Skip to content

Automate or Die - DevSecOps in the Age of Software Supply Chain Attacks

Photo of
Hosted By
Adarsh S. and Tom L.


6:30pm - Doors open
6:30-7:00pm - Social
7:00-7:45pm - Talk followed by Q&A
7:45-8:30pm - Social / Wrap Up

Thanks to Stack Overflow for sponsoring the venue & food/drinks.

Title: Automate or Die - DevSecOps in the Age of Software Supply Chain Attacks

As nimble organizations deliver new innovations, adversaries are also upping their game; something we’ve seen in recent high profile and devastating cyber attacks. Bad actors have the intent and ability to exploit security vulnerabilities in the software supply chain - and in some cases plant vulnerabilities themselves. They have increased scale through automation and improved breach success through precision targeting. If we don’t fight back by doing the same - automating security directly in the DevOps pipeline - then we’ll always be at the hackers’ mercy. This session will provide new research on the above, and details on how to get started.

Key takeaways:

  • Real-world examples of how large and small companies are implementing DevSecOps practices in their own delivery pipelines, and increasing developer awareness to risks
  • Key insights from the 2019 DevSecOps community report - including the top investments for automated security
  • A walkthrough of how security principles have been automated into a CICD pipeline and what standards for implementation are beginning to follow suite
  • Why DevSecOps is more than a buzzword, and why it’s vital to protecting your software supply chain
  • How automating security of policies makes it harder to ignore

Irina Tishelman, Solutions Architect, Sonatype

Born and raised in Moscow Russia, I earned a Bachelor in Computer Science degree and shortly after completing my education, my family moved to the USA.

Prior to joining Sonatype, I worked at Checkmarx as Sales Engineer, where I was responsible for driving and managing the technology evaluation stage of a sales process and post-sales customer support.

My earlier career included various positions within business intelligence and analytics, application development, database design, and project management.

Throughout my career, I have been fortunate to work for companies with diverse expertise– from finance and publishing to healthcare and insurance.

Working in the field of cybersecurity is particularly rewarding. It’s powerful to connect with people over the things that make a real impact.

In my spare time, I am an avid skier, scuba diver, yoga enthusiast, and world traveler.

When I am not on the slopes, I am passionate about attending as many Opera, ballet, and theater performances as I can.


If you or anyone you know is interested in speaking please submit your talk here:

110 William St, 28th floor · New York, NY
5 spots left