Speaker: Nikola Luburić
My passion is teaching, and my mission is to cure an ailment that affects many students - apathy towards learning. My strategy for combating this affliction includes the merger of experience obtained from the industry, theory learned through scientific research, and teaching methods selected through analysis and experiments. The ultimate goal is to create a fun, relaxed environment in which useful information can be obtained, and critical thinking can be developed.
My work is the synthesis of a three-pronged background, which includes:
1) The experience I've acquired teaching a university course on secure software engineering,
2) The research I’ve conducted as part of my Ph.D. studies, covering the security development lifecycle,
3) The work I’ve done as a security advisor for a prominent software vendor.
From the start of my career as a teaching assistant, I have held to the principle that how something is taught is equally important as what is taught. Over the years I have experimented with different teaching approaches, examining gamification (inspired by board games and tabletop RPG games), e-learning, case study analysis, and the hybrid-flipped classroom. My primary course covers secure software engineering, where I have developed a set of mature learning objectives as a result of my experience in the industry and as a scientific researcher.
As part of my Ph.D., I have studied the different secure software engineering methodologies and practices, covering both standard-defined processes and industry-proven methods. My narrow research focus covers the intersection of security requirements engineering and secure design construction, particularly threat modeling and security design analysis. I have published several papers, most notably a methodology for training software engineers the practice of security design analysis.
Through my work at Schneider Electric DMS NS, I have performed threat modeling and security design analysis on several modules of a complex software system for energy management and have taken part in dozens of security analysis activities, examining tools, APIs, and 3rd party components. Currently, my primary focus is on introducing the security development lifecycle, as defined by IEC 62443-4-1, to the organization.
By combining the different skillsets developed through my background, I have focused my expertise towards performing and teaching others to conduct various software security practices, dedicated to enhancing the security posture of a software system efficiently and measurably.