SecAppDev 2022 Lecture Details
Solid foundation for a secure future
Wednesday June 15, 16:00 - 17:15
How do we build a better future for information security? This session will discuss the importance of security, along with a path towards a more secure future.
Far too often, we talk about designing and coding secure software. But what happens when we look up from the detailed image and take a broader look at the field of information security? What is actually needed to secure our future?
In this keynote, Jaya Baloo will share her extraordinary experience from running large information security programs and take you on a journey through the world of information security. She will discuss lessonsl learned, along with the fundamental foundation that we need to build a more secure future.
An honest look at the security challenges we are facing in the future
All SecAppDev participants
Jaya Baloo is Avast’s Chief Information Security Officer (CISO) Ms. Baloo is formally recognized within the list of top 100 CISOs globally and ranks among the top 100security influencers worldwide. In 2019, she was also selected as one of the fifty most inspiring women in the Netherlands. Recently, Ms. Baloo received an honorary doctorate from the University of Twente in 2022 where she has been recognized for her contributions in the field of information security, with a focus on secure network architecture.
Related security processes sessions
Hands-on threat modeling
One-day workshop by Sebastien Deleersnyder
This is a Threat Modeling course for DevOps Engineers to improve reliability and security of delivered software. We will teach an iterative and incremental threat modeling method.
You will perform threat modeling in 4 sprints. Exercises are built upon a fictional system, migrating a legacy system towards a cloud application:
- Modeling a hotel booking web and mobile application, sharing a REST backend
- Threat identification as part of migrating the system to AWS
- AWS threat mitigations for the booking system build on microservices
- Building an attack library for CI/CD pipelines
Security processes Thursday June 16, 09:00 - 17:00
Enterprise security architecture and app development
Lecture by Stefaan Van daele
Developing secure code is a good start, but what more could you do from security point of view? This session puts secure application development in the context of an Enterprise Security Architecture model and illustrates how these two processes interact.
Security processes Monday June 13, 11:00 - 12:30
Level up your threat modeling practice
Lecture by Sebastien Deleersnyder
We pulled together our threat modeling vision and strategy with OWASP best practices to create a 'Threat Modeling Playbook'. It shows you how to turn threat modelling into an established, reliable practice.
Security processes Tuesday June 14, 14:00 - 15:30
Persona-based security and threat-modeling
Lecture by Deepak Subramanian
The session will include a presentation about persona-based security leading to persona-based threat modeling. If time permits a small exercise would be held to do a persona-based organizational threat model.
Security processes Wednesday June 15, 14:00 - 15:30