talk-data.com

Waterworks, airports, the energy grid or telephone traffic: all interesting targets in the Netherlands for cyber or hybrid attacks from countries like Russia and China, say intelligence experts. A highly digitalized world asks for a movement from DevOps to DevSecOps, this means us as developers should specialize in security now too! More than ever, a hack on your software can have serious impact on the daily lives of people: from leaking their personal information to shutting down the energy supply to Dutch homes. Think the leak of private data of police in 2024, and the one of the Bevolkingsonderzoek Nederland in 2025. In other words your software might not be responsible for trains to be able to ride, or payments being done through banks, but most companies do process at least some personal data. Just like accessibility, security often is an afterthought, and that will just not do anymore. Security needs to be considered from day one in every software project. Tonight we will give the stage to three developers to talk about their security approach.

Program 17.45 walk in / dinner (vegetarian) 18.30 Intro Girl Code by Ineke Scheffers 18.35 Intro CGI by Janine Tjassens, CGI BU Leader Randstad and North Netherlands

18.40 Secure Software Development - Erica Welling, Software Security Specialist at CGI Erica will discuss several core principles that help make IT structurally more secure. With these insights into our daily work, we can build systems that are not only fast and beautiful, but also resilient and future-proof. 19.00 Supply Chain Attacks: Here to Stay - Jasmijn van Genesen, Application Security Engineer at KVK Supply chain attacks like Shai Hulud show how hackers exploit package managers and CI/CD pipelines to steal secrets. In her talk Jasmijn will plead for protecting the whole chain—not just writing secure code—by making mitigation of risks a standard in DevSecOps. 19.20 Business Logic Flaws: How to Prevent Them in Your APIs - Alexandra Charikova, The Elephant in AppSec podcast host & community manager at Escape Attackers exploit valid features in unintended ways to bypass rules, abuse workflows, or manipulate sensitive operations. In this talk, Alexandra explores real-world API examples, how attackers chain valid actions for harmful outcomes, and how defenders can catch issues early through ie. threat modeling and security integration in CI/CD. 19.40 Q&A with all speakers 20.00 - 21.00 drinks, snacks, mingle

"At CGI, we value and actively work together to foster an environment where every voice is heard and respected and where every member has equal opportunity to share their ideas, lead and grow. Estimates are that less than 30% of technology jobs are held by women. And according to the numbers above that seems a little too generous even. To increase this it is important to inspire and empower women, which is why initiatives such as Girl Code are so important. A little while ago we hosted Girl Code at CGI, in short, it was a great success! Looking at the current (political) climate the topic of diversity is more important than ever. With that in mind we couldn't be more excited to host another Girl Code event!" - Sara Larsson\, Software Architect & Engineer at CGI

Team Ineke Scheffers - organizer and founder Girl Code Sara Larsson - host CGI Jeroen de Bekker - host CGI Frédérique Doek - host CGI Kimberly Bisschops - host CGI

Attendance policy We take attendance. If you RSVP'd but didn't show up, it will have consequences. Also be sure to cancel on time, 'cause cancelling 1 day before will be too late and count as a no-show. (Illness is of course an exception to this rule).

Public transport It's a 5 min walk from station Rotterdam Alexander. At the station take the exit which ISN’T connected to the metro. Find the entrance by following the George Hintzenweg. Call reception at the visitors door, take the stairs up, it's the 1st building on the left.

Car The employee garage is open for us between 17.30 and 18.30. Before or after: use the intercom. The parking garage can be reached along George Hintzenweg. Take the stairs in the middle, then you will find the CGI office on the left (road as orientation).

Accessibility If you need disability parking or use a wheelchair contact us at [email protected], so we can make the right arrangements.

Abstract:

There's no doubt that undertaking the practice of threat modeling can significantly improve an organisation's security posture, but it can be difficult to understand how and where to start. Even with an extensive level of system knowledge, it can often be difficult to truly shift focus from your day-to-day role and take on the attacker's mindset.

In this presentation, we explore the practical application of Large Language Models for threat modeling. We'll examine the benefits and challenges of threat modeling, including an overview of the process itself. A key focus will be on creating meaningful prompt sheets that enable effective LLM-based threat modeling while maintaining the confidentiality of sensitive company information.

The talk includes live demonstrations of threat modelling using ChatGPT and Gemini, with a comparative analysis of both platforms' capabilities and approaches. Time permitting, we'll conclude with questions and follow-up discussion on the topics covered.

Location:

• 📍 Venue: Veracode, 36 Queen Street London, EC4R 1BN
• 📅 Date: Wednesday, 19th November 2025
• 🕕 Time: 6:00 PM – 8:00 PM
• 🎟️ RSVP now and join us on the 19th November!

Sponsors:

• We are incredibly grateful to Veracode and Orca Security for their support and commitment to the DevSecOps London Gathering community!

Join the community:

• Can't make it to the event? Keep up to date with our activities on LinkedIn, X (Twitter), Bluesky & Youtube.
• Tune in to our insightful podcast, DSO Overflow.

🎉 Join our on-site open-appsec Meetup in Paris — Sept. 23, 2025!

🔐 open-appsec is an open-source Web Application & API security project (WAF) that uses machine learning to deliver pre-emptive protection against OWASP Top 10 vulnerabilities and zero-day attacks. ✨ No signatures, no rule-tweaking — just smart, scalable security for your infrastructure.

It integrates seamlessly on Linux, Docker, and Kubernetes with many popular Reverse Proxies, Ingresses & API Gateways such as: NGINX, Envoy, Kong, APISIX, Istio, NGINX Proxy Manager and more — making it easy to add security without the maintenance burden of traditional WAFs.

🔍 What to Expect at This Meetup

• 🤖 Using machine learning for proactive Web App & API security
• 🛡️ Deploying a fully pre-emptive WAF against known & unknown (zero-day) attacks
• ⚙️ Managing NGINX deployments via a centralized SaaS tool
• 🌍 Real-world use cases & deployment examples
• 💻 Live demos, open discussions & hands-on walkthroughs
• 🍕 Q&A, networking & drinks

This meetup will be held in English.

👥 Who Should Attend

• 👩‍💻 Developers & DevOps / DevSecOps engineers
• 🔒 Security professionals & AppSec / WAF practitioners
• 🌐 Anyone curious about open-source security or modern cloud-native protection

Whether you’re securing cloud workloads, managing microservices at scale, or just exploring next-gen AppSec, this is the place for you! 🚀

Are you a cybersecurity professional looking to connect with like-minded professionals, share experiences, and make friends? Look no further! Join us for a special edition of the Berlin Cybersecurity Social hosted in collaboration with the Venture Café Berlin and the AI Ethics Action Hub for a fantastic evening of networking.

Agenda:

• 5:00 PM - 5:15 PM: Welcome
• 5:15 PM – 5:50 PM: Lightning Talk: AI Threat Modeling: how to bring the right mindset to detect and prevent AI risk - Iryna Schwindt In this talk, we'll explore the full spectrum of AI risks—not just security-related ones—and why understanding the application context is critical. You'll learn: - What are the types of AI risks (not only security risks) - Why AI application context matters - How to identify potential threats\, apply effective controls and guardrails - Cultivating the right mindset to detect and prevent AI risks *
• 5:50 PM - 6:30 PM: Panel: AI Meets Cybersecurity: Building Smarter, Safer Systems at Scale - Jose Quesada, Diana Waithanji, Ali Yazdani, Pranav Vattaparambil As AI rapidly integrates into every layer of digital infrastructure, the stakes for cybersecurity have never been higher. This panel brings together experts from across the security spectrum—ranging from DevSecOps and enterprise risk to cybersecurity strategy—to explore how AI is transforming threat detection, governance, and secure system design. We’ll dive into real-world use cases, emerging risks, and what it takes to build scalable, intelligent, and secure systems in an increasingly AI-driven world.
• 6:30 PM - 8:00 PM: Breakout Session: Cybersecurity in the Age of AI: Ethics & Human-Centered Future *Featuring Azer Aliyev (speakinprivate.com), Gunay Kazimzade (Mercedes-Benz Consulting), and Justin Shenk (AI Salon Berlin), this fast-paced session brings together innovators, researchers, and tech leaders to explore how to build AI systems that protect privacy, bolster trust, and keep humans at the heart of digital transformation.

*This session is organised by the AI Ethics Action Hub

About the Speakers:

Iryna Schwindt is a Cybersecurity engineer currently at Vodafone and a co-author at the OWASP AI Exchange (https://owaspai.org/) project, contributing to the EU AI Act security standard and AI Red Teaming.

Jose Quesada is the founder and director of Data Science Retreat (DSR), an advanced ML bootcamp that has helped over 300 professionals land data science roles. With a PhD and 20+ years in machine learning, Jose brings a unique blend of technical depth and creative flair—he’s also a former photorealism artist. He has advised on impactful projects ranging from malaria diagnostics to sustainability-focused robotics.

Diana Waithanji is a Cybersecurity Engineer at SAP SE, with experience working across Europe and Africa. She is an advocate for data privacy as a fundamental human right and serves on two technical committees at the Kenya Bureau of Standards. Diana is also a board member at Nivishe Foundation, where she supports youth mental health through safe spaces. Her work bridges global standards, social impact, and cutting-edge security practices.

Ali Yazdani is a seasoned security professional with over a decade of experience spanning offensive security and secure development practices. Starting his career as a penetration tester, he now specializes in building scalable DevSecOps programs and embedding security into engineering workflows. Ali brings deep technical knowledge and a pragmatic approach to security culture. His mission is to empower teams to build safer software at scale and is currently a founder at Scandog.io

Pranav Vattaparambil is Chief Security Officer at Unosecur (https://www.unosecur.com/) as well as a security and product strategist with deep expertise in fintech. Formerly VP of Cybersecurity at the EU’s largest Banking-as-a-Service company, he also advises multiple startups on navigating security, risk, and go-to-market strategy. Pranav bridges the gap between technical execution and business impact, especially in regulated industries like banking and crypto. His focus is on helping companies build secure, scalable products from day one.

About Venture Café Berlin: Venture Café Berlin connects a community of innovators and entrepreneurs with free high-impact programming and events. Venture Café is a part of the CIC network, whose mission is to fix the world through innovation.

About Berlin Cybersecurity Social: This meetup is open to cybersecurity professionals of all levels, from beginners to experts. Whether you're a seasoned pro or just starting your journey in the field, this event is the perfect opportunity to connect with others who share your passion for cybersecurity.

About the AI Ethics Action Hub: A global, interdisciplinary collective dedicated to advancing ethical, inclusive, and accountable AI. We believe technology should be designed to respecting human dignity, planetary well-being, and intergenerational justice.

Welcome to the DevSecOps London Gathering – April Edition! 📍 Hosted at CyberArk, 8SBT, 1 Pear Place, London SE1 8BT

Join us for an evening of conversations at the intersection of AI and security. As artificial intelligence reshapes how we build and defend our systems, this month's meetup dives deep into how it’s transforming both infrastructure and application security.

🕕 Agenda

• 6:00 PM: Doors Open – grab a drink
• 6:15 PM: Welcome & Intros
• 6:30 PM: Lightning Talk – Workload Identity in the AI Era Discover how to secure AI agents in a zero-trust environment, using Workload Identity to ensure they only access what they’re authorized for.
• 6:45 PM: Main Talk – AI and AppSec: Are We Finally on the Verge of a Breakthrough? We’ll explore how AI could revolutionize threat modelling, reduce bottlenecks in security reviews, and integrate more seamlessly into the dev lifecycle.

Whether you're an engineer, security pro, or tech leader, come prepared to exchange ideas, ask questions, and connect with London’s thriving DevSecOps community.

Full talk details below: Lightning Talk - Workload Identity in the AI era

As AI continues to revolutionize the workplace, ensuring the security of AI agents becomes paramount. How can we guarantee that these AI agents only interact with services it is authorized for?

Join this lightning talk to discover the concept of Workload Identity, how to integrate it with your AI systems, and explore strategies to enable your AI to operate within a zero-trust environment.

Main Talk - AI and AppSec: are we finally on the verge of the big breakthrough? In cybersecurity, AI has made significant advances, especially in threat detection, risk quantification and remediation automation. However, perhaps in Application Security (AppSec), it hasn't fully reached its potential—yet. This talk will explore why the next big breakthrough in AI is deemed to potentially revolutionise threat modelling, an area traditionally plagued by manual processes, high complexity, and slow adoption in fast-moving development environments. We are at the tipping point where AI can potentially understand code deeply enough to automate threat modelling, shifting threat modelling left and removing bottlenecks in the security review process. By using AI to derive data flows, identify threats and controls and continuously update threat models, we can potentially integrate security into the development lifecycle more effectively. Join this session to discuss and discover how AI could potentially take threat modeling as code (and from code!) to the next level. Key discussion points:

1. Current AI applications in AppSec
2. How AI could revolutionise threat modelling and the potential key players in this field

RSVP to join us!

With thanks to our Gold Sponsors Apiiro for their continued support throughout 2025!

Join the community: Can't make it to the event? Keep up to date with our activities on LinkedIn & Twitter

Your application security program will either succeed or fail based on developer adoption of your security tools. Once these security tools are enabled and adopted across your enterprise, the next biggest challenge is remediation (or fixing) these found vulnerabilities at-scale. Enter "Found Means Fixed", GitHub's latest tagline for leveraging industry leading Artificial Intelligence (powered by Copilot) to help fix thousands of vulnerabilities at the click of button. This session will cover how KPMG is providing a world-class services offering centered around "Campaigns" for enterprises leveraging GitHub's Advanced Security auto-fix solution. Campaigns will revolutionize how enterprises think about, plan for, and eliminate application security debt at-scale. Viewers will receive a behind-the-scenes look at the underlying technology and and the people and processes that will change the way DevSecOps practitioners think about managing significant security debt. Did we mention that we can eliminate security debt at-scale? Please join us for what is sure to be an exciting discussion around this game changing technology!

Learn more about the series!

This session will explore how to accelerate secure application deployment by leveraging the powerful capabilities of Azure development and security building blocks, combined with the innovative RapidFort platform.

We'll delve into the latest advancements in preemptive security practices, demonstrating how to streamline the development and deployment process while ensuring the highest levels of security. By integrating RapidFort with Azure App Service, Azure Functions, Azure Kubernetes Service, and Azure DevOps, we'll showcase how to create a DevSecOps pipeline that automatically identifies and remediates vulnerabilities, protects applications from runtime attacks, and ensures compliance with industry standards.

This session will explore how to accelerate secure application deployment by leveraging the powerful capabilities of Azure development and security building blocks, combined with the innovative RapidFort platform.

We'll delve into the latest advancements in preemptive security practices, demonstrating how to streamline the development and deployment process while ensuring the highest levels of security. By integrating RapidFort with Azure App Service, Azure Functions, Azure Kubernetes Service, and Azure DevOps, we'll showcase how to create a DevSecOps pipeline that automatically identifies and remediates vulnerabilities, protects applications from runtime attacks, and ensures compliance with industry standards.

Big data has moved beyond being just a buzzword; it's now at the heart of modern business strategies. When used effectively and efficiently, data can open up new revenue opportunities, provide deep insights, and even drive social impact. As digital transformation accelerates, data is no longer just a tool—it's woven into the fabric of every part of an organization. Designing and maintaining a tier 1 data platform has become essential to staying ahead of the competition. 

Especially with AI-driven applications on the rise, the convergence of DevSecOps and DataOps is becoming increasingly critical. The recent global disruption caused by a security company's mistake was a wake-up call—highlighting just how high the stakes can be. Building and scaling data platforms isn't enough; security and scalability need to be integral to the entire data lifecycle. 

Bringing more than a decade of SRE experience to maintaining and managing top enterprise software, we will discuss how to tear down silos and encourage collaboration among development, security, operations, and data teams. By doing so, organizations can achieve unprecedented levels of reliability and security. Integrating DevSecOps with DataOps doesn't just automate and protect data operations—it also safeguards data integrity, privacy, and compliance, even as data environments expand in size and complexity. In today's competitive market, this proactive stance is what will set the leaders apart from the rest.

Main Actionable Takeaways:

• Cultivate a Collaborative Culture

• Prioritize Resilience and Recovery

• Integrate Security Seamlessly into Data Pipeline

Join us for a Amazon Q Meetup at the AWS NYC office in Bryant Park, on May 15, from 5:15 to 7:30 PM EST and see how generative AI tools can help make your life easier and help build. This event is part 3 of a series of 4, however the content for each of the events is designed to be standalone. You do not need to attend all 4 events and can attend any one event individually or in parts.

Talk: Accelerating application upgrades with Amazon Q Code Transformation In the realm of software delivery, the ability to efficiently update languages and platforms is essential for speed to market and security. This meetup delves into Amazon Q Code Transformation, an innovative tool that helps with application maintenance, upgrades, and migrations. Developers, SRE teams, IT Architects and leaders will learn how to use the power of Generative AI to automate tasks such as language version upgrades, unit testing, and deployment readiness checks. Organizations will benefit from being able to reduce manual toil and accelerate code upgrade time to minutes. Join us for a presentation and demo on upgrading a Java application with Amazon Q Code Transformation, followed by a Q/A session.

Speakers:

• Shawn Chasse Shawn is a senior solutions architect at AWS in the Media, Entertainment, Games and Sports sector. Shawn has been developing infrastructure for enterprise deployments for many years now. He has a passion for Infrastructure as Code and developing Event Driven Architectures that scale to enterprise levels. In his free time, Shawn spends time with his wife and two children, and enjoys photography and woodworking.
• Kawsar Kamal Kawsar is a senior solutions architect at AWS in the ISV services sector. Kawsar has been in the infrastructure automation and security space for 15+ years. During his career, he has focused on cloud migration, infrastructure as code, and DevSecOps transformation projects across various industries. In his free time, Kawsar enjoys running and hiking.

Important instructions

• Event starts at 5:30 pm EST, but please allow at least 15 minutes for security to process registration
• Please ensure that your meetup profile has your full name. Both first and last name are required and we will not be able to register attendees with just abbreviations or incomplete names.
• There are two entrances tot he building, one on 38th st and one on 39th st. If you enter through 38th street, please follow the hallway to proceed to the reception in the front of the building where you can get registered
• There is an optional networking and Q&A event at the event of the meetup

Reactor Series: Spotlight on Applications Innovation & AI Session #3 | DevSecOps in Azure + GitHub Day: 12.03.2024 Time: 16:30 UTC

About the Series: The "Spotlight on Applications Innovation & AI" webinar series is designed to delve deep into the latest trends, tools, and techniques in the realm of applications innovation and artificial intelligence (AI). Each session brings together industry experts, thought leaders, and practitioners to explore various facets of innovation in application development, highlighting emerging technologies, best practices, and real-world use cases.

About the Session: In this session, "DevSecOps in Azure + GitHub," we'll delve into the crucial intersection of development, security, and operations, showcasing how Azure and GitHub are revolutionizing DevSecOps practices. From securing development pipelines to leveraging AI for enhanced security, this session explores innovative approaches to safeguarding your applications and infrastructure.

Who Should Attend: This session is ideal for developers, DevOps engineers, security professionals, cloud architects, and anyone involved in software development, deployment, or security. Whether you're a seasoned expert or just beginning your journey in DevSecOps, this session offers valuable insights and strategies applicable to various roles and skill levels.

By attending this session, you will:

Gain a comprehensive understanding of DevSecOps principles and practices. Learn how Azure and GitHub provide integrated solutions for securing your development lifecycle. Discover practical ways to leverage AI for enhancing code security and cloud security. Hear from industry experts about real-world implementations and best practices. Network with peers and engage in discussions about the latest trends and challenges in DevSecOps.

Agenda:

16:30-16:35 - Introduction: Welcome to the "DevBoost for Developer Productivity" – Moria Dror, Regional Reactor PM, Microsoft

16:35-17:00 - Securing DevOps: Microsoft's Unified Solution for DevSecOps Excellence with Azure DevOps + GitHub - Elli Shlomo Microsoft MVP

Join Elli in an exploration of DevSecOps excellence with Microsoft's integrated solution, uniting Azure DevOps and GitHub. Delve into the seamless integration that propels your security practices, emphasizing a "Shift Security Left" approach. Learn how to increase developer velocity while embedding robust security measures throughout your code lifecycle. Uncover the comprehensive suite of tools, effortlessly migrate repositories, and fortify your DevOps journey with Microsoft's unified solution.

17:00-17:40 - Code Security Reinvented: Navigating the era of AI- Joseph Katsioloudes, Developer Advocate, GitHub Security Lab

Artificial intelligence (AI) has historically fallen short of improving software development practices, but with the introduction of AI pair programmers, the game has changed. Join Joseph as he demonstrates several ways developers can leverage AI to enhance code security through practical demos in GitHub Copilot. Gain a deep understanding of AI capabilities and best practices for shipping secure code.

17:40-18:00 - Elevating Cloud Security with AI: A DevSecOps Revolution –Eran Bibi, Co-Founder & Chief Product Officer, Firefly

AI has transformed various industries, including DevOps, by preventing service disruptions, improving security, and enabling anomaly detection. Eran will guide you through the best ways to apply AI to manage and secure multi-cloud infrastructure, from code generation to policy enforcement to remediation. Don't miss out on this opportunity to stay ahead in the AI revolution.

Don't miss this opportunity to deepen your understanding of DevSecOps practices and explore innovative approaches to securing your development workflows and cloud infrastructure. Join us for an engaging session filled with valuable insights, practical tips, and expert perspectives. We look forward to welcoming you and helping you navigate the evolving landscape of DevSecOps.

Visit Microsoft Learn to discover free AI learning courses - https://learn.microsoft.com/ai/?wt.mc_id=slidescontent_21633_webinar_reactor

Register to the Whole Series- https://developer.microsoft.com/reactor/series/S-1271?wt.mc_id=slidescontent_21633_webinar_reactor

If you signed up for this series, you probably won't want to miss this one either – https://developer.microsoft.com/reactor/series/S-1273?wt.mc_id=slidescontent_21633_webinar_reactor

Welcome to the first DevSecOps London Gathering event of 2024!

For our first event of the new year we are live at Veracode with Idan Elor from Apiiro presenting The right way to shift AppSec left: DevSecOps without the noise.

Presentation Synopsis: DevSecOps enables the identification of security issues earlier in the development lifecycle—surfaced directly to developers who can have the greatest impact. On paper, this strategy enables more proactive and efficient security feedback loops. But in reality, it’s not a silver bullet. Shifting security left can inadvertently shift the burden of noisy AppSec testing tools from AppSec teams to developers, which is annoying at best, disruptive at worst.

To minimize the negative consequence of DevSecOps, you need a context-driven, risk-based framework. By leveraging business and application context to determine the risk likelihood and impact, you can define a risk threshold to your DevSecOps workflows and right-size your shift-left security response. This session explores what a risk-based DevSecOps framework entails and how application security posture management (ASPM) can help.

Location: Veracode Office - 36 Queen St, London EC4R 1BN Agenda: 6:00PM: Doors Open 6:15PM: Intros 6:30PM: Main Talk

RSVP to join us! With thanks to our Gold Sponsors Prisma Cloud by Palo Alto, Sysdig and Apiiro for their continued support.

Join the community: Can't make it to the event? Keep up to date with our activities on LinkedIn & Twitter

IMPORTANT: You can only register for this event on Eventbrite, here: https://Nov2023LNETM.eventbrite.co.uk/

Can DevSecOps really make developers fall in love with security or is platform engineering the way of the future?

Building secure software is significantly more efficient, cheaper and lower risk than needing to remediate insecure applications after the fact. This has led to an important evolution of the DevOps movement to encompass security awareness throughout the software development lifecycle.

The November LNETM will discuss this progression from DevOps to DevSecOps, in terms of successes and also challenges along the way, including how best to bring developers on this journey (willingly!), how to integrate processes for more efficient/automated development pipelines, how to address the fragmented tool market and the role that open-source tools play relative to proprietary solutions. It will also examine the role of security in the nascent Platform Engineering movement.

We will be joined by a top-quality industry expert panel to discuss this topic, including:

• Amanvir Sangha (Senior Engineering Manager for DevSecOps at London Stock Exchange Group)
• Artem Loenko (Director of Engineering at Bumble)
• Camille Plays (Senior Software Engineer at Wise)

The discussion will be moderated by Miriam Fahim from London Stock Exchange Group. There will be two flash talks at the start of the event:

• Entitle automates how permissions are requested, granted, and managed to eliminate bottlenecks and enable robust least privilege access programs (Ron Nissim, CEO & Co-Founder).
• Semgrep is an open-source platform designed to find bugs and dependency vulnerabilities, run security scans in CI and enforce standards across an organisations (Nitin Nayar, Head of EMEA Solutions Engineering)

We’re excited that Lucy Neal and AJ Phipps will also provide a quick overview of the Women in DevOps and Pride in Tech networks:

• Women in DevOps is a global community on a mission to close the DevOps gender gap and inspire the future leaders of the tech world. Having started life as a small offline network in 2017, they've since evolved into a worldwide initiative aimed at connecting and empowering individuals in both DevOps and the broader tech industry.
• Pride in Tech is a community that exists to make the working world a kinder and safer space for queer people. They host unique networking initiatives working in collaboration with the wider tech community, businesses, and brands who are passionate about creating a more equitable working world.

We are very grateful to London Stock Exchange Group for hosting this event and to all of our annual sponsors for their support.

IMPORTANT NOTES:

1. You must register through Eventbrite in order to attend.
2. Registration will close 48 hours before the event (on the night of Monday 20th November).
3. Please bring photo ID to the event, as it may be required for entry. to the event, as it may be required for entry.

This July we're bringing you not one, but two exciting talks for your DevSecOps London Gathering!

With a main talk by Rony Moshkovich, Co-Founder & CPO at Prevasio, an AlgoSec company, and lightning talk by Nipun Gupta, COO at Bearer we have a full evening of discussion.

Lightning Talk - A New Approach to SAST for Modern Teams: Modern product teams are shipping code at lightning fast pace, and this could often make risk managers and application security teams nervous. Traditional approach to static analysis comes at a cost of doing business that leads to engineering teams ignoring or avoiding security. Learn how you can take a new approach with Bearer to get your development teams to understand security and privacy risk while identifying issues and fixing them before they reach production.

Main Talk - Developing Cloud Security Program for Containers: Building a container security program is quite complex, especially when you have to deal with containers in orchestration tools such as Kubernetes, combined with the complexity of on-premise, cloud, or hybrid with an extensive footprint. In this talk presentation, we would like to explain how to go about building a security program with containers. In this talk, we'll cover: Team and Culture • What does a security team need to think about from a skillset, team, and technology perspective? • What are some of the challenges in the container domain to consider? • What to unlearn from a traditional world that, in the container domain, you don’t need to think about? DevSecOps role in engineering • Intricacies of a container secure code practices. • Making sense in secure container base images and supply chain security. • Navigating responsibility models Infrastructure hardening • Orchestration platform best practices • Container images and image registry best practices Applications and monitoring • IAM and Network policies for achieving fast-paced operational goals. • Tracking, preventing, and responding to threats.

Location: 36 Queen Street, London EC4R 1QS Agenda: 6:00PM: Doors Open 6:15PM: Intros 6:30PM: Lightning Talk 6:45PM: Main Talk

We’ll head to a pub nearby to continue the conversation after.

RSVP to join us! With thanks to our Gold Sponsors Prisma Cloud by Palo Alto, Sysdig and Apiiro for their continued support and to our event host Veracode!

Join the community: Can't make it to the event? Keep up to date with our activities on LinkedIn & Twitter