Jessy Irwin is Head of Security at Tendermint, where she excels at translating complex cybersecurity problems into relatable terms, and is responsible for developing, maintaining and delivering comprehensive security strategy that supports and enables the needs of her organization and its people. Prior to her role at Tendermint, she worked to solve security obstacles for non-expert users as a strategic advisor, security executive, consultant and former Security Empress at 1Password. She regularly writes and presents about human-centric security, and believes that people should not have to become experts in technology, security or privacy to be safe online.
Her current interests include security maturity and culture, usable security and secure UI/UX, and building impactful security teams and programs in emerging blockchain technologies. One day, she hopes to have the time to write extensively about security here on her blog.
Upcoming talks:
- Purdue University: Communications + Code: Building Cybersecurity Strategies for Humans and Machines
- Center for Technology, Society and Policy, University of California at Berkeley: Digital Security Crash Course
Talks:
- Cracking the Security Communications Code: Talking about Security without FUD, RSA 2018
- Building Your Own Old Lady Gang, OURSA 2018
- It’s Us, Not Them: Exploring the Weakest Links in Security, O’Reilly Security 2017
- It’s Us, Not Them: Exploring the Weakest Links in Security, IT World, South Africa
- O’Reilly Security, New York and O’Reilly Security, Amsterdam, 2016
- Structure Security, San Francisco
- Student Privacy + Security, Mozilla Privacy Lab, July 2016, San Francisco
- Encrypt Yourself: Opsec for Developers, TechSummit Amsterdam, June 2015, Amsterdam, NL
- Usable Encryption + Privacy Tool Cryptoparty RSA, March 2016, San Francisco
- Speak Security and Enter: Better ways to communicate with non-technical users, Infosec Southwest, Austin, TX, April 2016
- #edsec: A Crash Course in Teaching Privacy + Security in the Classroom, Silicon Valley Computer Using Educators, March 2016
- Speak Security and Enter: Better ways to communicate with non-technical users,
Shmoocon, Washington, D.C., January 2016 - Lightning Talk, Passwords15, Cambridge University, Cambridge UK, December 2015
- Toorcon, September 2015
- BSidesSF, March 2015
- BSidesLV, August 2014
- SVCUE, 2013 + 2014
Writing:
- Everything you need to know about privacy may just be on Reality TV, The Firefox Frontier (Mozilla)
- Two Passwords Are Always Better Than One, The Outline
- Facebook’s Idiotic Solution to Revenge Porn, The Outline
- Drawing Lessons from July’s Jeep Hack, TechCrunch
- Grooming Students for A Lifetime of Surveillance, Model View Culture
- Don’t Get Shellshocked: The Latest Security Loophole that Could Put Student Data at Risk, EdSurge
- Why Net Neutrality Matters for Education, Edsurge
- Stopping the #Heartbleed: What Edtech Entrepreneurs Must Let Users Know, EdSurge
- How Educators Can Protect Students’ Data from Security Breaches, MINDShift
Quotes:
- Security Flaws on Comcast’s Login Page Exposed Customers’ Personal Information, Buzzfeed
- Can #MeToo Change the Toxic Culture of Sexism and Harassment at Cybersecurity Conferences?, The Intercept
- Don’t Use Software to Spy on Your Spouse, Motherboard
- We surveyed 100 security experts. Almost all said state election systems were vulnerable., Washington Post
- The Network, Washington Post
- A Paranoid’s Guide to the Internet, CNET
- At OURSA, Women and Minority Speakers Make Cybersecurity Human, CNET
- How Chromebooks became the go-to laptops for Security Experts, CNET
- You Should Really Add a PIN To Your Cellular Account Now, Buzzfeed
- Ready for more secure authentication? Try these password alternatives and enhancements, CSO Online
- The Motherboard Guide to Sexting Securely, Motherboard
- Want to Know If Your SSN Was Included in the Equifax Breach? Good luck!, Motherboard
- The Equifax Hacks Are A Case Study in Why We Need Better Data Breach Laws, Vox
- Instagram alerts high-profile users their data may have been accessed, CNN Money
- Facebook’s New Security Feature Made Me Think Too Hard About Who My Real Friends Are, Motherboard
- How to protect your political campaign in a hack-heavy world, CNN Money
- Security Summit: Security practitioners the weakest link, ITWeb
- Here’s Everything You Need To Know About Sketchy Emails, Buzzfeed
- How to transition from consumer to small-business computer security, The Parallax
- New Report Says Tech Companies Spying on Students in School, CNN
- Top 20 Women in Cybersecurity, Cyberscoop
- Zocdoc Doesn’t Offer Two-Factor Authentication For Your Medical Info, Vocativ
- Your Data is Not Safe. Here’s How to Lock it Down, CNN
- How to Pick a Password Manager, Christian Science Monitor
- Parallax Primer: Are Password Managers Safe to Use?, The Parallax
- Keep using Password Managers, Bugs and All, CSO Online
- Salted Hash: Phishing study reveals frightening password habits, CSO Online
- The truth about the Pokémon Go privacy controversy, The Week
- Facebook Hack Shows It’s Time to Upgrade Our Method of Verifying Identity, Motherboard
- Google Simplifies Two-Step Verification, Threatpost
- No Simple Fix for Password Reuse, Threatpost
- Stolen Twitter Credentials Latest Dataset for Sale, Threatpost
- What it feels like to lose control of your entire digital identity, the Daily Dot
- The Box You Absolutely Must Check When You Change Your LinkedIn Password, Motherboard
- How to Protect Your Nude Selfies From Vengeful Ex-Boyfriends and Trolls, Vice Broadly
- Female Hackers Still Face Harassment at Conferences, Motherboard
- You Can Easily Use Encryption: Here’s How, Tom’s Guide
- How to make security more approachable? Jessysaurusrex roars (Q&A), The Parallax
- Yet Another Reminder that the Internet of Thing is a Nightmare, The Daily Dot
- The VTech data breach shows kids are just as vulnerable to hacking, Mashable
- Kids’ data is valuable, too: Children at risk of identity theft following VTech hack, Global News
- What You Can Learn from the Ashley Madison Hack (Even If You Don’t Want to Cheat On Your Spouse), Forbes
- Schools keep track of students’ online behavior, but do parents even know?, CSO Online
Extensive Opinion Sharing on Podcasts + Radio + Video:
- Decipher Podcast, BlackHat 2018
- Vince in the Bay [Podcast], RSAC 2018: Jessy Irwin
- Jenny Radcliffe [Podcast], The Deception Chronicles, Episode 40
- Cylance, Why Security Failures Aren’t Always Your Fault
- Collective Intelligence [Podcast], RSA Mega-Podcast
- Silver Bullet Podcast with Gary McGraw, Episode 130
- On the Wire: BlackHat Roundtable [Podcast], Dennis Fisher, Patrick Gray, Mike Mimoso, Fahmida Rashid, Chris Brook and Brian Donohue, August 2016
- Jessy Irwin on Online Security [Video], Microsoft Channel 9 with Seth Juarez, June 2016
- On the Wire: Ransomware [Podcast], June 2016
- On the Wire: Authentication, Device Security, Privacy [Podcast], April 2016
- On the Wire: RSA Roundtable [Podcast], with Dennis Fisher of On the Wire, Chris Gonsales of IANS, Mike Mimoso of Threatpost, Fahmida Rashid of InfoWorld, and Chris Brook of Threatpost
- BBC Cambridgeshire [Radio], Hacker Christmas Cards for Kids , December 2015
- On the Wire: Authentication [Podcast], Dennis Fisher, December 2015
- Southern Fried Security Podcast: A microcast about metadata, open file formats and 1Password [Podcast], Steve Ragan + Joseph Sokoly, October 2015
- Threatpost: Operational security, user education, and privacy + security issues in education [Podcast], Dennis Fisher, September 2015
- Tech Moonshine: Pwning the Tin Foiled Hat People [Podcast], Sean Byrnes and Mike Rollins, August 2015
- A Rude Awakening with Sabrina Jacobs, July 2015