Volg (ISC)² NL

Agile Security

Build secure software in an agile way

(ISC)2 NL organises an evening on security in agile software development.

wat Agile Security
wanneer 09/02/2017
waar Hitachi Data Systems Nederland B.V., Heksekamp 31, 5301 LX Zaltbommel



Frederik Schröder – country manager Hitachi Data Systems

Hitachi Analytics Video
Hitachi Press Release

Henk Klöpping – president (ISC)2 NL

Presentation (ISC)2NL
The Agile Security Manifesto

Nick Murison – Synopsys
The Agile Manifesto was created in 2001 to provide an alternative to document-heavy software development practices. Now we’ve created our own set of principles to complement the Agile Manifesto by addressing similar inefficiencies plaguing application security. These four principles are meant to guide and inspire us to build secure software in an agile way.

  1. Rely on developers and testers more than security specialists.
  2. Secure while we work more than after we’re done.
  3. Implement features securely more than adding on security features.
  4. Mitigate risks more than fix bugs.

Nick’s talk will discuss these four principles, and how adding them your own Agile process can helpyou integrate critical security measures in a natural, efficient way.

Presentation Nick Murison
A New Security Management Approach for Agile Environments

Arthur Donkers and Pascal de Koning – 1Secure

  • Four false assumptions that make the traditional security approach fail
  • ‘Feet in the mud’ with the Agile Security Engagement Model (ASEM)
  • Explanation of the innovations in this Agile Security approach
Presentation Arthur Donkers and Pascal de Koning
Agile Security in practice

Olga Kulikova and Ton Diemont – KPMG
During the presentation we will present two use cases from our clients that practice agile and invest in security. The first case will cover security issues that our client faced due to the way it arranged agile development. The second use case will highlight, on the contrary, a better organized agile team with regard to security.
We will also discuss key security considerations of agile environments, and share our view on the way agile teams should prepare for security audits.

Presentation Olga Kulikova and Ton Diemont
Agile Security at KPN

Dave van Stein – Xebia
Early 2014 KPN Digital implemented the Agile way of working. This introduced some challenges with respect to security and privacy as the traditional (project based) methods were too time consuming and rigid.
In this presentation Dave will showcase some of the changes KPN made to get from an Agile + Security to an Agile Security way of working.

Presentation Dave van Stein


Dit event werd gesponsord door:


Nick Murison

Nick Murison is a Managing Consultant who has over ten years of experience in a variety of roles including Software Development, Project Management, and Security Consulting. Nick Murison has worked with a large number of Fortune 100 companies across a broad mix of industries. In his previous work, Nick has been a key member of several large-scale emergency incident response and remediation projects. As a Managing Consultant at Synopsys, his extensive experience includes creating and shaping software security initiatives in large multi-national organisations, as well as overseeing software security activities such as Penetration Testing, Secure code Review, Threat Modelling and Architecture Risk Analysis services.

Arthur Donkers

Security Officer Interested in info sec, technology, organization and combining these all into one solution Critical Security Architect Trainer for PECB (ISO27001, 27005, 31000) Convinced that InfoSec is a means to an end, not a purpose in itself.

Pascal de Koning

Has a security manager role at several companies. His passion is to make security an integrated part of IT. Was lead author of the TOGAF Security Guide (2016). He also initiated the Security Service Catalogue project, a joint effort of The Open Group and The SABSA Institute.

Olga Kulikova

Olga is a senior consultant within KPMG Cyber practice. She supports organizations with Identity and Access Management and Cloud security programs where she helps companies increase their control over security of business data stored and processed in on premise environments as well as in the cloud. Due to her expertise in IAM and cloud, she often works with agile teams that develop, run and maintain in-house as well as cloud software. Olga joined KPMG Cyber in September 2012 after receiving a MSc in Management of Technology at TU Delft.

Ton Diemont

Ton is a senior manager within KPMG Cyber practice. He supports large organizations with development of their cyber and information security strategies and frameworks and leads ‘Cyber in the Boardroom’ proposition within NL and EMA region. Before joining KPMG Ton worked more than 20 years for ING Group, of which the last 6 years as the Head of Information Risk Management and CISO within the Corporate Operational Risk Management department and as such responsible for the information security strategy, cyber resilience program and reporting to the Executive Board, Board of Directors and regulators.

Dave van Stein

Dave van Stein is security consultant at Xebia. He has more than 15 years of experience in software testing and started specializing in Web Application Security in the beginning of 2008. Over the years, Dave has performed numerous penetration tests for customers and helped clients to implement security into the software development lifecycle. Nowadays Dave acts as a trainer, mentor and coach on integrating security and privacy controls into the Agile and DevOps way of working.