BSidesVI24 Amanda McCavill with Upasana Kapoor

hi I'm Amanda with the samap community and today I'm at bides Vancouver Island with aasa aasa can you introduce yourself sure so I'm aasa I am a recent graduate from the University of Victoria I did my master of engineering and my major was telecommunication and information security I'm currently working at sap as a product security specialist apart from that I serve on the board for the isaka Victoria chapter and besides Vancouver Island I'm a fencer so that's something I do in my free time so if you work in product security can you tell us a little bit about what that means sure sap is basically a software based organization every software has bugs in it every software

has issues in it for the most part it's just us making sure that those softwares are patched and protect Ed from the bad guys fantastic so a PR of that would be bug bounties can you tell us what a bug Bounty is and what makes for a good bug Bounty versus a bad one bug bount is basically paying people to hack us responsibly come back to us and tell us and we pay them in return a bug bounding program is researchers reporting their security findings as validating those findings and then paying them the bug bount scene comes with certain rules and regulations firstly you have to make sure that whatever you're trying to break into is a part of the scope and

that you're not breaking the wrong thing cuz that that's going to be bad second thing would be severity levels for example we have informative low medium high very high that's something that you'd want to look into if it's something critical it might need immediate attention but if it's something okay we can maybe patch it in the next quter that's not something too bad you also mentioned that you volunteer with isaka as well as besides Vancouver Island can you tell us a little bit about that sure for the isaka Victoria chapter I work as the academic relations director I serve as a point of contact between isaka and different schools and University even high schools as well so what we do is we organize

annual conferences different workshops events Etc and for the most part like if if I talk about the annual conference it's targeted towards basically anybody who wants to get into cyber security or swis careers I promote the conference I promote the events and I keep in touch with different University professors students so that we can provide them with the help they need I think conferences are a great way to meet people get referal and just step up you know so that's what I do for isaka for bides I'm a director at large we do a little bit of everything for example this year I I think I did a lot of promotion for the besides conference

amongst different schools like we have y Cen apart from that our responsibility is also to bring in sponsors arrange the venue reach out to speakers we we did call for speakers called for volunteers so these are basically the responsibilities for a board member awesome so if people want to learn more about you where should they go I'm pretty active on LinkedIn I think that would be a good place to start because I think I post almost every couple days it's it's I think it's it's a it's unhealthy at this point in time but I think yeah you can you can find me on LinkedIn if you're around Vancouver I'd be more than happy to go out for a coffee or just have a

conversation on L thank you so much for joining me thank you so much for having me