This repo is where I keep a list of my tech talks about application security, women in tech and related topics.
My name is Julia. I'm from Ukraine 🇺🇦 Nice to meet you! 👋
I'm a Lead Security Engineer at Cossack Labs, building convenient and affordable data security and encryption solutions. My main personal specialization is mobile application security and Secure SDLC, as I have a solid background in mobile application development. Together with my team I like to build secure stuff, not to break it 😄 I hold an SSCP certification.
Take a look at case studies for projects I worked on:
⭐ Product security for one of the biggest African banks
⭐ Xumm wallet security assurance and improvements
⭐ Building ironclad data security for M&A solution leader
⭐ Cryptographic IP protection for AI/ML product
⭐ Crypto wallet security assessment for Temple Wallet
I'm passionate about local tech communities. 👩🏼💻 I'm a Director at Women Who Code Kyiv, a Leader of the OWASP Zhytomyr Chapter, and a contributor to OWASP MAS.
TBD in 2024
Related article: Flutter application security considerations
The main ideas I've covered in my talk are:
- Crypto wallets security is not only about the blockchain, it is also about regular application security;
- Bypassing application-level security controls can be much easier than breaking cryptography;
- Application developers are not experts in cryptography, they usuallyy need assistance;
- Web3 enthusiast may not have deep knowlendge of security controls of the platform they are working on, e.g. web or mobile.
Slides: Crypto Wallets Security. For developers
Related article: Crypto wallets security as seen by security engineers
Presented at:
In my talk, I shed light on:
- The new risks React Native platform brings, comparing to native applications;
- The security challenges it adds for developers and the potential vulnerabilities they should be aware of;
- Time management issues when dealing with dependencies.
Slides: React Native Security. Addresing Typical Mistakes
Related article: React Native Security: Thing to Keep in Mind
Video: Youtube (in Ukrainian)
Presented at:
- OWASP 20th Anniversary - 24 September 2021
- Oh My Hack! International - 11 May 2021
- OWASP Ukraine - 5 December 2020
Alternative title: "Why can't developers make it secure?"
In this talk I raise the following questions:
- The difference between secure coding and secure architecture;
- The importance of communication, ownership and shared responsibility;
- SSDLC and secure architecture lifecycle.
Slides: The Art of Secure Architecture
Slides: Why can't developers make it secure?
Video: Why can't developers make it secure? (in English)
Presented at:
Alternative titles: "Making authentication more secure", "When authentication goes wrong"
It is a talk created for the audience of mobile application developers where I show
- Guides and standards commonly used to assess security level of the mobile apps;
- Common mobile app authentication vulnerabilities and how to find and fix them;
- Local authentication best practices with examples.
Slides: Secure Authentication. Are you sure you do it right?
Video: Vimeo (in English) Youtube (in Russian)
Presented at:
- NSSpain - 19 November 2020
- WTM Lviv / CocoaHeads Lviv local meetup - 29 September 2019
- CocoaHeads Kyiv CocoaFriday local meetup - 10 May 2019
It was a short interview under their "X questions" format where I was answering general questions about working in cybersecurity. For example, who is security engineer, what are pros and cons of profession in cybersecurity, are security certifications worth it, etc.
Video (in Ukrainian) - 28 April 2023
This meetup was a mix of talks and roundtables of security experts who works with foreign customers and those who works on government-led projects. It showed how different cybersecurity careers can be.
Profession and career in cybersecurity meetup - 5 April 2023
The audience of IT Nation 2.0 are people who fled from war from Eastern part of Ukraine and who are willing to build a tech career. It was a series of online cources and additional events with mentors and experts of different professions. I've joined as a mentor for a group of internally displaced women to encourage them to pursue their dream job. Later on, I've also joined a roundtable about career in cybersecurity.
IT Nation 2.0 - October 2022
We've dicussed what secure software development lifecycle is and how to implement it.
Video (in English) of the event - 21 September 2022
A series of cozy online meetups of the local WWCodeKyiv chapter - started in 2021. We share our recent thoughts about security with the members of the community. Recent topics:
- WWDC news: Security & Privacy;
- Books, blogs, people to learn more about security.
A roundtable session with Anastasi Voitova and Julia Vashchenko where we discuss real-life securuty cases together with the audince of iOS developers.
Video (in English) from the conference SwiftHeroes - 2 October 2020
A lightning talk presented at Women Who Code Connect - 10 June 2021.
Presented at iOS Ukraine - 17 May 2021.
Presented at OWASP Zhytomyr local meetup - 29 June 2019.
Presented at OWASP Kyiv local meetup - 6 April 2019.
Presented at WTM Ukraine: Recharge for 2024 - 10 December 2023.
Presented at MacPaw meetup: Women in Engineering - 25 October 2023
Vector media interviewed Women Who Code Kyiv members, including me, about building tech community for women and stereotypes that we're facing. We talked about the history of our chapter, our mentoring program and how we continue to funtion even during russian full-scale invasion of Ukraine.
Article (in Ukrainian) - 11 May 2023
It was a Podcast where participants were raising donations for Armed Forces of Ukraine. While we were aiming at 4 million hryvnias, we've actually raised 12 millions! It is about $300 000. I was just amazing. I was just one of the guests. I've talked about Women Who Code Kyiv community and stereotypes about women in tech.
Video (in Ukrainian) - 20 August 2022