F-Secure Consulting Event

Virtual Client Briefing
Lessons on secure development

June 3, 2021

07:00 - 10:00 AM EST

Online - Global

Join us for the second virtual client briefing where F-Secure Consulting consultants from Denmark and Sweden will share insights on building cyber resilience. At this event, you will learn lessons on secure development, and have the opportunity to directly engage with speakers during the Q&A following each session. All sessions will be available on demand after the event has aired.

Register now to learn more about:

  • The capabilities needed to maintain resilience
  • Lessons learned form our product security team on how to mitigate threats to your supply chain
  • Global threat intelligence and recent trends in the threat landscape
  • Practical recommendations and actionable insights

Agenda

07:00 - 07:10 Welcome
07:10 - 07:55

Visible software security in agile software development - Antti Vähä-Sipilä

New services are increasingly being built on, and existing services re-engineered, towards a cloud-native, distributed architecture. At the same time, organisational structures evolve to be better compatible with a cloud native and DevOps future, both on the development team level and on the product and portfolio management level.

These changes provide great opportunities for fresh approaches for managing software security and privacy. Both organisational and architectural transformation initiatives can be leveraged to bring in better visibility and cost effectiveness for software security work.

This talk will make the case for bringing security activities into agile software product and portfolio management. You will see practical examples of making security visible and to show evidence for it in the software development flow.

07:55 - 08:05 Break
08:05 - 08:50

Successfully communicating about security - Thomas Wearing 

Many businesses have been through significant transformation where software development has become an ever larger part of the organisations operation. This transformation, though beneficial, has posed new challenges for organisations to tackle.

This growth has led to more employees than ever being directly responsible for contributing to our organisations security. Now more than ever is clear communication key to ensuring the success of achieving your security objectives. Part of this is ensuring that the various levels of your business are able to express concerns about securely clearly and concisely between individuals of different backgrounds.

In this talk we hope to provide you with awareness on some of the reoccurring communication challenges F-Secure has seen during our work. In addition to providing suggestions on what actions you can take to remediate these issues in your organisation. 

08:50 - 09:00 Break
09:00 - 09:45

The challenges of supply chain threats – Thierry Decroix 

Every organisation sources products from third-party vendors, whether these are commercial or open-source software libraries, off-the-shelf solutions, complete systems, purpose-built hardware, or even individual electronic components.

Recent examples of attacks such as SolarWinds, Microsoft Exchange, and concerns such as installing Huawei equipment in mobile networks have however highlighted yet again how dependent each organisation has become on the security of these commercial solutions.

This ever-increasing complexity of the technology stack and supply chain we've come to depend on, combined with an ever-increasing sophistication of attackers, present an extensive challenge for everyone involved in adequately understanding and mitigating the risk that these products represent.

This presentation aims to provide the audience with an understanding of what threats your organisation may be facing to your supply chains and how you can control your supply chain to help mitigate these threats. This insight is based on real life experiences of the F-Secure Consulting Product Security team.

09:45 Wrap up

Speakers

Antti Vähä-Sipilä

Antti Vähä-Sipilä
Principal Consultant, F-Secure Consulting

Antti Vähä-Sipilä has worked in software security from the early '00s. He started in consumer products and services, later consulting a variety of companies and public sector clients.

Antti is especially interested in bringing security and privacy into lean and agile product creation - from service design to protocol design. Typically, his work revolves around technical threat modelling, privacy impact assessment, and advising product and process people.

Thomas Wearing

Thomas Wearing
Security and Risk Management Consultant, F-Secure

Thomas has been working with a variety of customers for nearly a decade, including organisations from the pharmaceutical, finance and government sectors.

During this period Thomas' has worked in both offensive and defensive security providing him with a well-balanced prospective. Thomas’ latest focus has been on working with F-Secure’s client to improve and building their secure development processes, working closely with clients to ensure that each solution is tailored to their needs.

Thierry Decroix

Thierry Decroix
Global Head of Product Security, F-Secure Consulting

Thierry is an experienced security consultant who first started assessing the security of software applications over 20 years ago and has since gained considerable experience in multiple security domains including hardware and product security.

Passionate about information security in general and product security in particular, when he doesn't have his hands dirty with offensive research of cyber-physical systems, he is strongly focused on enabling a global team of security experts to improve the security and resilience products.

Register

This event has passed. Please register for one of our upcoming events.

Can't attend? Subscribe to our latest insights and upcoming events in your country.

Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs