PANEL DISCUSSION + Live Q&A
Panel: Secure Systems
In this panel, we will continue the conversation on security for the software supply chain and software security risk measurement.
Speaker
Shannon Morrison
Senior Security Engineer - Detection Engineering @Netflix
Shannon Morrison is a senior security engineer on the Detection Engineering team at Netflix, where she builds data-driven detections. Previously, she was a data scientist building anomaly detection models and a container-based machine learning platform at a Fortune 50 insurance company. She also...
Read moreFind Shannon Morrison at:
Speaker
Michael Fagan
Computer Scientist @NIST (National Institute of Standards and Technology)
Mike Fagan is a computer scientist working with the Cybersecurity for IoT Program, which aims to develop guidance toward improving the cybersecurity of IoT devices and systems. Mike holds a Ph.D. in computer science and engineering from the University of Connecticut and a bachelor’s degree...
Read moreSpeaker
Matt Jones
Vice President, Global Engineering @WindRiver
Matt Jones is responsible for the global R&D team at Wind River. In this role, he leads the delivery of innovative products that are enabling and accelerating the digital transformation of our customers across market segments, ranging from aerospace to industrial, defense to medical, and...
Read moreFind Matt Jones at:
From the same track
Securing the Development & Supply Chain of Open Source Software (OSS)
Thursday May 20 / 09:10AM EDT
Open Source Software (OSS) is everywhere today. Unfortunately, all software (OSS and not) is under attack. This talk will briefly discuss how OSS is developed & distributed as a supply chain (SC) model, which then gives insights into how OSS is attacked and some countermeasures. We then...
David Wheeler
Director of Open Source Supply Chain Security @linuxfoundation
Depending On If I Had Coffee Or Not Your Application May Be High Risk
Thursday May 20 / 10:10AM EDT
Security practitioners are often espresso'ing risk with qualitative measurements. We use broad, imprecise risk measurements such as high, medium, and low while applying them inconsistently if we haven't had our first cup. We struggle to measure if security work is driving down risk,...
Shannon Morrison
Senior Security Engineer - Detection Engineering @Netflix
Scott Behrens
Senior Security Engineer @Netflix
Application-Layer Encryption Basics for Developers
Thursday May 20 / 11:10AM EDT
Application-layer encryption should be a tool in every developer's toolbox. In this talk, I cover the basics of encryption, what are application-layer and infrastructure-layer encryption, when to use asymmetric and symmetric keys, and how to do key management. Finally, we review a...
Isaac Potoczny-Jones
Founder @Tozny & Authentication and Privacy Specialist