Talks & Presentations

Hi, I’m an international speaker on the topics of security and development. I present fun and engaging talks, aiming to entertain and instruct the audience. At the end of a talk, I want the audience to leave with a smile on their faces, having learned something new and enjoyed themselves.

I’ve spoken at conferences in-person in Australia and New Zealand, as well as online for international audiences. I’m always looking for more opportunities to speak in new places, so please reach out if you’d like me to speak at your conference or event.

You can find my various talks and presentations listed below, click through for full details, including recordings, slides and additional materials. Alternatively, you can find all of my recorded talks on on a YouTube Playlist.

CSRF is dead (or is it?)

Many developers have never heard of SameSite cookies before, or how they can protect their apps from CSRF attacks. In this session we will learn about the three different options: “None”, “Lax”, and “Strict” and discuss the benefits of each value.

Think Like a Hacker and Secure WordPress, live on stage

“What could I have done to avoid being hacked?” is a question you’ll often hear after a site is hacked. In some cases the answer is complicated, but a lot of the time it’s relatively simple and there are many checklists and guides online outlining the ways sites can be hacked, plus how to secure them. However, a lot of people learn better from seeing and doing than reading (often boring) checklists. So rather than look at checklists on slides for 30 minutes, we’re going to hack into WordPress instead!

We will target a vulnerable installation of WordPress and attack the usual weaknesses to compromise the site. After every attack we perform, we will make the required changes to block the attack, and then attempt to compromise the site again, hopefully unsuccessfully this time! The goal is to think like a hacker, learning what types of vulnerabilities exist and how they are exploited, so we can better protect our sites and block hackers before they get in. By the end of the talk, we should have a secure site and an incredibly frustrated hacker.

My Year On The Front Line, Cleaning Infected Sites

Stephen has been working with the Wordfence Site Cleaning team part-time since early 2017, Fast-forward to the middle of 2018 and he’s recently stepped back from cleaning to join the Wordfence team full time as a developer, so now it’s time for him to tell us his story. He’ll share stories from the more memorable sites he’s cleaned, revealing his all-time favourite WordPress malwares, and the epic tale of the persistent attacker that almost thwarted them completely. Scattered throughout will be tips and ideas to help protect your site from compromise and keep everyone (except the bad guys!) happy.

Ansible, live on stage

As PHP developers, we often find ourselves managing our own web servers and performing the same commands over and over again for each new server and website that we wish to deploy. We’ve heard about the benefits of tools like Puppet and Chef, but the time and effort involved in learning, setting up, and using those tools is prohibitive and we usually decide that using SSH, relying on bash history and even some helper scripts is easier than learning something new. However, there is an alternative: Ansible.