From Chaos to Clarity: Designing AppSec from First Principles

Mikael Nilsson

Application security often feels like a maze of frameworks, acronyms, and compliance checklists. In this talk, I’ll start with the chaos—what AppSec looks like when complexity rules—and then strip it down to its essence using first principles. Drawing from our journey at SAS with the CI360 platform, I’ll talk about how we evolved our secure software development life cycle (SSDLC) program aligning not only to the DevSecOps maturity model (DSOMM), but also simple heuristics, developer-first practices, and automation-first thinking. The result? A security program that’s not only effective but easy to start, scale, and sustain. Whether you’re a security lead or a curious dev, you’ll leave with a blueprint you can actually use.

Mikael Nilsson

Mikael works as the Product Security Lead for Customer Intelligence R&D at SAS Institute Inc. His work involves close collaboration with various teams within SAS, including Product Management, Cloud Operations, Research & Development, Legal and the Privacy Office and obviously SAS customers.

He has worked at SAS for 15 years, mostly in professional services as a technical architect in a global enablement role within the Customer Intelligence practice, but also as the Information Security Manager for the Nordics. In addition, he is a skilled trainer & presenter with over 15 years of presenting experience and has delivered numerous SAS bootcamps and workshops around the world. He is an ISO/IEC 27001 Lead Implementer (CIS LI), a Certified Secure Software Lifecycle Professional (CSSLP) and a Certified Information Systems Security Professional (CISSP).

Outside of work he is a serious casual video gamer, likes Japanese cars & is known to sample different beers wherever he may roam.

« Back

Contact us

contact@disobey.fi

Disobey is powered by