Security Heroes versus the Power of Privacy

Download Slides

Watch Video

The clash of Security and Privacy! Is this really a heroic battle of Good versus Evil? Or is Privacy not the villain they are made out to be…

In this exciting session, Our Heroes, Captain Security and Professor Privacy, will battle for the hearts of our teams and the department’s budget. Powers will be displayed, arguments will be made, shots will be fired, and eventually these two unlikely foes will learn to respect each other.

And together, they will discover how they can leverage their combined powers to overwhelm any enemy or executive complaint, in order to fulfill their shared destiny: protecting their users through the magic of Threat Modeling!

The main objective of this talk is to highlight the need for integrating privacy approaches into “regular” security activities. While we will be presenting this in a fun, superhero story way, we will tackle common misconceptions many security pros have about privacy. Some example misconceptions include:

There is no need to invest in privacy;
It is automatically covered by security;
There is a conflict between privacy and security.

We will show why security pros need to treat privacy as a first class citizen, how to implement a shared workflow, and how to leverage security activities into a privacy by design approach. A key tool for this is Threat Modeling - while this is becoming more common practice in security teams, this can likewise be used to great effect with privacy implications. This requires some small modifications to classic security threat modeling techniques, and a complementary threat framework such as LINDDUN.

We will explain all of these in a very engaging and fun manner, leaving the audience with a lasting impression and specific, ready-to-use knowledge that they can implement by themselves.

About the Speakers

Avi D

AviD has been securing applications for decades, and is obsessed with maximizing value output from security efforts since originally building threat models at Microsoft over 15 years ago. Avi is the founder and CEO of Bounce Security, a boutique consulting agency dedicated to helping developers integrate security efficiently into their workflows. He is a frequent speaker and trainer, and has trained thousands of developers to build more secure products. Avi is an active contributor to open source communities, including leading the OWASP Israel chapter, creating the incredibly popular AppSec Israel security conference, co-founding the OWASP Threat Modeling project, and currently serving on the OWASP Global Board of Directors. He is also a community moderator on https://Security.StackExchange.com/, and co-authored the Threat Modeling Manifesto https://www.threatmodelingmanifesto.org/.