SecAppDev 2026 lecture details
Security by default - A European perspective on cyber resilience
A technical deep dive into how Microsoft implements security, resilience, and regulatory compliance at scale—mapping NIS2, DORA, and Secure‑by‑Default principles to concrete controls, engineering processes, and tenant‑level protections
Schedule TBD
Abstract
This session explores how Microsoft operationalizes security and resilience under Europe’s evolving regulatory landscape. We examine how NIS2, DORA, and the Cyber Resilience Act influence secure architecture, baseline control design, and continuous risk management across Microsoft’s cloud infrastructure. The talk highlights practical applications of Secure‑by‑Default principles, security telemetry, key control indicators, and how engineering teams translate regulatory obligations into measurable, enforceable controls for real‑world customer environments.
Key takeaway
Learn how regulatory requirements become enforceable controls, measurable metrics, and practical Secure‑by‑Default engineering across cloud systems
Content level
Deep-dive
Target audience
Security engineers, architects, cloud specialists, regulatory tech leads.
Prerequisites
Familiarity with cloud security models, shared responsibility, and basic understanding of NIS2/DORA or large‑scale cybersecurity governance
Join us for SecAppDev. You will not regret it!
Grab your seat now
Freddy Dezeure
Deputy CISO of Europe, Microsoft
Expertise: Cybersecurity strategy, European regulatory compliance, and Secure‑by‑Default implementation
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
EU CRA: Survival Workshop for Enterprise & Open Source
Deep-dive lecture by Roman Zhukov
A practical deep-dive into the EU CRA for Enterprise and Open Source. Features interactive "In Scope?", "Who Am I?" and a “Live Gap-Analysis” exercises to help navigating your compliance confidently.
Key takeaway: Transform CRA rules from a legal burden into an engineering advantage using open standards, clear role mapping, and practical guidelines.
Demystifying CSP for Modern Applications
Deep-dive lecture by Philippe De Ryck
CSP is often seen as complex and frustrating. This session explains why most policies fail, how to fix them, and how to apply CSP effectively in modern applications, including single page apps.
Key takeaway: Understand why CSP often fails and learn how to implement it correctly with practical, actionable guidance.
How to (still) trick AI: Adversarial ML for Today
Introductory lecture by Katharine Jarmul
There's many known (and still being discovered) attack vectors against deep learning models. In this session, we'll walk through some of the history of adversarial ML and deep learning and find what's changed and what's stayed the same.
Key takeaway: AI/DL models are inherently nondeterministic and have other properties that allow for old, new and interesting attacks.