Register now to learn more about:
|07:00 - 07:10||Welcome|
|07:10 - 07:55||
Visible software security in agile software development - Antti Vähä-Sipilä
New services are increasingly being built on, and existing services re-engineered, towards a cloud-native, distributed architecture. At the same time, organisational structures evolve to be better compatible with a cloud native and DevOps future, both on the development team level and on the product and portfolio management level.
These changes provide great opportunities for fresh approaches for managing software security and privacy. Both organisational and architectural transformation initiatives can be leveraged to bring in better visibility and cost effectiveness for software security work.
This talk will make the case for bringing security activities into agile software product and portfolio management. You will see practical examples of making security visible and to show evidence for it in the software development flow.
|07:55 - 08:05||Break|
|08:05 - 08:50||
Successfully communicating about security - Thomas Wearing
Many businesses have been through significant transformation where software development has become an ever larger part of the organisations operation. This transformation, though beneficial, has posed new challenges for organisations to tackle.
This growth has led to more employees than ever being directly responsible for contributing to our organisations security. Now more than ever is clear communication key to ensuring the success of achieving your security objectives. Part of this is ensuring that the various levels of your business are able to express concerns about securely clearly and concisely between individuals of different backgrounds.
In this talk we hope to provide you with awareness on some of the reoccurring communication challenges F-Secure has seen during our work. In addition to providing suggestions on what actions you can take to remediate these issues in your organisation.
|08:50 - 09:00||Break|
|09:00 - 09:45||
The challenges of supply chain threats – Thierry Decroix
Every organisation sources products from third-party vendors, whether these are commercial or open-source software libraries, off-the-shelf solutions, complete systems, purpose-built hardware, or even individual electronic components.
Recent examples of attacks such as SolarWinds, Microsoft Exchange, and concerns such as installing Huawei equipment in mobile networks have however highlighted yet again how dependent each organisation has become on the security of these commercial solutions.
This ever-increasing complexity of the technology stack and supply chain we've come to depend on, combined with an ever-increasing sophistication of attackers, present an extensive challenge for everyone involved in adequately understanding and mitigating the risk that these products represent.
This presentation aims to provide the audience with an understanding of what threats your organisation may be facing to your supply chains and how you can control your supply chain to help mitigate these threats. This insight is based on real life experiences of the F-Secure Consulting Product Security team.
Principal Consultant, F-Secure Consulting
Antti Vähä-Sipilä has worked in software security from the early '00s. He started in consumer products and services, later consulting a variety of companies and public sector clients.
Antti is especially interested in bringing security and privacy into lean and agile product creation - from service design to protocol design. Typically, his work revolves around technical threat modelling, privacy impact assessment, and advising product and process people.
Security and Risk Management Consultant, F-Secure
Thomas has been working with a variety of customers for nearly a decade, including organisations from the pharmaceutical, finance and government sectors.
During this period Thomas' has worked in both offensive and defensive security providing him with a well-balanced prospective. Thomas’ latest focus has been on working with F-Secure’s client to improve and building their secure development processes, working closely with clients to ensure that each solution is tailored to their needs.
Global Head of Product Security, F-Secure Consulting
Thierry is an experienced security consultant who first started assessing the security of software applications over 20 years ago and has since gained considerable experience in multiple security domains including hardware and product security.
Passionate about information security in general and product security in particular, when he doesn't have his hands dirty with offensive research of cyber-physical systems, he is strongly focused on enabling a global team of security experts to improve the security and resilience products.