The OWASP Summit exceeded all expectations

 | Conferences, SecDevOps

I attended my first OWASP Summit last week and it has spoiled most other conferences for me. The summit is not a traditional conference where an “expert” is selected by the CFP panel and has 40 minutes to expound The Truth from a podium, while everyone else takes notes. I’d call this a “top down” style of conference, and most in the security and appsec space follow this format.

What made the OWASP Summit unique was that it was a “bottom up” conference. A large number of topics were selected months ago, thrown up onto a github page where anyone interested could sign up as an organiser or participant (no speakers). Participants could then suggest an outcome for the session, push some initial content and get the conversation going. If no-one registered for a given topic, then it was removed. Initially, I thought this system was chaotic and would result in 20 strangers sitting in a room waiting for someone to lead. The exact opposite happened.

Everyone participating in a session had a real interest in being there and contributing or listening and the participants spanned the range from security consultants, to architects to CISOs. The result was engaging and informative discussion about key appsec topics where we could all challenge established ideas and dig deeper into the How and the Why of many practices.

Another key to the success was the calibre of the participants. I bumped into participants from Oracle, Microsoft, AXA, Adobe and Capital One. Participants who are actually implementing the practices contributed to the quality of the discussions during each session.

The premise was that each session should result in an outcome, something that can be published or used as a starting point for more material. While I don’t think many of the sessions achieved that goal, the real value was in the mental work and discussions during the sessions. In short, I’ll be attending every summit from now on and would love to see it becoming an annual event.

Many thanks to Sebastien Deleersnyder, Francois Raynaud and Dinis Cruz for organising the event as well as the many individual session organisers who made this event such a success. See you next year!

Did you like this article?

  • Meet us at OWASP AppSec USA in Orlando
    Meet us at OWASP AppSec USA in OrlandoContinuum Security is proudly sponsoring the OWASP AppSec USA event in Orlando this week.  This year’s AppSec event has already kicked off with some great Threat Modeling and DevOps security training courses and we’ll be at booth S2 to demo and answer questions on IriusRisk and BDD-Security. Have you experienced the Software Security Risk dilemma?: […]READ MORE
  • Continuum Security at  DevSecCon London – 2017
    Continuum Security at DevSecCon London – 2017  We’ve presented and sponsored every DevSecCon London event since inception because of it’s focus on cutting edge defensive conferences around.  Highlights from the 2016 event included Marcus Pinto’s talk on off the shelf automation to find security bugs, Simon Bennett explaining how to automate security scans with OWASP ZAP and  a really cool and entertaining talk on an […]READ MORE
  • Bringing Inspiring Girls to Aragón
    Bringing Inspiring Girls to AragónContinuum Security had the pleasure and honour of bringing the Inspiring Girls movement to Aragón.  The launch was held at the Walqa Technologic Park at the Espacio 0.42 venue, a magnificent planetarium and an apt backdrop for girls who want to reach for the stars! We had inspiring women from the government, public and private sectors […]READ MORE