PyCon AU 2025

Nicky Ringland

Nicky describes herself as a recovering academic with a background in Computational Linguistics, and a recovering startup edtech founder. She co-founded Tech Inclusion, a technology education not-for-profit, and Grok Learning: a startup teaching hundreds of thousands of students to solve problems with code, before joining Big Tech where she currently works as a Product Manager in open source security.
Named one of Australia's inaugural “Superstars of STEM” and an AFR 'Women of Influence', Nicky is passionate about teaching the next generation to become the creators of tomorrow, while building a healthy, diverse community for them to thrive in.


Sessions

09-12
09:00
20min
Education Track Opening
Nicky Ringland, Amanda J Hogan, Alison Wong

Welcome to the Education track!

Education
Ballroom 3
09-12
16:10
70min
Student Showcase
Nicky Ringland, Amanda J Hogan, Alison Wong

Showcase of student projects

Education
Ballroom 3
09-12
17:20
20min
Education Track Closing
Nicky Ringland, Amanda J Hogan, Alison Wong

Thanks for coming to the Education track!

Education
Ballroom 3
09-14
14:10
30min
Myths developers believe about open source security
Nicky Ringland, Tim Zhang

Number 5 will shock you!
Forget what you think you know about robust dependency graphs, the security gains of living at Head, and those supposedly solid requirements.txt. We'll get down to the nitty-gritty of open source security, giving you real-world large-scale insights to understanding common misconceptions across programming ecosystems.

While it’s true that there is only one dependency graph (for you) (*right now) it’s not always understood what impact this can have at an ecosystem level.

We’ve got ecosystem level stats on just how many PURLs map to multiple different packages, dependency graph shifts that happen faster than you can type git commit, and some surprises with Git (im)mutability!

We will talk about vulnerabilities in your transitive dependencies, understanding what even ARE your dependencies, and trying to identify what that one (*for certain values of one) CVE you were supposedly affected by actually is. (Not to mention what, if anything, you can do about it.)

You’ll leave this talk with a better understanding of open source edge cases and just how common they are. You’ll be shocked, amazed, horrified, and hopefully a little optimistic about the state of open source security and your place within it.

Main Conference
Ballroom 1