Wed, Oct 22 · 5:00 PM CEST
Join fellow software development professionals at Google Amsterdam for "Secure by Design," a DevSecOps focused event organized by GDG Netherlands. Held in collaboration with industry leaders Docker, Google Cloud, and Black Duck, this evening is dedicated to integrating security throughout the entire development lifecycle.
Scheduled for Wednesday, October 22, 2025, from 5:00 PM to 9:00 PM (GMT+2), the event is tailored for developers, security specialists, and DevOps engineers. Attendees will gain valuable, actionable insights into building more secure and resilient applications.
The agenda features several in-depth sessions.
The event will take place at Google Amsterdam, located at 34 Claude Debussylaan, Amsterdam, 1082 MD.
This is a hybrid event. Join the event virtually at https://gdg.community.dev/events/details/google-gdg-netherlands-presents-secure-by-design-devsecops-day-amsterdam/
Google Amsterdam - 34 Claude Debussylaan Amsterdam, 1082 MD
---
Agenda
5:00 PM: Securing the SDLC: From Container Images to AI Agents
This presentation examines the evolution of supply chain security challenges from container images to AI agents. We'll explore how modern development practices create new attack vectors, from containers running hundreds of unnecessary packages to AI agents accessing enterprise systems without proper security controls. The session demonstrates solutions like hardened images that dramatically reduce attack surfaces and examines emerging Model Context Protocol vulnerabilities. Through analysis of real incidents and threat patterns, we'll show how to apply container best practice, to build secure AI-enhanced development environments before attacks spread
5:40 PM: Platformising OWASP SAMM: Making Security Maturity Stick in DevSecOps Pipelines
This session shows how to turn OWASP SAMM from a policy framework into practical platform features. We’ll explore how to embed maturity practices into CI/CD pipelines and developer workflows — creating golden paths, automated checks, and evidence by default — so security becomes built-in rather than bolted on.
6:20 PM: Break
6:30 PM: Scaling Application Security in the AI Era without Slowing Innovation
As AI-assisted coding, distributed architectures, and hybrid environments reshape development, security teams face growing challenges keeping pace with rapid release cycles and evolving threats.
This session explores how to embed security seamlessly across the software development lifecycle (SDLC). From containers and APIs to real-time feedback and automated workflows. By leveraging AI and natural language analytics, teams can detect risks earlier and streamline remediation.
With the Cyber Resilience Act (CRA) on the horizon, we’ll also cover how integrated security can:
Accelerate testing for AI-driven development
Detect potential emerging threats (such as Shai-Hulud, etc.) and vulnerabilities coming from open-source packages from various origins
Identify and declare open-source code in containers and snippets
Manage SBOMs for compliance and risk management
7:20 PM: TBC
8:00 PM: Netowking, drinks
9:00 PM: End of the event
---
Speakers
Alex Snelling - Google (EMEA Technical Account Manager)
Richard Smith - HSBC (CEO of Codification, formerly Enterprise Architect for Platform)
Emmanuel Gonzalez Carmona - Black Duck (Senior Sales Engineer)
Hosted By
Jairzinno Henriquez, GDG Organizer
Alfredo Bautista Santos, Flutter developer
Complete your event RSVP here: https://gdg.community.dev/events/details/google-gdg-netherlands-presents-secure-by-design-devsecops-day-amsterdam/.
