Presented by
Tuesday, January 14 | 15:00
Yordei Hasira 1, Tel Aviv
A new kind of
Community Event
We’re re-imagining what a community event should be. Interesting people and stories. Actionable insights. Short, to-the-point sessions. Plenty of free time to mingle. Special guests. No entry fees.

We’d love for you to join us, so register today to stay up-to-date on #DevSecNextTLV

Speakers Spotlight

Discover a mix of seasoned industry leaders and fresh, dynamic perspectives at DevSecNext. Explore our lineup below.
Ran Bar-Zik
Ran Bar-Zik
CyberArk
Senior Software Architect
Journalist
Keynote Speaker
Barak Schoster Goihman
Barak Schoster Goihman
Battery Ventures
Partner
Keynote Panel
Josh Grossman
Josh Grossman
Bounce Security
CTO/Application Security Specialist
Breakout Session
a picture of Yonit Gruber-Hazani
Yonit Gruber-Hazani
Google
Customer Engineer -
Google Public Sector
Breakout Session
Ben Hacmon
Ben Hacmon
Perion Network
CISO
Breakout Session
An image of David
David Melamed
Jit
CTO/Co-Founder
Keynote Panel
An image of Inbar Raz with a bionic arm
Inbar Raz
Zenity
VP of Research
Breakout Session
Sharone Revah Zitzman
Sharone Revah Zitzman
RTFM Please
Chief DevRel &
Community Organizer
Keynote Panel
Adi Shacham-Shavit
Adi Shacham-Shavit
Transmit Security
SVP R&D
Keynote Panel
Itay Shakury
Itay Shakury
Aqua Security
VP Open Source
Breakout Session
Ronnen Slasky
Ronnen Slasky
AWS
Head of Technology
Keynote Panel
Image of Erik
Erik Zaadi
Port
R&D Team Leader
Breakout Session
image of Ori Mankali
Ori Mankali
Akeyless
SVP of Engineering
Lightning Talk
Image of Niv
Niv Yungelson
Firefly
Director of AI
Lightning Talk

Partners

Thank you to our partners!

Agenda at a Glance

Browse through our schedule for a glimpse into our exciting sessions.
15:00
Registration, networking, and light food
15:45
Opening Remarks
The Evolving Threat Landscape: Risks in the Age of AI Disruption
As AI continues to revolutionize industries, it also introduces a wave of emerging security challenges that may not even yet be identified or known. This panel brings together experts from engineering, cloud business, venture capital and security innovation to explore the intersection of AI disruption and the evolving threat landscape. Join our panel as they discuss pressing issues such as the shared responsibility of engineering teams in safeguarding data, how AI agents can deliver opportunities of scale and efficiency while at the same time exposing organizations to novel vulnerabilities, and the risks of AI models becoming unintentional backdoors. Treating AI as a typical third-party risk in the supply chain will help shed light on the risks of adopting the very technologies driving innovation.

Come ready with tough questions for our panelists, and leave with insights into how organizations can address the risks and opportunities presented by a whole new host of disruptive technologies, to be better equipped to secure modern and early adopter organizations against next-gen threats.
Moderator
Sharone Revah Zitzman
Sharone Revah Zitzman
RTFM Please
Chief DevRel & Community Organizer
Panelists
Ronnen Slasky
Ronnen Slasky
AWS
Head of Technology
Adi Shacham-Shavit
Adi Shacham-Shavit
Transmit Security
SVP R&D
Barak Schoster Goihman
Barak Schoster Goihman
Battery Ventures
Partner
An image of David
David Melamed
Jit
CTO/Co-Founder
Break
Unveiling the Mechanics of LLM Attacks in the Real World
The world of AI and LLM is eating the software world as more and more LLM and AI features are being incorporated into production products.But with the opportunities coming—there are a lot of AI and LLM attacks out there, and the complexities are not just increasing, they are challenging the devs to stay engaged and vigilant.In this session, we will delve into the complex and elaborated attacks, seeing how attacks and attack generators on LLM work and, more importantly, how to defend against those attacks. This is not just a theory but a real-world application.
Ran Bar-Zik
Ran Bar-Zik
CyberArk
Senior Software Architect
Journalist
Get Ready for the OWASP ASVS 5.0
The OWASP Application Security Verification Standard (ASVS) provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.

In this talk, I will give you an insight into the final preparations into the new version 5.0 of ASVS which is scheduled for release early in 2025. This will include an overview of what the ASVS is, the philosophy of version 5.0, and what to expect including some new areas.

As a bonus, I'll do a quick demo of an innovative use case which the AppSec team at Neo4J developed. They allow developers to use a graph database, Retrieval Augmented Generation, and an LLM to get accurate recommendations for ASVS requirements which might help them to secure a new feature.
Josh Grossman
Josh Grossman
Bounce Security
CTO/Application Security Specialist
Securing the Pipeline: Remediating CI/CD Vulnerabilities with SLSA
Software supply chain attacks are on the rise, exploiting weaknesses in CI/CD pipelines to inject malicious code.
This talk dives deep into common CI/CD vulnerabilities and presents a practical approach to remediation using the SLSA (Supply-chain Levels for Software Artifacts) framework.
Learn how to strengthen your software supply chain, implement SLSA principles, and leverage open-source tools to protect against devastating attacks like SolarWinds and Log4J.
a picture of Yonit Gruber-Hazani
Yonit Gruber-Hazani
Google
Customer Engineer - Google Public Sector
TrustOps in Action: Empowering a Secure Workforce
To build trust, cybersecurity requires a radical attitude shift. This session will provide strategies for fostering a proactive security culture, ensuring your organization is both resilient and secure from the inside out.
Ben Hacmon
Ben Hacmon
Perion Network
CISO
Living off Microsoft Copilot
Whatever your need as a hacker post-compromise, Microsoft Copilot has got you covered. Covertly search for sensitive data and parse it nicely for your use. Exfiltrate it out without generating logs. Most frightening, Microsoft Copilot will help you phish to move lately. Heck, it will even social engineer victims for you!

This talk is a comprehensive analysis of Microsoft copilot taken to red-team-level practicality. We will show how Copilot plugins can be used to install a backdoor into other user’s copilot interactions, allowing for data theft as a starter and AI-based social engineering as the main course. We’ll show how hackers can circumvent built-in security controls which focus on files and data by using AI against them.

Next, we will drop LOLCopilot, a red-teaming tool for abusing Microsoft Copilot as an ethical hacker to do all of the above. The tool works with default configuration in any M365 copilot-enabled tenant.

Finally, we will recommend detection and hardening your can put in place to protect against malicious insiders and threat actors with Copilot access.
An image of Inbar Raz with a bionic arm
Inbar Raz
Zenity
VP of Research
"Trust me, it's fine!" - Eliminate Wrong Vulnerability Findings with VEX
Have you ever stumbled on a vulnerability in software that you use, where the maintainers dismissed it saying you can safely ignore it? As the use of open source dependencies grows and vulnerability scanners become ubiquitous, this situation is growingly common, and poses interesting questions: Does every vulnerability must to be fixed? How can maintainers effectively communicate their vulnerability analysis? And how can vulnerability scanners and their users effectively automate this process?

In this talk we will introduce VEX, a new industry concept aimed to answer these questions. We will explore the different use cases where VEX helps improve your everyday lives, and the road to wide adoption of the standards it promotes.
Itay Shakury
Itay Shakury
Aqua Security
VP Open Source
Platform Engineering to the Rescue: Making DevSecOps Work for Everyone
Discover how Platform Engineering empowers organizations to democratize DevSecOps. This talk explores the role of developer portals in creating streamlined ‘golden paths’ for continuous improvement and security. Learn how to mitigate vulnerabilities, automate remediations, and enhance visibility, enabling teams across the organization to adopt secure, scalable practices effortlessly.
Image of Erik
Erik Zaadi
Port
R&D Team Leader
Dynamic Secrets 101: Using JIT to Improve Security and Compliance
Join Ori Mankali, VP R&D at Akeyless, for a technical discussion on the important elements of just-in-time (JIT) secrets management to improve security and compliance. You’ll learn:

- The benefits of using temporary JIT secrets
- Top use cases for when and where to use them
- Walk-through of effective implementation strategies

Whether you're just starting in secrets management or want to enhance your existing practices, this talk will provide you with new knowledge and practical skills to elevate your organization's security framework.
image of Ori Mankali
Ori Mankali
Akeyless
SVP of Engineering
IaC as CSPM: Transitioning to Infrastructure-as-Code for Enhanced Cloud Security
While CSPMs (Cloud Security Posture Management) are everywhere, ironically enough they are not the only solution for a secure cloud. in this talk we will see why they became popular, and why they're no longer exclusively fit for purpose.
Image of Niv
Niv Yungelson
Firefly
Director of AI
19:30
Closing Remarks
19:45
After-Party

Interested in partnering?

Click Here