Recently, Mondoonauts had the pleasure of sponsoring the 2022 sec4dev conference in Vienna, Austria. The goal of the conference is to raise security awareness among software developers. Similarly, our goal at Mondoo is to bring security awareness to everyone. We believe security isn’t just the job of security professionals, so this was the perfect conference for Mondoo to sponsor.
On one of the nights, Mondoo attended a pub quiz-style game that focused on security but had some general knowledge challenges in the mix as well. We were tasked with matching soundtracks to movies. One of the organizers was certain that no one would identify the music for Wonder Woman 1984, but she clearly wasn’t expecting a fan of DC Comics to be present!
The Mondoo team was tied for first, but sadly lost the tiebreaker question. Now we know when Bell Labs presented Unix to the outside world (it was October, 1973)!
The talks covered all aspects of security, from how to introduce security to your machine learning projects to how to poke holes into (what you think is) a perfectly written Content-Security-Policy (CSP).
One presentation that stood out for me was by Tanya Janca. She spoke about building security champions across teams. Tanya outlined an eight-step plan to recruit willing colleagues to become their team's security champions. One essential task was to make sure that the would-be security champions are willing participants and not voluntold.
Another talk, by Johannes Bär, showed the audience some creative ways to hack fully managed Kubernetes pods. This was something we knew a thing or two about; my colleague, Scott Ford, was demonstrating that very task at devopsdays Charlotte in North Carolina the day before.
Conferences like sec4dev are an important addition to the community and to the general conference ecosystem. Sec4dev was very focused on developers who are new to security who want to improve. The attendees ranged from junior to senior software engineers, all eager to learn.
We Mondoonauts enjoyed our time in Vienna. The experience was particularly rewarding because the conference and its organizers share Mondoo’s goal of bringing security awareness to everyone.