Hosted by the Cyber Security & Networking Research Group, Anglia Ruskin University and OWASP (Open Web Application Security Project) Cambridge Chapter.

This evening is part of a series of evening events on raising awareness for local businesses & organisations on the issues of cyber security and cybercrime, what regulations and legislation do organisations need to be aware to protect themselves and what is considered best practice in these challenging times.


OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software. Their mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks.

The Cyber Security and Networking (CSN) Research Group at Anglia Ruskin University has close working strategic relationships with industry, professional bodies, law enforcement, government agencies and academia in the delivery of operationally focused applied information and application security research. We have strong international links with professional organisations such as OWASP, BCS, ISC2, IISP & the UK Cyber Security Forum amongst others.

he primary aims of CSNRG are to help the UK and partner nations to tackle cybercrime, be more resilient to cyber attacks and educate its users for a more secure cyberspace and operational business environment. These will be achieved through the investigation of threats posed to information systems and understanding the impact of attacks and creation of cyber-based warning systems which gathering threat intelligence, automate threat detection, alert users and neutralising attacks.

or network security we are researching securing the next generation of software defined infrastructures from the application API and control/data plane attacks. Other key work includes Computer forensic analysis, digital evidence crime scenes and evidence visualisation as well as Cyber educational approaches such as developing Capture the Flag (CTF) resources and application security programs.

Speaker Biographies & Abstracts

Jeff Williams Co-Founder and CTO at Contrast, “DevSecOps – Shift Left AND Extend Right”

Abstract: Building security in has failed. After decades of attempts to improve software security, vulnerability rates are still staggering, attacks are increasing in volume and severity, development speed is increasing, and we have perennial talent shortages. In this talk, Jeffwill review the latest statistics on the most critical application threats and vulnerabilities. Jeff will share an outcome focused approach to establishing a high velocity DevSecOps practice. We’ll also discuss how you can “shift security left” into development by automating vulnerability discovery with the latest Interactive Application Security Testing (IAST) and “shift security right” into production by preventing vulnerabilities from being exploited using the Runtime Application Self-Protection (RASP). Be sure to come with your toughest application security questions!

Bio: Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, a nd PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Dinis Cruz, Former CIO Photobox, "Making Fact-Based Risk Decisions (using Data Science)"

Bio: Dinis Cruz is the former CISO of the Photobox Group and is focused on creating a team and environment where security is an enabler and accelerator for the business, while securing and protecting the digital assets from existing threats. In 2019, he was shortlisted for the CISO of the Year at the #CyberSecurityAwards. Prior to joining the Photobox Group, he worked in application security roles at the BBC, World First and JB International Training. He has been a leader of the 'OWASP O2 Platform' project for the past 10 years, where is responsible for working on the OWASP O2 Platform which is an is 'Open Platform for automating application security Knowledge and Workflows”.

Provisional Agenda

17:30 – 18:15 Registration & Refreshments (LAB006)
18:15 – 18:30 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Director of Cyber Security & Networking Research Group, Anglia Ruskin University (LAB003)
18:30 – 19:30 Jeff Williams Co-Founder and CTO at Contrast, “DevSecOps – Shift Left AND Extend Right”
19:30 – 20:30 Dinis Cruz, Former CISO Photobox, "Making Fact-Based Risk Decisions (using Data Science)"
20:30 – 20:45 Roundup & Close

The meeting will be held in the Lord Ashcroft Building, Room LAB003 (Breakout Room LAB006 for networking & refreshments).

Please enter through the Helmore Building and ask at reception.
Anglia Ruskin University
Cambridge Campus
East Road

Please note that there is no parking on campus. Get further information on travelling to the university. mbridge_campus/find_cambridge.html

ARU CSNRG & OWASP Cambridge October 2019 Chapter Meeting
Date and time
Tuesday 8 October, 5:30pm - 9:00pm
Anglia Ruskin University
East Road