David Cervigni

AppSec consultant, PhotoBox Group

IT Security Consultant with extensive experience in application security: design, development, secure coding, securing SDLC, audit and compliance, code review, DevSecOps, and application security vulnerabilities remediation.

Sponsored By:

Participant's team(s):

David Cervigni Daily Schedule

MondayTuesdayWednesdayThursdayFriday
DS-1
10:00 - 10:30
Time slot over-subscribed
GS AppSec Daily Scrum (Mon)
GS AppSec Daily Scrum (Mon)
    Table 1
    GS Risk Daily Scrum (Mon)
    GS Risk Daily Scrum (Mon)
      Table 3
      Time slot over-subscribed
      GS AppSec Daily Scrum (Tue)
      GS AppSec Daily Scrum (Tue)
        Table 1
        GS Risk Daily Scrum (Tue)
        GS Risk Daily Scrum (Tue)
          Table 3
          Time slot over-subscribed
          GS AppSec Daily Scrum (Wed)
          GS AppSec Daily Scrum (Wed)
            Table 1
            GS Risk Daily Scrum (Wed)
            GS Risk Daily Scrum (Wed)
              Table 3
              Time slot over-subscribed
              GS AppSec Daily Scrum (Thu)
              GS AppSec Daily Scrum (Thu)
                Table 1
                GS Risk Daily Scrum (Thu)
                GS Risk Daily Scrum (Thu)
                  Table 3
                  Time slot over-subscribed
                  GS AppSec Daily Scrum (Fri)
                  GS AppSec Daily Scrum (Fri)
                    Table 1
                    GS Risk Daily Scrum (Fri)
                    GS Risk Daily Scrum (Fri)
                      Table 3
                      AM-1
                      10:30 - 12:30
                      Time slot over-subscribed
                      Using maps to define how to capture, detect and prevent 6 real-world security incidents
                      Using maps to define how to capture, detect and prevent 6 real-world security incidents
                      Larch room
                      Threat model cheat sheets
                      Threat model cheat sheets
                      Kings room
                      Creation of Security Buttons
                      Creation of Security Buttons
                      Pedley room
                      Using JIRA-NeoVis to graph Threat Models
                      Using JIRA-NeoVis to graph Threat Models
                      Wardley Mapping – a practical session on how to use value chain mapping
                      Wardley Mapping – a practical session on how to use value chain mapping
                      Larch room
                      Using Jira to handle Incident Response - simulations
                      Using Jira to handle Incident Response - simulations
                      DS-2
                      12:30 - 13:30
                      Time slot over-subscribed
                      Creating a standard for GDPR patterns
                      Creating a standard for GDPR patterns
                      Table 2
                      Implementing the OWASP responsible disclosure Maturity Model
                      Implementing the OWASP responsible disclosure Maturity Model
                      Table 3
                      PM-1
                      13:30 - 15:00
                      Time slot over-subscribed
                      Creating a Steady-State Hypothesis
                      Creating a Steady-State Hypothesis
                      Pedley room
                      Hands-on JIRA Schema refactoring
                      Hands-on JIRA Schema refactoring
                      Larch room
                      SAMM Introduction
                      SAMM Introduction
                      Portland room
                      Time slot over-subscribed
                      Ask me anything (AMA) on GDPR
                      Ask me anything (AMA) on GDPR
                      DevSecOps Maturity Model (DSOMM)
                      DevSecOps Maturity Model (DSOMM)
                      Maulden room
                      Time slot over-subscribed
                      Using User Story Mapping for effective communication
                      Using User Story Mapping for effective communication
                      Larch room
                      Docker and Kubernetes Threat Modeling Cheat Sheet
                      Docker and Kubernetes Threat Modeling Cheat Sheet
                      Kings room
                      Time slot over-subscribed
                      Writing security tests to confirm vulnerabilities and fixes
                      Writing security tests to confirm vulnerabilities and fixes
                      Pedley room
                      Hands-on GDPR Patterns
                      Hands-on GDPR Patterns
                      Portland room
                      Running CTF Games with OWASP Juice Shop
                      Running CTF Games with OWASP Juice Shop
                      314 - Owasp Projects villa
                      Using AI and ML for incident response
                      Using AI and ML for incident response
                      Larch room
                      PM-2
                      15:30 - 16:30
                      Time slot over-subscribed
                      Create Wardley Maps for multiple security scenarios
                      Create Wardley Maps for multiple security scenarios
                      Larch room
                      Hands on Chaos Experiments
                      Hands on Chaos Experiments
                      Pedley room
                      Time slot over-subscribed
                      JIRA Risk Workflow
                      JIRA Risk Workflow
                      Portland room
                      Squad Modelling and Cross Functional Teams
                      Squad Modelling and Cross Functional Teams
                      Pedley room
                      Owasp Testing Guide v5
                      Owasp Testing Guide v5
                      314 - Owasp Projects villa
                      How to scale Threat Modeling.
                      How to scale Threat Modeling.
                      Kings room
                      PBX-GS Offsite session 5
                      PBX-GS Offsite session 5
                      317 - Photobox villa
                      PM-3
                      16:30 - 17:30
                      Time slot over-subscribed
                      PBX-GS Offsite session 1
                      PBX-GS Offsite session 1
                      314 - Owasp Projects villa
                      Real world Chaos Engineering
                      Real world Chaos Engineering
                      Pedley room
                      Time slot over-subscribed
                      PBX-GS Offsite session 2
                      PBX-GS Offsite session 2
                      317 - Photobox villa
                      Time slot over-subscribed
                      Integrating Security into an Spotify Model (and using Squads for Security teams)
                      Integrating Security into an Spotify Model (and using Squads for Security teams)
                      Maulden room
                      GDPR Appropriate Security Controls
                      GDPR Appropriate Security Controls
                      Portland room
                      Time slot over-subscribed
                      PBX-GS Offsite session 4
                      PBX-GS Offsite session 4
                      317 - Photobox villa
                      Summit Wrap Up
                      Summit Wrap Up
                        main-hall
                        DS-3
                        18:00 - 19:00
                        Time slot over-subscribed
                        Share your playbooks and release them under Creative Commons
                        Share your playbooks and release them under Creative Commons
                        Table 4
                        Share your security polices and release them under Creative Commons
                        Share your security polices and release them under Creative Commons
                        Table 2
                        Eve-1
                        19:30 - 21:00
                        Create a Slack bot in Python
                        Create a Slack bot in Python
                        313 - DevSecCon villa
                        Integrate securityheaders.com in CI pipeline
                        Integrate securityheaders.com in CI pipeline
                        https://os-summit.slack.com/messages/CAUTMJVS5
                        Eve-2
                        21:00 - 23:00
                        Time slot over-subscribed
                        Using Threat Models for GDPR
                        Using Threat Models for GDPR
                        317 - Photobox villa
                        Time slot over-subscribed
                        Using Neo4J Enterprise
                        Using Neo4J Enterprise
                        Writing Checkmarx SAST rules
                        Writing Checkmarx SAST rules
                        313 - DevSecCon villa
                        Using Veracode SAST Engine
                        Using Veracode SAST Engine

                        Participating sessions details

                        TitleDescriptiontypeWhenTimeActing as
                        Threat model cheat sheetsThreat Modeling Working Sessionworking-sessionTueAM-1participant
                        PBX-GS Offsite session 1private-sessionMonPM-3participant
                        PBX-GS Offsite session 2private-sessionTuePM-3participant
                        Hands on Chaos Experimentsuser-sessionMonPM-2participant
                        CISOparticipant
                        Hands-on GDPR PatternsUsing GDPR Patternsuser-sessionThuPM-1participant
                        Using Threat Models for GDPRHands on user session on how to use Threat Models in GDPR mappingsuser-sessionTueEve-2participant
                        Threat model cheat sheetsThreat Modeling Working Sessionworking-sessionTueAM-1participant
                        Creating a standard for GDPR patternsWorking Session on reviewing and agreeing on a set of GDPR patternsworking-sessionTueDS-2participant
                        Cloud brokerage - authentication and authorisationPlaybooks are workflows and prescriptive instructions on how to handle specific Security activities or incidentsdynamic-sessionparticipant
                        DevSecOps Maturity Model (DSOMM)DevSecOps Maturity Model (DSOMM)working-sessionTuePM-1,PM-2,PM-3participant
                        JIRA Risk WorkflowThis Working Session should result in an improved JIRA Risk Workflowworking-sessionThuPM-2participant
                        Real world Chaos EngineeringAn exploration and working session to characterise, explore and implement real-world DevSecOps chaos experiments.working-sessionMonPM-3participant
                        Security Championsparticipant
                        Running CTF Games with OWASP Juice ShopRunning / hosting CTF games with OWASP JuiceShopuser-sessionThuPM-1participant
                        Owasp Testing Guide v5Working Sessions for Owasp Testing Guide v5working-sessionThuPM-2,PM-3participant
                        Creation of Security ButtonsAgile Practices for Security Teamsworking-sessionTueAM-1participant
                        SAMM IntroductionIntroduction session on SAMM for people who want to know more about the projectuser-sessionMonPM-1participant
                        Create Java Security Quiz
                        Docker and Kubernetes Threat Modeling Cheat SheetDocker and Kubernetes Threat Modeling Cheat Sheetworking-sessionWedPM-1participant
                        How to scale Threat Modeling.How to scale Threat Modelingworking-sessionThuPM-2participant
                        Security Championsparticipant

                        Register as organizer

                        To register as an organizer of an session or track:

                        • add your name to the organizers metadata field (in this case David Cervigni)

                        Back to list of all Participants