The OWASP Summit exceeded all expectations
I attended my first OWASP Summit last week and it has spoiled most other conferences for me. The summit is not a traditional conference where an “expert” is selected by the CFP panel and has 40 minutes to expound The Truth from a podium, while everyone else takes notes. I’d call this a “top down” style of conference, and most in the security and appsec space follow this format.
What made the OWASP Summit unique was that it was a “bottom up” conference. A large number of topics were selected months ago, thrown up onto a github page where anyone interested could sign up as an organiser or participant (no speakers). Participants could then suggest an outcome for the session, push some initial content and get the conversation going. If no-one registered for a given topic, then it was removed. Initially, I thought this system was chaotic and would result in 20 strangers sitting in a room waiting for someone to lead. The exact opposite happened.
Everyone participating in a session had a real interest in being there and contributing or listening and the participants spanned the range from security consultants, to architects to CISOs. The result was engaging and informative discussion about key appsec topics where we could all challenge established ideas and dig deeper into the How and the Why of many practices.
Another key to the success was the calibre of the participants. I bumped into participants from Oracle, Microsoft, AXA, Adobe and Capital One. Participants who are actually implementing the practices contributed to the quality of the discussions during each session.
The premise was that each session should result in an outcome, something that can be published or used as a starting point for more material. While I don’t think many of the sessions achieved that goal, the real value was in the mental work and discussions during the sessions. In short, I’ll be attending every summit from now on and would love to see it becoming an annual event.
Many thanks to Sebastien Deleersnyder, Francois Raynaud and Dinis Cruz for organising the event as well as the many individual session organisers who made this event such a success. See you next year!
Did you like this article?
- Continuum Security raises 1,5M€ investment from Swanlaab, JME & Sonae IM30 November 2017PRESS RELEASE Madrid, November the 29th, 2017.- Continuum Security, a cybersecurity company in the Application Security sector and creator of an industry leading Threat Modeling platform has raised an investment round of 1,5M€ that will allow them to realise their international growth plans. The round was lead by Swanlaab Venture Factory, a joint Spanish-Israeli fund […]READ MORE
- Looking for a career in Threat Modeling? Talk to us!9 October 2017We’re looking for an experienced Security Architect or Threat Modeler who understands how to design and build secure systems and is technically orientated. The objectives of the role are to: Research, create and update threat models for key architectures, e.g. web, mobile and for specific technologies like React.js and AWS. Provide pre-sales support by creating […]READ MORE
- We’re hiring Security Architects/Threat Modelers29 September 2017We’re looking for an experienced Security Architect or Threat Modeler who understands how to design and build secure software and is technically minded. The objectives of the role are to: Research, create and update threat models for key architectures, e.g. web, mobile and for specific technologies like React.js and AWS. Provide pre-sales support by creating […]READ MORE