”Security is hard, expensive, and someone else’s job!”

”We’ll just build the product first and call in an auditor later!”

”Security? That’s handled by a different team!”

Sound familiar? If this is your mindset, you’re not just doing security wrong — you’re setting yourself up to fail. Then the biggest threat will not be the hackers or nation-states. It will be you, your shortcuts, and the mistakes you keep repeating.

You may not be trained in security — and yes, business pressures are real. But building secure software is no longer optional. The good news? You do not have to do it alone. Luckily for you, the security community is big and open and there is a lot of support and tools freely available

In this session, I will show you how to build a ”paved road” for security — a clear, repeatable path that lets you move fast because you will know when to brake and a road that is easy to travel. You will see how to integrate security into your build pipeline using free, open-source tools that help automate, enforce, and simplify security from day one.

Expect a demo-driven session packed with real tools and workflows. We will break down different types of security tooling (SCA, SAST, DAST — don’t worry, I will explain it all), show how they complement each other, and explore how they apply not just to your code, but to cloud infrastructure and Infrastructure as Code as well.

You will walk away with:

   A practical understanding of modern security tools

   A roadmap for getting started with security automation

   The confidence to make security part of your everyday workflow

You do not need to be a security expert — just ready to stop doing it wrong.

About the presenter‍

Thomas Ljungberg Kristensen, owner of WelcomeSecurity, is the trusted security sidekick to your developers — supporting them in making the right security decisions throughout the entire development lifecycle. Whether it is in the idea phase, design, implementation, testing, or operations, Thomas delivers constructive, solution-oriented guidance that balances business goals with security needs — because in today’s world, those two are inseparable.

He strengthens your security posture through collaboration, delivering lasting improvements that equip customers with greater self-reliance. This is achieved through effective and scalable strategies leveraging tools, automation, and training, supporting the necessary transformation — both technically and culturally.

Based in beautiful Silkeborg, Thomas is an active part of the security and tech community. He co-leads the OWASP Aarhus chapter and supports both BSides Aarhus and the DevOps Aarhus meetup.

Furthermore, Thomas is a skilled trainer and presenter and delivers developer-focused security training through SmartLearning, EADania, and IDA Learning, as well as offering tailored security workshops and training for organizations seeking to upskill their teams.