Jump to navigation Jump to content

Speaker

Jeroen Willemsen

Jeroen Willemsen

PSA & projectleader OWASP WrongSecrets

Actions

Jeroen Willemsen is a Principal Security Architect and one of the project leader of OWASP WrongSecrets. As a more or less a jack of all trades with interest in mobile security, infrastructure security, risk management and application security he loves to explain security topics to anyone who wants to improve the security of their IT stack.

Links

Sessions

Securing your CI/CD Pipeline

You probably heard of security automation as it’s a hot topic at the moment. Adding security checks in your CI/CD pipeline is great! But how to deal with the delays caused by this tooling? What about the developers that hate it when the pipeline is red due to false positives? And how do you secure the pipeline itself? These are all questions that need to be addressed to make sure that the automation becomes sustainable.

Learn how to (not) use secrets with OWASP WrongSecrets!

If you want to bring an app to production, you need to know where to put your secrets and how to access them safely. In this session, we'll go into how to *not* use secrets with a purposefully vulnerable application. We hope you'll take this knowledge and not make the same mistakes in your own app. Of course, you'll also learn a thing or two on how to do secrets management properly!

Our secrets management journey from Code to Vault

Have you spotted access keys in code? Have you found your K8s secrets to be readable by everyone? Ofcourse, we tried many, sometimes funny, things to get our secrets secured. And luckily we ended up with a combination of safe methods, with Vault at its core. Want to know more? Join us, as we will go through various examples and their challenges!

Why manual verification still matters

Security automation! Automate Everything! That is the sound we always hear. That's what we voice every time on stage. But how far should we apply this? Should we automate every security check? And if you do this, will you then actually be secure?

Join us in this session, as we want to revisit the often recommended security automation steps for any dev-sec-ops driven organization and discuss our experience with them. Based on that you can see whether you want to run them never, once or always. Next to that, we discuss some cases that we only found through manual verification. We will end with a set of recommendations in terms of what manual actions you will need to move forward on your security journey!

Teach a man how to fish

So you were asked by a few devops teams to make them more secure. So you pick up their assets, review them and help them forward. But after that, when you leave them behind, more vulnerabilities get introduced. The question is: did your hacks bring long term value? Did you help them to get sustainable? Probably not. So how can you help them on the long term? How can you teach them how to fish instead of feed them?

Join us for a journey in how you can help teams to become sustainable in security when devops and agile are applied. We will start our journey with an assessment, then go through training the SRE, Devops and security teams, after we coach people to make better decisions. In the mean time we can do some sightseeing in automation, agile risk management and some darker pitfalls we fell for more than once.

Jeroen Willemsen

PSA & projectleader OWASP WrongSecrets

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top