Calendar
PR_D_CT Day 2025 (Ghent)
Date & Time: 14/11/2025
Speaker: Nick Boucart
Location: Louvain-la-Neuve
This November, PR_D_CT Day takes place in Ghent, a focused event for product professionals in B2B SaaS, scale-ups, and corporates. Expect practical insights on prioritization, customer value, and strategic thinking. Nick Boucart will explain how small SaaS teams can use product management to shift left and address security early, responding to growing customer demands without slowing down delivery. The same program is also offered at an edition in Louvain-la-Neuve.
Cybersecurity Industry Day 2025
Date & Time: 13/11/2025
Location: Mechelen
On November 13, researchers, industry experts, entrepreneurs, and policy makers come together to accelerate progress in cybersecurity. Academic research in this field is closely tied to real-world impact through strong collaboration with business and society. The event bridges the gap between university and industry with keynotes, success stories, and networking opportunities. Meet the SECDES project partners there and explore new ideas or potential collaborations.
PR_D_CT Day 2025 (Louvain-la-Neuve)
Date & Time: 6/11/2025
Speaker: Nick Boucart
Location: Louvain-la-Neuve
This November, PR_D_CT Day takes place in Louvain-la-Neuve, a focused event for product professionals in B2B SaaS, scale-ups, and corporates. Expect practical insights on prioritization, customer value, and strategic thinking. Nick Boucart will explain how small SaaS teams can use product management to shift left and address security early, responding to growing customer demands without slowing down delivery. The same program is also offered at an edition in Ghent.
Introduction to SAMM
Date & Time: 11/09/2025
Speaker: Aram Hovsepyan
Location: Online seminar
OWASP SAMM, the Software Assurance Maturity Model, offers an effective, measurable way to analyze and improve an organization's secure development lifecycle. In this session, Aram Hovsepyan, CEO of Codific and one of the driving forces behind SAMM, provides a clear introduction to the model and explains how it helps organizations identify where their security investments deliver the greatest value.
NIS 2, DORA, and "the likes"
Date & Time: 13/06/2025
Speaker: Koen Vranckaert & Eyup Kun
Location: Online seminar
To ensure adequate cybersecurity of hardware and software across the EU, the EU legislator has adopted many new regulations, including but not limited to NIS 2, DORA, the AI Act and the Cybersecurity Act. However, the impact on those businesses, especially SMEs, remains to be seen and can constitute a major source of uncertainty to conduct business in the EU. This seminar provides a bird's eye view of the new cybersecurity rules governing software, hardware and process design, focusing especially on the needs of small and medium enterprises (SMEs).
OpenAPI as a Security Tool
Date & Time: 15/05/2025
Speaker: Philippe De Ryck
Location: Online seminar
OpenAPI specifications are more than just documentation—they can be a powerful foundation for improving your application's security. This talk explores how to effectively use OpenAPI in both code-first and spec-first workflows. We’ll discuss how well-crafted specs help uncover security issues, guide audits, and power security tools for testing, automated attacks, and even runtime protection. You'll walk away with practical insights into turning your API specs into a security asset, not just a developer convenience.
An Overview of Threat Modeling Tools
Date & Time: 24/04/2025
Speaker: Tatiana Galibus & Laurens Sion
Location: Online seminar
This webinar explores how tools can support effective threat modeling in practice. The session introduces what to expect from threat modeling tools and highlights several popular solutions that can streamline the process, presented by Sirris. It also takes a closer look at the SPARTA tool developed by DistriNet, showcasing its capabilities and how it helps organizations structure and automate their threat modeling efforts.
Threat Modeling Workshop
Date & Time: 15/01/2025
Speaker: Tatiana Galibus
Location: Gent
Threat modeling sharpens the ability to spot weaknesses before attackers do. This workshop focuses on building a security mindset that questions assumptions, maps out how systems really work, and highlights where trust could be broken. You learn to visualize data flows, identify the most critical assets, and think through worst-case scenarios that threaten confidentiality, integrity, or availability.
Security-by-Design User Group meeting
Date & Time: 14/11/2024
Speaker: Nick Boucart, Tatiana Galibus & Roeland Delrue
Location: Mechelen
The upcoming Security-by-Design User Group meeting will focus on two key topics: supply chain security and software security testing. The session will explore how the NIS2 standard impacts software developers and highlight the importance of documenting and tracking dependencies through Software Bills of Materials (SBOMs), with an overview of relevant standards and tools. In the second part, Aikido will present how organizations can use the OWASP Top 10 to "shift left," integrating security earlier in the development cycle. Practical demonstrations will show how development teams can detect and fix vulnerabilities proactively, strengthening security from the very beginning.
Keeping pace with OAuth's Evolving Security Practices
Date & Time: 18/10/2024
Speaker: Pieter Philippaerts
Location: Online seminar
OAuth 2.0, introduced in 2012, is now the de facto standard for API authorization. Over time, its security guidance has evolved to address new threats and use cases. This session covers the latest OAuth 2.0 security best practices and highlights upcoming changes to the standard, ensuring you stay ahead in securing your applications.
Leveraging Product Management to Shift Left in Small SaaS Teams
Date & Time: 10/10/2024
Speaker: Nick Boucart
Location: Online seminar
Historically, security wasn't always a top priority for most small SaaS teams; feature development was. Upcoming legislation like NIS2, CRA, ... is increasing the pressure on the teams, not from the legislation itself, but from corporate customers who are becoming much more demanding. In this presentation we will argue that integrating security requirements early ("shifting left") should be driven by product management, as they have the best understanding of customer concerns from both feature and security perspectives. This understanding can drive investment in application security (appsec) and prioritize it on the roadmap. Product managers typically know the value of the data managed by the SaaS, whether it is crucial or peripheral to customers.
An Introduction to Threat Modeling
Date & Time: 13/09/2024
Speaker: Koen Yskout
Location: Online seminar
This talk introduces 'threat modeling', one of the core techniques in the secure software development lifecycle. It sheds light on what threat modeling entails, where it fits in the SDLC, what benefits it brings, and how to get started. The talk also incorporates findings from a recent research project that investigates the current state of practice in large Dutch organizations regarding threat modeling, and shares their lessons learned.
Security-by-Design User Group meeting
Date & Time: 30/05/2024
Speaker: Nick Boucart & Pieter Philippaerts
Location: Leuven
The first Security-by-Design User Group meeting will introduce the SECDES project and highlight why integrating security into the DevOps pipeline has become increasingly crucial as development cycles accelerate. We explain how modern teams face pressure to deliver quickly while maintaining robust protection against emerging threats. We focus on three key areas: securing the software design phase by building security principles into architecture decisions from the start, implementing automated security testing to catch vulnerabilities early and continuously, and strengthening cybersecurity governance to ensure compliance and accountability across the development process.