JOHANNESBURG
21 - 25 May 2018

CAPE TOWN
28 & 29 May 2018

Speaker

April C. Wright, senior security and compliance manager, Verizon Wirelin

April C. Wright

Senior manager: information security and compliance, Verizon (USA)

April C Wright is an author, teacher, community leader, and hacker who has been a generalist for the last 25+ years, breaking, making, fixing, and defending "all the things" while playing security roles on offensive, defensive, operational, and development teams throughout her career. She travels the globe teaching others about information security, which includes protecting both personal privacy and important assets to make the digital components that impact our lives safer and more secure. Wright has been a speaker and contributor for some of the largest and most prestigious security conferences in the world, including BlackHat, Defcon, and DerbyCon, as well as cyber security organisations such as OWASP and ISSA. She has started multiple small businesses, and in 2017, she co-founded the Boston Defcon Group (DC617) local organisation. While most recently working with Verizon to build more secure software from the ground up through SDLC programs, creating governance and compliance processes, and performing risk reduction with a vengeance via leadership of comprehensive security programs for massive global infrastructures. She is a polymath who specialises in seemingly nothing (except perhaps learning about everything in the hope of sharing and employing her knowledge). Wright has collected dozens of certifications to add letters at the end of her name, from operating systems to social engineering to cloud security to first aid to photography. She once read on 'the interwebs' that researchers at the University of North Carolina released a comprehensive report in 2014 confirming that she is the "most significant and interesting person currently inhabiting the earth", so it must be true.

April C. Wright will be speaking on the following topic:

12:00
International keynote speaker Orange is the new purple – how and why to integrate development teams with Red/Blue Teams to build more secure software

Introducing a new paradigm for integrating developers with offensive and defensive teams to enhance SDLC. Utilising Red, Blue, and now Yellow (Development) Teams in a structured way to provide knowledge sharing, strengthening of defences, coverage, and response, and ultimately the development of a high level of security maturity over time. This new concept of "Red + Yellow == Orange && Blue + Yellow == Green" focuses on the role of Developers as a critical piece of security assurance activities when combined with Offensive and Defensive Teams. Orange Teams add value when they have been integrated into SDLC by creating a cycle of perpetual offensive testing and threat modelling to make software more secure over time through a high level of dedicated interaction. Green teams add value when they help ensure software is capable of providing good DFIR information. This talk will evaluate how different Team combinations can lead to more secure software.

  • Understanding why software is built un-securely
  • The value in combining teams with different purposes but shared goals
  • Ways to elicit change revealed, ie, tips for getting management buy-in

Sponsors

Event Sponsor

Security Survey and Executive Roundtable Sponsor

Urban Café Sponsor

Gold sponsors

Workshop sponsor

Silver sponsors

Bronze sponsors

Display sponsors

Showcase sponsors

Host sponsor

Sponsors

Endorsed by

Media Partners