Upgrade to Pro — share decks privately, control downloads, hide ads and more …

You Are Not Netflix: How to learn from conferen...

You Are Not Netflix: How to learn from conference talks

Conference talks and engineering blogs are often quilted from small omissions and half-truths. These include subtle white lies about collaboration, minimize of technical challenges, inflate outcomes, and omit critical details regarding risks, technical debt, and unresolved issues. This is part of the unspoken social contract in sharing sensitive internal information publicly.

The key is to read between the lines, spot the implicit, and still extract meaningful insights. This talk will provide you with a framework to navigate these nuances effectively.

We’ll explore what is often left unsaid, examine real-world examples, and equip you with the tools to make the most of fwd:cloudsec and similar events!

Avatar for Rami McCarthy

Rami McCarthy

July 01, 2025
Tweet

More Decks by Rami McCarthy

Other Decks in Technology

Transcript

  1. You Are Not Netflix How to learn from conference talks

    Rami McCarthy Principal Security Researcher
  2. Raise your hand if you’ve: Always told the truth, the

    whole truth, and nothing by the truth
  3. Hi, I’m Rami Security Researcher @ Wiz Previously: Figma, Cedar,

    NCC Group (I’m 3 / 4 at “jobs via fwdcloudsec”) Advisor:
  4. Why aren’t conference talks truthful If you didn’t pretend this

    project performed miracles, you don’t get to speak (we all want to look and sound smart)
  5. Why aren’t conference talks truthful The truth can be embarrassing

    (to the speaker, or their company, or individuals)
  6. We shipped a cool, complicated break glass system (because the

    database needed a solid kick every week to stay running)
  7. Netflix has 10 years of data gravity, and have blown

    through service limits Other architectural patterns aren’t available to them!
  8. Rethinking the Security “Con” If you can’t lock down your

    desktops, what the hell are you doing listening to someone talk about malware reversing and shellcode? Very few con talks touch on the mundane bullshit that we’re sucking at. - Dave Shackleford, 2014
  9. 1. Go in eyes open 2. Know your problems, seek

    solutions 3. Connect with speakers personally 4. Get in the details 5. Share back