Room 4 

13:40 - 14:40 


Talk (60 min)

Lightning Talks

Lightning talks (approx 10 minutes each)

Talk 1: Discover your inner security engineer with this one weird trick (hackers hate it!) - Josh Grossman
When it comes to security, we are all trying to figure out how to do more, in less time and less budget.

How would you like to have:
• A simple outline to get you started in software security.
• Comprehensive requirements to use as a security baseline.
• Detailed guides on how to write secure code in various languages and situations.
• Sample vulnerable applications you can use to challenge your security knowledge.
• A community of security experts who are usually happy to answer questions and help out.

…and all for the low, low price of FREE!

Talk 2: Trapping a Scammer - Stephen Rees-Carter
One day I received an email asking me if I would like to purchase the “.com” variant of a domain name I owned the “.net” variant of. I knew it was a scam, but decided to play along…
One week and a couple of emails later, and the scammer transferred the domain to me, completely free and unpromoted, saying: “I did not know it is a trap.”
Let me you what happened…

Talk 3: External Identities is the new Guest! - Jan Vidar Elven
Or is it something completly different? Organizations are well known with the B2B and Guest concept, but now more than ever you need to know the difference (or similarities) between internal & external members, guests, and what options there are for collaboration between multiple tenants. The answer is Microsoft Entra External ID, but what is really the question??

Talk 4: Ambitious S-SDLC at Norway’s biggest home construction company - Hans Ove Ringstad
Yes, even a home construction company can have an ambitious S-SDLC, so you should too!

Construction companies might not be known for their IT security prowess, but OBOS, Norway’s biggest home constructions group, has a lot of custom-made applications used by several hundred thousand users. This is why the IT security team at OBOS put forward an ambitious S-SDLC that the in-house teams have to follow.

This short talk explains the content of the S-SDLC, and how it is working out for us.

Talk 5: Code as Logistics: Lexical Lessons from Supply Chain - Munish Walther-Puri
Open source software code runs on virtually every computer and sustains critical infrastructure. How can we develop trust for it? Where did it come from? Do we understand all its dependencies? Code developed outside enterprise boundaries is subject to opaque security criteria, and there are dangerous discontinuities between the emergence of risk in the software supply chain, the customer’s awareness of those vulnerabilities and supplier provision of remediated updates. To get a handle on the complexity and opportunity, this talk will introduce the origins of "code as logistics" and an actionable framework for mitigating software supply chain risks.

Josh Grossman

Josh has worked as a consultant in IT/Application Security and Risk for 15 years now as well as a Software Developer. In that time he has seen the good, the bad and the stuff which is sadly/luckily still covered by an NDA. He is currently Chief Technology Officer for Bounce Security where he spends his time helping organisations improve and get better value from their Application Security processes and providing specialist Application Security advice. In his spare time he co-leads the OWASP Application Security Verification Standard project and is on the OWASP Israel chapter board.

Stephen Rees-Carter

Stephen is a security consultant and crusted-on PHP developer who spends his days doing Laravel Security Audits and Penetration Tests. When he’s not trying to hack his client’s websites, he teaches Laravel developers about security concepts through his Laravel Security in Depth mailing list. Stephen’s idea of fun is spending a year cleaning infected WordPress sites and picking locks.

Jan Vidar Elven

Jan Vidar Elven is a Cloud Platform & Security Architect working at Microsoft Partner Evidi Solutions AS in Norway. He is a Microsoft MVP in Security, an active speaker and blogger, and has more than 25 years’ experience inside IT infrastructure management and architecting solutions, working with Cloud & Datacenter, specializing in Azure, Enterprise Mobility, Identity Management, Service Management, Operations Management and Automation cross On-Premise and Azure environments.

Hans Ove Ringstad

IT Security Advisor at OBOS. Advising all the companies and departments in the OBOS construction group on IT security. Background as a programmer.

Munish Walther-Puri

Munish Walther-Puri (he/him) is the VP of Cyber Risk at Exiger, where he focuses on supply chain and cyber risk. He is the former Director of Cyber Risk for New York City Cyber Command. He also teaches on cyber resiliency and cybersecurity at NYU Center for Global Affairs and Columbia SIPA.

Prior to working for the City of New York, he worked at a dark web monitoring company, advised startups, and consulted on technology, geopolitical risk, and intelligence analysis. Munish is a CFR member, Cyversity board member, and Fletcher Political Risk Group advisor. He is an ally for the #ShareTheMicInCyber campaign and an Eagle Scout. He has served as an advisor to multiple startups, on multiple DEI committees, and as a Yale Cyber Fellow.