Secure organisations are built on education, not fear.

Our aim is to develop security practices, tools and techniques that make information security business-as-usual for all agile organisations.

Our Presentations & Publications

We believe that education and contributions to the wider development and security communities are important.

We contribute to these communities by presenting at conferences, meetups and user group events. If you're interested in having us at your event please get in touch.

Past Presentations

Security in a Container-based World
Microsoft Ignite NZ, 2015

So your organisation is migrating away from dedicated infrastructure to a containerised approach? In this session we will explore the security considerations involved in such a migration and outline approaches, tools and guidelines to make this transition (and your data) as safe and secure as possible.

Securing Microservice Architectures
Microsoft Ignite NZ, 2015

Microservices are big business! Moving away from complex monolithic architectures has a range of well documented benefits to both developers and the business at large.

In this session we take a look at securing microservice architectures and discuss tools, techniques and considerations to achieve this.

Better Connected
Microsoft Ignite NZ, 2015

You already know that diverse perspectives and problem solving approaches result in increased innovation, better products and services and a better bottom line.

Be inspired to encourage and welcome the next generation of girls and supportive boys into technology.

Find motivation and advice to change the small things for one of the industry’s minorities and be at the crux of this pivotal movement.

Continuous Security – Securing Agile Development Environments
Agile NZ, 2015

Agile development is a powerful tool for the creation of high-quality software products. It has however scared the life out of many security managers and risk leaders. Once the job of a dedicated security team, security is now the responsibility of all members of our Agile teams.

So how do we bring continuous security to our lifecycles without compromising velocity and innovation? What tools and techniques do we need and when should we apply them?

Automated human vulnerability scanning with AVA
BlackHat USA, 2015

It will not be a surprise to you that of all the elements within our organisations and systems, the people are most likely to expose us to risk. In short we are a mess of emotional unpredictablity that threaten us all (and security professionals are the worst of the bunch).

Many very clever people have spent a long time teaching us this. This is not news.

For the greater good? Open sourcing weaponisable code
OSCON, 2015

I am a strange sort of software developer.

I write tools that help people stay safe in our interconnected world. I do so because I believe that the internet is a wonderful thing and we all deserve to get the most of it without risk of attack or vulnerability.

The trouble is that to do this I have to do bad things.

The Anarchist's Guide to Application Security
Etsy Code as Craft, 2015

We build amazing applications, wondrous contraptions that are helping people to solve problems and MAKE THINGS BETTER. We are doing this at a record pace, with new code pushed to production servers frequently and by many individual developers. And we are doing this on the Internet, an evil place filled with terrible people who want to do our beautiful code creations harm?

Oh dear, so what now?

Protect your people
AusCERT, 2015

It will not be a surprise to you that out of all the elements within our organisations and systems, people are most likely to expose us to risk.

Technical vulnerability scanning is now mature and commoditised, allowing us to repeatably test and adapt our systems in the face of a changing threat landscape.

Securing organizations through bad behavior
Velocity, 2015

BAD PEOPLE want to attack your systems and organizations. They may already have your information and for all we know they are already using your servers to stream movies. Your core application is horribly insecure and you should be DOING STUFF about it. Sound familiar?

Building Secure & Usable Systems in a Connected World
ANZTB, 2015

We now live in a world where we are connected by default. Our systems and people share information in ways we had never considered possible just a few years ago. So how do you make sure that your systems and users are safe and secure when everyone has a super computer in their pocket.

Security skills for the adventurous developer
Codemania, 2015

So the internet is an evil place filled with terrible people who want to do you and your beautiful code creations harm?

Oh dear.. so what now?

Why can't we be friends? Integrating security into an existing agile SDLC, 2015

Agile development is often seen as a delicate balance of ritual and roles allowing for rapid development, continuous deployment and the expansion of the post-it note industry.

Eradicating the human problem
Kiwicon 8, 2014

People are a problem. We are tangled balls of emotional detritus that masquerades as a trusted member of society. Underneath this lacquered veneer of respectability however writhes a tiny pink squishy ball of vulnerability - the root of all evil, well the root of security issues anyway.

Teaching good developers to be bad people
Microsoft TechEd New Zealand, 2014

From a young age, we are taught to be good people. Don't touch that!, Don't go over there! Be careful, you'll break it! We are taught to anticipate what the behaviour of a tool, system or environment should be and interact with it accordingly.


Our Products

SafeStack are currently working on the following software and SaaS products.

Dfend logo


Plain English, action-oriented security alerts for the technologies you are actually using.

View Dfend
AVA Secure logo


AVA is a next-generation vulnerability scanner designed to make human security testing repeatable, measurable, and empowering. See how people really connect and communicate across a range of networks, technologies and channels and safely explore the flow of information in and out of your organisation.

View AVA Secure