With the rise of ransomware and cyber attacks, security has become a board level issue. Staying secure is increasingly important but security and compliance can often be an afterthought, bolt-on and hindrance to productivity. How do we make the secure path, the easiest path, for all users? How can we build security earlier?
During the day we will hear from many industry experts covering how to build security and compliance capabilities in highly regulated enterprise industries and look at multiple projects such as OWASP ASVS for testing security controls and providing security requirements and the Open SSF scorecard for assessing security risks through automated checks. We will finish the day with an interactive panel and look forward to answering your questions.
From this track
Security Checks Simplified: How to Implement Best Practices with Ease
Monday Mar 27 / 10:35AM BST
Many organizations are confronted with multiple issues flagged by security tools; are you struggling with security remediation? If so, this talk is for you.
Varun Sharma
CEO and Co-Founder @Step_Security
How to Build a Successful Cloud Capability on a Heavy Regulated Organization
Monday Mar 27 / 11:50AM BST
On KPMG, working in a highly regulated industry ourselves, we know and feel the pain of enabling innovation and teams to do what they do best.
Ana Sirvent
Principal DevOps Engineer @KPMG UK
Sustainable Security Requirements with the ASVS
Monday Mar 27 / 01:40PM BST
Shift left? Spread left? Regardless of terminology, we want to be thinking about security earlier on in the development lifecycle. Ideally whilst we are still gathering the business requirements.
Josh Grossman
Application Security Consultant & CTO @BounceSecurity
Unconference: Building Security in Earlier
Monday Mar 27 / 02:55PM BST
What is an unconference? An unconference is a participant-driven meeting. Attendees come together, bringing their challenges and relying on the experience and know-how of their peers for solutions.
Shane Hastie
Global Delivery Lead @SoftEd, Lead Editor for Culture & Methods @InfoQ
Panel: Building Security in Earlier
Monday Mar 27 / 04:10PM BST
Software security is an essential aspect of any digital product, yet it is often neglected until the late stages of the development lifecycle. This approach leaves organizations vulnerable to cyberattacks, which can result in costly data breaches, reputational damage, and legal liabilities.
Ana Sirvent
Principal DevOps Engineer @KPMG UK
Josh Grossman
Application Security Consultant & CTO @BounceSecurity
Varun Sharma
CEO and Co-Founder @Step_Security
Henry Tze
Lead Cloud Security Engineer @Virgin Media O2
Getting Developers into F1 Driver Seats with Security?
Monday Mar 27 / 05:25PM BST
At Virgin Media O2, we are in a race of digital transformation which requires many different types of skillsets and people. This resulted in waves of hiring new blood, contractors and skilling up existing engineers/developers.
Henry Tze
Lead Cloud Security Engineer @Virgin Media O2
Track Host
Stefania Chaplin
Solutions Architect @GitLab
