I’ve spoken at conferences, meetups, and technical events on cloud architecture, security, distributed systems, graph databases, and applied AI.

Speaking is one of my favorite ways to share ideas. It creates space for a different kind of exchange than writing: more immediate, more practical, and often more grounded in the questions and challenges people are facing in real systems. Alongside my talks, I’ve also published papers on security, including work on cloud security and the security architecture of AI agents.

Papers

Zero Trust Security Architecture for AI Agents in Cloud Environments

Cyber Security: A Peer-Reviewed Journal, Coming soon

Cloud-hosted AI agents blur traditional trust boundaries by combining probabilistic reasoning with retrieval, memory, and tool execution, creating a gap between deterministic security models and unpredictable system behavior. This paper argues that Zero Trust is essential for enterprise agentic systems, proposing an architecture that enforces external controls, continuous validation, and strict authorization at every interaction point rather than relying on the model itself.

Differences between traditional network security and security in the cloud

Cyber Security: A Peer-Reviewed Journal, 8 (3), 281-298 (2025)

Serverless computing platforms such as Amazon Web Services Lambda, Microsoft Azure Functions, and Google Cloud Functions enable scalable, cost-efficient application development by abstracting infrastructure management, but introduce distinct security challenges in cloud environments. This paper highlights the importance of defence-in-depth strategies, the AWS Shared Responsibility Model, and the AWS Well-Architected Framework to help organizations design secure, resilient serverless architectures while effectively managing risk.

Website Security: 13 Ways to Improve Front End Security and Not Get Hacked

Shopify Partners Blog, 2019

In this interview, I discuss how front-end developers play a critical role in protecting users from modern web threats, highlighting common vulnerabilities like Cross-site scripting and the risks introduced by third-party scripts and client-side architecture. I emphasize practical strategies—from using modern frameworks and Content Security Policy to adopting layered defenses and secure coding practices—to help teams reduce attack surfaces and build more trustworthy web experiences.

Node.js Security

Cyber Security: A Peer-Reviewed Journal, 1 (2), 175-186 (2017)

This paper examines the growing landscape of cyber threats alongside rapid technological advances, highlighting how major breaches at companies like Sony, Apple, and Adobe underscore the urgency of stronger application security practices. It explores how Node.js can be leveraged to implement secure authentication, authorization, session management, and cryptographic controls in modern applications.

Conferences

Reconstructing the Past with Knowledge Graphs: Empowering Historians through Neo4j and GenAI

FOSSASIA Summit 2026, March 2026

This talk explores how Neo4j-powered knowledge graphs can help historians structure fragmented data and uncover meaningful relationships across time, geography, and artifacts. It also demonstrates how combining Generative AI with tools like Model Context Protocol enables intuitive querying, semantic enrichment, and deeper insights, empowering researchers to interact with and interpret complex historical datasets more effectively.

Reconstructing the Past with Knowledge Graphs: Empowering Historians through Neo4j and GenAI

NODES 2025, November 2025

This talk explores how Neo4j-powered knowledge graphs can help historians structure fragmented data and uncover meaningful relationships across time, geography, and artifacts. It also demonstrates how combining Generative AI with tools like Model Context Protocol enables intuitive querying, semantic enrichment, and deeper insights, empowering researchers to interact with and interpret complex historical datasets more effectively.

Unlocking the Power of Graph Databases with Neo4j

Graph Database Singapore, May 2025

This workshop introduces graph databases and demonstrates how Neo4j enables intuitive modeling and analysis of highly connected data for use cases like recommendations and fraud detection. Participants will gain hands-on experience with the Cypher Query Language, advanced functions, and data import techniques, equipping them to design, query, and optimize graph-based solutions effectively.

Unlocking the Power of Graph Databases with Neo4j

FOSSASIA Summit 2025, April 2025

This workshop introduces graph databases and demonstrates how Neo4j enables intuitive modeling and analysis of highly connected data for use cases like recommendations and fraud detection. Participants will gain hands-on experience with the Cypher Query Language, advanced functions, and data import techniques, equipping them to design, query, and optimize graph-based solutions effectively.

Connected: Solving Real-Life Problems Using Python and Graph Databases

Open Tech Summit Indonesia 2024, November 2024

This session explores how graph-based approaches overcome the limitations of traditional databases for modeling complex, highly connected systems, highlighting the strengths of Neo4j in representing real-world relationships. It also demonstrates how integrating Neo4j with Python tools like NetworkX and PyVis enables effective analysis and visualization of network data in cloud environments.

Connected: Solving Real-Life Problems Using Python and Graph Databases

Singapore AWS Meetup, January 2024

This session explores how graph-based approaches overcome the limitations of traditional databases for modeling complex, highly connected systems, highlighting the strengths of Neo4j in representing real-world relationships. It also demonstrates how integrating Neo4j with Python tools like NetworkX and PyVis enables effective analysis and visualization of network data in cloud environments.

Connected: Solving Real-Life Problems Using Python and Graph Databases

PyCon ID 2023, Novermber 2023

This session explores how graph-based approaches overcome the limitations of traditional databases for modeling complex, highly connected systems, highlighting the strengths of Neo4j in representing real-world relationships. It also demonstrates how integrating Neo4j with Python tools like NetworkX and PyVis enables effective analysis and visualization of network data in cloud environments.

Building scalable WordPress site on AWS

FOSSAIA Summit 2022, April 2022

This session shares a practical journey of scaling WordPress on Amazon Web Services, moving from a basic lift-and-shift setup to a resilient, high-performance architecture capable of handling peak traffic events like Black Friday. It covers key design decisions and components—including Amazon CloudFront, Application Load Balancer, Amazon S3, and the choice between Nginx and Apache HTTP Server—to build a scalable and cost-efficient solution.

Building scalable WordPress site on AWS

Singapore AWS Meetup, October 2021

This session shares a practical journey of scaling WordPress on Amazon Web Services, moving from a basic lift-and-shift setup to a resilient, high-performance architecture capable of handling peak traffic events like Black Friday. It covers key design decisions and components—including Amazon CloudFront, Application Load Balancer, Amazon S3, and the choice between Nginx and Apache HTTP Server—to build a scalable and cost-efficient solution.

Demystifying Front-End Security

NDC Sydney 2020, October 2020

This session explores the modern front-end security landscape, showing why relying on frameworks or static sites alone is not enough to prevent threats like Cross-site scripting and client-side attacks. It highlights the evolving tactics used by attackers and presents practical strategies, including defenses like Content Security Policy, to help developers build more secure and resilient JavaScript applications.

Demystifying Front-End Security

JavaScript Remote Conference 2020, May 2020

This session explores the modern front-end security landscape, showing why relying on frameworks or static sites alone is not enough to prevent threats like Cross-site scripting and client-side attacks. It highlights the evolving tactics used by attackers and presents practical strategies, including defenses like Content Security Policy, to help developers build more secure and resilient JavaScript applications.

Demystifying Front-End Security

ThatConference 2019, August 2019

This session explores the modern front-end security landscape, showing why relying on frameworks or static sites alone is not enough to prevent threats like Cross-site scripting and client-side attacks. It highlights the evolving tactics used by attackers and presents practical strategies, including defenses like Content Security Policy, to help developers build more secure and resilient JavaScript applications.

Secure your React app

FOSSASIA Summit 2019, March 2019

This session demonstrates how to secure React applications without building security systems from scratch, using a boilerplate approach with preconfigured SSO and reusable authentication components. It highlights integrating IdentityServer4 for identity management alongside secure routing, token handling, and claims-based authorization to streamline robust front-end security.

Web apps that talk

SingaporeJS, July 2018

This session introduces how developers can build voice-enabled web applications using the Web Speech API, enabling both speech recognition and text-to-speech capabilities directly in the browser. Drawing inspiration from assistants like Siri and Google Now, it demonstrates how to create interactive, Siri-like experiences without requiring advanced expertise in machine learning or speech processing.

High Performance ASP.NET Core

FOSSASIA Summit 2018, March 2018

This session explores how ASP.NET Core and .NET Core enable high-performance, cross-platform web development, from local environments to Linux and containerized deployments. It covers practical performance optimization techniques—such as caching, I/O improvements, and message queuing—along with real-world strategies for identifying and resolving bottlenecks early in the development lifecycle.

Database Security for Developers

FOSSASIA Summit 2018, March 2018

This session highlights the critical role of database security as a final line of defense, demonstrating how PostgreSQL provides robust mechanisms for authentication, authorization, roles, and data encryption. It also presents best practices to safeguard sensitive data—even in the event of application compromise—offering principles that can be applied across various database systems.

Database Security for Developers

CFCamp 2017, October 2017

This session highlights the critical role of database security as a final line of defense, demonstrating how PostgreSQL provides robust mechanisms for authentication, authorization, roles, and data encryption. It also presents best practices to safeguard sensitive data—even in the event of application compromise—offering principles that can be applied across various database systems.

Architectural Risk Analysis

5th Scandinavian Conference on System and Software Safety, May 2016

This session challenges the notion that security issues are purely code-level bugs, highlighting—echoing insights from Gary McGraw—that design flaws are just as critical as implementation flaws in modern systems. It introduces architectural risk analysis as a proactive approach, guiding teams to identify assets, model threats, and assess risks early, while leveraging resources like OWASP and tools such as Fortify to strengthen application security from the ground up.

Web apps that talk

JS Remote Conf, March 2017

This session introduces how developers can build voice-enabled web applications using the Web Speech API, enabling both speech recognition and text-to-speech capabilities directly in the browser. Drawing inspiration from assistants like Siri and Google Now, it demonstrates how to create interactive, Siri-like experiences without requiring advanced expertise in machine learning or speech processing.

Node.js Security

NDC London 2017, January 2017

This session explores the rising threat landscape alongside the rapid growth of Node.js, focusing on securing applications built with Express.js against common risks like injection attacks and other vulnerabilities. It provides practical guidance on authentication, cryptography, and security middleware, while mapping defenses to the OWASP Top 10 and introducing tools such as ScanJS to help developers build more secure applications.

Web apps that talk

NDC London 2017, January 2017

This session introduces how developers can build voice-enabled web applications using the Web Speech API, enabling both speech recognition and text-to-speech capabilities directly in the browser. Drawing inspiration from assistants like Siri and Google Now, it demonstrates how to create interactive, Siri-like experiences without requiring advanced expertise in machine learning or speech processing.

Agile web-development with RethinkDB

Percona Live Europe - Amsterdam 2016, October 2016

This session demonstrates how to build real-time applications using Node.js, ZeroMQ, and RethinkDB to deliver fast, reliable data across web and desktop clients. It covers key messaging patterns, cross-platform integration, and practical use cases, enabling developers and architects to design responsive systems for modern, data-intensive applications.

Scaling up JavaScript with TypeScript

Angular Remote Conf, September 2016

This session introduces TypeScript as a powerful tool for building large-scale applications, highlighting its features such as static typing, classes, interfaces, generics, and decorators. It provides practical guidance on when and how to adopt TypeScript—especially alongside frameworks like Angular—to improve maintainability and scalability in modern JavaScript projects.

Two-factor authentication with Node.js

JavaScript Summit 2016, February 2016

This session highlights the limitations of password-based security and introduces Two-factor authentication as a critical layer for protecting user accounts against common attacks. It explores standards and real-world implementations, including integrating Google Authenticator into Node.js applications to strengthen authentication flows.

Scaling up JavaScript with TypeScript

DevFestMN 2016, February 2016

This session introduces TypeScript as a powerful tool for building large-scale applications, highlighting its features such as static typing, classes, interfaces, generics, and decorators. It provides practical guidance on when and how to adopt TypeScript—especially alongside frameworks like Angular—to improve maintainability and scalability in modern JavaScript projects.

Managing User Authentication Using Passport

NodeMN User Group, December 2015

This session explores how to implement robust authentication using Passport.js in Node.js and Express.js applications, centralizing and simplifying authentication logic. It demonstrates building form-based login, social authentication, and enhancing security with Two-factor authentication using Google Authenticator.

What's new in C# 6

Twin Cities .NET User Group, December 2015

This session introduces the key language improvements in C# 6, showing how features like null-conditional operators, string interpolation, expression-bodied members, and nameof make everyday development cleaner and more expressive. It gives developers a practical overview of how to adopt these enhancements to write more readable, maintainable, and modern C# code.

Node.js Security

Open Source North 2015, October 2015

This session explores the rising threat landscape alongside the rapid growth of Node.js, focusing on securing applications built with Express.js against common risks like injection attacks and other vulnerabilities. It provides practical guidance on authentication, cryptography, and security middleware, while mapping defenses to the OWASP Top 10 and introducing tools such as ScanJS to help developers build more secure applications.

Node.js Security

That Conference 2015, August 2015

This session explores the rising threat landscape alongside the rapid growth of Node.js, focusing on securing applications built with Express.js against common risks like injection attacks and other vulnerabilities. It provides practical guidance on authentication, cryptography, and security middleware, while mapping defenses to the OWASP Top 10 and introducing tools such as ScanJS to help developers build more secure applications.

WebRTC Workshop

dev.Objective() 2015, May 2015

This session introduces WebRTC, enabling browser-to-browser voice, video, and peer-to-peer data sharing without plugins. It covers its evolution, browser support, and security considerations, while demonstrating how to build real-time applications like video chat and file sharing using modern JavaScript and HTML5 APIs.

Introduction to TypeScript

Twin Cities .NET User Group, May 2015

This session introduces TypeScript as a powerful tool for building large-scale applications, highlighting its features such as static typing, classes, interfaces, generics, and decorators. It provides practical guidance on when and how to adopt TypeScript—especially alongside frameworks like Angular—to improve maintainability and scalability in modern JavaScript projects.

Introduction to TypeScript

JavaScriptMN User Group, April 2015

This session introduces TypeScript as a powerful tool for building large-scale applications, highlighting its features such as static typing, classes, interfaces, generics, and decorators. It provides practical guidance on when and how to adopt TypeScript—especially alongside frameworks like Angular—to improve maintainability and scalability in modern JavaScript projects.

WebRTC Workshop

DevFestMN 2015, March 2015

This session introduces WebRTC, enabling browser-to-browser voice, video, and peer-to-peer data sharing without plugins. It covers its evolution, browser support, and security considerations, while demonstrating how to build real-time applications like video chat and file sharing using modern JavaScript and HTML5 APIs.