The LocoMoco Security Conference is a Hawai’i-based builder and defenders conference, focused on product security, for people interested in making impactful and long lasting changes to the state of web and application security.
While we value the work of breakers and researchers, we cater to those making it harder to break things.
Purchase a ticket today
Call for Proposals
Recent LocoMoco News
Talks from LocoMoco 2018
Product Manager for Chrome Security, Google
The Trouble with URLs, and how Humans (Don’t) Understand Site Identity
Emily Schechter is Product Manager for Chrome Security at Google, where she works on Chrome Security UX and HTTPS adoption on the web. She has previously worked on the Google Safe Browsing and Anti-Malvertising teams to keep Google and web users safe from online threats. Emily has degrees in Computer Engineering and Economics from Dartmouth College.
Microsoft Regional Director and MVP for Developer Security
I’m Pwned. You’re Pwned. We’re All Pwned.
Troy is a Microsoft Regional Director and MVP, Pluralsight author and world-renowned internet security specialist. He spends his time teaching developers how to break into their own systems before helping to piece them back together to be secure against today’s online threats. He’s also the creator of “Have I been pwned?”, the free online service for breach monitoring and notifications. Troy regularly blogs at troyhunt.com from his home in Australia.
Engineering Manager, Product Safety, Dropbox
How I learnt to play in the (CSP) Sandbox
Devdatta leads the Product Security team at Dropbox. Before that, he received a PhD in Computer Science from UC Berkeley. His graduate research focused on browser and web application security, during which time he also collaborated with the Firefox and Chrome teams. He is a co-author of award-winning papers on security at top academic conferences and has also spoken at Blackhat, AppSec Cali, etc. He is also a co-editor on the Sub Resource Integrity and Sub Origins specifications at the W3C. More info about him (including how to pronounce his name) is at devd.me.
Distinguished Engineer, Ping Identity
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
As a Distinguished Engineer for Ping Identity, Brian Campbell aspires to one day know what a Distinguished Engineer actually does for a living. In the meantime, he’s tried to make himself useful with little things like designing and building much of PingFederate, the product that put Ping Identity on the map, and creating the popular open source JWT library jose4j. When not making himself useful, he contributes to various identity and security standards including a two-year stint as co-chair of the OASIS Security Services Technical Committee (SAML) and ongoing contributions to OAuth, JOSE and Token Binding in the IETF as well as OpenID Connect. He holds a B.A., magna cum laude, in Computer Science from Amherst College in Massachusetts.
Co-founder and CTO, Kolide
Starting, growing, and scaling your host intrusion detection efforts.
Mike Arpaia is the CTO and Co-Founder of Kolide and the original creator of osquery, which he created, open-sourced, and widely deployed while working at Facebook. While at Facebook, he then went on to lead the company’s intrusion detection efforts, where he was responsible for all infrastructure and network instrumentation. Before his time at Facebook, Mike worked at Etsy, on a custom host intrusion detection product, which he deployed and managed across Etsy’s corporate infrastructure. Mike is excited to continue working on open source technologies in the operating system instrumentation and analytics domain, which continues to be a passion area for him.