Irene Michlin

Application Security Consultant

Main focus: Application Security

Twitter handle: @IreneMichlin

Languages: English, Russian

City: London

Country: United Kingdom

Topics: security design, threat modeling, security architecture, agile software development, application security, lean software development, devsecops, sdl, sdlc, secure development

Services: Talk, Workshop management, Consulting, Interview


Irene Michlin is a security consultant at IBM, where she leads Application Security practice in European centre of competency. Before going into application security consultancy, Irene worked as software engineer, architect, and technical lead at companies ranging from startups to corporate giants. Her professional interests include securing development life-cycles and architectures. Irene believes that innovative software and secure development practices are not a contradiction, and Lean and Agile practices are actually friends of security.

Examples of previous talks / appearances:

Securing the continuous integration
Video Thumbnail

Continuous integration (CI) has long left the stage of experimental practices and moved into mainstream software development. It is used everywhere from start-ups to large organisations, in variety of technology stacks and problem domains. However, the security implications of introducing CI are often overlooked or underestimated.

This talk intentionally avoids recommending a specific solution or vendor. Instead it focuses on technology and process changes involved in setting up CI environment, and aims to provide best practice guidance for introducing CI in your secure Software Development Life Cycle (SDLC). The choice of tools in various steps of CI is enormous. This presentation does not discuss their relative merits from functionality point of view, but suggests which features are necessary to allow secure integration of the tools.

This talk is in: English
Incremental Threat Modelling
Video Thumbnail

Threat modelling is one of the best techniques for achieving security on architectural level. However, introducing it on existing complex projects requires time which developers may not have. This talk introduces a technique for performing threat modelling in ongoing projects without a prohibitive initial time investment.

This talk is in: English