Main focus: Application Security
Twitter handle: @IreneMichlin
Languages: English, Russian
City: London
Country: United Kingdom
Topics: security design, threat modeling, security architecture, agile software development, application security, lean software development, devsecops, sdl, sdlc, secure development
Services: Talk, Workshop management, Consulting, Interview
Irene Michlin is a security consultant at IBM, where she leads Application Security practice in European centre of competency. Before going into application security consultancy, Irene worked as software engineer, architect, and technical lead at companies ranging from startups to corporate giants. Her professional interests include securing development life-cycles and architectures. Irene believes that innovative software and secure development practices are not a contradiction, and Lean and Agile practices are actually friends of security.
Examples of previous talks / appearances:
Continuous integration (CI) has long left the stage of experimental practices and moved into mainstream software development. It is used everywhere from start-ups to large organisations, in variety of technology stacks and problem domains. However, the security implications of introducing CI are often overlooked or underestimated.
This talk intentionally avoids recommending a specific solution or vendor. Instead it focuses on technology and process changes involved in setting up CI environment, and aims to provide best practice guidance for introducing CI in your secure Software Development Life Cycle (SDLC). The choice of tools in various steps of CI is enormous. This presentation does not discuss their relative merits from functionality point of view, but suggests which features are necessary to allow secure integration of the tools.
This talk is in: English
Threat modelling is one of the best techniques for achieving security on architectural level. However, introducing it on existing complex projects requires time which developers may not have. This talk introduces a technique for performing threat modelling in ongoing projects without a prohibitive initial time investment.
This talk is in: English