Security is no longer for security teams. It's for everyone

Security is now a core engineering skill, not a niche specialization. Modern developers are expected to understand not only how to build systems, but how to build them securely.

This talk provides a practical, developer-oriented overview of the essential security knowledge every engineer should possess: core cryptography concepts, authentication and authorization models, secure communication with TLS, common vulnerability classes, relevant standards, and secure ways of working in real teams and pipelines.

This session emphasizes how security applies to everyday development decisions, from API design and key management to CI/CD integration and code reviews. The goal is to equip developers with a solid security foundation that improves both code quality and system resilience.

Attendees will leave with a clear mental map of modern application security and concrete guidance they can immediately apply in their daily work.

Takeaways:

• Understand what cryptography actually provides (and what it does not), including hashing, encryption, signatures, and key management.
• Distinguish correctly between authentication, authorization, and identity — and know where each belongs in a system.
• Recognize the most common vulnerability classes and why they keep reappearing in modern applications.
• Apply secure communication practices using TLS and mutual TLS in real-world architectures.
• Use security standards and guidelines (OWASP, NIST, CIS) as practical engineering tools, not theoretical documents.
• Integrate security into daily development workflows: design, coding, reviews, CI/CD, and incident response.
• Make better architectural and coding decisions that reduce security risk without slowing delivery.