Wednesday
Room 5
15:00 - 16:00
(UTC+01)
Workshop (60 min)
Part 2/2: Games as tools for scaling your application security program
OWASP Cornucopia is a card game to assist software development teams in identifying security requirements in agile software development processes. It is language, platform, and technology agnostic.
In this session, we will learn to play the game differently from what we usually do. Johan Sydseter, OWASP Cornucopia co-lead and game master, will take you through a provocative scenario. With the grumpy old senior developer who doesn't shift left due to too many hours working overtime on his incredibly sophisticated pet projects, what will you do? Will you be able to teach him a lesson about why security is essential, or will he be laughing all the way to his developer cave? Only true passionate application security engineers will succeed. Expect confetti, swags (yes, you read right, swag, valued just below the corruption limit), and illegal bribes as you venture into the unknown of OWASP Cornucopia.
Most people will agree with you that security is important, but they forget what you were saying once they leave the room.
The brain is amazing. It can let you learn to ride a bike, write poetry, learn a new programming language, or even fall in love, but if your brain is so amazing, why do your colleagues forget all the things you said about security during your last meeting?
In this session, we will learn how to play games to create agency, empathy, community, spark the imagination, and wake up the brain. When choosing a strategy for scaling your application security program, don’t choose reading materials, presentations with “talking heads,” or meetings as a medium for increasing awareness and knowledge about security. Instead, focus on activities that can be repeated on a regular basis that are both relevant and engaging to the work you are doing. When employees are authentically involved and curious about their learning, their heightened focus and emotional connection stimulate better memory formation and application of knowledge. In fact, numerous studies have reported that emotions have a significant impact on human cognitive processes. This underpins why games can strengthen learning over time, which is why you should have an extensive collection of games in your arsenal when teaching others about application security.
Johan Sydseter
Johan Sydseter is one of the co-leaders of OWASP Cornucopia and the co-creator of the OWASP Cornucopia Mobile App Edition. he is a living AppSec Pokémon, application security engineer, developer, architect and DevOps practitioner. He has 17 years of experience building and designing backend and frontend solutions. He is also a regular contributor to Cornucopia. He has held several presentations on application security at various international conferences and currently works as an application security engineer at Admincontrol AS, a Euronext subsidiary.