Unconference: Building Security in Earlier

If you have registered for QCon London, please log into your account to get access to this presentation.

What is an unconference?

An unconference is a participant-driven meeting. Attendees come together, bringing their challenges and relying on the experience and know-how of their peers for solutions. A professional facilitator is also there to help keep the discussion moving forward, but where it goes is up to the participants.

It's a facilitated peer group that avoids the hierarchical aspects of a conventional conference, such as a top-down organization. Only the broad themes are predetermined. Everything else is just space for attendees to sound off ideas together, relate to shared challenges and rewards, and identify new ideas and goals. 

Our unconference sessions have been based on the Open Space Technology and Lean Coffee format since 2006.

Why are we doing unconference sessions?

We have designed QCon for senior software practitioners. That role comes with demanding challenges and complex problems. 

Connecting with your peers in a structured environment allows you to:

  • Broaden your perspective with the benefit of the experience of others.
  • Challenge how you've been doing things by breaking out of your bubble.
  • Learn from peers who have already overcome the challenges you're facing now.
  • Benchmark your solutions against other teams and organizations.
  • Get real-world perspectives on challenges that might be too novel or specific to find solutions in books or presentations.
  • Validate your technical roadmap with real-world research.
  • Connect with others like you and build relationships that go beyond the event.


Shane Hastie

Global Delivery Lead @SoftEd, Lead Editor for Culture & Methods @InfoQ

Shane leads the Culture and Methods editorial team for InfoQ.com where he hosts the weekly InfoQ Culture Podcast. He is the Global Delivery Lead for SoftEd.  

Over the last 30+ years Shane has been a practitioner and leader of developers, testers, trainers, project managers and business analysts, helping teams to deliver results that align with overall business objectives. He has worked with large and small organisations, from individual teams to large transformations all around the world. He draws on over 3 decades of practical experience across all levels of Information Technology and software intensive product development. Shane was a director of the Agile Alliance from 2011 to 2016 and was the founding Chair of Agile Alliance New Zealand. Shane is an ICF registered Professional Coach. 

“I firmly believe that humanistic way of working and the agile mindset are desperately needed in organisations all around the globe today. Taking agile values and principles beyond software is important and making sure they are properly embedded is absolutely crucial for success – we’re in an industry that touches every aspect of people’s lives and massively influences society as a whole and I want to be a part of making sure that industry is both ethical and sustainable.”

Read more
Find Shane Hastie at:


Monday Mar 27 / 02:55PM BST ( 50 minutes )


Rutherford (4th Fl.)


Video is not available


Slides are not available


From the same track

Session security

Security Checks Simplified: How to Implement Best Practices with Ease

Monday Mar 27 / 10:35AM BST

Many organizations are confronted with multiple issues flagged by security tools; are you struggling with security remediation? If so, this talk is for you.   

Varun Sharma

CEO and Co-Founder @Step_Security

Session cloud

How to Build a Successful Cloud Capability on a Heavy Regulated Organization

Monday Mar 27 / 11:50AM BST

On KPMG, working in a highly regulated industry ourselves, we know and feel the pain of enabling innovation and teams to do what they do best.

Ana Sirvent

Principal DevOps Engineer @KPMG UK

Session automation

Getting Developers into F1 Driver Seats with Security?

Monday Mar 27 / 05:25PM BST

At Virgin Media O2, we are in a race of digital transformation which requires many different types of skillsets and people. This resulted in waves of hiring new blood, contractors and skilling up existing engineers/developers.

Henry Tze

Lead Cloud Security Engineer @Virgin Media O2


Panel: Building Security in Earlier

Monday Mar 27 / 04:10PM BST

Software security is an essential aspect of any digital product, yet it is often neglected until the late stages of the development lifecycle. This approach leaves organizations vulnerable to cyberattacks, which can result in costly data breaches, reputational damage, and legal liabilities.

Ana Sirvent

Principal DevOps Engineer @KPMG UK

Josh Grossman

Application Security Consultant & CTO @BounceSecurity

Varun Sharma

CEO and Co-Founder @Step_Security

Henry Tze

Lead Cloud Security Engineer @Virgin Media O2

Session security

Sustainable Security Requirements with the ASVS

Monday Mar 27 / 01:40PM BST

Shift left? Spread left? Regardless of terminology, we want to be thinking about security earlier on in the development lifecycle. Ideally whilst we are still gathering the business requirements.

Josh Grossman

Application Security Consultant & CTO @BounceSecurity