Within ongoing discussions regarding GDPR, during this conference we want to look beyond that legislation. Though privacy by default and security by default are supposedly to be a new trend, what does it actually mean for the security community? For now, companies still struggle with basic security features and solutions for emerging threats are still not in place. During this edition of SEMAFOR, we would like to take a step back, to fundamental security principles and how they are addressed. How security can cope with fast-paced environments, agile projects, start-ups and IoT? How can we reuse already implemented countermeasures and solutions to meet up with modern threats?