Loading…
← Back to schedule
Games as tools for scaling your application security program
Friday June 26, 2026 1:15pm - 3:00pm CEST
Room -2.33 (Level -2)
OWASP Cornucopia is a card game to assist software development teams in identifying security requirements in agile software development processes. It is language-, platform-, and technology-agnostic (https://cornucopia.owasp.org). 

In this session, attendees will play OWASP Cornucopia and, through practical application, learn how to use EoP-based games for threat modeling, along with tips and tricks for scaling their threat modeling while remaining ISO27001 certified and keeping developers engaged in security requirements and design activities.

We will be playing the game differently from what we usually do. You will be taken through a provocative scenario. With the grumpy old senior developer who doesn't shift left due to too many hours working overtime on his incredibly sophisticated pet projects, what will you do? Will you be able to teach him a lesson about why security is essential, or will he be laughing all the way to his developer cave? Only true passionate application security engineers will succeed. Expect confetti, swags (yes, you read right, swag, valued just below the corruption limit), and illegal bribes as you venture into the unknown of OWASP Cornucopia.

Most people will agree with you that security is important, but they forget what you were saying once they leave the room.
The brain is amazing. It can let you learn to ride a bike, write poetry, learn a new programming language, or even fall in love, but if your brain is so amazing, why do your colleagues forget all the things you said about security during your last meeting?
In this session, we will learn how to play games to create agency, empathy, community, spark the imagination, and wake up the brain. When choosing a strategy for scaling your application security program, don’t choose reading materials, presentations with “talking heads,” or meetings as a medium for increasing awareness and knowledge about security. Instead, focus on activities that can be repeated on a regular basis that are both relevant and engaging to the work you are doing. When employees are authentically involved and curious about their learning, their heightened focus and emotional connection stimulate better memory formation and application of knowledge. In fact, numerous studies have reported that emotions have a significant impact on human cognitive processes. This underpins why games can strengthen learning over time, which is why you should have an extensive collection of games in your arsenal when teaching others about application security.
Speakers
avatar for Grant Ongers

Grant Ongers

Security- Advisor | Ambassador | Architect, esynergy
With 10+ years in Dev, 20 in Ops, and 30 in Sec, Grant Ongers (rewtd) is the Head of esynergy’s Security Practice; a Principal Security Architect at the Department for Science, Innovation and Technology and a former OWASP® Foundation Global Board member. A firm believer that security... Read More →
Friday June 26, 2026 1:15pm - 3:00pm CEST
Room -2.33 (Level -2)
  Project Demo Lab (Hands-on)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link