BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//talk//7HCSG3
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-7HCSG3@pretalx.com
DTSTART;TZID=CET:20260507T154000
DTEND;TZID=CET:20260507T162000
DESCRIPTION:“We requested a review from security a month ago and there’
 s no feedback.” Does this sound familiar to you? Maybe you’ve heard th
 at your security team is occupied with other tasks that are “higher prio
 rity” and your product is just not. “Nothing we can do\, security is a
 n expert’s job.” Or maybe you simply don’t have any dedicated securi
 ty team in your company. So\, your hands are bound and you can’t do anyt
 hing anyways\, right? \n\nWhat if you could\, though? What if you could do
  a lot more than you might think to make your software more secure? What i
 f you could save time and effort by taking security into your own hands?\n
 \nIn this talk\, we’ll go through several activities that you might alre
 ady do right now\, and demonstrate how you can shape these to improve your
  product’s security posture. Let’s take a few examples: when you’re 
 analyzing the next product changes\, you can use threat modeling to also c
 onsider potential security issues and hence plan their implementation with
  security in mind. Collaborating across roles on developing the changes ca
 n help you detect security flaws before they make it to production. Invest
 ing in maintenance and reducing technical debt will at the same time make 
 your product a less attractive target. When observing production\, you can
  spot malicious actors probing your system enabling you to respond before 
 harm is done.\n\nIf you apply good software development practices\, they h
 elp you make your product more secure\, and good security practices help y
 ou make software that provides more value and less harm. With and without 
 an expert at hand.\n\nKey learnings:\n- Stop waiting for dedicated securit
 y experts and start acting yourself\n- Understand how good software develo
 pment practices support security practices and vice versa\n- Gain insights
  on what an engineering team can do themselves to build secure enough prod
 ucts\n- Learn how to use this newly found leverage of benefits on all side
 s when prioritizing which changes and activities to invest in
DTSTAMP:20260412T024646Z
LOCATION:Workshops and Stage - Gernsback (C1.05.02)
SUMMARY:Out of Security Exception - What to Do Without an Expert to Secure 
 Your Software - Lisi Hocke
URL:https://pretalx.com/bsidesluxembourg-2026/talk/7HCSG3/
END:VEVENT
END:VCALENDAR