Ortelius Blog

Topics include Supply Chain Security, Microservice Management, Neat Tricks, and Contributor insights.

SecureChainCon 2024


View On-Demand Sessions from SecureChainCon 2024, Micro-Conference for DevOps and Security Professionals

Watch Today

Welcome to SecureChainCon, the ultimate online conference designed to foster knowledge sharing, and explore the challenges of implementing software supply chain security practices into fragmented, decoupled architectures. Topics of sessions and workshops, presented by expert practitioners, include forensic gathering, open-source tooling, and real-world use cases for integrating security into DevOps workflows. Join us on May 24th for this online mind share and take your Software Security skills to the next level!

View On Demand

View the Entire Playlist

Caroline Wong Keynote Presenter

Caroline Wong

Fortifying the Fortress: Exploring Offensive and Defensive Strategies in Cybersecurity

Understanding cybersecurity requires first an understanding of how to defend against the various types of common cyberattacks from nefarious code being introduced into the software supply chain to penetration attacks and network breaches. But building a strong defense system will not be enough. Organizations will need to start thinking of ‘offensive’ strategies to complete the picture. Join Caroline Wong as she breaks down implementing defensive techniques supported by offensive strategies.

Caroline Wong is the Chief Strategy Officer at Cobalt.io. She has 15+ years of cybersecurity leadership, including practitioner, product, and consulting roles. Caroline authored the popular textbook, Security Metrics: A Beginner’s Guide. She teachers cybersecurity courses on LinkedIn Learning and hosts the Humans of InfoSec podcast.

Why You Should Watch

  • Hear presentations by expert practitioners
  • Learn about supply chain security in decoupled architectures.
  • Explore use cases from leading companies with their latest innovations and gain insights into the future direction of software supply chain management.

Who Should Watch

  • DevOps Engineers
  • CISO Teams
  • Security Engineers
  • Open Source Project Office
  • Developers

Key Takeaways

Shift Left Security: Understand the importance of integrating security practices early in the software development lifecycle (SDLC) to identify and remediate vulnerabilities at the source code level.

Automation is Key: Learn the role of automation in DevSecOps, from automated security assurance and vulnerability scanning to automated compliance checks and policy enforcement, to improve efficiency and consistency.

Culture of Collaboration : Recognize the need to foster collaboration and shared responsibility among development, operations, and security teams to effectively implement DevSecOps practices.

Threat Intelligence and Risk Management: Explore the importance of leveraging threat intelligence and risk management frameworks to prioritize security efforts, allocate resources effectively, and mitigate emerging threats.

Compliance and Governance: Address the challenges of maintaining compliance with regulatory requirements, such as aggregated SBOMs, and industry standards in DevSecOps environments.


Beer and Donuts

Recognition Awards presented by Tracy Ragan

OpenSSF Scorecard Workshop presented by Steve Taylor

View the Entire Playlist


Keynote with Caroline Wong - Fortifying the Fortress: Exploring Offensive and Defensive Strategies in Cybersecurity

Panel Discussion - Securing Software with Actionable Metrics and Metadata hosted by Steve Taylor. Panelist include:

  • Luigi Gubello - Sr. Security Engineer, Pitch and OpenSSF Committee Chair Metrics and Meta Data Working Group
  • John Linford - Security Portfolio Forum Director, The Open Group
  • Tracy Ragan - CEO, DeployHub, Inc.
2024 SecureChainCon Speakers
2024 SecureChainCon Speakers