The talk describes the in-house Application Security function of EE, the largest mobile network operator in the UK. It addresses the nature of security challenges specific to the application layer, the benefits of operating a fully-fledged Secure Development Lifecycle compared to the widely adopted ‘security testing’ approach, and the trade-offs involved in delivering end-to-end application security support of development projects at a justifiable cost.

Slava Muchnick

Principal Consultant, Application Security, EE Ltd

Slava has had a varied career that included developing a data-parallel programming language and a compiler for it in Siberia in the 1980s, teaching real-time systems, databases and functional programming at the University of Surrey in the 1990s, and working in technical and management roles for Dell, T-Mobile and British Gas. He is currently with EE, the largest mobile network operator in the UK, where he is involved in shaping the application security strategy, providing specialist support to development projects, and promoting security awareness across the company.