#7 #7 #7 #7 #7

OWASP Porto Chapter meetup: September 3rd, 2025, at 18:00.

We are excited to bring you another OWASP Porto event. As always, we look forward to seeing you at our next meetup!

Schedule

- 18:00 - Intro and Welcome by the OWASP Porto chapter leadership- 18:15 - HAL 9000: a Risk Manager for ITSs by Tadeu Freitas- 19:00 - Bringing DevOps into IAM by Fabrizio Di Carlo- 20:00 - Drinks & Dinner.

Talks

Title: HAL 9000: a Risk Manager for ITSsSpeaker: Tadeu Freitas

Abstract: HAL 9000 is an Intrusion Tolerant Systems (ITSs) Risk Manager, which assesses configuration risks against potential intrusions. It utilizes gathered threat knowledge and remains operational, even in the absence of updated information. Based on its advice, the ITSs can dynamically and proactively adapt to recent threats to minimize and mitigate future intrusions from malicious adversaries. Our goal is to mitigate the risk associated with the exploitation of recently discovered vulnerabilities that have not been classified or do not have a script to reproduce the exploit, given the potential that they may have already been exploited as zero-day vulnerabilities. Our experiments demonstrate that the proposed solution can effectively learn and replicate the National Vulnerability Database’s evaluation process with 99% accuracy.

Bio: Tadeu Freitas. Ph.D. student at the Faculty of Sciences, University of Porto, specializing in Fault and Intrusion-Tolerant Systems. His research focuses on developing resilient distributed systems that maintain operational integrity under adversarial conditions. He earned his Integrated Master’s degree in Network and Informatics Systems from the Faculty of Sciences, University of Porto, where he researched 'Privacy-Preserving Crowdsourcing of Photos in Edge-Cloud Environments.' His academic interests include distributed computing, cybersecurity, privacy-enhancing technologies, and resilience engineering.

Title: Bringing DevOps into IAMSpeaker: Fabrizio Di Carlo

Abstract: Traditional identity and access management (IAM) in Entra ID (Azure AD) often relies on manual reviews or expensive premium tiers for automated security checks. This session introduces Maester, an open-source framework that brings DevOps principles to IAM, enabling teams to automate security posture validation, enforce least privilege at scale, and maintain continuous compliance without costly license upgrades. The core problem addressed is that traditional Entra ID management relies on manual reviews or expensive P2 premium licenses for security automation. Maester offers an alternative by allowing teams to automate access reviews, implement custom security guardrails, and integrate DevOps practices. Key functionalities include pre-deployment validation of changes, drift detection for unauthorized modifications, and automated compliance reporting for frameworks like ISO 27001 and NIST. This session bridges (Governance, Risk, and Compliance) GRC strategy and technical execution, showing how DevOps methodologies can transform IAM from a compliance checkbox into a dynamic, self-healing system. Perfect for security engineers, cloud architects, and GRC teams working in Microsoft environments, this talk provides actionable insights to harden IAM security posture while reducing operational overhead.

Bio: Fabrizio Di Carlo is a cybersecurity strategist with over a decade of experience advising companies across Europe. He currently splits his time as CISO for Cyber Monks and Managing Director of ContrailRisks, a boutique consultancy based in Berlin, where he helps startups and enterprises navigate the complexities of risk, compliance, and security governance. His work focuses on aligning security with business outcomes through pragmatic, risk-based approaches, and he’s an advocate for modernizing security leadership through 'GRC Engineering,' inspired by Site Reliability Engineering. Beyond client work, Fabrizio is a regular speaker at industry events, sharing insights on digital identity, cyber resilience, and vCISO operations.

How to get there

Venue to be announced soon.