Parte de OWASP Foundation - 164 grupos

OWASP Ottawa Chapter

4.7•711 valoraciones

Sobre nosotros

Note: Our Meetup page is no longer being actively updated due to platform changes at OWASP and may be removed without notice. For the most up-to-date information on OWASP Ottawa events, resources, and announcements, please visit our GitHub chapter page: OWASP Ottawa GitHub - the official home for everything related to the OWASP Ottawa chapter.

We are a place to come and meet local developers and information security professionals, share ideas, and learn.

You will find us informal, approachable, and thankful for your assistance. We encourage and welcome beginners. We are an open, tolerant, and inclusive organisation that accepts all races, genders, creeds, abilities, things, and ideas with the exception of one - Hate: Hate has no home at OWASP Ottawa.

Software powers the world, but insecure software threatens safety, trust, and economic growth. The Open Web Application Security Project (OWASP) is dedicated to making application security visible by empowering individuals and organizations to make informed decisions about true application security risks.

OWASP Foundation is a 501(c)(3) not-for-profit worldwide charitable organization, OWASP does not endorse or recommend commercial products or services. Instead, we allow our community to remain vendor neutral with the collective wisdom of the best individual minds in security worldwide. This simple rule is the key to our success since 2001.

For more information visit: http://www.owasp.org or come to a meeting, they are FREE and open to EVERYONE!
https://owasp.org/www-chapter-ottawa/

Patrocinadores

University of Ottawa

Venue

uOttawa-IBM CyberRange

Venue

Xanthus Security

Pizza

PacketLabs

SWAG!

Eventos próximos

Ver todo

OWASP Ottawa April 15th, 2026: "Threat Modeling in Practice” with Rodrigo Rocha
15 abr 2026 18:00 EDT
150 Louis-Pasteur Private, Ottawa, ON, CA
- Note: Our Meetup page may be removed soon due to platform changes at OWASP. For the most up-to-date information on OWASP Ottawa events, resources, and announcements, please visit our GitHub chapter page: OWASP Ottawa GitHub - the official home for everything related to the OWASP Ottawa chapter.
Welcome to our in-Person Meetup at the University of Ottawa

In-Person Location:
150 Louis-Pasteur Private, Ottawa,
University of Ottawa
Room 580

We will continue to Live Stream on our YouTube channel. (https://www.youtube.com/@OWASP_Ottawa). Subscribe to our YouTube channel, set a reminder and you’ll get a notification as soon as we go live!

YouTube Live Stream Link: TBA!!!

6:00 PM EST Arrival, setup, mingle, PIZZA!!!

6:30 PM EST Technical Talks
1. Introduction to OWASP Ottawa, Public Announcements.
2. "Threat Modeling in Practice: From Diagram to Defense" with Rodrigo Rocha
Abstract:
Modern development teams often view Threat Modeling as heavy, theoretical, or compliance-driven — and as a result, it gets skipped. This session introduces a practical, lightweight approach to Threat Modeling that fits directly into agile workflows.
Using a real-world healthcare portal example, we walk step-by-step from drawing a simple data flow diagram to identifying critical assets, mapping real attack scenarios (via MITRE CAPEC), linking root causes (CWE), and translating them into testable security requirements using OWASP ASVS. The session demonstrates how to turn abstract risks into concrete sprint tickets developers can actually implement.
We also explore why Threat Modeling frequently fails in organizations and how Security Champions programs can scale security culture across engineering teams.

Speaker:
Rodrigo Rocha is a Security Enablement Leader and GRC Consultant with over 15 years of experience bridging the gap between security and application security. He specializes in building Security Champions Programs that empower developers to ship faster and more securely—without slowing down innovation.
Rodrigo spent eight years as an Application Security Specialist before transitioning into governance and compliance, giving him a rare ability to communicate fluently with both developers and auditors. He has designed and scaled Security Champions Programs across 200+ engineering teams, trained over 6,000 developers at Brazil's largest companies.
His compliance expertise spans SOC 2 Type I/II, ISO 27001, NIST CSF, and CIS Controls—achieving audit success while maintaining engineering velocity, including clean SOC 2 audits with 45% less preparation time through automation. Rodrigo has also published thought leadership with the CNCF on cloud-native security approaches.
21 asistentes