What We Do in the Shadows

Fri September 04, 12:45 PM–01:10 PM • Back to program
Start time 12:45
End time 13:10
Countdown link Open timer

This talk delves into the psychology of shadow IT, the opportunities that can grow out of the corporate underground, and how to get these systems out of the shadows and into the light.

We've all done it. Setting up a Slack to chat to our colleagues when the proper system doesn't cut it. Forwarding a document from work to our personal email address so we can read it on the device we want to. Building out experimental services on our personal AWS accounts because we couldn't get the permissions we needed on the company's systems.

Every organisation's infrastructure has its shadow, the unofficial system of servers, accounts, and hardware that crisscrosses and bypasses the sanctioned pathways. It is every security department's nightmare and every development team's open secret. From the newest graduate to the CEO, we all know at least some of these shortcuts.

This talk is a space for both confession and redemption: in it, we will delve into the psychology that leads to the development of shadow IT, the opportunities that can grow out of this corporate underground, and how to get these systems out of the shadows and into the light. Developers and security professionals alike will emerge from this talk with the tools they need to build the systems they actually want.

Lilly Ryan she/her

Lilly Ryan (@attacus_au) is a historian-turned-hacker. In addition to her day job discovering vulnerabilities in web applications, Lilly is an erstwhile Python developer and serves on the board of Digital Rights Watch. She writes and speaks internationally about facial recognition, social identities after death, teamwork, and the telegraph.