Program - June 4th 2019

Submitted papers

13:30 Keynote: Practically Teaching the Next Generation Chrissy Morgan
14:00 Paper 1: Security Risk Assessment and Management as Technical Debt Kalle Rindell, University of Turku
14:20 Paper 2: Threat modelling and agile software development: Identified practice in Norwegian organisations Karin Bernsmed, SINTEF Digital
14:40 Paper 3: Attack Surface Identification and Reduction Model Applied in Scrum George Yee, Carleton University
15:10 Paper 4: An Empirical Study on Culture, Automation, Measurement, and Sharing of DevSecOps Huang Huang, Nanjing University

Practitioner talks

16:00 Practitioner 1: Telenor Software Lab - Empowering Secure Agile Teams Frank Aakvik, Capture
16:20 Practitioner 2: You are not alone – A brief talk about a Security Champion Program Marco Constantino, Kongsberg Digital
16:40 Practitioner 3: Software Security: Moving left in a circular world Nick Murison, Synopsys
17:00 Practitioner 4: When everybody cares about the product, but CI/CD is neglected: Assessing and Improving Dependability and Security of CI/CD Infrastructures Thomas F. Düllmann, University of Stuttgart
19:00 Workshop dinner


Practically Teaching the Next Generation
Chrissy Morgan


In order to mitigate for the future we must find innovative ways in which to train the next generation of application developers and security professionals, on how to spot issues and rectify. This should come before entering their professional careers, ideally at university. Students are actively taught on how to attack, however there is improvements to be made with the current state of practical mitigation teaching tools. Chrissy, having researched this subject matter for her masters dissertation will present the key research findings, the areas that need improvement, providing insight on how we can better teach our students. A realistic view looking everywhere for inspiration from Academia through to the internet underground.


Chrissy heads up the IT Security Operations for a Close Protection (Bodyguard) company by day and is a Security Researcher by night. As an advocate of practical learning, Chrissy also takes part in bug bounty programs and has found bugs in platforms such as Microsoft and She has carried out research in the areas of Steganography, RFID, Physical Cyber Systems Security and is actively involved within the information security community across a wealth of subjects. As a recent Masters Graduate, she has accomplished the following successes so far: Winner of Cyber Security Challenge UK (University Challenge), CTF Finalist for the Pragyan CTF, A BlackHat Challenge Coin winner for OSINT from Social and Black Hat Scholarship, Steelcon Award, WISP Sponsorship and finally was the BSides London Rookie Track Speaker Winner for 2018.

See for more!