Merge pull request #144 from owaspsamm/sud-presentation-details

Resolves #143 - adds full functional agenda for SUD.
owaspsamm · Oct 11, 2023 · 982015d · 982015d
2 parents 8c74eef + 9658f2b
commit 982015d
Show file tree

Hide file tree

Showing 18 changed files with 144 additions and 8 deletions.
diff --git a/.../en/user-day/introducing-owasp-samm-at-a-fortune-500-company-lessons-learned.md b/.../en/user-day/introducing-owasp-samm-at-a-fortune-500-company-lessons-learned.md
@@ -0,0 +1,15 @@
+---
+type: user-day
+title: User day
+name: "Introducing OWASP SAMM at a Fortune 500 company: Lessons Learned"
+speaker: Aram Hovsepyan
+image: /img/team/aram.jpg
+affiliation: Codific
+role: CEO
+abstract: |
+    Software security is an essential concern worldwide and as the saying goes: you don't manage what you can't measure. Measurability stands as one of the foundational principles of OWASP SAMM. SAMM is open source framework that is technology, process and organization agnostic. These fundamental qualities have convinced us to implement SAMM across our entire organization. Despite encountering a few challenges along the way, SAMM has proven its worth by delivering on its promises. It has become a cornerstone of our security assurance programme.In this presentation, we are excited to share our experiences and the valuable lessons we've gained from implementing SAMM.
+
+bio: |
+   Aram is the founder, CEO of Codific and a security and privacy expert. He has over 15 years of professional experience in designing and building complex software systems by explicitly focusing on security. He believes application security is a holistic discipline. Aram has a PhD in cybersecurity from DistriNet, KULeuven which provides him with a broad knowledge of the security landscape. Throughout his academic years he has mainly focused on privacy threat modelling and streamlining the LINDDUN methodology.
+
+---
diff --git a/content/en/user-day/mastering-samm-fast-track-guide.md b/content/en/user-day/mastering-samm-fast-track-guide.md
@@ -0,0 +1,14 @@
+---
+type: user-day
+title: User day
+name: "Mastering SAMM: Fast-Track Guide"
+speaker: Seba Deleersnyder
+image: /img/team/seba.jpg
+affiliation: Toreon
+role: CEO
+abstract: |
+    
+
+bio: |
+   Sebastien Deleersnyder is the CTO and co-founder of Toreon, as well as the COO and lead threat modeling trainer of Data Protection Institute. Seba holds a Master's degree in Software Engineering from the University of Ghent, and has extensive experience in the development and training of secure software. He is the founder of the Belgian chapter of OWASP and a former member of the OWASP Foundation Board. In 2022, Seba was honored as the Cyber Security Personality of the Year by the Cyber Security Coalition in Belgium, where he currently serves as the chair of the new AppSec focus group. He is co-leader of SAMM, Seba has made a significant impact in improving global security. He is currently focused on adapting application security models to the evolving landscape of DevOps and raising awareness of the importance of threat modeling among a wider audience.
+---
diff --git a/...ring-maturity-of-pasta-threat-modeling-activities-using-samm-threat-analysis.md b/...ring-maturity-of-pasta-threat-modeling-activities-using-samm-threat-analysis.md
@@ -0,0 +1,14 @@
+---
+type: user-day
+title: User day
+name: Measuring Maturity of PASTA Threat Modeling Activities Using SAMM Threat Analysis
+speaker: Tony UV
+image: /img/people/undraw_male_avatar_323b.png
+affiliation: OWASP/ VerSprite
+role: SME
+abstract: |
+    Threat modeling is a process and leveraging a risk centric approach using PASTA, OpenSAMM provides a great way to measure how we can measure the journey of a PASTA threat modeling roll out using one of OWASP's iconic maturity models for AppSec.  PASTA has a built in RACI and associated activities per each of its seven stages and in this talk, we'll map to the OWASP SAMM model to see how maturity can be measured over time against the activities for each stage of the Process for Attack Simulation & Threat Analysis. 
+
+bio: |
+   Author, Founder, former CISO and global threat modeling expert on risk centric iterative approaches to application threat models.  I've leveraged both BSIMM and OpenSAMM to measure the journey of how PASTA is adopted at various MNCs.
+---
diff --git a/content/en/user-day/opencre-and-the-art-of-performing-samm-assessments.md b/content/en/user-day/opencre-and-the-art-of-performing-samm-assessments.md
@@ -0,0 +1,14 @@
+---
+type: user-day
+title: User day
+name: OpenCRE and the art of performing SAMM assessments
+speaker: Rob van der Veer
+image: /img/people/Rob_van_der_Veer.jpg
+affiliation: 
+role: 
+abstract: |
+    
+
+bio: |
+   
+---
diff --git a/content/en/user-day/round-table.md b/content/en/user-day/round-table.md
@@ -0,0 +1,18 @@
+---
+type: user-day
+title: User day
+name: SAMM Round Table
+speaker: All participants
+image: 
+affiliation: 
+role: 
+abstract: |
+    Join us for an interactive and insightful SAMM Round Table discussion during the SAMM User Day. This session offers a unique opportunity for attendees to engage in an open and collaborative dialogue focused on the Software Assurance Maturity Model (SAMM).
+
+    During this round table, we will delve into the challenges and successes that organizations have encountered while implementing SAMM. Participants will have the chance to share their experiences, exchange best practices, and seek guidance from peers and experts in the field.
+
+    We invite you to bring your questions, insights, and experiences to the table, as together, we explore the evolving landscape of software security and how SAMM can help organizations adapt and thrive. This is a great opportunity to actively participate in the SAMM community, learn from your peers, and contribute to the collective knowledge that drives software security excellence.
+
+bio: |
+   
+---
diff --git a/content/en/user-day/samm-benchmark.md b/content/en/user-day/samm-benchmark.md
@@ -0,0 +1,14 @@
+---
+type: user-day
+title: User day
+name: SAMM Benchmark
+speaker: Brian Glas
+image: /img/team/brian.jpg
+affiliation: 
+role: 
+abstract: |
+    Join us as we traverse the landscape of OWASP SAMM Benchmarking. Whether you're a seasoned SAMM veteran or a newcomer to the software assurance world, this presentation provides insights into the new SAMM Benchmark collection and visualization processes. Well walkthrough how to contribute and what you can expect for information once we reach a critical mass of data.
+
+bio: |
+   Brian has 22 years of experience in various roles in IT with the majority of that in application development and security. His day job is serving as an Assistant Professor teaching a full load of Computer Science and Cybersecurity classes at Union University. He helped build the FedEx AppSec team, worked on the Trustworthy Computing team at Microsoft, consulted on software security for years, and served as a project lead and active contributor for SAMM v1.1-2.0+ and OWASP Top 10 2017, 2021, 2024, and the OWASP DAVID project. Brian is a contributor to the RABET-V Pilot Program for assessing non-voting election technology. He holds several Cybersecurity and IT certifications and is working on his Doctor of Computer Science in Cybersecurity and Information Assurance.
+---
diff --git a/content/en/user-day/samm-deep-dive.md b/content/en/user-day/samm-deep-dive.md
@@ -0,0 +1,16 @@
+---
+type: user-day
+title: User day
+name: SAMM Deep Dive
+speaker: SAMM Team members
+affiliation: 
+role: 
+abstract: |
+    Welcome to an in-depth exploration of one of the security practices within SAMM. In this talk, we focus our attention on a single practice like we do during our monthly community calls.
+
+    Through detailed analysis and practical examples, we will uncover the inner workings, key components, and real-world applications of this practice. We will also discuss best practices and implementation strategies, drawing from owr extensive experience to illustrate its effectiveness.
+
+    Throughout this talk, we will address common challenges and provide actionable insights, enabling participants to navigate the implementation process with confidence. 
+
+   
+---
diff --git a/content/en/user-day/wrap-up.md b/content/en/user-day/wrap-up.md
@@ -0,0 +1,18 @@
+---
+type: user-day
+title: User day
+name: Wrap-up
+speaker: Seba Deleersnyder
+image: /img/team/seba.jpg
+affiliation: 
+role: 
+abstract: |
+    In this closing wrap-up session of the SAMM User Day conference, we reflect on an inspiring day of insights, collaboration, and a shared commitment to advancing software security.
+
+    We'll recap the highlights of the conference and emphasize the importance of community and connection within the SAMM ecosystem. As we conclude this conference, we invite you to stay engaged with the SAMM community, where you can continue to exchange ideas, seek guidance, and collaborate with like-minded professionals dedicated to enhancing software security.
+
+    Join us for this final session as we wrap up the SAMM User Day, leaving you inspired to make a lasting impact on software security within your organizations.
+
+bio: |
+   
+---
diff --git a/data/sud2023/01_OpenCRE.yaml b/data/sud2023/01_OpenCRE.yaml
@@ -1,5 +1,5 @@
 weight: 1
-url: "Opencre-and-the-art-of-performing-samm-assessments"
+url: "opencre-and-the-art-of-performing-samm-assessments"
 name: "OpenCRE and the art of performing SAMM assessments"
 type: "Presentation"
 presenter: "Rob van der Veer"

diff --git a/data/sud2023/04_samm_in_a_fortune_500_company.yaml b/data/sud2023/04_samm_in_a_fortune_500_company.yaml
@@ -1,5 +1,5 @@
 weight: 4
-url: "Introducing-owasp-samm-at-a-fortune-500-company-lessons-learned"
+url: "introducing-owasp-samm-at-a-fortune-500-company-lessons-learned"
 name: "Introducing OWASP SAMM at a Fortune 500 company: Lessons Learned"
 type: "Presentation"
 presenter: "Aram Hovsepyan"

diff --git a/data/sud2023/05_samm_benchmark.yaml b/data/sud2023/05_samm_benchmark.yaml
@@ -1,4 +1,4 @@
-weight: 6
+weight: 5
 url: "samm-benchmark"
 name: "SAMM Benchmark"
 type: "Presentation"

diff --git a/data/sud2023/06_break.yaml b/data/sud2023/06_break.yaml
@@ -1,4 +1,4 @@
-weight: 5
+weight: 6
 type: "Break"
 name: "Lunch Break"
 time: "12.30"
diff --git a/data/sud2023/10_wrap_up copy.yaml → data/sud2023/10_round_table.yaml b/data/sud2023/10_wrap_up copy.yaml → data/sud2023/10_round_table.yaml
@@ -1,5 +1,5 @@
 weight: 10
-url:
+url: "round-table"
 name: "SAMM Round Table"
 type: "Round table"
 presenter: "All participants"

diff --git a/data/sud2023/11_wrap_up.yaml b/data/sud2023/11_wrap_up.yaml
@@ -1,5 +1,5 @@
 weight: 11
-url:
+url: "wrap-up"
 name: "Wrap-up"
 type: ""
 presenter: "Sebastien Deleersnyder"

diff --git a/data/teamcore/cooper.yaml b/data/teamcore/cooper.yaml
@@ -0,0 +1,9 @@
+name : Chris Cooper
+image : img/team/chris.jpg
+designation : Core Team member
+content : Product Security Director at News Corp. Formerly Sage appsec and pentesting. Passionate STEM ambassador.
+social :
+  - icon : fab fa-linkedin-in
+    link : "https://www.linkedin.com/in/itscooper/"
+  - icon : fab fa-github
+    link : "https://github.com/itscooper"
diff --git a/data/teamcore/glas.yaml b/data/teamcore/glas.yaml
@@ -1,7 +1,7 @@
 name : Brian Glas
 image : img/team/brian.jpg
 designation : Core Team member
-content : Professor and security consultant
+content : Professor and security consultant <br/><br/><br/><br/>
 social :
   - icon : fab fa-linkedin-in
     link : "https://www.linkedin.com/in/brianglas/"

diff --git a/layouts/user-day/single.html b/layouts/user-day/single.html
@@ -43,7 +43,11 @@ <h2>Speaker bio</h2>
         </div>
     </div>
     {{ end }}
-
+    <div class="row">
+        <div class="col-md-12">
+            <a href="/user-day" >Back to the User Day page</a>
+        </div>
+    </div>  
     <div class="samm-content-with-space">
         {{ .Content }}
     </div>

diff --git a/static/img/team/chris.jpg b/static/img/team/chris.jpg