”Security is hard, expensive, and someone else’s job!”

”We’ll just build the product first and call in an auditor later!”

”Security? That’s handled by a different team!”

Sound familiar? If this is your mindset, you’re not just doing security wrong — you’re setting yourself up to fail. Then the biggest threat will not be the hackers or nation-states. It will be you, your shortcuts, and the mistakes you keep repeating.

You may not be trained in security — and yes, business pressures are real. But building secure software is no longer optional. The good news? You do not have to do it alone. Luckily for you, the security community is big and open and there is a lot of support and tools freely available

In this session, I will show you how to build a ”paved road” for security — a clear, repeatable path that lets you move fast because you will know when to brake and a road that is easy to travel. You will see how to integrate security into your build pipeline using free, open-source tools that help automate, enforce, and simplify security from day one.

Expect a demo-driven session packed with real tools and workflows. We will break down different types of security tooling (SCA, SAST, DAST — don’t worry, I will explain it all), show how they complement each other, and explore how they apply not just to your code, but to cloud infrastructure and Infrastructure as Code as well.

You will walk away with:

A practical understanding of modern security tools

A roadmap for getting started with security automation

The confidence to make security part of your everyday workflow

You do not need to be a security expert — just ready to stop doing it wrong.

Targetted developers and people within software development