AI Developer Workflows & An Ever Expanding Threat Surface

Important: I plan to supply Pizza for this meetup as an experiment. Please be sure to RSVP to help me plan.

To timely topics this month! Chris and Boyd will demonstrate how their use of AI has evolved as developers. Then, for the main event new member Kirk R will talk about threats in the software supply chain. If you have ever imported an open source library, you are a threat vector! Be aware and be safer in your profession.

AI Developer Workflows - Chris Skalenda & Boyd Hemphill
Two mini-demos of how AI continues to evolve from "better autocomplete" to "overeager intern" towards "partner".

Boyd will show how he uses Claude Code to help him perform archaeology on a 30 yr old legacy system to write tests and gain a better understanding of the code. Claude then reviews his PR before he puts it up for human review.

Chris will take it a few steps further on a modern system in a broader team context.

Bio:
You know us both by now :-)

Ever Expanding Threat Surface - Kirk Rasmussen

Modern applications rely on thousands of open-source and third-party dependencies. This ecosystem creates an exponentially growing attack surface, where a compromise anywhere can affect everyone downstream. Collective this ecosystem is known as the software supply chain and it affects everyone, unless you don’t use software!

Developers are the new big target

• Personal and Business endpoints: Increasingly vulnerable plugin/extension ecosystems are being targeted.
• Build Pipeline: High-profile attacks are no longer just focused on deployed applications, but are increasingly targeting the trusted tools and processes: source control, CI/CD systems, and artifact registries.

There are no easy solutions to manage the security of what enters the Software Development LifeCycle (SDLC). The industry is slowly nudging towards adoption of key standards and best practices. Process oriented efforts such as SLSA (Supply Chain Levels for Software Artifacts) provide great approaches to a mature practice. Supply chain security is a collective responsibility, requiring a shift-left approach to embed trust and resilience from the first line of code to the final deployment.

Kirk is a Technical Fellow at RTX. Technical leader in Cybersecurity focused on innovation in the Application Security. Throughout his 29 years in IT/DT, 22 at RTX, he has led technology architecture development of large-scale IT solutions both internally and customer programs.

Agenda - A Rough Outline of the Evening
5:45-ish Meet & Greet, We are getting set up (Ryan Flemming is the man!)
6:00pm-6:15 Who's looking, Who's hiring.
6:15-6:45 - AI Developer Workflows - Chris S & Boyd H
6:50-7:45 - Ever Expanding Threat Surface - Kirk R
8:00pm - #BeerOps - Location TBD