Sydney AppSec & DevSecOps Summit 2024

Audience

The 138 strong audience included:

• Heads from Commonwealth Bank, Wisetech ServiceNSW, Infrabuild and more
• Senior managers of cyber security from Optus, AIA, Westpac and more
• Senior managers of engineering from ING, Macquarie Group, Telstra and more

‍

The Agenda

‍

The event began with an opening keynote by Cole Cornford, Founder and CEO of Galah Cyber, titled "10 Lessons from 10 Years in AppSec." He shared pivotal insights from a decade in application security, emphasising the evolution toward proactive security measures and integrated DevSecOps methodologies. Following this, Glen Whitaker of Telstra discussed "Platform Engineering & DevSecOps," highlighting how platform engineering enhances DevSecOps by focusing on outcome-driven delivery and fostering continuous innovation.

‍

Pas Apicella from Snyk presented "Policy at the Core: Infusing DevOps with Security," stressing the importance of treating security and compliance policies as code to ensure consistent application across the development lifecycle. A panel featuring Edwin Kwan, Kasvi Luthra, and Sara Gray examined "Securing the Software Supply Chain," addressing strategies to mitigate risks associated with third-party and open-source components.

‍

After lunch, a panel with Jaap Singh, Pedram Hayati, and Abhijeth Dugginapeddi focused on "Developer Training and Engagement," exploring methods to cultivate secure coding practices and foster a culture of security within development teams. Alistair de B Clarkson from ServiceNSW delivered a keynote on the "Threat Modelling Process," underscoring its critical role in proactive cybersecurity architecture.

‍

Another panel, including Chris Langton, Timothy Stokes, and Gerald Bachlmayr, delved into "Cloud and Container Security in AppSec and DevSecOps," discussing challenges and best practices for securing modern application environments. 

‍

The event concluded with keynotes by Nina Juliadotter of Westpac on "Communicating AppSec Risk to Internal Stakeholders," offering strategies for effective engagement, and by Shubham Shah and Michael Gianarakis of Assetnote on "The Real Shadow IT Problem," highlighting risks of vendor software and strategies for mitigation.

‍

Speakers Included:

‍

• Cole Cornford, Founder & CEO - Galah Cyber
• Glen Whitaker, E2E Platform Automation Group Owner (GM) - Telstra
• Pas Apicella - Principal Solutions Engineer - Snyk 
• Edwin Kwan - AppSec Executive & Advisor
• Kasvi Luthra - Product Security Engineer - SafetyCulture
• Sara Gray - Cloud Security Enablement Principal - Telstra
• Jaap Singh - Director of Customer Strategy & Co-Founder - Secure Code Warrior
• Pedram Hayati  - Founder & CEO - SecDim
• Abhijeth Dugginapeddi - Head of AppSec - BigCommerce
• Alistair de B Clarkson - Head of DevSecOps - ServiceNSW
• Chris "Stof" Langton, Founder / Application Security Specialist - Trivial Security
• Timothy Stokes, Chief Architect Modernisation & DevSecOps Chapter Lead - Boeing
• Gerald Bachlmayr, Principal Cloud Architect - Cuscal
• Nina Juliadotter, Application Security Lead Specialist - Westpac
• Shubham Shah, Co-Founder & CTO, Assetnote
• Michael Gianarakis, CEO, Assetnote

‍

Sponsors Included:

Snyk

Galah Cyber

Secure Code Warrior

Imperva

Synopys

Orca Security

Sonatype

Software Hub

‍

Summary

‍

This conference was particularly significant for the contemporary and future Australian business and government landscape because it addressed the critical need to bolster cybersecurity amid increasing digital transformation. As organisations across Australia accelerate their adoption of new technologies, the security of software applications has become paramount. The insights shared and collaborations formed at Sydney AppSec & DevSecOps Summit are expected to influence best practices, drive policy development, and encourage a security-first mindset in both the private and public sectors, ultimately enhancing Australia's overall cybersecurity posture.

‍