Speaking

I'm Mark Latimer, Founder and Chief Systems Architect at CalnFlow LLC. I design identity and authentication systems that improve over time by aligning with human behavior, memory, and rhythm.

Speaker Packet Submit a CFP Book a talk

Speaker Kit

Headshot

Short Bio

Mark Latimer is a systems architect and international speaker who designs identity and security systems around human memory and behavior. He's the Founder and Chief Systems Architect of CalnFlow LLC and the author of a pattern-based music practice book, where his interest in repetition and learning through performance first took shape.

Long Bio

I didn't arrive at systems thinking through textbooks alone. I arrived there by slowing down. Over the last decade, I've lived and worked on and off in Goa, India, where I was part of the technology team at Tangentia, a global boutique IT consulting firm. Life in India reshaped how I see complexity — not as something to fight, but as something to work with. Days moved at a different rhythm. Conversations stretched. Patterns emerged. It was during this time that I learned to play ukulele and guitar. Through music, I began to recognize the same structures I'd been working with in software and identity systems: repetition, variation, memory, and flow. The more I paid attention, the clearer it became that the most resilient systems — musical, technical, or human — improve when they're designed to be performed, not just understood. I'm also the author of Ukulele Utube Notebook, a beginner-focused, pattern-based music practice guide that explores how repetition, rhythm, and memory build confidence — ideas that later shaped my work in identity and security systems. Today, I'm the Founder and Chief Systems Architect of CalnFlow LLC, where I design identity, authentication, and decision systems that get better over time by asking better questions. My background spans industrial design, systems engineering, and business, with formal training at Humber College and York University in Toronto, along with two industrial design awards and years of building OAuth 2.0 and SAML-based identity systems in production environments. Outside of technology, I've always been drawn to teams, movement, and leadership. I've captained competitive teams across soccer, squash, and hockey, and was named High School Athlete of the Year — experiences that taught me how systems behave under pressure, and why trust, rhythm, and clarity matter more than control. Today, I speak internationally on identity architecture, authentication, and systems thinking, with a strong connection to India, where I'm regularly invited to speak and return often. I'm just as comfortable discussing zero-trust models as I am sharing a roadside chai, riding Enfields, or talking about what music can teach us about memory and security. At the core of my work is a simple belief: the best systems don't demand more from people — they align with how people already live, move, and remember.

Speaking Topics

Systems thinking for security teams
Identity architecture and authentication systems
Building systems that improve automatically
Security systems design and architecture

Copy Kit

I'm Mark Latimer, Founder and Chief Systems Architect at CalnFlow LLC. I design identity and authentication systems that improve over time by aligning with human behavior, memory, and rhythm.

SHORT BIO:
Mark Latimer is a systems architect and international speaker who designs identity and security systems around human memory and behavior. He's the Founder and Chief Systems Architect of CalnFlow LLC and the author of a pattern-based music practice book, where his interest in repetition and learning through performance first took shape.

LONG BIO:
I didn't arrive at systems thinking through textbooks alone.
I arrived there by slowing down.

Over the last decade, I've lived and worked on and off in Goa, India, where I was part of the technology team at Tangentia, a global boutique IT consulting firm. Life in India reshaped how I see complexity — not as something to fight, but as something to work with. Days moved at a different rhythm. Conversations stretched. Patterns emerged.

It was during this time that I learned to play ukulele and guitar. Through music, I began to recognize the same structures I'd been working with in software and identity systems: repetition, variation, memory, and flow. The more I paid attention, the clearer it became that the most resilient systems — musical, technical, or human — improve when they're designed to be performed, not just understood.

I'm also the author of Ukulele Utube Notebook, a beginner-focused, pattern-based music practice guide that explores how repetition, rhythm, and memory build confidence — ideas that later shaped my work in identity and security systems.

Today, I'm the Founder and Chief Systems Architect of CalnFlow LLC, where I design identity, authentication, and decision systems that get better over time by asking better questions. My background spans industrial design, systems engineering, and business, with formal training at Humber College and York University in Toronto, along with two industrial design awards and years of building OAuth 2.0 and SAML-based identity systems in production environments.

Outside of technology, I've always been drawn to teams, movement, and leadership. I've captained competitive teams across soccer, squash, and hockey, and was named High School Athlete of the Year — experiences that taught me how systems behave under pressure, and why trust, rhythm, and clarity matter more than control.

Today, I speak internationally on identity architecture, authentication, and systems thinking, with a strong connection to India, where I'm regularly invited to speak and return often. I'm just as comfortable discussing zero-trust models as I am sharing a roadside chai, riding Enfields, or talking about what music can teach us about memory and security.

At the core of my work is a simple belief:
the best systems don't demand more from people — they align with how people already live, move, and remember.

SPEAKING TOPICS:
- Systems thinking for security teams
- Identity architecture and authentication systems
- Building systems that improve automatically
- Security systems design and architecture

Available for Security Events

Speaking at international security conferences, identity developer events, and security leadership forums.

Built OAuth 2.0 and SAML identity systems.

Mark Latimer has built OAuth 2.0 and SAML identity systems used in production by security teams. He speaks at international security conferences on identity architecture, authentication systems, and systems thinking for security teams. His work focuses on making security boundaries visible through architecture, not through additional controls.

Talk Abstracts

The Familiar Unlock, Reinvented

Audience: CISOs, Security Directors

What if the phone unlock everyone trusts was strong enough for your most critical systems? This talk reframes authentication as a design problem — not a user problem — and shows how familiarity can coexist with trillion-scale security. We explore how the most successful security interaction in history works because it aligns with human cognition, not against it. You will learn how Quantum Information Cryptography Patterns preserve the familiar unlock experience while radically upgrading the underlying security model. The approach eliminates the false choice between usability and strength, showing how structural security can scale without increasing cognitive burden. This framework applies whether you are evaluating authentication systems, responding to credential-based breaches, or making long-term identity architecture decisions. The goal is security that feels inevitable, not speculative.

From Passwords to Patterns

Audience: Security Architects, IAM Leaders

Passwords fail because they treat humans like storage devices. Patterns work because humans perform structure naturally. This session introduces Quantum Information Cryptography Patterns and explains how authentication can scale in strength without increasing complexity. We break down why passwords assume humans can safely store and reproduce symbols, and why this assumption creates systemic vulnerabilities. You will learn how pattern-based authentication verifies performed structure rather than stored secrets, reducing attack surfaces while aligning with how humans actually behave. We cover the information-theoretic principles that enable trillion-scale security without quantum hardware, and show how to design systems that support clear behavior by default. The result is authentication architecture that fits how teams actually work, with fewer exceptions, fewer risky shortcuts, and better alignment between security intent and real-world execution. These patterns work across different organizational contexts and security maturity levels.

Phone Unlock Quantum Patterns

Audience: CISOs, Risk Owners

Security doesn't need to feel heavier to be stronger. This talk shows how modern authentication can preserve familiar behavior while radically upgrading the underlying security model — reducing risk without increasing friction. We examine how the phone unlock became the most trusted security interaction in history, and what happens when you apply quantum information theory principles to that same interaction pattern. You will learn how to separate signal from noise in authentication decisions, how to structure discussions so they don't spiral into complexity debates, and how to build a shared language that prevents misalignment across stakeholders. The techniques apply to authentication architecture, identity governance, and risk reduction decisions. You leave with a practical framework for making security decisions that are explainable, auditable, and easier to repeat across the organization. This method works whether you have minutes or months to decide, and whether you are evaluating new systems or modernizing existing infrastructure.

Quantum Information Cryptography for Humans

Audience: IAM Engineers, Platform Teams

Inspired by quantum information theory, this talk explores authentication as a performed information state rather than a stored secret. No quantum hardware required — just better structure, better patterns, and better outcomes. We examine how quantum information principles — state over value, relationships over symbols, performed resolution over stored secrets — apply to authentication systems. You will learn how to design systems that verify resolved patterns instead of static credentials, reducing attack surfaces while maintaining familiar user experiences. We cover the technical implementation details, showing how pattern-based authentication eliminates static secrets, reduces credential theft risk, and aligns security with human cognition. The goal is authentication that remains secure under real usage, not just secure on paper. This approach works whether you are building new systems or securing legacy infrastructure, and scales from small teams to large enterprises.

Identity as Structure, Not Secrets

Audience: Cloud Security Teams, SRE

Secrets are copyable. Structure isn't. Learn how modern identity systems can verify resolved patterns instead of static credentials — and why this shift matters as perimeters disappear and systems become dynamic. We explore how distributed systems, edge workloads, and multi-cloud architectures multiply identity complexity, and how pattern-based authentication keeps access control understandable as your perimeter disappears. You will learn how to map identity flows end to end, how to reduce privilege drift, and how to align authentication with authorization so the system remains coherent. We cover modern identity primitives, tokens, sessions, device signals, and authorization boundaries, then focus on the operational reality of running them without static secrets. You leave with concrete patterns you can apply to edge identity, service-to-service access, and human access across distributed environments. These patterns scale from small teams to large enterprises and work whether you are starting from scratch or migrating existing systems.

Authentication Without Stored Secrets

Audience: Security Architects, DevSecOps

What if there was nothing meaningful to steal? This session breaks down how pattern-based authentication eliminates static secrets, reduces attack surfaces, and aligns security with how humans actually behave. We examine real-world failure points such as credential theft, password resets, account recovery, and token leakage, showing how each stems from the assumption that secrets can be safely stored. Then we introduce Quantum Information Cryptography Patterns as an operable system, not a theoretical concept. You will learn how to choose a small set of enforceable authentication edges, how to design flows that don't create permanent security holes, and how to keep identity rules consistent across teams. The talk includes practical ways to detect drift early, so your authentication system stays aligned as systems evolve. The outcome is an authentication approach that engineering can live with and security can trust — one that reduces risk without increasing friction, and that works whether you are building new applications or securing legacy systems.

Session Management Is Security: The Forgotten Layer Behind Breaches

Audience: application security teams, IAM engineers, platform teams

Many teams focus on login, then stop thinking. But the session is where most real world risk lives. Sessions get shared, stolen, persisted too long, and refreshed in ways that ignore changing context. This talk makes session management a first class security topic. We cover session issuance, rotation, expiry, revocation, device binding, and step up triggers, and we translate them into a simple model you can apply across web and mobile. You will learn how to spot session vulnerabilities that do not look like vulnerabilities in code review, and how to design session behavior that is defensible during an incident. We also show how session decisions affect user experience, and why poorly designed session rules increase both support load and risk. You leave with a set of practical guidelines to harden sessions without turning your product into a usability disaster. These guidelines apply whether you are building new applications or securing legacy systems.

The Psychology of Security: Why Smart People Make Risky Choices

Audience: security leaders, awareness program owners, product security teams

Most security training assumes people lack knowledge. In reality, many risky actions come from context, time pressure, and unclear incentives. Smart people click the link because they need to finish the task. Engineers grant access because the release is blocked. Leaders accept risk because the language is ambiguous. This talk explains the psychology behind everyday security choices and shows how to design systems that reduce risky behavior without relying on willpower. We explore why people bypass controls, why warning fatigue happens, and how unclear terminology leads to dangerous assumptions. Then we show what to change: the phrasing of prompts, the defaults in workflows, the clarity of recovery paths, and the feedback loops that teach users what good looks like. The result is security that fits human behavior and reduces incidents through better system design, not more blame. These design principles work across different user populations and organizational cultures.

Authentication UX for Security: Making the Safe Path the Easy Path

Audience: security product teams, IAM leads, application teams

Bad authentication UX is a security problem. When users do not understand what is happening, they choose the fastest path, and attackers benefit from the confusion. This talk bridges security requirements with user experience design. We show how to design authentication flows that are clear, consistent, and harder to exploit. Topics include recovery, step up, device trust, error messaging, and friction placement. You will learn how to remove confusing edge cases that create support tickets and security gaps, and how to build flows that communicate risk without overwhelming the user. We also cover how to measure authentication outcomes in a way that respects privacy while still revealing drift and abuse patterns. You leave with concrete UX patterns that improve completion rates, reduce insecure workarounds, and raise the real security bar. These patterns work whether you are designing consumer or enterprise authentication experiences.

The Future of Identity Security: From Static Controls to Self Correcting Systems

Audience: identity developers, security architects, security program leaders

Identity security is moving from static control lists to adaptive systems that respond to context, behavior, and change. But many organizations are not ready for that shift because their foundations are brittle. This talk outlines a realistic path from today to the next decade of identity security. We discuss what must be stable, the vocabulary, the decision points, the boundaries between authentication, authorization, and governance, and what can become adaptive over time. You will learn how to design identity systems that improve automatically by detecting drift, surfacing assumptions, and enforcing contracts that prevent silent failure. The emphasis is pragmatic. No hype. Just a clear model of how to evolve identity security while keeping it operable, testable, and explainable to auditors and leadership. You leave with a blueprint for building identity systems that stay aligned as your organization and threat landscape evolve. This blueprint applies whether you are building new systems or modernizing existing infrastructure.