Fermin J. Serna - Head of Product Security Engineering, Google

Natalie Silvanovich - Security Researcher, Google Project Zero

The Grugq - Threat Intelligence VP, Comae



 Fermin J. Serna
  During this talk, Fermin will present what the ISE (Information Security Engineering) team does to accomplish its mission: “Making sure that Google ships secure software, by any means necessary”. Fermin will present the different parallel efforts to prevent on scale web security issues, run third party software securely, web and native code mitigations,, crypto consulting/frameworks, the vulnerability reward program and offensive security.

This last part, VRP and offensive security, are key to validate and measure success.
  Fermin J. Serna is a Computer Science Engineer graduated at the UCM, and currently works for Google at the Seattle offices as Head of ISE (Information Security Engineering team) - Product security. Previously he has worked for Microsoft at the MSRC Engineering team.

Fermin has lots of things that attract his attention, mainly security ones such as exploitation techniques, fuzzing, binary static analysis, reverse engineering, coding... but also Artificial Intelligence, chess...

Fermin has found and published multiple security vulnerabilities on software developed by Microsoft, Google, Adobe, Oracle, ... Fermin is also a regular speaker at security conferences such as BlackHat, Syscan, Bluehat, H2HC, Rootecon, DeepSec, Source, Summercon, ...



  All the Tiny Features
 Natalie Silvanovich
  JavaScript is an ever-evolving standard, and new features, such as WebAssembly and WebRTC are continuously being added to browsers. This talk discusses the security of several new browser features. It will describe the attack surface of each feature and give examples of vulnerabilities in each. Learn to find bugs in the newest parts of the browser!
  Natalie Silvanovich is a security researcher on Google Project Zero. Her current focus is on script engines, particularly understanding the subtleties of the scripting languages they implement and how they lead to vulnerabilities. She is a prolific finder of vulnerabilities in this area, reporting over a hundred vulnerabilities in Adobe Flash in the last year. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.



 The Grugq
  Keynote Talk
  The Grugq, VP of Threat Intelligence at Comae, is a pioneering information security researcher with two decades of experience. He has worked extensively with threat intelligence, digital forensic analysis, binary reverse engineering, rootkits, mobile phone security, Voice over IP, telecommunications and fi nancial services security. The Grugq's professional career has included Fortune 100 companies, leading information security fi rms and innovative start-ups.