๐๏ธ Johan Sydseter
Talk Title: Games as a Tool for Securing Your Apps
Abstract
Most people will agree with you: application security is important โ itโs just that they forget everything you said about it as soon as they leave the room. In this session, Johan Sydseter explores how we can use games to cut through the noise, wake up the brain, and create security awareness that actually sticks.
Heโll show how applying games in application security training can spark agency, empathy, creativity, and collaboration โ making security more than just a checklist or a slide deck. Youโll learn how to use play to teach secure design, encourage participation from all disciplines, and shift security thinking left.
Johan shares how developers, testers, and architects moved from disengaged and passive to collaborative and proactive โ using OWASP Cornucopia and game mechanics to transform security workshops. This approach helped developers formulate their own requirements, testers engage in threat modeling, and teams build stronger ownership of security outcomes.
The result? Security champions emerge naturally, threat modeling becomes fun, and application security engineers move from bottlenecks to facilitators. This talk is about scaling AppSec with games โ and why it works.
Bio
Johan Sydseter โ “the guy with the long hair, not the long beard” โ is one of the co-leaders of OWASP Cornucopia and the co-creator of the OWASP Cornucopia Mobile App Edition. He is an application security engineer, developer, architect, and DevOps practitioner with 16 years of experience building and designing backend and frontend solutions.
Johan is a regular contributor to the Cornucopia project and has held several talks on application security at international conferences. He currently works as an