Ortelius Blog

Topics include Supply Chain Security, Vulnerability Management, Neat Tricks, and Contributor insights.

SecureChainCon 2025

SecureChainCon

Keynote Speakers:

Tracy Bannon & John Willis


Tracy Bannon

John Willis

#NoHobbyists – What’s Really Needed to Shift CyberSecurity?

Cybersecurity in software development is often treated as an afterthought, left to developers who must self-educate and experiment in their spare time. The #NoHobbyists movement challenges this status quo, advocating for a fundamental shift where cybersecurity is not a side project but a core discipline, fully integrated throughout the Software Development Lifecycle (SDLC). This presentation outlines a holistic approach to embedding security across people, process, technology, and culture. Instead of merely shifting security “left” in the SDLC, the proposal argues for shifting security everywhere, making it an inherent responsibility for all stakeholders, from developers to executives. Key strategies include the adoption of the Secure Software Development Framework (SSDF), threat modeling as a collaborative practice, and leveraging industry best practices such as OWASP, NIST SP 800-218, and secure coding standards. @tracylbannon



AI-Powered Code Parsing and Semantic Analysis for DevOps Pipelines

As software development ecosystems grow increasingly complex, the need for intelligent DevOps automation in script analysis and dependency management becomes critical. Join Jon Willis as he explores cutting-edge tools and techniques that leverage AI-driven code parsing and semantic analysis to enhance DevOps workflows. He will discuss the application of Large Language Models (LLMs) such as GPT-4, CodeBERT, and OpenAI Codex in parsing infrastructure and automation scripts, including Jenkinsfile, Dockerfile, Makefile, GitHub Actions, and Terraform. These models facilitate the identification of dependency installations (e.g., apt-get install, pip install, npm install) and pinpoint update points within scripts. @Botchagalupe

Why You Should Attend


  • Celebrate the Amazing Ortelius Contributor Community
  • Hear presentations by expert practitioners
  • Learn about supply chain security in decoupled architectures.
  • Explore use cases from leading companies with their latest innovations and gain insights into the future direction of software supply chain management.

Who Should Attend


  • DevOps Engineers
  • CISO Teams
  • Security Engineers
  • Open Source Project Office
  • Developers

Key Takeaways


Shift Left Security: Understand the importance of integrating security practices early in the software development lifecycle (SDLC) to identify and remediate vulnerabilities at the source code level.

Automation is Key: Learn the role of automation in DevSecOps, from automated security assurance and vulnerability scanning to automated compliance checks and policy enforcement, to improve efficiency and consistency.

Culture of Collaboration : Recognize the need to foster collaboration and shared responsibility among development, operations, and security teams to effectively implement DevSecOps practices.

Threat Intelligence and Risk Management: Explore the importance of leveraging threat intelligence and risk management frameworks to prioritize security efforts, allocate resources effectively, and mitigate emerging threats.

Compliance and Governance: Address the challenges of maintaining compliance with regulatory requirements, such as aggregated SBOMs, and industry standards in DevSecOps environments.

Agenda


All times in Mountain Time

  • 8:30 Beer and Donuts - Recognition Awards presented by Steve Taylor
  • 9:00 - 9:30 Keynote with Tracy Bannon
  • 9:30 - 10:00 Keynote with John Willis
  • Break
  • 10:15 - 11:15 TBD
  • Break
  • 11:30 - 1:00 TBD