clients and users, compliance with various regulations and laws around privacy, and how to foster a culture of security even while you manage distributed teams. I’ll share my experiences from almost a decade in Open Source and some of the mistakes and successes I’ve had along the way.

Most of all, as WordPress continues to empower more and more of our digital world, it is up to us to decide as a community how we will use this influence and together we can work to make the world a better and safer place for people no matter where they come from.

Presentation Slides »

December 30, 2018 — Sometimes the best way to know what you’re doing right, and what you can do better, is to look at things from a fresh perspective. Being a Drupal developer for almost 9 years, and a recent convert to WordPress 2 years ago, I’ve seen the best and worst of both systems. Rather than pitting the two against each other, it’s best to look at the strengths, and yes the weaknesses of both. By doing so we can learn from each unique community and together make the projects stronger.

This talk will center around my experiences of building a plugin coming from Drupal, what I found in the WordPress community that I’m trying to take to the Drupal community, and visa-versa what I learned in Drupal that I hope to share with WordPress. This will be a fun look at the two communities and from it we’ll come away with a greater sense of how we can better ourselves, our sites, and the open source community as a whole.

December 10, 2017 — Have you been tasked to build the most powerful weapon in the universe? No? How about a hyper performant and scalable system integrating multiple services and workflows all corners of the globe? Are you new to creating and maintaining a system for WordPress to thrive in, but don’t know how to keep it safe?

Whatever your task is, architecture is key. And while putting an exhaust port on the reactor core seems like a good idea, trust me when I say it’ll blow up in your face later. “Death Star” security happens whenever a system relies entirely on an outermost security layer — and fails catastrophically when breached. Defense in depth is especially critical as a site becomes more complex, utilizing systems which may not all be on the same server.

We’ll be exploring methods strong enough to cross the public Internet, flexible enough to allow your team to thrive, and robust enough to avoid single points of failure. Layering your security into a project from the beginning at every step and every layer will help prevent a young Jedi shooting a proton torpedo through a hole the size of a wamp rat and destroying your hard work.

A talk for projects and teams of all sizes, this will be an interactive time filled with lessons learned and examples from the real world. Just promise that afterwards you’ll use what you learn for the good of the galaxy and that you won’t go build a planet sized weapon of mass destruction.