Important notice about SecAppDev 2020

Due to the current situation with COVID-19 (Corona), with deep regret, we feel bound to postpone SecAppDev 2020 indefinitely. While there have been no official instructions to postpone events such as ours or reduce travel, both attendees and speakers have informed us that they are unable to attend SecAppDev.

We hope everyone in SecAppDev stays healthy, and wish everyone the best for the coming months.

SecAppDev 2020 Lecture Details

Persona-based security and threat-modeling

Deepak Subramanian
Tuesday March 10, 16:00 - 17:30
Short description

The session will include a presentation about persona-based security leading to persona-based threat modeling. If time permits a small exercise would be held to do a persona-based organizational threat model.


A “persona” represents a group of people with similar characteristics. This concept has traditionally been used in sectors such as marketing and design to provide a tailored experience for their target audience. Exploring the possibilities of porting this concept to information security is an interesting and worthwhile endeavor.

In this session, we will explore the details of what personas mean, how to work with them in a security context and apply them for example in threat modeling.

Key takeaway

The details of the meaning of "personas", how to work with them in a security context and apply them for example in threat modeling

Content level


Target audience

Organizational security professionals, senior managers, researchers, threat modelers


General threat modeling, basic understanding of risk, understanding of role-based models like RBAC a plus

SecAppDev is the most immersive application security course you have ever seen

Book your seat now

Deepak Subramanian

Deepak Subramanian

Security Researcher, AXA

Deepak is a security researcher with a broad security expertise. After having finished his Ph.D. in web browser security, he focused his work on topics like persona-based security and threat modeling, among others. At AXA, he applies his academic expertise to define the strategy to improve the security posture of the AXA group as a whole. As part of his work, he concentrates on the security strategy for the company with a particular focus on future innovation strategy.

Full speaker profile

Related security activities sessions

Automated software testing and verification

Lecture by Jan Tobias Muehlberg

Discover a technology stack that allows us to construct distributed software systems with well-defined security guarantees. We will address testing, formal verification, and runtime isolation.

Security activities Thursday March 12, 16:00 - 17:30

Story-driven threat modeling for the Agile-DevOps age

Lecture by Abhay Bhargav

Find that your Threat Modeling is outmoded, outdated and out of touch with your rapid-release app? Learn how you can change that with "story driven threat models" where you are threat modeling with your Agile Sprint and iterative SDLC

Security activities Thursday March 12, 14:00 - 15:30

Application security seen from an enterprise level

Lecture by Stefaan Van Daele

Developing secure code is a good start, what more could you do to improve security posture? The session puts secure application development in the context of an Enterprise Security Architecture model and how these two relate to each other.

Security activities Thursday March 12, 16:00 - 17:30

From the OWASP Top Ten(s) to the OWASP ASVS

Lecture by Jim Manico

This talk will describe the importance of the OWASP Application Security Verification Standard and how to use if effectively in your organization or project for secure development.

Security activities Monday March 9, 14:00 - 15:30