David Cervigni

AppSec consultant, PhotoBox Group

IT Security Consultant with extensive experience in application security: design, development, secure coding, securing SDLC, audit and compliance, code review, DevSecOps, and application security vulnerabilities remediation.

Sponsored By:

Participant's team(s):

David Cervigni Daily Schedule

Monday Tuesday Wednesday Thursday Friday
DS-1
10:00 - 10:30
Time slot over-subscribed
GS AppSec Daily Scrum (Mon)
Table 1
GS Risk Daily Scrum (Mon)
Table 3
Time slot over-subscribed
GS AppSec Daily Scrum (Tue)
Table 1
GS Risk Daily Scrum (Tue)
Table 3
Time slot over-subscribed
GS AppSec Daily Scrum (Wed)
Table 1
GS Risk Daily Scrum (Wed)
Table 3
Time slot over-subscribed
GS AppSec Daily Scrum (Thu)
Table 1
GS Risk Daily Scrum (Thu)
Table 3
Time slot over-subscribed
GS AppSec Daily Scrum (Fri)
Table 1
GS Risk Daily Scrum (Fri)
Table 3
AM-1
10:30 - 12:30
Time slot over-subscribed
Using maps to define how to capture, detect and prevent 6 real-world security incidents
Larch room
Threat model cheat sheets
Kings room
Creation of Security Buttons
Pedley room
Using JIRA-NeoVis to graph Threat Models
Wardley Mapping – a practical session on how to use value chain mapping
Larch room
Using Jira to handle Incident Response - simulations
DS-2
12:30 - 13:30
Time slot over-subscribed
Creating a standard for GDPR patterns
Table 2
Implementing the OWASP responsible disclosure Maturity Model
Table 3
PM-1
13:30 - 15:00
Time slot over-subscribed
Creating a Steady-State Hypothesis
Pedley room
Hands-on JIRA Schema refactoring
Larch room
SAMM Introduction
Portland room
Time slot over-subscribed
Ask me anything (AMA) on GDPR
DevSecOps Maturity Model (DSOMM)
Maulden room
Time slot over-subscribed
Using User Story Mapping for effective communication
Larch room
Docker and Kubernetes Threat Modeling Cheat Sheet
Kings room
Time slot over-subscribed
Writing security tests to confirm vulnerabilities and fixes
Pedley room
Hands-on GDPR Patterns
Portland room
Running CTF Games with OWASP Juice Shop
314 - Owasp Projects villa
Using AI and ML for incident response
Larch room
PM-2
15:30 - 16:30
Time slot over-subscribed
Create Wardley Maps for multiple security scenarios
Larch room
Hands on Chaos Experiments
Pedley room
Time slot over-subscribed
JIRA Risk Workflow
Portland room
Squad Modelling and Cross Functional Teams
Pedley room
Owasp Testing Guide v5
314 - Owasp Projects villa
How to scale Threat Modeling.
Kings room
PBX-GS Offsite session 5
317 - Photobox villa
PM-3
16:30 - 17:30
Time slot over-subscribed
PBX-GS Offsite session 1
314 - Owasp Projects villa
Real world Chaos Engineering
Pedley room
Time slot over-subscribed
PBX-GS Offsite session 2
317 - Photobox villa
Time slot over-subscribed
Integrating Security into an Spotify Model (and using Squads for Security teams)
Maulden room
GDPR Appropriate Security Controls
Portland room
Time slot over-subscribed
PBX-GS Offsite session 4
317 - Photobox villa
Summit Wrap Up
main-hall
DS-3
18:00 - 19:00
Time slot over-subscribed
Share your playbooks and release them under Creative Commons
Table 4
Share your security polices and release them under Creative Commons
Table 2
Eve-1
19:30 - 21:00
Create a Slack bot in Python
313 - DevSecCon villa
Integrate securityheaders.com in CI pipeline
https://os-summit.slack.com/messages/CAUTMJVS5
Eve-2
21:00 - 23:00
Time slot over-subscribed
Using Threat Models for GDPR
317 - Photobox villa
Time slot over-subscribed
Using Neo4J Enterprise
Writing Checkmarx SAST rules
313 - DevSecCon villa
Using Veracode SAST Engine

Participating sessions details

Title Description type When Time Acting as
Threat model cheat sheets Threat Modeling Working Session working-session Tue AM-1 participant
PBX-GS Offsite session 1 private-session Mon PM-3 participant
PBX-GS Offsite session 2 private-session Tue PM-3 participant
Hands on Chaos Experiments user-session Mon PM-2 participant
CISO Working Sessions on topics related for CISOs and C-Level execs. track participant
Hands-on GDPR Patterns Using GDPR Patterns user-session Thu PM-1 participant
Using Threat Models for GDPR Hands on user session on how to use Threat Models in GDPR mappings user-session Tue Eve-2 participant
Threat model cheat sheets Threat Modeling Working Session working-session Tue AM-1 participant
Creating a standard for GDPR patterns Working Session on reviewing and agreeing on a set of GDPR patterns working-session Tue DS-2 participant
Cloud brokerage - authentication and authorisation Playbooks are workflows and prescriptive instructions on how to handle specific Security activities or incidents dynamic-session participant
DevSecOps Maturity Model (DSOMM) DevSecOps Maturity Model (DSOMM) working-session Tue PM-1,PM-2,PM-3 participant
JIRA Risk Workflow This Working Session should result in an improved JIRA Risk Workflow working-session Thu PM-2 participant
Real world Chaos Engineering An exploration and working session to characterise, explore and implement real-world DevSecOps chaos experiments. working-session Mon PM-3 participant
Security Champions team participant
Running CTF Games with OWASP Juice Shop Running / hosting CTF games with OWASP JuiceShop user-session Thu PM-1 participant
Owasp Testing Guide v5 Working Sessions for Owasp Testing Guide v5 working-session Thu PM-2,PM-3 participant
Creation of Security Buttons Agile Practices for Security Teams working-session Tue AM-1 participant
SAMM Introduction Introduction session on SAMM for people who want to know more about the project user-session Mon PM-1 participant
Create Java Security Quiz
Docker and Kubernetes Threat Modeling Cheat Sheet Docker and Kubernetes Threat Modeling Cheat Sheet working-session Wed PM-1 participant
How to scale Threat Modeling. How to scale Threat Modeling working-session Thu PM-2 participant
Security Champions team participant

Register as organizer

To register as an organizer of an session or track:

  • add your name to the organizers metadata field (in this case David Cervigni)


Back to list of all Participants