Session type:


Presented by:

Charles Weir

Lancaster University

Anna Dyson

Session time:

11 May 11:15 12:45

Session duration:

90 minutes

About the session

How can you, as a software professional, align security with the needs of your organisation? And ruthlessly avoid wasting time on unnecessary security work?

Try out three vital ingredients you now need for any software project: risk assessment, risk information, and development integration. Explore how to choose options, how to justify those choices, and see how easy and quick the process can be.

Whether skilled or novice, whether programmer, tester, or leader, learn here your essential skill for the 2020s.

Our vision is to help everyone working on software development in the UK to get one step better at security and privacy. We’ve been researching this now for over six years. And we’ve found the practical way to achieve it is an interactive and creative workshop that empowers professionals to align security with the needs of their organisation. 

In this workshop, we’ll use a case study for participants to work through the three vital ingredients development teams need to plan security and privacy for any software project: structured risk assessment, industry risk information, and integration into their development work. 

We’ll use a general purpose risk assessment for the case study industry (health tech), in the form of cards with illustrated stories of typical problems, giving the likelihood of each type. Prompted by the cards, participants will develop and assess their own stories, carrying out abbreviated versions of the discussions they will have with their own teams over their own development projects.

The workshop is suitable for anyone and everyone involved with software development.

Participant Takeaways:

  • Security/Privacy risk assessment is easy, and need not take long.
  • Cybersecurity problems are less likely than ‘cybersecurity experts’ tend to suggest; other problems may be more likely.
  • Using an industry-wide ‘risk model’ helps with discussion.
  • Anyone can understand and make software security decisions.

Communication, Creativity, Decisions, Design Process, Discussion, Management, Product Development, Security, Privacy, Story Telling

About the speaker(s)