Norsk Informasjonssikkerhetsforum (ISF) har gleden av å invitere til årets vårmøtet i Oslo. Tema for medlemsmøtet er AppSec og sikker utvikling.
Deltakere av ISF deltar kostnadsfritt på medlemsmøtet. Over to deltakere per medlemsorganisasjon som skal delta på middagen blir fakturert kostpris på 1000kr.
For spørsmål om arrangementet, vennligst kontakt sekretariatet på service@isf.no.
Program
15:30 – 16:00 Registrering
16:00 – 16:15 Velkommen
16:15 – 17:00 From Gatekeepers to Guides: Empowering autonomous teams with Security Champions, Jonas Bo Grimsgaard
17:00 – 17:15 Pause
17:15 – 18:00 Testing race conditions has never been faster, Sofia Lindqvist, security specialist, Binary Security
18:00 – 18:15 Pause
18:15 – 19:00 5 years of DevSecOops! at FINN.no, Emil Vaagland, IT Security Manager, Finn.no
19:00 – Middag og nettverksbygning
Foredrag
From Gatekeepers to Guides: Empowering autonomous teams with Security Champions
Jonas Bo Grimsgaard
Four years ago, Norsk helsenett (NHN) decided to embark on a bold journey, transforming how we approach cybersecurity within our organization. Recognizing that the traditional security model, which positions security teams as "gatekeepers" – was no longer effective, we initiated a fundamental shift. Our mission was to move beyond the gatekeeper mentality and towards a collaborative, integrated approach with the launch of our Security Champions program.
Join us for an insightful talk that chronicles NHN's transition and the profound impact it has had on our company's security culture. We will share the details of our experience in building a community-driven security initiative that has empowered and educated our developers to prioritize secure coding practices and has dismantled the barriers once standing between various security-related roles.
Testing race conditions has never been faster
Sofia Lindqvist, security specialist, Binary Security
Sofia works as a security specialist at Binary Security. She started her career with a PhD in pure maths, followed by three years at Cisco developing one of their networking OSs. She eventually made her way into security testing, which she has been doing for a year and a half.
Historically, testing for race condition vulnerabilities in web apps has been a painful ordeal, likely making race conditions an under-explored attack vector. In the summer of 2023, groundbreaking research by James Kettle completely changed the game, suddenly making it much easier for pentesters (and attackers) to test for this type of vulnerability. In this talk I will show how race conditions work, how to test for them and how to protect against them, based off an example vulnerability I found during a recent pentest.
5 years of DevSecOops! at FINN.no
Emil Vaagland, IT Security Manager, Finn.no
For the last five years we have tried loads of appsec activities in the DevOps lifecycle with various degrees of success. In this talk we will go through the lessons learned trying to scale these activities across an ever-changing organisation.
Emil Vaagland is the IT Security Manager in FINN.no/Schibsted Marketplaces where he is trying to scale effective appsec across hundreds of developers and teams. Previously he has experience from being a part of both engineering teams developing products to doing hands-on security engineering work to scale appsec. (edited)
*Ingen av foredragene som holdes under vårmøtet vil streames