SUMMIT TRACKS
Sessions focusing on CISO areas of concern and making security scale
- CEOs and CISOs roundtable
- Cyber and Privacy Risk Management 101
- Incident Scenario Exercise
- Keynote - Jane Frankland InSecurity
- Keynote - Open Security Summit 2020
- Keynote - Security from the CEO Point of view and Modern Team structures
- NCSC - Exercise in a box
- Open Information Security Risk Universe (OISRU)
- Risk & Error Budgeting
- Supply Chain Attacks : The rise of the Third Party Poopers
- Third Party Assurance
- Threat Personas and Application Vulnerability Scoring Model
- Trusted Partner Network demo
- Who is the CISO? Nobody knows
Sessions focusing on Cloud Security and Cloud Automation - AWS / Azure / GCP
- Chef InSpec (Compliance as Code)
- Cloud Security 101
- Migration to Cloud
- Multi-cloud Compliance as code
- Open control frameworks in Media and Entertainment
Sessions focus on CDR (Content Disarm & Reconstruction)
- Bakeoff - Anti-virus vs CDR vs Sandboxing
- CDR Roundtable How to collaborate and increase adoption
- Create common sets of files for CDR Testing and QA
- Securely Handling Fonts in PDFs - Part 1
Sessions focused on Covid-19 related topics
- Covid Apps Analysis
- COVID Apps Threat Modeling
- Covid Safe Paths - Threat Modeling Part 1
- Covid Safe Paths - Threat Modeling Part 2
- Keynote - Privacy by design at Covid Safe Paths App
- Security Labels for Covid Apps
- Using OWASP at Covid Safe Paths
- Vulnerabilities review of an Covid Application
- Wardley Mapping Covid Safe Paths App
Sessions focusing on the DevSecOps tools and techniques to embed security as part of CI/CD pipelines
- Agile in Cybersecurity (9pm)
- Beating the 1:100 Odds - Team Topologies for Security
- DAST - Dynamic Analysis integration lab
- Dependency scanning lab
- GitHub Actions & code scanning with CodeQL
- Infrastructure scan & Encryption
- Jira-Jupyter integration introduction
- Making the business case for DevSecOps (8PM)
- Owning AppSec Automation with Python
- SAST - Static Analysis integration lab
- Secrets and credentials scanning lab
- Security Automation with Python Boto3 for AWS and Pulumi
- To DevSecOps or not to DevSecOps: is that a question?
- Hacking Glasswall SDk & Cloud - Part 2
- O365 Security - Anti-Phishing best practises and Demo
- Oh dear, my laptop is hacked!
- Social Engineering - from recon to execution
- Threat Modeling - Cloud Functions as Detonation Chambers - Part 1
These sessions will look at the ISGs published by the NSA. These are standards established by the NSA. There is a ISG for each file type.
- How to measure and visualise ISG standards
- Office Documents ISG - How to automate Inspection and Sanitization Guidance testing
- PDF ISG - Inspection and Sanitization Guidance for Portable Document Format and JPG ISG - How to automate Inspection and Sanitization Guidance testing
- Progress on common test data
- Progress on validating the ISGs
- What are ISGs and how to convert ISGs into checklists?
- What security exploits are prevented by implementing ISGs
Lightning talks
- Lightning Talk - Cybersecurity in M&A (a CISO's guide)
- Lightning Talk - DevSecOps
- Lightning Talk - Startups: Security vs speed vs revenue, when all 3 are a priority!
- Lightning Talk - The Future of CNI
- Lightning Talk - Why your corporate IT needs to look a lot more like consumer IT
- Lightning Talk- Cybersecurity: What history teaches us
Sessions on multiple topics
- Post-summit: Security by Scenario
- Post-summit: Security by Scenario BRAINSTORMING
- Secure it at the source, frameworks and how to get them more secure
- Sense making with Cynefin framework
Sessions focused on OWASP ASVS related topics
- OSS user stories for all ASVS requirements that people can download and use
- What OWASP tools/projects we already have and what are we missing to deliver secure devops pipelines
Session on OWASP Juice Shop and its thriving ecosystem
- MultiJuicer Introduction
- OWASP Juice Shop Cocktail Party - Ask us anything ( AUA )
- OWASP Juice Shop Deep Dive - Integration
- OWASP Juice Shop Deep Dive - MultiJuicer
- OWASP Juice Shop Deep Dive - Theming
- OWASP Juice Shop Introduction
- OWASP Juice Shop introduction
Sessions focusing on Threat Modeling
- Drinks and Persona Building: Creating Adversary Trading Cards (1st Session)
- Introduction to Threat Modeling by Avi Douglen
- Lightning Demo - Threatmodel tool demos
- Threat model academic research status
- Threat Modeling - ICAP
- Threat Modeling - ICAP Post-Summit Session
- Threat Modeling - O365 SaaS Provider
- Threat Modeling Introduction
- Threatmodel tool demos - Thursday PM
- Threatmodel tool demos - Wednesday AM
- Threatmodel tool demos - Wednesday PM
- Threatmodel tool demos-Thursday
Sessions focusing on the use of Wardley Maps in Security
- Events example and security implications of the isolation and terrorism
- How do I do it - Bring your own map
- Introduction to Wardley Mapping by Chris Daniel
- Introduction to Wardley Mapping by Goher Mohammad
- Keynote - Wardley Mapping
- Mapping culture
- Risk Mapping - Applying Risk overlay with maps and security decision making
- Strategy Development - applying the concepts (Wardley Maps)
- Team Topologies & PST & Squads & Tribes
- Threat Mapping (using Maps in Cyber Security)
- Using Wardley mapping for Security Strategy and Architecture development
- Wardley Mapping (intermediate)
- Wardley mapping dynamic session
- Wardley Mappping introduction with Cat Swetel
- Wardley Maps First Aid
- Wardley Maps introduction
- Wardley Maps Introduction by Simon Wardley