php[architect] logo

Want to check out an issue? Sign up to receive a special offer.

Meet the php[tek] Security Chairs

Posted by on April 15, 2019

We’ve re-imagined the format of php[tek] this year in response to feedback from past attendees. We kept hearing a desire for a more cohesive, curated conference schedule which allows speakers to dig deeper into a topic than a general 50-minute talk permits. So we’re organizing the talks into eight focused tracks, where one talk builds upon the last to provide a cohesive curriculum. We’ve invited experts from the PHP community to prepare all-new presentations for each track. Scroll down to read about all three Security track chairs: Adam Englander, Ijeoma Ezeonyebuchi, and Eric Mann.

You can learn more about tracks and see the complete schedule on the php[tek] site.

Security track specific tickets are available if you want to attend only the security talks.

php[tek] 2019 Security track chairs

Adam Englander, Security Track Chair

Adam Englander is the Architect for the LaunchKey product at iovation as well as a speaker and author. Adam has 20 years of experience in building secure, scalable applications for startups to Fortune 100 companies in security, finance, and healthcare verticals. Adam is heavily involved in the Las Vegas tech community, VegasTech. Adam is the founder of PHP Vegas and is the organizer for PyVegas as well as co-organizer for the Las Vegas Developers Group. @adam_englander

Where do you work, what is your current role?

Senior Software Architect at TransUnion

How do you use PHP professionally?

I have built highly scalable applications and APIs using PHP and its frameworks.

How and when did you get involved speaking or writing in the community?

I have been speaking and writing in the community shortly after I started the PHP Vegas in early 2013.

What’s your best conference memory?

My first international conference was in Singapore for PHPConf.asia. This was the first conference into which I fully immersed myself and made serious connections with others in the global PHP community.

What advice do you have for someone going to their first conference?

Be sure to venture into the common spaces and inject yourself into groups of people if there’s an empty space. It’s the best way I know to expand the benefits you receive at a conference.

Why is a security mindset important to programmers? Can’t operations handle it?

Operations can prevent access to the servers that run your code. They cannot protect you from vulnerable code. Also, the best defense is defense in depth. To make a truly secure system you need multiple layers of security and the assumption that any or all of these layers can fail at any moment.

What’s one thing people can do today to write more secure apps?

Spend some time learning about the OWASP Top Ten.

What is a new or understated threat web developers should be aware of?

I am always amazed at how many sites are compromised because the OS, PHP version, OS libraries, application dependencies are not kept up to date. It really is the easiest way to protect yourself.

How do you sharpen your web security skills beyond work?

I read a lot of books on application security and cryptography. I also attend security conferences like DefCon and Security BSides.

Ijeoma Ezeonyebuchi, Security Track Chair

Where do you work, what is your current role?

I currently work at NPR as a Test Engineer.

How do you use PHP professionally?

Professionally I’ve worked on testing many services built in PHP used in mobile applications. Additionally, I have used PHP when working with WordPress while volunteering as webmaster for a non-profit called Express Igbo, a non-profit organization that seeks to increase the number of Igbo speakers.

How and when did you get involved speaking or writing in the community?

I began speaking more widely at conferences last year.

What’s your best conference memory?

This is a hard one, way too many to count so I’ll mention the most impactful one which occurred at All Things Open(2018). After speaking at a diversity and inclusion panel, I had someone come up to me and share how they really related to the experiences I shared and how it impacted them personally. My real hope when I speak at conferences is to share knowledge and empower others, knowing I made an impact to this person is an experience I will never forget.

What advice do you have for someone going to their first conference?

Attend many sessions but don’t overdo it, meet cool people, and take it all in.

Why is a security mindset important to programmers? Can’t operations handle it?

“With great power comes great responsibility.” What we build is for others, and we need to make sure it’s secure not only so our systems are safe, but so we can also create user trust.

What’s one thing people can do today to write more secure apps?

Focus on negative testing. That is testing uncommon user paths to discover hidden vulnerabilities.

What is a new or understated threat web developers should be aware of?

Use of external libraries and tools, open source is great but what even greater is ensuring that using existing software doesn’t expose your software to risks is even better.

How do you sharpen your web security skills beyond work?

In two main ways. First by educating myself on the tools out there and secondly by listening to what users say about using apps and why they won’t use them its sometimes best to take a high-level view to determine low-level problems.

Eric Mann, Security Track Chair

Where do you work, what is your current role?

I’m a Director of Engineering at Vacasa out in Portland. I manage teams responsible for data science, engineering integration with data science deliverables, and a new group focused on real estate.

How do you use PHP professionally?

For a season (about 4 years) I used PHP professionally in the WordPress space. I ran my own small web development company for a while but spent the vast majority of that time doing enterprise web development for an agency called 10up. We build smaller projects for other consulting agencies and larger projects for media companies. Though I can say more in person than in writing or anything published, some of my clients included magazines like TechCrunch and Time, media companies like AMC Networks, and larger corporations like Microsoft.

After I stepped out of agency work, I continued to use PHP on the tooling front, mostly targeted at security and cryptography. I spent over 2 years working for a small cybersecurity firm in Portland where I published tools and tutorials for other developers planning to use PHP securely. Some of those tools powered secure authentication for customers like Atlanta Streetcar and other players in the industry.

Even at Vacasa, we use PHP to power much of the core of our business. The website, backend APIs, even asynchronous cron tasks are all powered by or deeply integrated with PHP solutions.

How and when did you get involved speaking or writing in the community?

Like my PHP work, speaking and community involvement started for me with WordPress. I started visiting WordCamps even before I was focused on WordPress full-time. Making the jump to more technical, PHP-focused events and community projects was a logical next step for me.

What’s your best conference memory?

At my first php[tek] I presented a 3-hour workshop on PHP unit testing and mocking. At one point in the presentation, I detailed a workaround I was using for a bug in Mockery. Pádraic Brady was sitting in on my class and decided to patch the bug during my talk. He interrupted at one point, “go ahead and composer update. I fixed it for you. Thanks for the bug report.”

Being in such close proximity to the leaders in our industry made it easier to see these icons as real people and lowered the bar that I saw in front of me before I could become a “real contributor.”

What advice do you have for someone going to their first conference?

Be social. Break out of your comfort zone and meet as many people as possible. You never know when you’ll be talking to a future supervisor, future hire, or key contributor to a project you depend on.

Why is a security mindset important to programmers? Can’t operations handle it?

Security is never “not my job.” Security is a vital issue for everyone to keep in mind—programmers, operations, business, everyone. Your customers won’t care about your role when their data is lost or stolen.

What’s one thing people can do today to write more secure apps?

Work with other developers and audit one anothers’ code. Not just leaving “looks good to me” comments, but thoroughly reviewing commits and identifying potential edge cases for code behavior. It’s these edge cases that are often leveraged by attackers to breach a system.

What is a new or understated threat web developers should be aware of?

I wrote about it in a previous Security Corner piece, but DNS hijacking is a serious threat that not many people realize is out there. Spin up a Heroku app or EC2 instance and point a subdomain at it for testing…then kill off the instance but forget to remove the DNS entry. Now anyone can stand up a new instance and serve their own content on a subdomain of you otherwise legitimate site.

How do you sharpen your web security skills beyond work?

Reading and participating in open source. In addition to my day job, I continue to contribute back to various open source projects when I can. I maintain several security extensions for WordPress because many of the end users in that space need some extra support. Keeping up on current events in the space helps me stay ahead of certain things; continuing to contribute keeps me involved and relevant to the conversation.

Learn more about php[tek]

Tags: ,
 

Leave a comment

Use the form below to leave a comment: