Engineering the Future of Software
16–18 October 2017: Conference & Tutorials
18–19 October 2017: Training
London, UK

Practical security principles for the working architect

Eoin Woods (Endava)
10:4512:15 Tuesday, 17 October 2017
Location: Park Suite (St. James / Regents)
Secondary topics:  Best Practice, Overview
Average rating: ****.
(4.12, 8 ratings)

Prerequisite Knowledge

  • Experience with a significant software development project
  • A good understanding of mainstream software development practices

What you'll learn

  • Understand why security is everyone’s problem, not something to be left to the specialists
  • Learn 10 practical security principles to help you improve your security immediately


As our world becomes digital, the systems we build must be secure by design. The security community has developed a well-understood set of principles used to build systems that are secure (or at least securable) by design, but this topic often isn’t included in the training of software developers. And when the principles are explained, they are often shrouded in the jargon of the security engineering community, so mainstream developers struggle to understand and apply them.

Eoin Woods explains why secure design matters and introduces 10 of the most important proven principles for designing secure systems, distilled from the wisdom of the security engineering community. Eoin walks you though each principle the context of mainstream system design, rather than in the specialized language of security engineering, and demonstrates how it is applied in practice to improve security.

Photo of Eoin Woods

Eoin Woods


Eoin Woods is the CTO at Endava, a software engineering company that delivers solutions in the areas of digital, Agile, and automation. He’s an author, a conference speaker, and an active member of the London software engineering community and was the recipient of the 2018 Linda Northrup Award for Software Architecture, awarded by the SEI. Eoin’s main technical interests are software architecture, distributed systems, and computer security.