Topics include Supply Chain Security, Microservice Management, Neat Tricks, and Contributor insights.
Welcome to SecureChainCon, the ultimate online conference designed to foster knowledge sharing, and explore the challenges of implementing software supply chain security practices into fragmented, decoupled architectures. Topics of sessions and workshops, presented by expert practitioners, include forensic gathering, open-source tooling, and real-world use cases for integrating security into DevOps workflows. Join us on May 24th for this online mind share and take your Software Security skills to the next level!
Understanding cybersecurity requires first an understanding of how to defend against the various types of common cyberattacks from nefarious code being introduced into the software supply chain to penetration attacks and network breaches. But building a strong defense system will not be enough. Organizations will need to start thinking of ‘offensive’ strategies to complete the picture. Join Caroline Wong as she breaks down implementing defensive techniques supported by offensive strategies.
Caroline Wong is the Chief Strategy Officer at Cobalt.io. She has 15+ years of cybersecurity leadership, including practitioner, product, and consulting roles. Caroline authored the popular textbook, Security Metrics: A Beginner’s Guide. She teachers cybersecurity courses on LinkedIn Learning and hosts the Humans of InfoSec podcast.
Shift Left Security: Understand the importance of integrating security practices early in the software development lifecycle (SDLC) to identify and remediate vulnerabilities at the source code level.
Automation is Key: Learn the role of automation in DevSecOps, from automated security assurance and vulnerability scanning to automated compliance checks and policy enforcement, to improve efficiency and consistency.
Culture of Collaboration : Recognize the need to foster collaboration and shared responsibility among development, operations, and security teams to effectively implement DevSecOps practices.
Threat Intelligence and Risk Management: Explore the importance of leveraging threat intelligence and risk management frameworks to prioritize security efforts, allocate resources effectively, and mitigate emerging threats.
Compliance and Governance: Address the challenges of maintaining compliance with regulatory requirements, such as aggregated SBOMs, and industry standards in DevSecOps environments.
Recognition Awards presented by Tracy Ragan
OpenSSF Scorecard Workshop presented by Steve Taylor
Keynote with Caroline Wong - Fortifying the Fortress: Exploring Offensive and Defensive Strategies in Cybersecurity
Panel Discussion - Securing Software with Actionable Metrics and Metadata hosted by Steve Taylor. Panelist include:
DevSecOps for Network Operations, Presented by Akash Bhaskar, Cisco
A step closer to in-toto’lly secure: Using in-toto and OPA Gatekeeper to verify artifact integrity, Presented by John Kjell, TestifySec
A Google Cloud Software Supply Chain Security, Presented by Nael Fridhi
The Hero Project - Evolving DevOps Pipelines to DevSecOps Pipelines with CDEvents and Ortelius, Presented by Tracy Ragan