Panel: Building Security in Earlier

Software security is an essential aspect of any digital product, yet it is often neglected until the late stages of the development lifecycle. This approach leaves organizations vulnerable to cyberattacks, which can result in costly data breaches, reputational damage, and legal liabilities.

In this panel, we will discuss the importance of building security earlier into the software development process and breaking down the silos between security and development teams. By doing so, organizations can integrate security practices seamlessly into their software development lifecycle and make it easier for developers to write secure code.

We will examine various techniques and tools that can be used to build security earlier into the software development process, such as secure coding guidelines, and automated security testing. We will also explore how to establish a culture of security within development teams and encourage collaboration between security and development professionals.

By attending this talk, you will learn how to:

  • Incorporate security practices into the software development process from the outset
  • Identify and mitigate potential security risks before they become major issues
  • Foster collaboration between security and development teams to build a culture of security
  • Make security an integral part of your organization's software development process


Join us to learn how to build secure software from the beginning, and protect your organization from costly security breaches.


Speaker

Ana Sirvent

Principal DevOps Engineer @KPMG UK

Ana is the AWS Practice Lead and a Principal DevOps engineer on KPMG UK.

She has more than 14 years of experience leading, developing and delivering full enterprise projects from discovery phases, design, and implementation to production, lately focusing on cloud native solutions using serverless and micro-services architectures.

Over the last 8 years she has focused primarily on delivering Cloud Transformation projects for major UK government and retail clients.

She is an advocate of DevOps culture and cloud and passionate about how to optimise workloads in the cloud.

Read more

Speaker

Josh Grossman

Application Security Consultant & CTO @BounceSecurity

Josh has worked as a consultant in IT/Application Security and Risk for 15 years now as well as a Software Developer. In that time he has seen the good, the bad and the stuff which is sadly/luckily still covered by an NDA. He is currently Chief Technology Officer for Bounce Security where he spends his time helping organisations improve and get better value from their Application Security processes and providing specialist Application Security advice. In his spare time he co-leads the OWASP Application Security Verification Standard project and is on the OWASP Israel chapter board.

Read more
Find Josh Grossman at:

Speaker

Varun Sharma

CEO and Co-Founder @Step_Security

Varun Sharma is the CEO and co-founder of StepSecurity, an open-core startup that empowers developers to defend against software supply chain attacks by automating security best practices.

He was formerly a Principal Security Software Engineering Manager at Microsoft, where he led the Green Team with a charter to solve high-risk, systemic security issues for Microsoft Azure.

Varun has over 15 years of security experience and an MSc in Information Security from Royal Holloway, University of London.

Read more

Speaker

Henry Tze

Lead Cloud Security Engineer @Virgin Media O2

Henry Tze is a Lead Cloud Security Engineer at Virgin Media O2. Focus on building users-focused security paved road at scale for developers/engineers/builders to maximise value creation at pace in AWS and GCP Cloud.

Empowering all levels of end users by providing pipeline templates, infrastructure blueprints, working examples, secure ways of working, low/no code self-service platforms that they never imagined before.

All in form of everything as code and he believed that's how builders should be united with and aligned. Encouraging users to form an internal community to overcome technical issues and share the love.

Read more
Find Henry Tze at:

From the same track

Session security

Security Checks Simplified: How to Implement Best Practices with Ease

Monday Mar 27 / 10:35AM BST

Many organizations are confronted with multiple issues flagged by security tools; are you struggling with security remediation? If so, this talk is for you.   

Speaker image - Varun Sharma

Varun Sharma

CEO and Co-Founder @Step_Security

Session cloud

How to Build a Successful Cloud Capability on a Heavy Regulated Organization

Monday Mar 27 / 11:50AM BST

On KPMG, working in a highly regulated industry ourselves, we know and feel the pain of enabling innovation and teams to do what they do best.

Speaker image - Ana Sirvent

Ana Sirvent

Principal DevOps Engineer @KPMG UK

Session automation

Getting Developers into F1 Driver Seats with Security?

Monday Mar 27 / 05:25PM BST

At Virgin Media O2, we are in a race of digital transformation which requires many different types of skillsets and people. This resulted in waves of hiring new blood, contractors and skilling up existing engineers/developers.

Speaker image - Henry Tze

Henry Tze

Lead Cloud Security Engineer @Virgin Media O2

Session security

Sustainable Security Requirements with the ASVS

Monday Mar 27 / 01:40PM BST

Shift left? Spread left? Regardless of terminology, we want to be thinking about security earlier on in the development lifecycle. Ideally whilst we are still gathering the business requirements.

Speaker image - Josh Grossman

Josh Grossman

Application Security Consultant & CTO @BounceSecurity

Session

Unconference: Building Security in Earlier

Monday Mar 27 / 02:55PM BST

What is an unconference? An unconference is a participant-driven meeting. Attendees come together, bringing their challenges and relying on the experience and know-how of their peers for solutions.

Speaker image - Shane Hastie

Shane Hastie

Global Delivery Lead @SoftEd, Lead Editor for Culture & Methods @InfoQ