SecAppDev 2026 lecture details
Security by default - A European perspective on cyber resilience
A technical deep dive into how Microsoft implements security, resilience, and regulatory compliance at scale—mapping NIS2, DORA, and Secure‑by‑Default principles to concrete controls, engineering processes, and tenant‑level protections
Schedule TBD
Abstract
This session explores how Microsoft operationalizes security and resilience under Europe’s evolving regulatory landscape. We examine how NIS2, DORA, and the Cyber Resilience Act influence secure architecture, baseline control design, and continuous risk management across Microsoft’s cloud infrastructure. The talk highlights practical applications of Secure‑by‑Default principles, security telemetry, key control indicators, and how engineering teams translate regulatory obligations into measurable, enforceable controls for real‑world customer environments.
Key takeaway
Learn how regulatory requirements become enforceable controls, measurable metrics, and practical Secure‑by‑Default engineering across cloud systems
Content level
Deep-dive
Target audience
Security engineers, architects, cloud specialists, regulatory tech leads.
Prerequisites
Familiarity with cloud security models, shared responsibility, and basic understanding of NIS2/DORA or large‑scale cybersecurity governance
Join us for SecAppDev. You will not regret it!
Grab your seat now
Freddy Dezeure
Deputy CISO of Europe, Microsoft
Expertise: Cybersecurity strategy, European regulatory compliance, and Secure‑by‑Default implementation
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
EU CRA: Survival Workshop for Enterprise & Open Source
Deep-dive lecture by Roman Zhukov
A practical deep-dive into the EU CRA for Enterprise and Open Source. Features interactive "In Scope?", "Who Am I?" and a “Live Gap-Analysis” exercises to help navigating your compliance confidently.
Key takeaway: Transform CRA rules from a legal burden into an engineering advantage using open standards, clear role mapping, and practical guidelines.
Post-Quantum Cryptography (PQC): The Risk of Being Late
Deep-dive lecture by Bart Preneel
Post-Quantum Cryptography (PQC) answers the threat posed by quantum computers. We discuss the emerging standards and national agencies' recommendations for migration. We conclude with performance benchmarks and crypto agility challenges.
Key takeaway: If you have not yet developed a PQC migration strategy, you should do so in the next 6 months.
What's New in ASVS v5
Advanced lecture by Eden Sofia Yardeni
A practical session for security practitioners already familiar with ASVS, covering what changed in v5, how to apply it in code review, how it can be used alongside other AppSec tools, and common pitfalls / best practices.
Key takeaway: Coding standards are even more relevant in an age where LLMs are writing most code, making ASVS an increasingly useful resource.