From 0-Day to Secure Day

This July, OWASP Manchester welcomes you to AJ Bell’s generously hosted venue for an evening of thought-provoking talks, where three cybersecurity experts will unpack the latest innovations, emerging challenges, and developments shaping the security landscape.

Whether you're a seasoned security specialist or simply looking to expand your understanding of the evolving threat landscape, you'll leave with fresh perspectives, actionable knowledge, and the chance to connect with members of Manchester's thriving cybersecurity community. We look forward to welcoming you for an evening of learning, discussion, and networking.
-------------------------
Due to a corporate policy from the venue sponsor, to get into the venue & up to the event, you will need to register with your full name when signing up to the event AND show photo ID when checking in to the event on the night.
As we're still dealing with a large number of no-shows, if you don't attend without releasing your ticket, we may remove you from future events.
-------------------------
Agenda:
6:00 - Open doors & networking & drinks
6:15 - Introduction from OWASP
6:25 - Dan Harris - AJ Bell Introduction & Innovation
6:50 - Rory Sheldon - Using Firecracker microVMs and Foundation Models to Accelerate Malicious npm Package Analysis
7:15 - Refreshments (Food & Drinks & Networking)
8:00 - Alasdair Gorniak - Getting Your First 0-day
9:00 - Vacate venue -> to the pub for more socialising

LOCATION
-------------------------
AJ Bell
4 Exchange Quay,
The Quays,
Salford M5 3EE
-------------------------
SPEAKERS

Dan Harris
Chief Information Security Officer - AJ Bell - Nearly 20 years in security, the last decade leading functions inside major financial services firms. Dan started as a pen tester when he realised, he was better at breaking software than building it. Now he chairs senior risk committees but still loves a good exploit.

Rory Sheldon
Staff Product Security Engineer at Snyk
Using Firecracker microVMs and Foundation Models to Accelerate Malicious npm Package Analysis
Static signatures and manual review can’t keep pace with the volume of malicious npm packages. This talk explores using Firecracker microVMs for safe, fast, disposable execution environments combined with foundation models to speed up analysis. We’ll cover the architectural decisions, what the models are actually good at, and the gaps that still need solving.

Alasdair Gorniak
A cybersecurity researcher and ethical hacker focused on real-world vulnerability discovery. He has responsibly disclosed security issues to major organizations including Microsoft, NASA, and blockchain-based platforms, with multiple findings earning CVEs and bug bounties. His work spans web and local application security, grounded in hands-on testing of production software. Outside of breaking things, Alasdair pursues his personal faith, volunteers for charitable causes, and spends time outdoors with his family - running mountain trails and enjoying time in nature.
Getting Your First 0-day
We will be going over how you can get your first CVE and how you can use the knowledge from your first likely very poor CVE into something more much impactful. I will go over my starting CVE’s and then go into high impact CVE’s found by me and my team.
-------------------------
SPONSORS (Thank you for supporting our community!!)
-------------------------
AJ Bell - Venue Sponsor AND Food & Drink Sponsor
-------------------------