Secure by design, DevSecops day Munich 🥨
Details
(Tickets sold out)
Secure by design - DevSecops day MunichÂ
Join us at Google Munich for "Secure by Design," an event for anyone involved in modern software development. In collaboration with leaders in cloud and security technology like Docker, Google Cloud, and Black Duck, this event will explore how to embed security into every phase of the development lifecycle.
Whether you're a developer, security professional, or DevOps engineer, you'll leave with actionable insights for building more resilient and secure applications.
‍ Don't forget to bring your notebook and charging cable!
âť— Spaces are limited, so be sure to reserve your spot today âť—
âť— Please purchase an in-person ticket only if you will be physically present at the event âť—
❗ Please notice: Once your registering is accepted, there will be no automatized way for you to review your RSVP. That means, we count on you to be present at the event. ❗
The event will be conducted in English.
Be excellent to each other! Every attendee must follow our Code of Conduct.
Be aware this event is hosted indoors.
If you have any illness symptoms, please stay at home.
For those who can’t join in person, we will stream from the start at 18:30. Please RSVP to the virtual event to reserve a spot and get notified about the stream link.
Don’t miss this chance to learn, share, and connect with the community!
️ RSVP to secure your spot ️
Follow us on LinkedIn for updates and more information about our upcoming events.
Agenda
5:00 PM: Registration on reception
-
You need to have an ID document with photo
-
Be nice to each other
5:00 PM: Per Krogslund - Securing the SDLC: From Container Images to AI Agents
This presentation examines the evolution of supply chain security challenges from container images to AI agents. We'll explore how modern development practices create new attack vectors, from containers running hundreds of unnecessary packages to AI agents accessing enterprise systems without proper security controls. The session demonstrates solutions like hardened images that dramatically reduce attack surfaces and examines emerging Model Context Protocol vulnerabilities. Through analysis of real incidents and threat patterns, we'll show how to apply container best practice, to build secure AI-enhanced development environments before attacks spread
5:40 PM: Emmanuel Gonzalez - Scaling Application Security in the AI Era without Slowing Innovation
As AI-assisted coding, distributed architectures, and hybrid environments reshape development, security teams face growing challenges keeping pace with rapid release cycles and evolving threats.
This session explores how to embed security seamlessly across the software development lifecycle (SDLC). From containers and APIs to real-time feedback and automated workflows. By leveraging AI and natural language analytics, teams can detect risks earlier and streamline remediation.
6:20 PM: - Network & Catering Break
6:40 PM: Mark Michel - Making a case for security - how to fund your project
In challenging economic times, practitioners may find it hard to fund security projects. This talk will give you:
- market numbers for security
- real-world examples
- Best practices for presenting a case to your leadership successfully
7:20 PM: ⏸️ - Short Break
7:30 PM: Abdel Sghiouar - Hands-on securing an MCP Server on Google Cloud
The Model Context Protocol (MCP) acts as a "USB-C for AI," enabling agents to interact with external tools and APIs. This connectivity, however, creates a significant new attack surface.
This session demystifies the MCP threat landscape, covering novel AI-specific attacks and classic vulnerabilities.
Participants will have an opportunity to build, deploy and secure an MCP Server on Google Cloud.
8:50 PM: - Networking, drinks
---
Speakers
Emmanuel Gonzalez Carmona - Black Duck (Senior Sales Engineer)
Emmanuel Linkedin Profile: https://www.linkedin.com/in/emmanuelgonzalezcarmona/;
Abdel SGHIOUAR - Google (Senior Cloud Engineer @Google Cloud)
Senior Cloud Engineer @Google. GCP Certified almost everything. I tweet about GCP, Cloud, DevOps, kubernetes, and Serverless.
Abdel Linkedin Profile: https://www.linkedin.com/in/sabdelfettah/;
Mark Michel - LC Systems (Director Sales and Operations)
Mark LinkedIn Profile: https://www.linkedin.com/in/thedatacompany/;
Per Ploug Krogslund - Docker, Inc. (Sr Director)
Seasoned professional with 20 years of international experience leading high performance, thriving teams to deliver highly technical products and services towards a developer user base.
Extensive strategy and leadership experience from scale-ups to complex enterprise organisations, managing critical cross-organizational strategic initiatives.Influential and impactful people lead …
Moderator
Luiz Carneiro - GDG Cloud Munich (Solution Engineer)
I am a Ph.D. in Physics who found great joy in programming while doing science. Coding for me is a hobby, as it is to meet people who share the same interests. By leading the GDG Munich Cloud, I managed to put everything together :) See you at our next meeting! ✌
Luiz's LinkedIn Profile:
Hosts
Danila Eremin - Google (Senior Software Engineer)
Akasha Rojee - GDG Cloud Munich (Organiser)
Akasha's LinkedIn: https://www.linkedin.com/in/akasharojee/
Katsiaryna Skwarek - GDG program (Regional Lead for DACH & CEE)
Katsiaryna Skwarek is the Regional Lead for CEE & DACH for GDG Europe for Google, with extensive experience in managing international technology projects and communities. She specializes in developing and implementing strategies that, through DevFest and I/O Extended campaigns, have reached over 1.1 million developers across 120 countries, activating two-thirds of GDG organizers. Katsiaryn…
---
Partners
Docker, Inc. (https://www.docker.com/)
Docker, Inc. is an American technology company that develops productivity tools built around Docker, which automates the deployment of code inside software containers.
Google Cloud (https://cloud.google.com/)
Tools and modern applications — High-performance infrastructure for cloud computing, data analytics and machine learning.
Black Duck (https://www.blackduck.com/)
Black Duck helps organizations secure their software supply chain by providing deep visibility into open source components, licenses, and vulnerabilities.
---
Complete your event RSVP here: https://gdg.community.dev/events/details/google-gdg-cloud-munich-presents-secure-by-design-devsecops-day-munich/.
