09:00 Welcome Martin Gilje Jaatun, SINTEF
09:15 Keynote: Adventures in Threat Modeling Nancy Mead, SEI/CMU
10:30 Break
11:00 Paper 1: Aligning Security Objectives With Agile Software Development Kalle Rindell, University of Turku
11:30 Paper 2: Implementing DevOps Practices in Highly Regulated Environments Jose Morales, CERT/CMU
12:00 Paper 3: Software security in agile software development: A literature review of challenges and solutions Kati Kuusinen, University of Southern Denmark
12:30 Lunch
13:40 Practitioner 1: Security conversations in practice Helen Sharp, Open University UK
14:10 Practitioner 2: Key success factors in getting secured applications in challenging environment Pawel Rajba, University of Wroclaw
14:40 Practitioner 3: Secure Software Development – A Key Enabler for the Industrial Revolution Jostein Jensen, KDI
15:00 Practitioner 4: Experiences introducing a defined secure software development lifecycle Mari Grini, Telenor
15:30 Break
16:00 Open Space
17:30 End


Adventures in Threat Modeling
Professor Nancy Mead, Software Engineering Institute, Carnegie Mellon University


This talk will focus on the SEI’s recent threat modeling research. After briefly revisiting our initial 2015-16 research project examining STRIDE, Security Cards, and Persona non Grata, a new hybrid threat modeling method (hTMM) will be described. The methods used on the initial research project and the hTMM have been used to perform threat modeling of small case studies, and the hTMM is now ready for use on larger projects. The threat modeling work has also been documented in an SEI report, and incorporated into an SEI certificate program on cyber security and software assurance. A current CMU student project on machine learning may further inform the research work.


Nancy R. Mead is a Fellow and Principal Researcher at the Software Engineering Institute (SEI). Mead is an Adjunct Professor of Software Engineering at Carnegie Mellon University. She is currently involved in the study of security requirements engineering and the development of software assurance curricula. She also served as director of software engineering education for the SEI from 1991 to 1994. Her research interests are in the areas of software security, software requirements engineering, and software architectures.

Prior to joining the SEI, Mead was a senior technical staff member at IBM Federal Systems, where she spent most of her career in the development and management of large real-time systems. She also worked in IBM's software engineering technology area and managed IBM Federal Systems' software engineering education department. She has developed and taught numerous courses on software engineering topics, both at universities and in professional education courses.

Mead authored more than 150 publications and invited presentations. She is a Fellow of the Institute of Electrical and Electronic Engineers, Inc. (IEEE) and the IEEE Computer Society, and is a Distinguished Educator of the Association of Computing Machinery. She received the 2015 Distinguished Education Award from the IEEE Computer Society Technical Council on Software Engineering. The Nancy Mead Award for Excellence in Software Engineering Education is named for her and has been awarded since 2010, with Mary Shaw as the first recipient.

Mead received her PhD in mathematics from the Polytechnic Institute of New York, and received a BA and an MS in mathematics from New York University.