Adam Englander Security
Adam Englander is the Architect for the LaunchKey product at iovation as well as a speaker and author. Adam has 20 years of experience in building secure, scalable applications for startups to Fortune 100 companies in security, finance, and healthcare verticals. Adam is heavily involved in the Las Vegas tech community, VegasTech. Adam is the founder of PHP Vegas and is the organizer for PyVegas as well as co-organizer for the Las Vegas Developers Group.
Where do you work, what is your current role?
Senior Software Architect at TransUnion
How do you use PHP professionally?
I have built highly scalable applications and APIs using PHP and its frameworks.
How and when did you get involved speaking or writing in the community?
I have been speaking and writing in the community shortly after I started the PHP Vegas in early 2013.
What’s your best conference memory?
My first international conference was in Singapore for PHPConf.asia. This was the first conference into which I fully immersed myself and made serious connections with others in the global PHP community.
What advice do you have for someone going to their first conference?
Be sure to venture into the common spaces and inject yourself into groups of people if there’s an empty space. It’s the best way I know to expand the benefits you receive at a conference.
Tabs or Spaces?
Spaces, but, I totally understand the attraction to tabs.
Do you know how to exit VIM?
What’s your primary OS: Windows, Mac, or Linux?
Why is a security mindset important to programmers? Can’t operations handle it?
Operations can prevent access to the servers that run your code. They cannot protect you from vulnerable code. Also, the best defense is defense in depth. To make a truly secure system you need multiple layers of security and the assumption that any or all of these layers can fail at any moment.
What’s one thing people can do today to write more secure apps?
Spend some time learning about the OWASP Top Ten.
What is a new or understated threat web developers should be aware of?
I am always amazed at how many sites are compromised because the OS, PHP version, OS libraries, application dependencies are not kept up to date. It really is the easiest way to protect yourself.
How do you sharpen your web security skills beyond work?
I read a lot of books on application security and cryptography. I also attend security conferences like DefCon and Security BSides.
OWASP 201 – Request-Based SecurityMORE INFO
OWASP 301 – Infrastructure-Based SecurityMORE INFO
Access Control & AuthorizationMORE INFO
Cryptography 101 – Introduction to CryptographyMORE INFO
Cryptography 201 – Algorithms and AnalysisMORE INFO
Fortifying Your Defenses with Threat ModelingMORE INFO
Federated Identity: OAuth, SAML, FIDO & MoreMORE INFO
Biometrics: Risks & DangersMORE INFO
When & Why: Interfaces, Abstracts, TraitsMORE INFO
Password-Based Authentication StrategiesMORE INFO
At-Rest Encryption for Complete Data ProtectionMORE INFO
Mobile PermissionsMORE INFO
Third Party Application AccessMORE INFO
Servers: Configure, Harden & ManageMORE INFO