In person

Escape the RSA Chaos with Endor Labs and GitHub at the AppSec Lounge

Calling all AppSec professionals! Snacks, swag, and small group sessions at Trace Restaurant.

Join Endor Labs and GitHub to refuel and refresh before heading back to the Moscone Center to enjoy RSAC.

Date
May 7 – 8, 2024
Time
10 am – 7 pm
Location
TRACE Restaurant, W Hotel
181 3rd St, San Francisco, CA 94105
A photo of the inside of TRACE restaurant.

Sign up now

RSVP Now

Due to limited space and overwhelming interest, we're limiting lounge access to AppSec professionals only. Come find us in the startup hall at booth ESE-14 if the lounge is full!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
An image of a map showing the location of TRACE restaurant and W Hotel.

Event Overview

🔋 Recharge, Relax, and Refuel at Trace Restaurant

Need a break from the RSA chaos? Stop by to recharge your devices, grab a bite to eat, get a soothing chair massage and get away from the busy show floor. 

🧠 Personal Insights From Security Pioneers

Our lineup of industry leaders will share their knowledge, providing invaluable insights into the ever-evolving world of cybersecurity. Smaller group sessions mean you can ask your questions directly and walk away with insights that matter. 

⏳ Practical Ways to End the AppSec Productivity Tax

Get hands-on, one-on-one help from Endor Labs and GitHub. Explore specific solutions, or vendor-agnostic advice from LeanAppSec community leaders. 

💫 The coolest swag in the galaxy

Droids, Legos, socks, stickers, and more for all the “adult-trick-or-treating” your heart desires. 

Schedule

Time

10:15 AM — 10:45 AM

Date

May 7, 2024

Location

Trace Lounge

Fireside Chat: SSDF: Secure Software Development Framework. What is it and why you should know about it.

Join moderator Kadi McKean as she takes on the topic of SSDF: Secure Software Development Framework. What is it? Why should you care? And how is it impacting your enterprise? 

In this session, panelists Jason Weiss and Chris Hughes answer tough questions that are on everyone’s mind

Speakers
A photo of Jason Weiss, Formerly Chief Software Officer at the Department of Defense, Chief Operations Officer at TestifySec
Jason Weiss
A photo of Chris Hughes — Chief Security Advisor at Endor Labs.
Chris Hughes
A photo of Kadi McKean, Developer Advocate, Endor Labs
Kadi McKean
Time

10:45 AM — 11:00 AM

Date

Location

Q+A / Networking Break

Speakers
No items found.
Time

11:00 AM — 11:30 AM

Date

Location

Know thy application: Putting back the application in appsec

Effective application security hinges on a deep understanding of the applications we build. This presentation explores how AppSec engineers can leverage this knowledge to implement relevant security controls and establish workable security processes.  We'll delve into the exciting world of AI technology, examining how AppSec engineers can utilize it as both a user for enhanced analysis and a defender for proactive threat mitigation.  Join us to discover how bridging the gap between application understanding and AI innovation can empower AppSec engineers to build robust and secure applications.

Speakers
A photo of Rajat Bhargava, Staff Application Security Engineer, Peloton
Rajat Bhargava
Time

11:45 AM — 12:00 PM

Date

Location

Raffle Drawing #1

Speakers
No items found.
Time

12:00 PM — 1:00 PM

Date

Location

Speakers
No items found.
Time

1:00 PM — 1:30 PM

Date

Location

Found means fixed. How to make every developer a “security expert”

All code scanners find and flag vulnerabilities. Some even provide relevant documentation. But who has both the coding and development expertise – and the time – to fix vulnerabilities before they hit production? The answer used to be no one, but soon, it could be everyone. In this 20-minute lightning talk, GitHub Staff Product Manager Pierre Tempel demonstrates a future where an AI “security expert” partners with every programmer to find vulnerabilities and suggest code fixes at every push.

Speakers
A photo of Pierre Tempel, Product Manager, GitHub
Pierre Tempel
Time

1:45 PM — 3:00 PM

Date

Location

Networking Break

Speakers
No items found.
Time

3:00 — 3:30 PM

Date

Location

Modern Vulnerability Management: Separating Signal from the Noise

In this talk we will discuss some of the challenges of legacy approaches to vulnerability management. We will discuss how they create toil, resentment and further build silos between Development, Engineering and Security, running counter-productive to the push for DevSecOps. We will then dive into how to go about modernizing vulnerability management, minimize toil and focus on real risks to the mission and organization and truly empower cybersecurity to function as a business enabler.

Speakers
A photo of Chris Hughes — Chief Security Advisor at Endor Labs.
Chris Hughes
A photo of Nikki Robinson, DSc, PhD, Security Architect, IBM
Nikki Robinson
Time

3:30 PM — 3:45 PM

Date

Location

Speakers
No items found.
Time

3:45 PM

Date

Location

Raffle Drawing #2

Speakers
No items found.
Time

4:00 PM — 7:00 PM

Date

Location

Chris Hughes and Dr. Nikki Robinson Book Signing Reception and HH

Speakers
A photo of Chris Hughes — Chief Security Advisor at Endor Labs.
Chris Hughes
A photo of Nikki Robinson, DSc, PhD, Security Architect, IBM
Nikki Robinson
Time

10:15 AM — 10:45 AM

Date

May 8, 2024

Location

Trace Lounge

Topic TBD. Check back soon!

Speakers
A photo of Jimmy Xu, Sr. Director, DevSecOps + Cloud Security, Trace3.
Jimmy Xu
Time

10:45 AM — 11:00 AM

Date

Location

Speakers
No items found.
Time

11:00 AM — 11:30 AM

Date

Location

Fix this first: how to take the hard work out of working smarter

Work smarter, not harder.” Easier said than done, right? For security and development teams with miles-long vulnerability queues, the hardest task can be knowing where to start. And since the attack surface grows with every line of code, security debt can keep anyone up at night. In this 20-minute lightning talk with [GitHub] and [Endor], you’ll learn how to confidently identify and remediate the vulnerabilities with the highest risk of exploitation – and which ones you can snooze – so you can finally fix first things, first.

Speakers
Darren Meyer
Darren Meyer
A photo of Andrew (Moose) McCoy, Principal Architect, GitHub.
Andrew (Moose) McCoy
Time

11:45 AM — 12:00 PM

Date

Location

Raffle Drawing #3

Speakers
No items found.
Time

12:00 PM — 1:00 PM

Date

Location

Speakers
No items found.
Time

1:00 PM — 1:30 PM

Date

Location

Topic TBD. Check back soon!

Speakers
No items found.
Time

1:45 PM — 3:00 PM

Date

Location

Networking Break

Speakers
No items found.
Time

3:00 PM — 3:30 PM

Date

Location

Making Security Fun Again: Building a Proactive Security Culture

No, it's not enough to simply satisfy minimal "check the box" compliance requirements, react to incidents, or fix security vulnerabilities after they're in production. Focusing only on the "right side" of the process is a recipe for eventual disaster, and is ultimately costly to pursue. You need to focus on shifting habits and behaviors to proactively address issues long before they reach production. You need to build a culture that is full of security best practices: training, threat modeling, architecture reviews, and so on.

But HOW? In this talk, we'll discuss techniques for shifting your culture and motivating your employees to make the right choices by incentivizing and rewarding their behaviors. We'll focus on the "people" side, and use proven techniques from the fields of behavioral science and psychology to bring your awareness and appsec game to the next level. Security takes more than just tech and this is the piece you've been missing to make a lasting difference in your company's security posture.

Attendee takeaways

  • An understanding for why proactive security practices are needed and why tech is not enough to make a lasting difference
  • Techniques for motivating your employees and developers to take action
  • Ideas for creative rewards and incentives that make a difference
  • What metrics to collect and report to leadership for the support you need to shift your culture
Speakers
Photo of Dustin Lehr, Co-Founder at Katilyst, Deputy CISO/Sr. Director at FiveTran
Dustin Lehr
Time

3:30 PM — 3:45 PM

Date

Location

Speakers
No items found.
Time

3:45 PM

Date

Location

Raffle Drawing #4

Speakers
A photo of Kadi McKean, Developer Advocate, Endor Labs
Kadi McKean
Time

4:00 PM – 7:00 PM

Date

Location

Endor Labs + GitHub Happy Hour

Speakers
No items found.

Want to stay in the loop?

Sign up for our newsletter.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.