Xconf Australia | Online | September 10
Xconf Australia | Online | September 10

This event has ended.

XConf is our annual technology event created by technologists for technologists who care deeply about software and its impact on the world. 

Join us for our fourth year in Australia brought to you online.

The theme for this year’s conference is ‘the expanding impact of hostile tech’. As people rely more on technology, they are also more subject to unintended - even hostile - consequences. Combined with the increasing complexity of technology, the need for mature risk management and security practices has never been greater. 

XConf 2021 recordings are available here

Keynote and guest speaker

Scott Davis

Scott Davis

Principal Engineer


Scott Davis is a Principal Engineer with Thoughtworks, where he focuses on leading-edge, emerging, and non-traditional aspects of web development. Scott specifically works on serverless web apps, mobile web apps (Responsive PWAs), HTML5-based SmartTV apps, Conversational UIs (like Siri and Alexa), and building IoT solutions using web technologies. Scott’s focus on innovative web development has led him to his accessibility advocacy work, which includes educating developers on accessible web design and speaking about the importance of web accessibility for people with disabilities. Most recently Scott spoke at O'Reilly Fluent Conference (It's spelled "accessibility," not "disability"), explaining why accessibility should be just as important as mobile design strategy was 10 years ago.

Scott has been writing about web development for over a decade, and his books include Getting Started with Grails, Groovy Recipes, GIS for Web Developers, The Google Maps API: Adding Where to Your Web Applications, and JBoss at Work. Scott is also the author of several popular article series at IBM developerWorks, including Mastering MEAN, Mastering Grails, and Practically Groovy. His videos include Architecture of the MEAN Stack, Responsive Mobile Architecture, and On the Road to Angular 2.

Lizzie O'Shea

Lizzie O'Shea

Founder and Chair

Digital Rights Watch

Lizzie is a founder and the chair of Digital Rights Watch, which advocates for human rights online. She also sits on the board of Blueprint for Free Speech and the Alliance for Gambling Reform. At the National Justice Project, she worked with lawyers, journalists and activists to establish a Copwatch program, for which she was a recipient of the Davis Projects for Peace Prize. In June 2019, she was named a Human Rights Hero by Access Now.

As a lawyer, she's spent many years working in public interest litigation, on cases brought on behalf of refugees and activists, among others. She was proud to represent the Fertility Control Clinic in their battle to stop harassment of their staff and patients, as well as the Traditional Aboriginal Owners of Muckaty Station, in their successful attempt to stop a nuclear waste dump being built on their land.

Her book, Future Histories (Verso, 2019), looks at radical social movements and theorists from history and applies them to debates we have about digital technology today. It was shortlisted for the Premier’s Literary Award.


Harmeet Sokhi

Harmeet Sokhi

Lead Data Consultant

Effy Elden

Eugene Kariba

Senior Software Developer

Effy Elden

Effy Elden

Senior Infrastructure Consultant

Kelsey van Haaster

Kelsey van Haaster

Principal Consultant - Product Owner Identity

Diana Adorno

Diana Adorno

Principal Consultant, Experience Design and Research

Vishal Srivastava

Vishal Srivastava

Senior Data Engineer

Kiruthika Samapathy

Kiruthika Samapathy

Leading Engineer

Peter Barnes

Peter Barnes

Principal Technologist

Robin Doherty

Software Security Principal

Archana Khanal

Senior Software Developer

Nigel Dalton


Nigel Dalton

Social Scientist, Thoughtworks Australia

As a Social Scientist, Nigel equips organisations with the tools and thinking that can accelerate them to become a Modern Digital Business – seamlessly managing online to offline in a post-customer, more human-centric world.

Agenda - Day 1

Monday | September 13| 2:00pm - 4:00pm AEST

Workshops are at full capacity.

How not to make the news - agile threat modelling

Track 1 facilitators: Kelsey van Haaster & Vishal Srivastava | Track 2 facilitators: Archana Khanal & Robin Doherty

When developing user stories for a new product or feature, stories for security requirements are all too often an afterthought or not considered at all. However, the real challenge is that from the stakeholder perspective, security is not viewed as a priority. In this interactive session, learn how to influence your stakeholders and help them understand the importance of security. We'll show you how to facilitate a threat modelling workshop with stakeholders to help identify risks and turn them into playable user stories.

Agenda - Day 2 (Talks)

Tuesday | September 14 | 9:30am - 3:50pm AEST

9:30am - 9:40am


Nigel Dalton

9.40am - 10.20am

Keynote: Digital trust and the architecture of participation

Scott Davis

In 2005, Tim O’Reilly coined the phrase “architecture of participation”, a Web 2.0 concept that pivoted the web away from a “publishing” metaphor to one of “participation”. Over thirty years later, Sir Tim Berners-Lee (the creator of Web 1.0) is back with a new perspective on the architecture of participation - one that is personal, privacy-based, and most strikingly, identity-based. His new decentralized approach to participation reintroduces the idea of digital trust back into our lives at a time when it is deeply needed and conspicuously absent. In this keynote, Scott will give pragmatic examples of digital trust that exemplify this new emerging era of the web and advise on how digital trust can be a competitive advantage for early adopters.

10.20am - 11.00am

Guest keynote: Tech for people, not users, and the role of human rights in design

Lizzie O'Shea

The term ‘hostile tech’ makes us think of the growing pile of tech scandals - from Cambridge Analytica to Robodebt - but from the perspective of users, technology can be hostile when it works exactly as it is supposed to. So what defines hostile tech might depend not only on who has designed it, but how it is experienced. Technology that entrenches power structures and bigotry is not the fault of users, but a problem for which designers must take responsibility. By thinking about design decisions through a human rights lens - focusing on empowerment, public participation and accountability - we can avoid contributing to a digital dystopia. Our guest keynote speaker, Lizzie O’Shea, will talk about the many ways a human rights-based approach to technology can be put into practice.

11.00am - 11.20am

Morning Break

11.20am - 12.00pm

Building a secure data platform: why good design and security go hand in hand

Harmeet Sokhi & Kiru Samapathy

More data is being collected, stored, processed and exchanged than ever before. With wider access to all data sets beyond a specific domain and businesses leaning towards data-driven decision making, the risk of data breaches is at an all-time high. This session will introduce how to leverage data classification to design a secure data platform and how this can be extended to protect data based on risk levels. 

12.00pm - 12.40pm

Lunch Break (includes guided meditation)

Rixt Wiersma

12.40pm - 1.20pm

Passwordless: a story of risk, protection and excellent UX

Kelsey van Haaster

Dump your password and improve your security. The combined use of a password management system and multi-factor authentication might give us hope that our corporate assets are no longer protected by the same password someone used on their favourite shopping site, but unfortunately, things are never that simple. Passwordless authentication is one exciting way forward. In this session, Kelsey will share her experience introducing passwordless login at Thoughtworks.

1.20pm - 2.00pm

Trust teams but verify: compliance as code done right

Effy Elden & Eugene Kariba

How can organizations enable developers to deliver secure and compliant software without becoming a bottleneck for innovation and a drain on team morale? As a relatively new area, Compliance as Code offers a potential solution to this challenge. In this talk, Effy and Eugene will discuss the various aspects of Compliance as Code, including the benefits, challenges and common pitfalls.

2.00pm - 2.20pm

Afternoon Break

2.20pm - 2.50pm

The psychology of security - why we make mistakes

Diana Adorno

When it comes to security, human error accounts for many data breaches. But have you ever wondered why we make mistakes in the first place? Is it really human error or something else going on? Based on first hand research and established behavioural research, Diana will share why this happens. Topics include how to think about people and security, security in teams, and the strategies to help reduce the risks.

2.50pm - 3.20pm

The **** we've seen

Peter Barnes

Barely a day goes by without another security incident hitting the news. Many legacy systems are ridden with vulnerabilities and, even as digital businesses accelerate, the threats continue to evolve at an ever increasing rate. Yet, the majority of these incidents could have been avoided if they had followed a deceptively simple principle. Join Peter as he shares their (almost true) stories of security gone wrong and how to mitigate the risks.

3.20pm - 3.50pm

Speaker Lounge

Come meet our speakers and have your hard hitting questions answered.