Mark El-Khoury

Mark El-Khoury started as an offensive security consultant, doing penetration testing and code and design reviews. Mark then expanded his skillset into the defensive side, leading cybersecurity at various organizations and industries, including: gaming, fintech, and biometrics. Mark is a conference speaker, holds security certifications, and was an instructor at a Columbia University cybersecurity bootcamp for over four years. Mark is now Director of Security Engineering at Movable Ink.


Sessions

08-15
14:00
50min
CRXaminer - Deep Dive Into Chrome Extensions (Plus Tool)
Mark El-Khoury

You spend your time configuring HTTP headers and hardening your containers. Meanwhile your CFO just downloaded a Chrome extension to make the font in Gmail Comic Sans. What are Chrome extensions, exactly? This talk will dive into details, including format, contents, static analysis with custom rules, threat modeling (when does this even matter?), and some of the unique challenges of building a security scanner. A tool will be demoed that has just been released for this: CRXaminer (crxaminer.tech). You will learn how you can immediately start using it.

Talks & Panels
Tobin
08-15
16:00
180min
Practical and Continuous Security Engineering (Starting a Security Program for Free)
Mark El-Khoury, Omar

This workshop is a hands-on exercise in building a good security program. The presenters have built security programs from scratch at multiple companies and have found that, while the companies can vary, the fundamentals remain roughly the same. The goal here is to bridge the gap between common infosec vendor jargon and practical security engineering work. There’s no shortage of acronyms being invented every week in the realm of security engineering. Instead of wading through these buzzwords that might not even be around by the end of the year, this workshop will dig into the principles that make for a good security program. These principles will then be applied with practical hands-on exercises where you’ll use free and open source security tools to build continuous security automation and alerting similar to ones that have been built when starting new security programs.

Workshops
Workshop B / Tobin 221

Past HOPEs: i ii iii iv vi vii viii ix xi xii xiii xiv xv