Ortelius Blog

Topics include Supply Chain Security, Microservice Management, Neat Tricks, and Contributor insights.

SecureChainCon 2024

By Tracy Ragan |
SecureChainCon

A Free Online, Half-Day Micro-Conference for DevOps and Security Professionals

Attend

Welcome to SecureChainCon, the ultimate online conference designed to foster knowledge sharing, and explore the challenges of implementing software supply chain security practices into fragmented, decoupled architectures. Topics of sessions and workshops, presented by expert practitioners, include forensic gathering, open-source tooling, and real-world use cases for integrating security into DevOps workflows. Join us on May 24th for this online mind share and take your Software Security skills to the next level!

Time and Place

May 24th, 2024 - 8:30 to Noon MT

Register Today

Download and Share the Announcement

Caroline Wong to be Keynote Presenter

Caroline Wong

Fortifying the Fortress: Exploring Offensive and Defensive Strategies in Cybersecurity

Understanding cybersecurity requires first an understanding of how to defend against the various types of common cyberattacks from nefarious code being introduced into the software supply chain to penetration attacks and network breaches. But building a strong defense system will not be enough. Organizations will need to start thinking of ‘offensive’ strategies to complete the picture. Join Caroline Wong as she breaks down implementing defensive techniques supported by offensive strategies.

Caroline Wong is the Chief Strategy Officer at Cobalt.io. She has 15+ years of cybersecurity leadership, including practitioner, product, and consulting roles. Caroline authored the popular textbook, Security Metrics: A Beginner’s Guide. She teachers cybersecurity courses on LinkedIn Learning and hosts the Humans of InfoSec podcast.

Why You Should Attend

- Connect and share with your Peers - Hear presentations by expert practitioners - Learn about supply chain security in decoupled architectures. - Explore use cases from leading companies with their latest innovations and gain insights into the future direction of software supply chain management. - Attend for free (Hosted by the Ortelius Open-Source Community) - Join Live or View On-Demand

Who Should Attend

  • DevOps Engineers
  • CISO Teams
  • Security Engineers
  • Open Source Project Office
  • Developers

Key Takeaways

Shift Left Security: Understand the importance of integrating security practices early in the software development lifecycle (SDLC) to identify and remediate vulnerabilities at the source code level.

Automation is Key: Learn the role of automation in DevSecOps, from automated security assurance and vulnerability scanning to automated compliance checks and policy enforcement, to improve efficiency and consistency.

Culture of Collaboration : Recognize the need to foster collaboration and shared responsibility among development, operations, and security teams to effectively implement DevSecOps practices.

Threat Intelligence and Risk Management: Explore the importance of leveraging threat intelligence and risk management frameworks to prioritize security efforts, allocate resources effectively, and mitigate emerging threats.

Compliance and Governance: Address the challenges of maintaining compliance with regulatory requirements, such as aggregated SBOMs, and industry standards in DevSecOps environments.

Agenda

Join Us on Zoom

Registration Required

All times in Mountain Time.

8:30 Beer and Donuts Networking - Meet the Ortelius Contributors

8:50 Welcome Keynote presented by Saim Safder

9:05 Recognition Awards presented by Tracy Ragan

9:20 OpenSSF Scorecard Workshop presented by Steve Taylor

9:50 Break

Join Us on Twitch

Ortelius Twitch Channel

10:00 - Keynote with Caroline Wong - Fortifying the Fortress: Exploring Offensive and Defensive Strategies in Cybersecurity

10:20 - Securing Software: A Panel Discussion on Actionable Metrics and Metadata hosted by Sacha Wharton. Panelist include:

  • Luigi Gubello - Sr. Security Engineer, Pitch
  • John Linford - Security Portfolio Forum Director, The Open Group
  • Tracy Ragan - CEO, DeployHub, Inc.
2024 SecureChainCon Panel Speakers

11:00 Break - Twitch Games

11:15 - 12:00 Presentations, Lighting Talks and Closing Remarks

  • A step closer to in-toto’lly secure: Using in-toto and OPA Gatekeeper to verify artifact integrity, Presented by John Kjell, TestifySec

  • Google Cloud Software Supply Chain Security, Presented by Nael Fridhi, Google Cloud

  • DevSecOps for Network Operations, Presented by Akash Bhaskar, Cisco

2024 SecureChainCon Speakers