This event has ended.
XConf is our annual technology event created by technologists for technologists who care deeply about software and its impact on the world.
Join us for our fourth year in Australia brought to you online.
The theme for this year’s conference is ‘the expanding impact of hostile tech’. As people rely more on technology, they are also more subject to unintended - even hostile - consequences. Combined with the increasing complexity of technology, the need for mature risk management and security practices has never been greater.
XConf 2021 recordings are available here
Keynote and guest speaker

Principal Engineer
Thoughtworks
Scott Davis is a Principal Engineer with Thoughtworks, where he focuses on leading-edge, emerging, and non-traditional aspects of web development. Scott specifically works on serverless web apps, mobile web apps (Responsive PWAs), HTML5-based SmartTV apps, Conversational UIs (like Siri and Alexa), and building IoT solutions using web technologies. Scott’s focus on innovative web development has led him to his accessibility advocacy work, which includes educating developers on accessible web design and speaking about the importance of web accessibility for people with disabilities. Most recently Scott spoke at O'Reilly Fluent Conference (It's spelled "accessibility," not "disability"), explaining why accessibility should be just as important as mobile design strategy was 10 years ago.
Scott has been writing about web development for over a decade, and his books include Getting Started with Grails, Groovy Recipes, GIS for Web Developers, The Google Maps API: Adding Where to Your Web Applications, and JBoss at Work. Scott is also the author of several popular article series at IBM developerWorks, including Mastering MEAN, Mastering Grails, and Practically Groovy. His videos include Architecture of the MEAN Stack, Responsive Mobile Architecture, and On the Road to Angular 2.

Founder and Chair
Digital Rights Watch
Lizzie is a founder and the chair of Digital Rights Watch, which advocates for human rights online. She also sits on the board of Blueprint for Free Speech and the Alliance for Gambling Reform. At the National Justice Project, she worked with lawyers, journalists and activists to establish a Copwatch program, for which she was a recipient of the Davis Projects for Peace Prize. In June 2019, she was named a Human Rights Hero by Access Now.
As a lawyer, she's spent many years working in public interest litigation, on cases brought on behalf of refugees and activists, among others. She was proud to represent the Fertility Control Clinic in their battle to stop harassment of their staff and patients, as well as the Traditional Aboriginal Owners of Muckaty Station, in their successful attempt to stop a nuclear waste dump being built on their land.
Her book, Future Histories (Verso, 2019), looks at radical social movements and theorists from history and applies them to debates we have about digital technology today. It was shortlisted for the Premier’s Literary Award.
Speakers










Agenda - Day 1
Monday | September 13| 2:00pm - 4:00pm AEST
Workshops are at full capacity.
How not to make the news - agile threat modelling
Track 1 facilitators: Kelsey van Haaster & Vishal Srivastava | Track 2 facilitators: Archana Khanal & Robin Doherty
When developing user stories for a new product or feature, stories for security requirements are all too often an afterthought or not considered at all. However, the real challenge is that from the stakeholder perspective, security is not viewed as a priority. In this interactive session, learn how to influence your stakeholders and help them understand the importance of security. We'll show you how to facilitate a threat modelling workshop with stakeholders to help identify risks and turn them into playable user stories.
Agenda - Day 2 (Talks)
Tuesday | September 14 | 9:30am - 3:50pm AEST
9:30am - 9:40am
Welcome
Nigel Dalton
9.40am - 10.20am
Keynote: Digital trust and the architecture of participation
Scott Davis
In 2005, Tim O’Reilly coined the phrase “architecture of participation”, a Web 2.0 concept that pivoted the web away from a “publishing” metaphor to one of “participation”. Over thirty years later, Sir Tim Berners-Lee (the creator of Web 1.0) is back with a new perspective on the architecture of participation - one that is personal, privacy-based, and most strikingly, identity-based. His new decentralized approach to participation reintroduces the idea of digital trust back into our lives at a time when it is deeply needed and conspicuously absent. In this keynote, Scott will give pragmatic examples of digital trust that exemplify this new emerging era of the web and advise on how digital trust can be a competitive advantage for early adopters.
10.20am - 11.00am
Guest keynote: Tech for people, not users, and the role of human rights in design
Lizzie O'Shea
The term ‘hostile tech’ makes us think of the growing pile of tech scandals - from Cambridge Analytica to Robodebt - but from the perspective of users, technology can be hostile when it works exactly as it is supposed to. So what defines hostile tech might depend not only on who has designed it, but how it is experienced. Technology that entrenches power structures and bigotry is not the fault of users, but a problem for which designers must take responsibility. By thinking about design decisions through a human rights lens - focusing on empowerment, public participation and accountability - we can avoid contributing to a digital dystopia. Our guest keynote speaker, Lizzie O’Shea, will talk about the many ways a human rights-based approach to technology can be put into practice.
11.00am - 11.20am
Morning Break
11.20am - 12.00pm
Building a secure data platform: why good design and security go hand in hand
Harmeet Sokhi & Kiru Samapathy
More data is being collected, stored, processed and exchanged than ever before. With wider access to all data sets beyond a specific domain and businesses leaning towards data-driven decision making, the risk of data breaches is at an all-time high. This session will introduce how to leverage data classification to design a secure data platform and how this can be extended to protect data based on risk levels.
12.00pm - 12.40pm
Lunch Break (includes guided meditation)
Rixt Wiersma
12.40pm - 1.20pm
Passwordless: a story of risk, protection and excellent UX
Kelsey van Haaster
Dump your password and improve your security. The combined use of a password management system and multi-factor authentication might give us hope that our corporate assets are no longer protected by the same password someone used on their favourite shopping site, but unfortunately, things are never that simple. Passwordless authentication is one exciting way forward. In this session, Kelsey will share her experience introducing passwordless login at Thoughtworks.
1.20pm - 2.00pm
Trust teams but verify: compliance as code done right
Effy Elden & Eugene Kariba
How can organizations enable developers to deliver secure and compliant software without becoming a bottleneck for innovation and a drain on team morale? As a relatively new area, Compliance as Code offers a potential solution to this challenge. In this talk, Effy and Eugene will discuss the various aspects of Compliance as Code, including the benefits, challenges and common pitfalls.
2.00pm - 2.20pm
Afternoon Break
2.20pm - 2.50pm
The psychology of security - why we make mistakes
Diana Adorno
When it comes to security, human error accounts for many data breaches. But have you ever wondered why we make mistakes in the first place? Is it really human error or something else going on? Based on first hand research and established behavioural research, Diana will share why this happens. Topics include how to think about people and security, security in teams, and the strategies to help reduce the risks.
2.50pm - 3.20pm
The **** we've seen
Peter Barnes
Barely a day goes by without another security incident hitting the news. Many legacy systems are ridden with vulnerabilities and, even as digital businesses accelerate, the threats continue to evolve at an ever increasing rate. Yet, the majority of these incidents could have been avoided if they had followed a deceptively simple principle. Join Peter as he shares their (almost true) stories of security gone wrong and how to mitigate the risks.
3.20pm - 3.50pm
Speaker Lounge
Come meet our speakers and have your hard hitting questions answered.