OWASP Italy Online Meeting - February 13, 2026 - 4:00 – 6:00pm

Time zone: Europe/Rome
Video call link: https://meet.google.com/qzc-fmma-cwo

Speakers

Marco Morana Simone Curzi - Microsoft

Talk: Am I Secure Enough? Rethinking Security as an Investment with Quantitative Risk Analysis

Synopsis: Security is often treated as a non-negotiable cost: we must be secure, no matter what. In the real world, resources are finite and security decisions have a cost, an operational impact, and a measurable effect on risk.

This talk challenges the idea that one should not ask “Am I secure enough?” or “Which mitigations should I focus on?”. On the contrary, these are the most important questions security professionals should be able to answer.

By applying Quantitative Risk Analysis, security controls can be evaluated in terms of implementation cost, operational cost, and residual risk, enabling a true Return on Security Investment (ROSI) perspective.

The session introduces QRiskTree, an open-source tool designed to support this approach, helping security teams model threats, compare mitigations, and make data-informed decisions.

The result is not just better prioritization, but a shared language that allows security professionals to communicate risk and value effectively with business decision makers, reframing security from “a necessary expense” to “a strategic investment”.

Krishnendu Dasgupta Krishnendu Dasgupta - AXONVERTEX AI

Talk: Your Agents Have Power — Do They Have Guardrails? Engineering Agent Security, Privacy, and Policy in Decentralized Local Compute Setups

Synopsis: As AI agents gain autonomy to plan, call tools, access data, and execute actions, they introduce new security and privacy risks—especially in decentralized, locally hosted environments. This session shows how to engineer enforceable guardrails for agentic systems using open-source components and local models, without relying on centralized cloud controls. Attendees will learn how to define risk boundaries, threat-model agent workflows, apply least-privilege tool access, enforce policy-as-code, add privacy safeguards, enable audit-ready observability, and continuously test agent behaviors. The talk concludes with a preview of swarm agents in trustless compute, highlighting what’s next for secure, decentralized agent architectures.

Back to the OWASP-Italy Chapter

Watch Star