Back to All Events

Security Summit: Agile Application Security

  • Columbia Tower - Washington Room (map)

Application Security

Integrating Application Security at the Speed of Agile

How do you securely develop applications when you're pushing new builds on a daily basis? Join us for a security summit as industry experts will share their insights on the realities and risks associated with agile development frameworks. 

Event schedule:

  • 11:00 AM Amber Oleson, Cyber Security Practice Manager at Deja vu Security
  • 11:10 AM Nick Ellingson, Membership Consultant and Startup Ambassador at Washington Technology Industry Association
  • 11:20 AM Adam Cecchetti, CEO at Deja vu Security [opening remarks]
  • 11:45 AM Jeff Costlow, Director of Security at ExtraHop [secure development lifecycle]
  • 12:15 PM Bob Fruth and Valery Berestetsky, Principal Product Security Leaders at GE Healthcare [threat modeling]
  • 1:00 PM Panel #1, moderated by Akshay Aggarwal, Founder at Deja vu Security. Panelists include Michael de Libero, Manager of Application Security at Unity Technologies; Sean Curran, Senior Director of Cybersecurity Consulting at West Monroe Partners; and Bob Fruth, Principal Product Security Leader at GE Healthcare [secure development for decision-makers]
  • 1:30 PM Break
  • 1:50 PM Mikkel Wilson, Founder at Oblivious.io [agile data security in public clouds]
  • 2:20 PM Jeff Tucker, Senior Software Engineer at Peach Tech [achieving rapid feedback for application security]
  • 2:50 PM Panel #2, moderated by Akshay Aggarwal, Founder at Deja vu Security. Panelists include Richard Lewis, Senior Application Security Architect at 2K Games; Valery Berestetsky, Principal Product Security Leader at GE Healthcare; and Daniel Herrera, Principal Security Consultant at Deja vu Security [best practices and lessons learned in application security]
  • 3:20 PM Akshay Aggarwal, Founder at Deja vu Security [closing remarks]
  • 3:30 PM Social hour

Talks

Introduction

Amber Oleson, Cybersecurity Practice Manager at Deja vu Security

Opening remarks

Adam Cecchetti, CEO at Deja vu Security

The Secure Development Lifecycle

Jeff Costlow, Director of Security at ExtraHop

This lessons-learned talk by Jeff Costlow of ExtraHop is about building secure software in a small to medium sized dev shop. It covers the phases of the Secure Development Lifecycle and will discuss each phase with practical recommendations for implementations.

Threat Modeling: Amplifying the Benefits

Valery Berestetsky and Bob Fruth, Principal Product Security Leaders at GE Healthcare

Over the years, Threat Modeling has progressed from its original focus on client-server software systems into a very well understood process that is widely applicable. Threat models have been created for complex hardware and software systems ranging from operating systems to ATMs to automobiles to devices to the Internet of Things.

So what does Threat Modeling mean for your organization? How do you manage the details and focus on the highest risk interfaces and attack surface? What steps should you take to ensure that threat modeling yields the best possible result without becoming yet another mind-numbing process exercise? In this talk, two software industry veterans will seek to provide answers to these and other threat modeling questions, including discussing best practices and approaches for fully assessing and understanding of the attack surface and risks of complex systems and devices.

Data Security in Public Clouds

Mikkel Wilson, Founder at Oblivious.io

Data security exists on a gradient from blogs (broadcast information) to military (InfoSec is life or death). Enterprises and small businesses often fall closer to blogs than military and, as a result, breaches are frequent. Tools such as ZK-proofs, elliptic curve crypto, and HMACs exist to make applications more secure but they're not widely adopted. This is a primer on which tools to use, how to use them safely, and how to write your own. It's time we think more like a military when building apps.

Achieving Rapid Feedback for Application Security

Jeff Tucker, Senior Software Engineer at Peach Tech

This lessons-learned talk is about building secure software in a small to medium sized dev shop. It covers the phases of the Secure Development Lifecycle and will discuss each phase with practical recommendations for implementations.

Panels

Secure Development for Decision-Makers

  • Akshay Aggarwal, Founder at Deja vu Security

  • Michael de Libero, Manager of Application Security at Unity Technologies

  • Sean Curran, Senior Director of Cybersecurity Consulting at West Monroe Partners

  • Bob Fruth, Principal Product Security Leader at GE Healthcare

Akshay Aggarwal (Peach Tech, Deja vu Security), Bob Fruth (GE Healthcare), Sean Curran (WMP), and Michael de Libero (Unity Technologies) team up for the first panel at Deja vu Security's Agile Security Summit in April 2018. Panel topic: Secure Development for Decision-Makers.

Best Practices and Lessons Learned in Application Security

  • Akshay Aggarwal, Founder at Deja vu Security

  • Richard Lewis, Senior Application Security Architect at 2K Games

  • Valery Berestetsky, Principal Product Security Leader at GE Healthcare

  • Daniel Herrera, Principal Security Consultant at Deja vu Security

The second panel of the day at Deja vu Security's Agile Security Summit in April 2018 in Seattle, WA. Topic: Best Practices and Lessons Learned in Application Security.

More Deja vu Security Summits

Earlier Event: December 5
Blockchain Security Summit
Later Event: October 26
Deja @ BSides PDX