Loading…
Simple
Expanded
Grid
By Venue
Thursday, May 11
 

9:00am EDT

Welcome
Welcome to DevSecOps Days Pittsburgh 2023!
Speaker
avatar for Hasan Yasar

Hasan Yasar

Technical Director, Continuous Deployment of Capability, Carnegie Mellon University, Software Engineering Institute
Hasan Yasar is the Technical Director of Continuous Deployment of Capability group in the SSD Division of the Software Engineering Institute, CMU. Hasan leads an engineering group to enable, accelerate and assure Transformation at the speed of relevance by leveraging DevSecOps, Agile... Read More →

Thursday May 11, 2023 9:00am - 9:15am EDT
Virtual Virtual
  Plenary

9:15am EDT

Keynote: SPDX SBOMs: Enabling Automation of Safety & Security Analysis
When building systems with safety-critical considerations, having a detailed and accurate record of all the requirements, components, tests, and configuration information is essential for safety analysis. When a component-vulnerability fix comes in, though, how do you know that the system conforms with the safety claims after you apply the fix? This talk will discuss how you can leverage the Software Package Data Exchange (SPDX) software bill of materials (SBOM) data to improve the system’s automation and make you confident that the necessary re-testing and analysis will satisfy the safety profile.
Speaker
avatar for Kate Stewart

Kate Stewart

Vice President of Dependable Embedded Systems, The Linux Foundation
Kate Stewart was one of the founders of the SPDX project in 2009 and has been contributing to it continuously since that time. Since joining The Linux Foundation eight years ago, Kate has also launched the ELISA, Real Time Linux, and Zephyr RTOS projects and has supported other embedded... Read More →

Thursday May 11, 2023 9:15am - 10:00am EDT
Virtual Virtual
  Keynote

10:00am EDT

Short Break
Thursday May 11, 2023 10:00am - 10:10am EDT
Virtual Virtual
  Break

10:10am EDT

Web Security at Early-Stage Startup
After building three startups, Aman Sharma has seen his fair share of security incidents and learned first-hand what kind of cybersecurity challenges early-stage startups can expect. In this presentation, Sharma will share the best practices and playbook that such organizations can adopt to have a strong foundation.
Speaker
avatar for Aman Sharma

Aman Sharma

CTO, Dinnerfy
Aman Sharma is a serial tech entrepreneur with three startups, most recently cofounding Dinnerfy as the CTO. He was formerly a machine-learning researcher at TU Vienna Informatics, a UX/AI lead at upsell.ai, and a founder lead at Mobile-web.dev. Sharma is an active member of the web... Read More →

Thursday May 11, 2023 10:10am - 10:40am EDT
Virtual Virtual
  Presentation

10:40am EDT

Short Break
Thursday May 11, 2023 10:40am - 10:50am EDT
Virtual Virtual
  Break

10:50am EDT

Automating Away Your DevSecOps Toil
As the cloud becomes more and more complex, the surface area for attacks becomes larger and larger. Monitoring and securing your cloud infrastructure is impossible without automatic monitoring and provisioning tools.

In this talk, we'll introduce an open source automation tool built on top of Jupyter Notebooks. The modular framework that includes hundreds of built-in actions enables you to start your automation journey in just minutes. Used by many DevOps & SRE professionals to automate away toil, we can also apply the framework to DevSecOps.

In addition, we'll build several RunBooks—one to automate least-privilege account creation and one to run periodic boundary checks around your cloud, ensuring that you are reducing your cloud's attack surface.
Speaker
avatar for Doug Sillars

Doug Sillars

Head of Developer Relations, unSkript
A lifelong learner and educator, Doug Sillars thrives on learning new technologies and sharing them with the developer community.  A Google Developer Expert and the author of O’Reilly’s High Performance Android Apps, Doug regularly speaks at conferences and blogs about developer... Read More →

Thursday May 11, 2023 10:50am - 11:20am EDT
Virtual Virtual
  Presentation

11:20am EDT

Short Break
Thursday May 11, 2023 11:20am - 11:30am EDT
Virtual Virtual
  Break

11:30am EDT

Securing the IoT Supply Chain with DevSecOps
The Internet of Things (IoT) is rapidly transforming the way we live and work, with connected devices and systems becoming increasingly pervasive in our daily lives. However, the proliferation of IoT devices also presents significant security challenges, as these devices often have limited processing power and memory and are deployed in a wide range of environments with varying levels of security.

To address these challenges, organizations need to adopt a DevSecOps approach to IoT development and deployment, which integrates security into every stage of the development and delivery process. This session will explore the key principles and best practices for securing IoT devices and systems using DevSecOps.

Through this session, attendees will gain a clear understanding of the key principles and best practices for securing IoT devices and systems using a DevSecOps approach, as well as the tools and techniques that can be used to implement this approach in practice.
Speaker
avatar for Antonio Escalera

Antonio Escalera

Senior Platform Engineer, Raft
Antonio Escalara is a highly accomplished senior platform engineer with over a decade of experience in the design, development, and implementation of innovative platform architectures. Having worked with some of the largest financial services, research, and retail organizations in... Read More →
avatar for Dan Morrison

Dan Morrison

Lead DevSecOps Engineer, Raft
Dan Morrison is a lead DevSecOps engineer at Raft, working out of northwest Georgia with his dogs, ducks, cat, and wife. Over the past six years, Morrison has automated, improved, and provisioned enterprise systems within the healthcare, finance, accounting, and (recently) government... Read More →

Thursday May 11, 2023 11:30am - 12:00pm EDT
Virtual Virtual
  Presentation

12:00pm EDT

Lunch Break
Take a break, get something to eat, and rejoin us at 1:00 p.m. ET for our afternoon keynote!
Thursday May 11, 2023 12:00pm - 12:30pm EDT
Virtual Virtual
  Break

12:30pm EDT

Keynote Panel: Virtualization: Unlocking Software Modularity of Embedded Systems
Traditional avionics-embedded development requires writing software applications that are specific to hardware (HW) configurations and the operating system (OS). In the early stages of the lifecycle, this proves cumbersome because complete architectures usually need to be defined before any software development can begin. This constraint also limits reuse and refactoring during hardware end-of-life or HW refreshes, which leads to higher and longer lifetime costs. By requiring physical access to the hardware for testing, this process hinders the fundamentals of Agile, pushing the lifecycle further right.

As Digital Engineering becomes mainstream, it is increasingly critical to understand the implications of various certifying bodies and contracting support to fully utilize its associated benefits. DevSecOps designed for embedded development is a highly rigorous, complicated, and time-consuming problem to overcome. Supporting embedded systems beyond application development with matching acquisition support is crucial to unlocking their modularity.
Speaker
avatar for Nabor Felix Cortez

Nabor Felix Cortez

Engineering Supervisor, U.S. Air Force
Nabor Felix Cortez is the Product Owner (PO) for the Xanatos Gambit (XG) team within the 76 SWEG's EDDGE division at Tinker Air Force Base. The XG team is devoted to advancing embedded technologies through DevOps and Digital Engineering applications. As a defense industry professional... Read More →
avatar for Erik Williams

Erik Williams

Senior Electronics Engineer, U.S. Air Force
Erik M. Williams is a Senior Electronics Engineer at the Weapon Dynamics, Guidance, Navigation, and Control Branch of the Air Force Research Laboratory (AFRL) Munitions Directorate, Eglin Air Force Base, FL. He leads engineering and technical management activities for the Golden Horde... Read More →
avatar for Andrew House

Andrew House

Development Engineer, U.S. Air Force
Mr. Andrew House is currently a development engineer for the Xanatos Gambit team, part of the EDDGE division of the 76 SWEG at Tinker Air Force Base. With a background in process engineering, Mr. House specializes in DevSecOps for embedded software.He has been a lead for Team8, the... Read More →
avatar for Maj. Jorge Ramirez

Maj. Jorge Ramirez

Acquisition Program Manager, U.S. Air Force
Major Jorge Ramirez is an Acquisition Program Manager in the U.S. Air Force and currently assigned to the Air Force Life Cycle Management Center’s Armament Directorate. His 14-year active duty career is underscored by the rapid delivery of multiple combat capabilities. In his current... Read More →

Thursday May 11, 2023 12:30pm - 1:15pm EDT
Virtual Virtual
  Keynote

1:15pm EDT

Short Break
Thursday May 11, 2023 1:15pm - 1:25pm EDT
Virtual Virtual
  Break

1:25pm EDT

To Resiliency and Beyond! How to Engineer Survivable Systems
In this session, we'll aim to settle the debate around security versus quality, analyze historical critiques of security engineering in the new context of the 2023 National Cybersecurity Strategy, and present proven tactics for continuously delivering resilient software to critical infrastructure systems.

Earlier this year, Fathom5 became one of the first companies to successfully deploy Kubernetes and containerized microservices to a US Navy Destroyer. In addition, Fathom5 has been supporting the headquarters of the US Navy's largest systems command on adopting DevSecOps at scale for over two years. Through those experiences, we've learned what works and what doesn't work when aiming to continuously deliver software to mission-critical environments.
Speaker
avatar for Matt Wiseman

Matt Wiseman

Cybersecurity Engineer, Fathom5
Matt is a cybersecurity engineer at Fathom5. He serves as the principal security architect for government systems, the coordinator of an in-house cyber guild, and a CI/CD-subject-matter expert. Matt has a background in computer engineering. When he's not doing his day job, he works... Read More →

Thursday May 11, 2023 1:25pm - 1:55pm EDT
Virtual Virtual
  Presentation

1:55pm EDT

Short Break
Thursday May 11, 2023 1:55pm - 2:05pm EDT
Virtual Virtual
  Break

2:05pm EDT

Golfing with Dragons: Building Secure Environments for CTF Competitions
Capture-the-flag events remain one of the most popular ways to learn new skills in the information security field, but how do you securely deploy and monitor a competition that is designed to be hacked?

This talk will demonstrate how running CTF events are an exercise in applied DevSecOps practices. From threat modeling the attack surface to building hardened containers and monitoring resource utilization, we will cover how to approach running competitions that are meant to be hacked while maintaining the security of your core infrastructure and ensuring competitors enjoy the competition.
Speaker
avatar for Jared Stroud

Jared Stroud

Lead Security Engineer, The MITRE Corporation
Jared Stroud is a lead security engineer at the MITRE Corporation, focusing on tackling DevOps problems related to containers and Kubernetes. Additionally, Jared serves as an adjunct lecturer at the Rochester Institute of Technology, teaching courses related to computing security... Read More →
avatar for Daniel Szafran

Daniel Szafran

Cybersecurity Engineer, The MITRE Corporation
Daniel Szafran is a Cybersecurity Engineer for the MITRE corporation. He has a master's degree in computing security from the Rochester Institute of Technology and specializes in automated deployment.

Thursday May 11, 2023 2:05pm - 2:35pm EDT
Virtual Virtual
  Presentation

2:35pm EDT

Short Break
Thursday May 11, 2023 2:35pm - 2:45pm EDT
Virtual Virtual
  Break

2:45pm EDT

Implementing Quantum-Resistant Cryptography in Industry
Quantum computing is advancing quickly. The number of qubits in a quantum computer is increasing to make them more powerful and better algorithms are being created. Quantum computing became a real threat to cybersecurity because it can break traditional cryptosystems. If encrypted sensitive data is captured today and its encryption can be broken in four years, that still represents a big risk that affects many things, such as credit cards, which do not expire for many years, or even worse— proprietary source code. Companies need to adapt to resist what the future brings.

Some of the questions that we will discuss in the presentation include
  • How are we going to face such problems from the DevSecOps perspective?
  • How long will it be ok for source code to travel across the Internet using protocols vulnerable to quantum attacks?
  • Will we need quantum computers in the continuous integration scheme of our organizations to provide the security we need?
Speaker
avatar for Samuel Sabogal Pardo

Samuel Sabogal Pardo

Vice President, cyte.co
Samuel Sabogal Pardo graduated from the Information Networking Institute at Carnegie Mellon University’s College of Engineering. Pardo has worked in the cybersecurity field for 15 years, including as a cryptography product developer, professional hacker, and professor of quantum... Read More →

Thursday May 11, 2023 2:45pm - 3:15pm EDT
Virtual Virtual
  Presentation

3:15pm EDT

Short Break
Thursday May 11, 2023 3:15pm - 3:25pm EDT
Virtual Virtual
  Break

3:25pm EDT

DevSecOps for the Community: Building, Provisioning and Deploying CVE's Infrastructure and Services
In this session, we’ll be looking at the systems that support the CVE community. Over the past two years the CVE program has deployed the new CVE-Services API, as well as the new beta cve.org website. With the support of the community, MITRE has worked to adopt and implement DevSecOps methodologies and practices that have been a vital asset in building, provisioning, and deploying these systems that are used by CVE Numbering Authorities (CNAs), worldwide.

Some of the topics that we will discuss include:
  • The purpose of the CVE program
  • What is CVE-Services and how does it make its way from GitHub to production?
  • DevSecOps culture in the CVE program
Speaker
avatar for Shane Ficorilli

Shane Ficorilli

Senior Cyber Security Engineer, The MITRE Corporation
Shane Ficorilli is a Senior Cyber Security Engineer at MITRE on the Software Assurance Research & Practice team, specializing in DevSecOps pipeline architecture and engineering. Shane currently supports the CVE Program as the Cloud Infrastructure and DevSecOps team lead. Prior to... Read More →

Thursday May 11, 2023 3:25pm - 3:55pm EDT
Virtual Virtual
  Presentation

3:55pm EDT

Wrap Up
Wrap-up of the day's activities.
Thursday May 11, 2023 3:55pm - 4:00pm EDT
Virtual Virtual
  Plenary
 
Filter sessions
Apply filters to sessions.
Thursday, May 11
Virtual
  • Break
  • Keynote
  • Plenary
  • Presentation
  • Popular