Name: Automate or Die - DevSecOps in the Age of Software Supply Chain Attacks
Start: 2019-11-14T18:30:00-05:00
End: 2019-11-14T20:30:00-05:00
Location: Stack Overflow, Inc.

AGENDA:
6:30pm - Doors open
6:30-7:00pm - Social
7:00-7:45pm - Talk followed by Q&A
7:45-8:30pm - Social / Wrap Up

Thanks to Stack Overflow for sponsoring the venue & food/drinks.

TALK DESCRIPTION:
Title: Automate or Die - DevSecOps in the Age of Software Supply Chain Attacks

As nimble organizations deliver new innovations, adversaries are also upping their game; something we’ve seen in recent high profile and devastating cyber attacks. Bad actors have the intent and ability to exploit security vulnerabilities in the software supply chain - and in some cases plant vulnerabilities themselves. They have increased scale through automation and improved breach success through precision targeting. If we don’t fight back by doing the same - automating security directly in the DevOps pipeline - then we’ll always be at the hackers’ mercy. This session will provide new research on the above, and details on how to get started.

Key takeaways:

- Real-world examples of how large and small companies are implementing DevSecOps practices in their own delivery pipelines, and increasing developer awareness to risks
- Key insights from the 2019 DevSecOps community report - including the top investments for automated security
- A walkthrough of how security principles have been automated into a CICD pipeline and what standards for implementation are beginning to follow suite
- Why DevSecOps is more than a buzzword, and why it’s vital to protecting your software supply chain
- How automating security of policies makes it harder to ignore

SPEAKER BIO:
Irina Tishelman, Solutions Architect, Sonatype

Born and raised in Moscow Russia, I earned a Bachelor in Computer Science degree and shortly after completing my education, my family moved to the USA.

Prior to joining Sonatype, I worked at Checkmarx as Sales Engineer, where I was responsible for driving and managing the technology evaluation stage of a sales process and post-sales customer support.

My earlier career included various positions within business intelligence and analytics, application development, database design, and project management.

Throughout my career, I have been fortunate to work for companies with diverse expertise– from finance and publishing to healthcare and insurance.

Working in the field of cybersecurity is particularly rewarding. It’s powerful to connect with people over the things that make a real impact.

In my spare time, I am an avid skier, scuba diver, yoga enthusiast, and world traveler.

When I am not on the slopes, I am passionate about attending as many Opera, ballet, and theater performances as I can.

============================

If you or anyone you know is interested in speaking please submit your talk here: https://goo.gl/forms/ZM0pgg7FN77Cv7uy2

Adarsh Shah

Tom Limoncelli

nycdevops

Technology

Operations and Data Center Management

Infrastructure as Code

Open Source

System Administration

Chefs

Opscode Chef

DevOps

Linux

Cloud Computing

High Scalability Computing

Unix

Puppet Software

SaaS (Software as a Service)

Automate or Die - DevSecOps in the Age of Software Supply Chain Attacks

Stack Overflow, Inc.

Share

nycdevops

Automate or Die - DevSecOps in the Age of Software Supply Chain Attacks

nycdevops

Details

Members are also interested in