Laura Bell

Founder and CEO of @safestack

With almost a decade of experience in software development and information security, Laura specializes in bringing security practices and culture into organisations of agile and high growth organisations. An experienced adviser, security manager and trainer, she provides security services to support a range of organisations from large national entities to growth start-ups.

In addition to speaking at numerous international conferences and events, Laura is the co-author of Agile Application Security from O’Reilly Media, a member of the board for non-profit Hackers Helping Hackers and a program committee member for the O’Reilly Security Conference in New York.

Find Laura Bell at:


Failing Fast: The Impact of Bias When Speeding Up Application Security

There is a lot of talk these days about going faster with security, DevSecOps and making security part of your lifecycle. What if _you_ are the reason this might be a pathway to failing fast at security?

In this talk, we will explore how bias impacts how we secure our development lifecycles and examine 3 common biases that lead to big issues in this space.  By looking at mistakes teams make when embracing application security and how bias plays into them, we can learn to avoid them and make security a key part of moving faster.


Tuesday Nov 10 / 11:40AM PST (40 minutes)


Security in a State of Insecurity

Add to Calendar

Add to calendar



Threat Assessment for Software Architects

The systems we are developing and building can be quite complex, and are starting to use techniques and technologies that are very new.

Even though the techniques and technology are new, the way we assess the security and threats remains the same. It boils down to understanding all the bits and bobs that the system is made up of, and thinking through the most applicable weaknesses and threats, and then balancing those weaknesses and threats out with various different types of security controls.

This 3-hour workshop will cover:

  • Why it’s important to think about the threats your application may face and the benefits that can bring to your development practice
  • Six most common weaknesses that you need to assess for - using the STRIDE threat model
  • How someone, or a threat, could take advantage of those weaknesses
  • Understand the types and categories of security controls we can apply to our systems and how they can minimise those weaknesses
  • How to create your own data flow diagram in a way that can help you identify weaknesses (and the controls needed)

Who is this for:

Software architects or software developers who are involved in designing or building systems and want to learn how to build in good security at the beginning of the development lifecycle.


Friday Nov 6 / 12:30PM PST (3 hours)


Level Intermediate



Add to Calendar

Add to calendar



Build your learning journey and level-up on the skills most in-demand in 2021. Attend QCon Plus (Nov 1-5, 2021).

Save your spot for $549 before August 31st