[Owasp-leaders] Owasp Working Sessions in London (6th Feb) on GDPR, SAMM, GitHub Security and Incident response playbooks

Dinis Cruz dinis.cruz at owasp.org
Thu Feb 1 09:25:54 UTC 2018

Hi Owasp leaders, following the Working Sessions model used at the last OWASP
Summit 2017 <https://owaspsummit.org/Outcomes/> in London, Photobox Group
Security, working with OWASP London Chapter, is hosting a number of working
sessions to continue the great work done at the Summit and to
collaborate/share our knowledge in important Application Security topics.
See https://pbx-group-security.com/working-sessions/ for all details.

The first (of many) working sessions will happen on the 6th of
February (register
and will focus on the following topics:

   - *GDPR and Consent Tracking*  - As companies prepare for GDPR's May
   deadline, in addition to the questions and topics raised at the GDPR
   sessions in the Summit, one area that has multiple Application Security
   implications is *Consent and Consent Tracking (i.e. how to capture in a
   secure way the exact consents that users have provided).*
   - *Playbooks for incident response* - continuing the great work done at
   the Summit on Playbooks, this session will focus on Incident Response and
   how to improve the quality, speed and effectiveness of incident response
   teams (by using pre-defined playbooks and decision trees to guide actions,
   remediations and root cause analysis)
   - *SAMM* - Maturity Models can be highly effective in mapping the
   current Application Security landscape and in providing roadmaps for the
   future. Come and meet some of the SAMM project authors and lead
   contributors, in this working session which will focus on lessons learned
   from using SAMM in the real work, and in solutions for sharing anonymously
   SAMM data (in order to create industry wide metrics)
   - *GitHub Security *- Continuing the work done at the summit in reaching
   out to GitHub in order to work with them on improved solutions for
   Authentication and Authorisation of 3rd party services/integrations

Please join us on this event and share your ideas with the community :)

Dinis Cruz
CISO of Photobox Group


*What is the format of the Working Sessions?*
The Working Sessions are collaborative events where all attendees are
expected to collaborate and be an active participants in the sessions (it
is ok to just come and listen, but the idea is to share and contribute).

The topics of the Working Sessions are created by the participants and
always focus on real-world problems or areas of research that those
participants are passionate about. What makes the Working Sessions special
is the environment where real-word security professionals come together in
an open, collaborative, friendly and highly productive environment to work
on challenges that they are passionate about and are actively involved in

*How is this different from Conferences*
Conferences are one-to-many events, where Working Sessions are many-to-many
events. There are no 50 minutes presentations and the key objectives of the
working sessions are:

a) provide an understating on the problem at hand
b) define key objectives for what can be achieved in that Working Sessions
c) collaborate
d) create an deliverable and plan for next steps (and next Working Sessions
on this topic)

*When and where are they happening*

6:00 - 8:00pm
Photobox Group, Unit 7, Metal Box Factory,
30 Great Guildford Street, London SE1 0HS

Register here

*How long do Working Session last*
2 hours onsite, but the idea is that the conversation and work continues
asynchronously (in Slack and others mediums)

*Is there any cost to attendNo tickets are free*

*Can I participate remotely*
Yes, we will be providing Google Hangouts (or equivalent) link. Join the
#working-sessions slack channel (on OWASP's Slack) for more details and
links on the day

*I can't make it to the session next week, will there be others?*
Yes, Photobox will be hosting a Working Working Session every two weeks (on
Tuesday). See full list here https://pbx-group-

*What about topic 'xyz', can we have a Working Session focused on it?*
Absolutely, use the #working-sessions to talk about it (we will have a
dedicated website for working sessions soon)

*Can we host a Working Session on another location or Owasp Chapter?*
Of course, part of the objectives of this series of Working Sessions is to
create an operational and logistics model that can easily be replicated
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180201/95727ab8/attachment-0001.html>

More information about the OWASP-Leaders mailing list