Yan Kravchenko

Application Security Architect, Concord

Yan Kravchenko, CISSP, CSSLP, CISA, CISM has over 20 years of experience in the IT / Information Security industry. Over the past 5+ years, Yan has been developing ways to leverage OWASP SAMM to help measure application metrics portfolios for maturity and security weaknesses. A part of the process is the concept of risk correlation that allows aligning applications with multiple risk measures, creating more realistic and useful metrics data.

Summit Goals: * Work on pushing forward with SAMM 2.0 * Share tools / documents / visualizations in hopes of making OWASP SAMM 2.0 more enterprise-friendly * Collaborate on fleshing out the new Implementation Business Function * Assist in developing SAMM-related questions for CertDev

OWASP Involvement

  • PCI Mapping
  • Enterprise Metrics Development
  • SAMM 2.0

Participant's team(s):

Yan Kravchenko Daily Schedule

Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Integrating Security Tools in the SDL
Maulden room
DS-2
12:30 - 13:30
SAMM - Alignment with other OWASP projects (Thu)
Kings room
PM-1
13:30 - 15:00
Wardley Maps for Security
Montague room
Time slot over-subscribed
From Threat Modeling to DevSecOps metrics
Montague room
Integrating Security Tools in the SDL
Maulden room
PM-2
15:30 - 16:30
Time slot over-subscribed
SAMM user session - Round-table
Kings room
Lightweight privacy threat modeling using LINDDUN
Larch room
SAMM - Model discussions (Wed)
Kings room
Time slot over-subscribed
SAMM - Alignment with Threat Modeling
Kings room
SAMMv2 - Threat Modeling
Larch room
Securing the CI Pipeline
Maulden room
PM-3
16:30 - 18:00
Time slot over-subscribed
SAMM - Measurement model (Mon PM)
Kings room
Hand's on Wardley Maps creation
Portland room
Threat Model Cookbook Project (Part 1)
Larch room
Mapping OWASP DevSecOps Maturity Model to SAMMv2
Kings room
Time slot over-subscribed
SAMM - SAMM benchmarking and tooling
Kings room
Securing the CI Pipeline
Maulden room
Eve-1
19:30 - 21:00
SAMM - Measurement model (Mon EV)
157 - SAMM villa
SAMM - Model Challenges (Tue)
157 - SAMM villa
Creating a Security Champions network
Dinner Villa
SAMM - Agile guidance
157 - SAMM villa

Participating sessions details

Title Description type When Time Acting as
Mapping OWASP DevSecOps Maturity Model to SAMMv2 multiple working sessions on the new SAMMv2 working-session Wed PM-3 participant
SAMM - Agile guidance Discussing the support for Agile development based on SAMM v2 working-session Thu Eve-1 participant
SAMM - Alignment with Threat Modeling Aligning the SAMM model with the Threat Modeling project. working-session Thu PM-2 participant
SAMM - Alignment with other OWASP projects (Thu) Aligning the model with other OWASP projects. working-session Thu DS-2 participant
SAMM - Measurement model (Mon EV) Discussion on the new measurement model for the SAMM v2 project working-session Mon Eve-1 participant
SAMM - Measurement model (Mon PM) Discussion on the new measurement model for the SAMM v2 project working-session Mon PM-3 participant
SAMM - Model Challenges (Tue) Discussing outstanding model challenges working-session Tue Eve-1 participant
SAMM - Model discussions (Wed) Parallel editing session to improve the content of the current model working-session Wed PM-2 participant
SAMM - SAMM benchmarking and tooling Discussion on data collection and bench marking working-session Thu PM-3 participant
SAMM user session - Round-table one of the 2 user sessions on the SAMM project user-session Mon PM-2 participant
Threat Model Cookbook Project (Part 1) Kick off of the OWASP Threat Model Cookbook Project working-session Tue PM-3 participant
Wardley Maps for Security Practical session on using Wardley Maps for Security user-session Wed PM-1 participant
Introduction to Wardley Maps (Training Session)
Hand's on Wardley Maps creation Want to have a go at creating your own Wardley maps? This training session will give you hands on experience in creating maps for multiple scenarios, with experienced practitioners on hand to guide and help you. working-session Mon PM-3 participant
SAMMv2 - Threat Modeling Discuss the SAMM threat modeling practice together with the SAMM team working-session Thu PM-2 participant
Share your Threat Models diagrams and create a Book
Lightweight privacy threat modeling using LINDDUN Lightweight privacy threat modeling using LINDDUN working-session Mon PM-2 participant
From Threat Modeling to DevSecOps metrics working-session Thu PM-1 participant
Integrating Security Tools in the SDL Integrate security tools as part of CI/CD pipeline to find/fix issues early in SDL working-session Thu AM-1,PM-1 participant
Securing the CI Pipeline Secure the CI/CD pipeline working-session Thu PM-2,PM-3 participant
Creating a Security Champions network working-session Wed Eve-1 participant

Register as organizer

To register as an organizer of an session or track:

  • add your name to the organizers metadata field (in this case Yan Kravchenko)


Back to list of all Participants