SecAppDev 2026 lecture details
Security by default - A European perspective on cyber resilience
A technical deep dive into how Microsoft implements security, resilience, and regulatory compliance at scale—mapping NIS2, DORA, and Secure‑by‑Default principles to concrete controls, engineering processes, and tenant‑level protections
Monday June 1st, 09:15 - 10:30
Room Lemaire
Add to calendar (ICS) Add to Google calendarAbstract
This session explores how Microsoft operationalizes security and resilience under Europe’s evolving regulatory landscape. We examine how NIS2, DORA, and the Cyber Resilience Act influence secure architecture, baseline control design, and continuous risk management across Microsoft’s cloud infrastructure. The talk highlights practical applications of Secure‑by‑Default principles, security telemetry, key control indicators, and how engineering teams translate regulatory obligations into measurable, enforceable controls for real‑world customer environments.
Key takeaway
Learn how regulatory requirements become enforceable controls, measurable metrics, and practical Secure‑by‑Default engineering across cloud systems
Content level
Deep-dive
Target audience
Security engineers, architects, cloud specialists, regulatory tech leads.
Prerequisites
Familiarity with cloud security models, shared responsibility, and basic understanding of NIS2/DORA or large‑scale cybersecurity governance
Join us for SecAppDev. You will not regret it!
Grab your seat now
Freddy Dezeure
Deputy CISO of Europe, Microsoft
Expertise: Cybersecurity strategy, European regulatory compliance, and Secure‑by‑Default implementation
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
SBOMs and their Role in Security
Deep-dive lecture by Alexios Zavras in room West Wing
Tuesday June 2nd, 09:00 - 10:30
A practical deep dive into SBOMs: what they are, how they’re built and used, and why they matter for modern software security, from vulnerability response and prioritization to supply‑chain risk and provenance touchpoints.
Key takeaway: Participants will learn about SBOMs, how to think about them in an end-to-end manner, and how to apply them to real security workflows.
EU CRA: Survival Workshop for Enterprise & Open Source
Deep-dive lecture by Roman Zhukov in room West Wing
Wednesday June 3rd, 11:00 - 12:30
A practical deep-dive into the EU CRA for Enterprise and Open Source. Features interactive "In Scope?", "Who Am I?" and a “Live Gap-Analysis” exercises to help navigating your compliance confidently.
Key takeaway: Transform CRA rules from a legal burden into an engineering advantage using open standards, clear role mapping, and practical guidelines.
RTFR (Read The Bleeping RFC)
Deep-dive lecture by Inti De Ceukelaire in room Lemaire
Wednesday June 3rd, 16:00 - 17:15
We’ve built the internet upon standards established decades ago, resulting in some considerable security consequences today. In this talk, Inti is revealing his RFC research playbook and will discuss some of his recent finds.
Key takeaway: Creating and maintaining standards is hard and small inaccuracies might result in huge mistakes in years from now. Compliant isn't always more secure!