Phish your colleagues, friends and family

We can all spot the Nigerian scam emails, the PostNord “Click to download your packet” etc. but just how hard is it to make a phishing campaign that is nearly impossible to detect!? Well, it is easy and in 35 minutes, I will show you just how easy it is… Come and watch!

Papercuts of security abstractions and absolutes are killing us!

We make small and large security decisions each day, and as security professionals, we try to make others able to make sound security decisions. We really do care about people, which makes it even more frustrating that they do not care about it themselves. They do not listen, and they do not learn! They must be stupid – Right?

Maybe, it is time to look at our approach and try something different. Let us look at some of the things that we can do better to make it easier for others and for making it easier for others to help and protect themselves.
In this presentation, we will cover some of the abstractions and absolutes we are using, making it even harder for others and we will talk about what we could do differently.

Next, next, done, and you are secure, right? – Wrong!

Your application may be extremely secure but if the operating system or 3rd party applications are not, the attacker will never notice or care and if you have ever installed anything, you know that the easiest approach is to simply click “Next”, “Next” and “Done” and take a coffee break. But you know how secure (or rather insecure) this is and what could be done to secure it!
Watch how to create a secure golden image in a CD/CI pipeline – You will never do anything else!

Level Up Your Security Game: Harnessing the Power of OWASP Projects

Your security challenges might seem unique, but many of them have already been solved by a vibrant, open-source security community. At the heart of this community is OWASP—the Open Web Application Security Project. From securing your code to testing your applications, OWASP offers a rich ecosystem of free resources, tools, and projects designed to tackle real-world security issues.

In this session, we’ll explore how OWASP can help you build more secure applications, with fewer headaches. You’ll get an overview of key OWASP projects, how they fit together, and where they might not fit perfectly into your security landscape. Expect minimal slides, maximum demos, and (hopefully) a few successful interactions with the demo gods. Whether you're a developer, DevOps engineer, or security enthusiast, this talk will give you actionable insights to enhance your application security practices.

Introduction to OWASP and the ecosystem of OWASP projects

If you have not heard about OWASP (Open Worldwide Application Security Project) or seen how the ecosystem of the different OWASP projects fit (and does not fit), come, and I will be happy to show it.

There will be a few slides but lots of demos so bring a sacrifice to the demo gods!

Integrating Security into CI/CD with Open Source Tools

Security is often seen as a bottleneck in the CI/CD pipeline, but it doesn’t have to be. With the right set of open-source tools, you can seamlessly integrate security into your pipeline without slowing down your deployments.

In this session, we’ll extend an existing CI/CD pipeline with open-source security tools. You’ll walk away with practical, hands-on knowledge of how to build security into your workflow using free, community-driven tools. Whether you're starting your security journey or looking for new ways to automate security checks, this talk will give you actionable steps to level up your pipeline and improve your security posture.

It is not a matter of if, but when your software will be attacked! — Are you ready?

Cybercriminals and nation-state actors are constantly scanning, probing, and adaptively searching for your bugs, flawed assumptions, or even your shortcuts taken during development to exploit your software. It is no longer a question of if an attack will happen, but when. Yet, most developers are neither trained nor equipped to face this reality.

In this session, we will examine how real-world adversaries target not just individual systems, but the very infrastructure our society depends on. We will break down specific attack strategies used in major incidents, like WannaCry and NotPetya, and show how better design choices, secure coding practices, and defense-in-depth strategies could have reduced their impact or even entirely thwarted the attacks!

You will get a behind-the-scenes look at some of the tools and techniques used in modern cyberattacks. But more importantly, you will leave with practical, developer-friendly ways to improve the security posture of your software —starting today.

Are you prepared for what is coming?

45 minutes, targetted toward developers and people inside software development

Stop doing software security wrong - do it right!

”Security is hard, expensive, and someone else’s job!”

”We’ll just build the product first and call in an auditor later!”

”Security? That’s handled by a different team!”

Sound familiar? If this is your mindset, you’re not just doing security wrong — you’re setting yourself up to fail. Then the biggest threat will not be the hackers or nation-states. It will be you, your shortcuts, and the mistakes you keep repeating.

You may not be trained in security — and yes, business pressures are real. But building secure software is no longer optional. The good news? You do not have to do it alone. Luckily for you, the security community is big and open and there is a lot of support and tools freely available

In this session, I will show you how to build a ”paved road” for security — a clear, repeatable path that lets you move fast because you will know when to brake and a road that is easy to travel. You will see how to integrate security into your build pipeline using free, open-source tools that help automate, enforce, and simplify security from day one.

Expect a demo-driven session packed with real tools and workflows. We will break down different types of security tooling (SCA, SAST, DAST — don’t worry, I will explain it all), show how they complement each other, and explore how they apply not just to your code, but to cloud infrastructure and Infrastructure as Code as well.

You will walk away with:

A practical understanding of modern security tools

A roadmap for getting started with security automation

The confidence to make security part of your everyday workflow

You do not need to be a security expert — just ready to stop doing it wrong.

Targetted developers and people within software development