Yan Kravchenko

Application Security Architect, Concord

Yan Kravchenko, CISSP, CSSLP, CISA, CISM has over 20 years of experience in the IT / Information Security industry. Over the past 5+ years, Yan has been developing ways to leverage OWASP SAMM to help measure application metrics portfolios for maturity and security weaknesses. A part of the process is the concept of risk correlation that allows aligning applications with multiple risk measures, creating more realistic and useful metrics data.

Summit Goals:

  • Work on pushing forward with SAMM 2.0
  • Share tools / documents / visualizations in hopes of making OWASP SAMM 2.0 more enterprise-friendly
  • Collaborate on fleshing out the new Implementation Business Function
  • Assist in developing SAMM-related questions for CertDev

OWASP Involvement

  • PCI Mapping
  • Enterprise Metrics Development
  • SAMM 2.0

Participant's team(s):

Yan Kravchenko Daily Schedule

10:30 - 12:30
Integrating Security Tools in the SDL
Maulden room
12:30 - 13:30
SAMM - Alignment with other OWASP projects (Thu)
Kings room
13:30 - 15:00
Wardley Maps for Security
Montague room
Time slot over-subscribed
From Threat Modeling to DevSecOps metrics
Montague room
Integrating Security Tools in the SDL
Maulden room
15:30 - 16:30
Time slot over-subscribed
SAMM user session - Round-table
Kings room
Lightweight privacy threat modeling using LINDDUN
Larch room
SAMM - Model discussions (Wed)
Kings room
Time slot over-subscribed
SAMM - Alignment with Threat Modeling
Kings room
SAMMv2 - Threat Modeling
Larch room
Securing the CI Pipeline
Maulden room
16:30 - 18:00
Time slot over-subscribed
SAMM - Measurement model (Mon PM)
Kings room
Hand's on Wardley Maps creation
Portland room
Threat Model Cookbook Project (Part 1)
Larch room
Mapping OWASP DevSecOps Maturity Model to SAMMv2
Kings room
Time slot over-subscribed
SAMM - SAMM benchmarking and tooling
Kings room
Securing the CI Pipeline
Maulden room
19:30 - 21:00
SAMM - Measurement model (Mon EV)
157 - SAMM villa
SAMM - Model Challenges (Tue)
157 - SAMM villa
Creating a Security Champions network
Dinner Villa
SAMM - Agile guidance
157 - SAMM villa

Participating sessions details

TitleDescriptiontypeWhenTimeActing as
Mapping OWASP DevSecOps Maturity Model to SAMMv2multiple working sessions on the new SAMMv2working-sessionWedPM-3participant
SAMM - Agile guidanceDiscussing the support for Agile development based on SAMM v2working-sessionThuEve-1participant
SAMM - Alignment with other OWASP projects (Thu)Aligning the model with other OWASP projects.working-sessionThuDS-2participant
SAMM - Alignment with Threat ModelingAligning the SAMM model with the Threat Modeling project.working-sessionThuPM-2participant
SAMM - Measurement model (Mon EV)Discussion on the new measurement model for the SAMM v2 projectworking-sessionMonEve-1participant
SAMM - Measurement model (Mon PM)Discussion on the new measurement model for the SAMM v2 projectworking-sessionMonPM-3participant
SAMM - Model Challenges (Tue)Discussing outstanding model challengesworking-sessionTueEve-1participant
SAMM - Model discussions (Wed)Parallel editing session to improve the content of the current modelworking-sessionWedPM-2participant
SAMM - SAMM benchmarking and toolingDiscussion on data collection and bench markingworking-sessionThuPM-3participant
SAMM user session - Round-tableone of the 2 user sessions on the SAMM projectuser-sessionMonPM-2participant
Threat Model Cookbook Project (Part 1)Kick off of the OWASP Threat Model Cookbook Projectworking-sessionTuePM-3participant
Wardley Maps for SecurityPractical session on using Wardley Maps for Securityuser-sessionWedPM-1participant
Introduction to Wardley Maps (Training Session)
Hand's on Wardley Maps creationWant to have a go at creating your own Wardley maps? This training session will give you hands on experience in creating maps for multiple scenarios, with experienced practitioners on hand to guide and help you.working-sessionMonPM-3participant
SAMMv2 - Threat ModelingDiscuss the SAMM threat modeling practice together with the SAMM teamworking-sessionThuPM-2participant
Share your Threat Models diagrams and create a Book
Lightweight privacy threat modeling using LINDDUNLightweight privacy threat modeling using LINDDUNworking-sessionMonPM-2participant
From Threat Modeling to DevSecOps metricsworking-sessionThuPM-1participant
Integrating Security Tools in the SDLIntegrate security tools as part of CI/CD pipeline to find/fix issues early in SDLworking-sessionThuAM-1,PM-1participant
Securing the CI PipelineSecure the CI/CD pipelineworking-sessionThuPM-2,PM-3participant
Creating a Security Champions networkworking-sessionWedEve-1participant

Register as organizer

To register as an organizer of an session or track:

  • add your name to the organizers metadata field (in this case Yan Kravchenko)

Back to list of all Participants