CypherCon 2022

Mistaken Identity: Protecting OAuth and OIDC

J. Wolfgang Goerlich


We’ve reached a tipping point with more apps being delivered from cloud services than from on-premises. OAuth 2.0 and OpenID Connect (OIDC) have become essential in federating access and handling strong authentication. But these are frameworks not standards, and these frameworks are based on dozens of RFCs. This has resulted in numerous approaches, confusing developers and security teams alike. In this presentation, participants will learn how to secure implementations.

J. Wolfgang Goerlich

Advisory CISO with Cisco. An unflinchingly optimistic greybeard in this cyber dystopia. Strategist. Futurist. Chaotic good.

J. Wolfgang Goerlich is an Advisory CISO for Cisco Secure. Prior to this role, he led IT and IT security in the healthcare and financial services verticals. Wolfgang has held VP positions at several consulting firms, leading advisory and assessment practices. He is an active part of the security community, co-founding and organizing security conferences. Wolfgang regularly advises on and presents on the topics of security architecture and design, identity and access management, data governance, secure development life cycles, zero-trust security, and more.