Nazneen's speaking engagements

Delivered 13+ speaking engagements (conferences, panels, webinars) across India, Italy, Germany and the USA on:

• Application Security, DevSecOps & Security Champions – scaling AppSec through cultural change

• Vulnerability Management Transformation – automation, offensive security, and prioritization at scale

• Women in Tech Leadership – career growth, progression, and representation

• Android Security & Usability – secure design, data protection, and performance optimization

Title	Description	Media Link	Conference Name
From Chaos to Calm: Vulnerability Management for a Dynamic, Sprawling Technology Estate	In this talk, my colleague Felix Hammerl and I dive into the challenges that scale and rate of change impose on our vulnerability management program and relive key decisions on our journey to building a robust, scalable, automated security framework that embraces a vast technology estate, autonomous teams, and competing priorities. In our journey, we have learned what traditional vulnerability management gets wrong, the ineffectiveness of patching all CVEs, and how SLAs are counterproductive. We learned about alert fatigue and ownership in a DevOps world. We adopted a more nuanced view on actual security issues and gave teams visibility and autonomy in how to address them. We showcase the technologies underpinning this transformation and how we used serverless computing to make modern tools like Wiz, Shodan, and Tenable play nice with our technology estate in this talk. We end with a note on how offensive security helps us combat complacency.	https://www.youtube.com/watch?v=C4W73btdSTY	Code.Talks, Hamburg, Germany (2024)
Why have we not fixed all the vulnerabilities yet?	In this panel we will dig into one seemingly simple question — why haven’t the developers fixed all the vulnerabilities yet? Is it because developers are lazy? Or they don’t know how to fix security issues? Or is the management prioritising everything else but security? Could it be that security professionals are not assisting enough in the remediation process? Maybe we are doing something completely wrong and there IS actually a way to fix all security issues while going forward with technology.	https://www.youtube.com/watch?v=LrTmOBGANNQ	Code.Talks, Hamburg, Germany (2023)
Applying A Technical Brain To Organizational Design	It is an oft-repeated mantra around here that security is everyone’s responsibility. Unfortunately, it’s easier said than done and this talk will describe how we introduced a new security approach to empower product teams, enable accountability among team leads and ensure teams and leadership are jointly informed about and responsible for risks. This cross functional requirement, which can impact the reputation and financial status of any company, being reactively implemented across most teams highlights a process gap. That is what we sought out to solve and a year later, we have engineers who have learned the value of “why” in security and SDLC controls, as opposed to checking a box like it has been done countless times before, a maturity model that helped leadership take informed decisions. An important aspect of the organizational culture shift needed for improving AppSec is the critical role of security champions. Security champions are your AppSec specialists who help lead, mentor and train the team. These champions help share the load with the dedicated AppSec leaders helping magnify the impact of AppSec in the organization. They lead by example for the development team and are pivotal to the cultural change needed for security. In this session you will learn: How to communicate and educate your teams on security approach and best practices Leverage security champions embedded within the development teams to scale the impact of your AppSec program Measure and coach teams through the process and to improve both their and the organization's overall application security posture	https://www.youtube.com/watch?v=HjQkXvo9bhw	WomenTechNetwork Remote (2022) WeAreDevelopers, Berlin, Germany (2022) LeadDev, SanFrancisco, USA (2022) 4) Code.Talks, Hamburg, Germany (2023)
Championing a Security Culture	An important aspect of the organizational culture shift needed for improving AppSec is the critical role of security champions. Security champions are your AppSec specialists who help lead, mentor and train the team. These champions help share the load with the dedicated AppSec leaders helping magnify the impact of AppSec in the organization. They lead by example for the development team and are pivotal to driving the cultural change needed for security. In this session, my colleague Nitin Raina and I will touch the following topics: How to communicate and educate your teams on security approaches and best practices Leverage security champions embedded within the development teams to scale the impact of your AppSec program Measure and coach teams through the process to improve both their and the organization's overall application security posture	https://www.youtube.com/watch?v=UR_qsI8Nzgo	AppSecCon, Remote (2022)
Applying A Technical Brain To Organizational Design	Some of us face a dilemma whether the only path for a developer are technical leadership roles & box our career indirectly. I definitely felt so and looked to understand what it takes to embrace such strategic leadership roles when I was offered to play the change lead of an existing technical onboarding program. I realized this endeavour would need to be treated just like a client software delivery product and my experience in delivering quality software using agile engineering practices could pave a path for implementing change management. I will present how software development can inspire change initiatives by applying a technical brain to organizational design. The presentation will share practical techniques to navigate through challenging roles within the technology space and overcome imposter syndrome. The presentation hopes to inspire others who may feel limited, are hesitant or intimidated by potential opportunities in technology. Moreover, the audience would be enabled to use one’s foundation in agile software development to take a step up for a leadership level change management role.	https://www.youtube.com/watch?v=36sjzZuMp0g	Global Tech Women, Remote (2021)
Women in Tech: Growing in a competitive career and managing life choices	This is an exclusive virtual panel discussion for TechGig Geek Goddess 2020, where women tech leaders discussed the career growth of women technologists. Key points of discussion Women in Tech- Career, Progression and Transformation Maximizing feedback for career growth Identifying the opportunities that help climb the corporate ladder Resolving skill gaps and representation challenges		TechGig, Invited Panelist, Remote (2020)
Who owns your Android Application?	Just like any other software system, Android has its own list of security problems. It is a race between hackers and Android platform developers. Some of the most eligible security professionals are handling the security of Android platform, but what about the application you are going to release to millions of users via Play store? Can a user "trust" your app?If you think about it - Can an innocuous looking permission enable a hacker to read loads of private data from your phone and indirectly from your app? Can locally saved data be accessed and used by the hacker against you? In this talk, Nazneen will demonstrate how malicious users can abuse your application and some insight into logging issues, shared preferences, web views etc. By the end of the session, you shall get a deeper understanding of securely implementing Android components which can prevent leak of sensitive data.	https://www.techgig.com/webinar/Who-do-you-think-owns-your-Android-Application-858	Mobile Developer Summit, Bangalore, India (2014) 2) TechGig, Webinar (2016) 2) DroidCon, Turin, Italy (2016)
Where do your tests belong?	After looking at multiple android applications tests, we can see that most of them rely heavily on end-to-end tests, UI tests, and customer facing tests, rather than unit tests. This is a classic “inverted test pyramid”. While most of the people know about this inverted test pyramid, there are challenges in writing tests at the unit level for Android apps because of the platforms’ architecture. We too struggled with the right approach to test our application initially. We eventually figured out an approach by experimenting with different design patterns like MVP (Model-View-Presenter), MVVM and different testing frameworks like JUnit, Roboelectric, Espresso, Calabash. In this talk, my colleague Vidhi and I talked about our journey to achieve the ideal test pyramid structure. We discussed the challenges we faced to test our apps and the approaches to overcome them with a working example.	https://www.youtube.com/watch?v=0NPWkhXnOK4	DroidCon, Bangalore, India (2015)
The other side to usability	User Experience has become a major buzzword in the world of smart-phones. This is what everyone asks you to focus on. It’s a very important criterion which decides whether an application will really click or just fade off. But what exactly is usability ? Researchers talk about ‘Basic Human Instincts’, experts talk about the ‘Useful, Usable and Desirable’ paradigm, and designers talk about ‘Themes and Colours’. This leaves the poor developer confused as to where to start, and what to focus on. Usability is not just about look and feel of the app, but also about how you build an app that is smooth, responsive, consistent, optimized in memory and battery usage, and at the same time pleasant on the eyes. By following a few guidelines, which may not be evident to all, we could actually improve usability of applications by leaps and bounds. In this presentation, my colleague Abhinav Manchanda shared how to solve this problem by concentrating on the basics. We helped identify the major bottlenecks with respect to performance and usability, how to remove them step by step, and by the end of the session came up with a version of the same app which is lighter, faster, more usable and better looking.		Mobile Developer Summit, Bangalore, India (2013)