During the last few years I had the opportunity to present and give demos on a regular basis. My expertise is where security, business, software development, and open source software meet.
- Django and security?
- Privacy for non-paranoia people?
- Securing Linux?
Here is an overview of talks I’ve given in the last couple of years, or are scheduled.
Tips to create better* shell scripts
Whether you call yourself a system administrator, developer, or DevOps sprint mediator, life is too short for sloppy shell scripts! In this talk, we look at how to improve them to stand the test of time. Michael will share how to create a good foundation for your scripts, so they run more reliable now and in the future. Your (future) colleagues might love you for it.
Focus areas of this presentation include error handling, security, style, and best practices. Also, it will cover (many) mistakes made by Michael over the last 20 years. Got some of your own? They are welcome as part of the discussion.
* Improved readability, increased fault-tolerance, and more security.
Under the microscope: Linux security tools
Periodic health checks for Linux systems
- Date: 2018-06-05
- Event: D3NH4CK
- Presentation: periodic health check for Linux systems (PDF)
- Original title: “de technische APK voor Linux” (Dutch)
Behind the scenes of an open source project
- Date: 2018-03-12 and 2018-03-17
- Event: Linux & Open Source Tilburg and NLLGG
- Presentation: Behind the scenes of an open source project (PDF)
Why simplicity is important
- Date: 2017-05-16
- Event: NLUUG
- Presentation: The beauty of simple (PDF)
The state of Linux security in 2016
Stories about Linux and what happened in 2016 regarding security.
- Date: 2016-12-07
- Event: DBLUG (Project 073) (Meetup)
- Presentation: The state of Linux security in 2016 (PDF)
Getting traction for (your) open source projects
- Date: 2016-11-12
- Event: T-DOSE / NLLGG
- Presentation: Getting traction for your open source projects (PDF)
So you got an idea, some code, and now you only need the users and contributors? A good idea is not enough to have a successful project. Open source software projects need also marketing, promotion, and optimization. We will look at the technical and non-technical level on how to enhance OSS projects. This with the goal to get more happy users and gain more traction. I will share from personal experience what works (and what not!), including examples. Subjects include simplicity, the website, dealing with social media, optimize for users and search engines, and the tiny details that matter.
This talk is useful for developers, contributors, and also users of open source software. No programming skills are required.
Relevant article: How to promote your open source project .
Lynis demo at Black Hat Europa (London)
- Date: 2016-11-04
- Event: Arsenal at Black Hat Europa (London)
A live ongoing demo about how Lynis can help with system hardening, compliance testing, and more. The Arsenal is part of the Black Hat conference and consists of passionate developers who show their open source security tools.
Linux Security Workshop
- Date: 2016-09-29
- Event: Private session
Presentation about the types of malware and the ones affecting Linux systems. We had a look on how rootkits work and some defenses we can apply to increase detection rates.
- Date: 2016-07-06
- Event: DBLUG (project 073)
- PDF: see earlier presentations
Securing Linux Systems with Lynis
Are you really sure the security of your Linux systems is done properly? Since 2002, Michael Boelen performs research in this field. The answer is short: there is too much to possible and to do. For this reason, he created several open source security tools, to help others saving time. We will look into how Lynis can help with technical security scans.
- Date: 2016-05-10
- Event: Linux Usergroup Nijmegen
- PDF: Linux Security Scanning with Lynis (or Slideshare)
Linux Security Workshop
In this private workshop, 14 students learned about the wide range of possibilities when it comes to Linux security.
- Date: 2016-03-29
- Event: Private session
Dealing with Linux Malware
We often hear that viruses do not affect Linux systems. If it was only true… To understand why there is malware in the first place, we look at the reasons for evildoers to create harmful software. When that is clear, we move on by defining several types of malware, to finally focus on a very particular one, the rootkit. A quick course into the cleverness of rootkits follows, with the related challenges it offers for detection. We close the session by giving tips on detection and prevention.
So you think the systems at your employer can actually use a little bit more security? Or what about your own system to gain more privacy? In this talk, we discuss the reasons for Linux server and system hardening. First we learn why we should protect our crown jewels, and what can wrong if we ignore information security. Next is getting a better understanding of the possible resources we can use. And since system hardening can be time-consuming, we discuss some tools to help in the system hardening quest.
How to Deal with a Compromised System?
Malicious software now exists for more than 40 years. Linux is just another platform having to deal with that threat. But the question remains how should we act when we find a backdoor or rootkit on our system. In this talk, the threat and defenses will be explained.
Linux Security, from Concept to Tooling
Linux is considered to be a secure operating system by default. Still there is a lot to learn about system hardening and technical auditing. This 1-hour presentation explains the need for hardening and auditing of your systems. We discussed some additional documents and tools, to further help this endeavor.
Linux Security for Developers
To help developers create more secure software, we have to understand the need first. This introduction talk was 2 hours, with many individual tips to know why security is important, and the possible consequences if we ignore that. We covered specific items to enhance the security posture of our applications. Finally, we finish the presentation by sharing the need for performing regular technical audits.
- BlackHat USA (Las Vegas) / BlackHat Europe (Amsterdam) – Lynis demo
- Haagse Hogeschool – Workshop Linux Security
- NLUUG – From open source to a company (Dutch)
- Kollab Summit – Workshop Linux Security and Hardening
- openSUSE Conference – Docker Security: Are your containers tightly secured to the ship?
- BlackHat Europe (Amsterdam) – Lynis Demo
- NLUUG – How Many Security Layers Are Enough?
- NLUUG – Security Auditing and Hardening for Linux
- Interested in slides? Check out some of the presentations.
Some ideas for future presentations
Linux IPv6 security
An introduction into IPv6 with the primary focus on security aspects for Linux systems.
Security is hard: tool developers to blame?
Still in 2016, security remains complicated. Why is that and how can we solve it? Showing by example how “simple” tools can still be difficult. There is room to improve.
A dive into ELF binaries and files, and how they work on Linux.
My article The 101 of ELF Binaries on Linux: Understanding and Analysis was covered on Reddit, Twitter and other websites.