- 2025-11-03
- -
- 09:00 AM
- ->
- 03:00 PM
Dive into an impactful evening with “AppSec Unchained,” tailored for product security professionals focusing on application and cloud security. Join us in navigating the evolving cybersecurity landscape, where staying ahead of threats and embracing innovative strategies is key.
Only 100 spots available for this exclusive event. Secure your place now and join us at the forefront of application and cloud security. Break boundaries and redefine the future of AppSec with us!
Join us as we kick off “AppSec Unchained” with a warm welcome from our host. In this opening segment, we’ll set the stage for an engaging and informative evening ahead. Get ready to dive into discussions on application and cloud security, where staying ahead of threats and embracing innovative strategies is paramount. Let’s embark on this journey together as we navigate the ever-evolving cybersecurity landscape. Welcome to “AppSec Unchained”
In 2023, Monzo undertook the ambitious goal of moving away from accessing our internal tools and systems without a VPN and moving to a Zero Trust access strategy inspired by Google’s beyondcorp. This talk walks through how we achieved this in a regulated industry, from the very beginning of issuing trusted identity to our Client Devices, to rolling out the new solution to Monzonauts – and some of the challenges we faced along the way.
Posture and Data don’t lie – risk and fact-driven approach on posture management with deep dive into exploitability, reliability and the likelihood of exploitation.
Abstract
Posture is the art of representing complex problems in simple risk-based visualisation. Risk posture had a lot of hidden measurements and data and was treated like esoteric art. In this talk, we explore various concepts like Exploitation, the likelihood of exploitability, Context and location of an asset and how it influences the exploitability, business impact and how to involve business with risk-based driven metrics.
Focused on data-driven research and visualisation techniques analysing what’s more exploitable from different data sources.
We will explore the difference between a vulnerability base approach and resolution first vs a risk-based approach and success from real case scenarios.
Find your path in this modern, challenging.
Writeup on CISA KEV: https://phoenix.security/cisa-kev-visualization/
Let’s explore the transformative power of DevSecOps by reviewing how it enables organisations to embed security seamlessly into every stage of the development lifecycle. Learn practical strategies for reducing friction between your security team and your engineers, fortifying your Appsec efforts whilst bolstering resilience and safeguarding against emerging threats.
Vulnerability management is complex when you need to take into account cloud, infrastructure, laptop, operating systems, containers
Get ahead of the curve and win the battle against vulnerabilities,
We going to run an in person ruffle with question on appsec (easy) and OWASP, participate at the event to win
Appsec Unchained an evening in the application and cloud security
Prices and awards available on the day!
Ruta Baltiejute is a dynamic and adaptable polyglot developer, passionate about tackling diverse challenges head-on. With expertise in Java, Kotlin, C#, and proficiency in ReactJS and React Native, she’s a true coding maven. Currently, as the DevSecOps Lead at Asda, Ruta ensures seamless migrations and fosters a security-first mindset. She’s instrumental in implementing SAST solutions, curating best practices, and optimizing CI/CD processes. Ruta’s track record includes Scrum Mastery at Lloyds Banking Group and product development at AND Digital. With a penchant for improvement, she continually reshapes the tech landscape, making her a sought-after innovator in the field.
Vlad Perelmuter is a distinguished cybersecurity leader with extensive experience in safeguarding digital assets across the fintech and tech sectors. Currently, he spearheads security initiatives as a Senior Engineering Manager for Security at Monzo Bank in London, UK. Prior to Monzo, Vlad made significant contributions to Twilio as an Engineering Manager for Product Security and began his cybersecurity journey at Lifion by ADP, where he led as a Security Team Lead. His expertise encompasses application security, cloud security, and vulnerability management, reflecting a deep commitment to creating secure digital environments. Beyond his professional pursuits, Vlad is passionate about running, the nuanced world of whiskey, and exploring Italy’s rich culture. His career is a testament to his leadership in cybersecurity and his dedication to continuous learning and personal growth.
Liam is a Senior Backend Engineer and Tech Lead of Monzo’s Staff Security & Detection squad. Since joining Monzo in 2017, Liam has worked on a number of projects to improve access to Monzo systems, levelling up Monzo’s Endpoint Security using open source tooling and advocating for a Zero Trust architecture across the organisation.
Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.
Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.
Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.
Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.
Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.
James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.
Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.
Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.
Get all the latest news, exclusive deals, and feature updates.