Audience: Business/Security Executive
Session Format: Presentation

This track empowers leaders to drive a culture of building securely from the top down. Learn from AWS and customers on the non-technical aspects of leading a secure organisation of builders to help build skills you can take back to your organisation.

2:00pm - 2:40pm
The importance of Secure by Design
Now more than ever, it is crucial for technology manufacturers and government customers to make Secure by Design a focal point of product design, development processes, purchasing and integration activities. To accomplish Secure by Design manufacturers need to prioritise the integration of security principles as a critical prerequisite to consider, alongside features and speed to market. Equally, government customers should be aware of what to look for in products to ensure they are built using secure-by-design principles. This presentation will provide guidance of how Secure by Design can be implemented in products and development lifecycles, particularly for those using AWS products.

Speakers:
Jayden Cooke, Technical Director, ACSC Secure Design and Architecture
John Hildebrandt, Principal Solutions Architec, AWS

2:45pm - 3:25pm
Building better using risk and regulation
Customers in all industries face growing cyber-threats and increasing regulatory scrutiny. This talk distills risk and regulatory insights from working with financial services (FS) customers and applies them to help ISVs develop their offerings. A key insight is that FS regulators are OPEN to critical systems running on AWS. This talk applies whether you are directly regulated, sell to regulated customers, or are not regulated at all.

Speaker: Julian Busic, Senior Security Architect, AWS

3:30pm - 3:45pm
Journeying from compliance to risk management in the cloud
Applications deployed in the cloud need to be highly available, reliable, and high-performing to keep business moving forward and competitive. However, with faster development pipelines and release speeds, coupled with ever increasing compliance demands - come new impacts on business risk. In this lightning talk, hear from Trend Micro as we discuss the journey of enterprise security that helps manage compliance while identifying threats and managing the risk profile. We'll talk about key challenges around consolidating multiple risk management sources and streamlining toolsets and processes.
Partner: Anthony Edwards, Principal Security Engineer, Trend Micro

3:45pm - 4:20pm
Afternoon tea

4:20pm - 5:00pm
How AWS built the Security Guardians program, a mechanism to distribute security ownership

Security teams play a critical role in ensuring that new services, products, and features are built and shipped securely to customers. However, since security teams are in the product launch path, they can form a bottleneck if organisations struggle to scale their security teams to support their growing product development teams. In this session, you will learn how AWS developed a mechanism called the Security Guardians, to scale security processes and expertise by distributing security ownership between security teams and builder teams.

Speaker: Mitch Beaumont, Principal Solutions Architect, AWS

Audience: Technical
Session Format: Presentation

This track will show you the way to reinforce the security of the software that you build in the cloud. Join us if you are an application developer, DevOps engineer or any builder who wants to level up their security skills and become a security champion.

2:00pm - 2:40pm
Rethinking the "Sec" in DevSecOps for modern architectures
Using third-party or open-source software components can help reduce cost, speed up time to market, and free staff up to engage in more innovative and value-adding activities. But how can organizations ensure that third-party software and development processes are secure? And what is the “right way” to evaluate the security of software packages? A holistic DevSecOps approach applies best practices and tools from the early stages of the software development life-cycle to continuous delivery, continuous testing, and continuous scanning and monitoring. This presentation will evaluate the AWS service offerings such as AWS Security Hub, AWS Organizations, AWS IAM, plus popular third-party tools.

Speakers:
Maria Sokolova, Senior Solutions Architect, AWS
Gerald Bachlmayr, Principal Cloud Architect, Cuscal

2:45pm - 3:25pm
Building securely with AI & ML
In this session, learn how modern tools can improve your development workflow and security when building applications in the cloud. You can use AWS Toolkit within your IDE of choice to access AWS environments, and leverage tools such as Amazon CodeWhisperer to provide AI-powered coding recommendations when developing applications. In addition, Amazon CodeGuru can identify vulnerabilities in code, provide recommendations on how to fix the identified vulnerabilities, and track the status of the vulnerabilities until closure.

Speakers:
Paul Kukiel, Enterprise Solution Architect, AWS
Matt Coles, Principal Engineer, AWS

3:30pm - 3:45pm
How SaaS provider Playvox is Scaling Securely across multiple Geo's
Global SaaS provider Playvox shares their evolution and the criticality of expanding their security engineering and continuous network monitoring in tandem with their growth. Discover how Playvox's security team and culture strategy has facilitated the development of a scalable security approach aligned with their business expansion. Playvox has been able to meet customer requirements during their international growth by simultaneously implementing security practices that maximise the ability for their engineering teams to build faster and securely.

Speaker: Cheyne Wagner, SVP of Global Engineering
Partner: REDBEAR IT

3:45pm - 4:20pm
Afternoon tea

4:20pm - 5:00pm
A new open-source tool to help improve your threat modeling
Threat modeling helps you identify security issues early, understand your security requirements, and delight your customers by building secure products and services. Join this session to learn the basics of threat modeling and to see a new open-source tool released by AWS to help you through the process of producing a threat model. The tool is useful during the ‘What can go wrong?’ step by helping you brainstorm and consistently compose useful threats, and during the ‘Did we do a good enough job?’ step to show how you can improve and raise the bar for security in your application.

Speaker: Darran Boyd, Principal Security Solutions Architect, AWS

Audience: Technical
Session Format: Hands-on Lab

2:00pm - 5:00pm
Security Builder Workshop
The builder's workshop will give you an opportunity to learn how to aggregate, ingest and analyse security log data and events in a multi-account environment. Attendees will dive deeper, hands-on, into building a solution to ingest and analyse logs from AWS security services like Amazon GuardDuty, Amazon Inspector and AWS Security Hub. Attendees will learn how to use AWS-native services like Amazon S3, Amazon Athena and Amazon QuickSight to query and visualise security log data building insights into their security posture. The workshop will include a demo of the capabilties of Amazon Security Lake in centralising security log data and events.

This session is a hands-on workshop, attendees will be provided with sandbox AWS accounts and should bring their own laptops.

Audience: Technical
Session Format: Hands-on Lab

2:00pm - 5:00pm
Security Developer Workshop
The developer's workshop will give you an opportunity to exercise AppSec controls in a sample code deployment pipeline. Attendees will be provided with sandbox AWS accounts to setup an Automated Release Pipeline to deploy an insecure Web Application. Through the workshop, attendees will review common security risks and integrate with Security Tools/Processes in the release pipeline, shifting left with security.

This session is a hands-on workshop, attendees will be provided with sandbox AWS accounts and should bring their own laptops.