SecAppDev 2022 Lecture Details

Solid foundation for a secure future

Jaya Baloo
Wednesday June 15, 16:00 - 17:15
Short description

How do we build a better future for information security? This session will discuss the importance of security, along with a path towards a more secure future.

Abstract

Far too often, we talk about designing and coding secure software. But what happens when we look up from the detailed image and take a broader look at the field of information security? What is actually needed to secure our future?

In this keynote, Jaya Baloo will share her extraordinary experience from running large information security programs and take you on a journey through the world of information security. She will discuss lessonsl learned, along with the fundamental foundation that we need to build a more secure future.

Key takeaway

An honest look at the security challenges we are facing in the future

Content level

Keynote

Target audience

All SecAppDev participants

Prerequisites

None


Jaya Baloo

Jaya Baloo

CISO, Avast

Jaya Baloo is Avast’s Chief Information Security Officer (CISO) Ms. Baloo is formally recognized within the list of top 100 CISOs globally and ranks among the top 100security influencers worldwide. In 2019, she was also selected as one of the fifty most inspiring women in the Netherlands. Recently, Ms. Baloo received an honorary doctorate from the University of Twente in 2022 where she has been recognized for her contributions in the field of information security, with a focus on secure network architecture.

Full speaker profile


Related security processes sessions

Hands-on threat modeling

One-day workshop by Sebastien Deleersnyder

This is a Threat Modeling course for DevOps Engineers to improve reliability and security of delivered software. We will teach an iterative and incremental threat modeling method.

You will perform threat modeling in 4 sprints. Exercises are built upon a fictional system, migrating a legacy system towards a cloud application:

  • Modeling a hotel booking web and mobile application, sharing a REST backend
  • Threat identification as part of migrating the system to AWS
  • AWS threat mitigations for the booking system build on microservices
  • Building an attack library for CI/CD pipelines

Security processes Thursday June 16, 09:00 - 17:00

Everything-as-Code - Ideas for a new world of AppSec

Lecture by Abhay Bhargav

Showcasing techniques, tools and practices that underscore and highlight concepts of security-as-code for application security.

Security processes Tuesday June 14, 11:00 - 12:30

Enterprise security architecture and app development

Lecture by Stefaan Van daele

Developing secure code is a good start, but what more could you do from security point of view? This session puts secure application development in the context of an Enterprise Security Architecture model and illustrates how these two processes interact.

Security processes Monday June 13, 11:00 - 12:30

Level up your threat modeling practice

Lecture by Sebastien Deleersnyder

We pulled together our threat modeling vision and strategy with OWASP best practices to create a 'Threat Modeling Playbook'. It shows you how to turn threat modelling into an established, reliable practice.

Security processes Tuesday June 14, 14:00 - 15:30

Persona-based security and threat-modeling

Lecture by Deepak Subramanian

The session will include a presentation about persona-based security leading to persona-based threat modeling. If time permits a small exercise would be held to do a persona-based organizational threat model.

Security processes Wednesday June 15, 14:00 - 15:30