Conf42 DevSecOps 2022 - Online

December 01 2022

Subscribe Watch Premiere Watch all talks Sponsors

Other editions:

2021 2023 2024 2025

Schedule

Event	Time	Location
Premiere Show introducing all talks and sponsors		Livestream
Keynote: Making Software Bill of Materials (SBOMs) Actionable Ciara Carey Developer Relations at Cloudsmith		Livestream
Keynote: Sustainable API Management Akshata Sawant Developer Advocate at MuleSoft		Livestream
Keynote: Say Goodbye to Manual Kubernetes User Access Onboarding Kenneth DuMez Developer Relations Engineer at Teleport		Livestream
Keynote: Oops, there's somebody in my package manager! Thomas Chauchefoin Vulnerability Researcher at SonarSource		Livestream
Keynote: It’s a log eat log world. Crucial Log Management Skills for DevSecOps Arfan Sharif Lead Technical Marketing Engineer at CrowdStrike		Livestream
Keynote: Implementing True DevSecOps with People, Processes, and Technologies Stefania Chaplin Solutions Architect at GitLab		Livestream
Keynote: Staring into the data abyss: Achieving a higher level of cloud security so you can sleep better Chris Webber Engineering Director, IT and Operations at Open Raven		Livestream
All 46 talks available on demand Pick and choose what order to watch things in		Subscribe

Keynotes

Making Software Bill of Materials (SBOMs) Actionable

Software supply chain attacks using software vulnerabilities remain a key avenue of initial access for attackers Organizations had to scramble to find out if critical vulnerabilities like Log4J were running on their systems. In response, Software Bill of Materials or SBOMs are being quickly adopted by enterprises around the globe, so what are they all about? The Linux Foundation research team...

Ciara Carey

Cloudsmith

Sustainable API Management

Are you a developer or an architect who’s curious about managing and securing your API throughout its lifecycle? In that case, we’re excited to help!! With an increase in the number of APIs, it complexities associated with managing the APIs increase proportionally. We need a sustainable solution to manage our entire API lifecycle efficiently. We can achieve this with the help of MuleSoft’s...

Akshata Sawant

MuleSoft

Say Goodbye to Manual Kubernetes User Access Onboarding

This talk will focus on the challenges with configuring access control for Kubernetes clusters and why it’s so important to make Kubernetes access both simple and secure. Any engineer that has worked with Kubernetes before — either as an administrator, user or developer — knows that cluster configuration is a massive iceberg. At the tip of the iceberg, you have “just make it work.” At this...

Kenneth DuMez

Teleport

Oops, there's somebody in my package manager!

What is your worst supply chain nightmare, and why is it somebody breaking into the backend of a popular package manager? Let's explore how we got our hands on the servers behind the PHP package managers Composer and PEAR, and how we should rethink our approach to supply chain security.

Thomas Chauchefoin

SonarSource

Paul Gerste

SonarSource

It’s a log eat log world. Crucial Log Management Skills for DevSecOps

The coupling of security operations and software delivery offers a wonderful use case for logs — both to unify developers and security engineers behind a single source of truth, and to surface possible security issues at every stage of the development lifecycle. Learn how centralized log management is crucial in DevSecOps during this instructive session from a technical engineer.

Arfan Sharif

CrowdStrike

Implementing True DevSecOps with People, Processes, and Technologies

True DevSecOps requires a healthy mix of People, Process and Technology. What is the business impact of this and how can we use it to drive competitive advantage? First we must look internally, changing culture and breaking down silos. Then, look at the interactions, processes and technologies throughout our software development lifecycle. Security must shift left and be integrated throughout....

Stefania Chaplin

GitLab

Staring into the data abyss: Achieving a higher level of cloud security so you can sleep better

Public buckets, missing encryption, databases open to the internet, and an endless stream of misconfiguration tickets all keep us awake at night. How can we put an end to this? The answer lies in knowing where your data is located, what types you have, and how that data is protected. These insights make it easier for us to know what's a priority and what can be put on the backlog. Chris Webber,...

Chris Webber

Open Raven

TRACKS:

security CICD tools deep dive culture lessons learned

Track: security

Adding DAST to CI/CD, Without Any Losing Friends

Tanya Janca

We Hack Purple

Integrating Cloud Native Security into the SRE culture

Anais Urlichs

Aqua Security

How to Contain Security in your Containers

Adrian Gonzalez

Microsoft

Threat Modelling in CI/CD environments

Darren Richardson

Eficode

Who's managing the credential for your data infrastructure?

Dewan Ahmed

Aiven

Stop Committing Your Secrets - Git Hooks To The Rescue!

Dwayne McDaniel

GitGuardian

How to implement a DevSecOps pipeline with zero-trust

Evan Gertis

Inner Growth Training & Services

Kick Your Security Up a Notch with Custom Queries

Gabriel Manor-Liechtman

Jit.io

How HMRC Digital secures services at scale

Ben Conrad

HMRC

Gerald Benischke

HMRC

Open-source vulnerability management? Use the source, Luke!

Henrik Plate

Endor Labs

Taking Your DevOps Tooling To The Dark Side

Mike Guthrie

NetFoundry

How to fit Sec into DevOps without Security team

Roman Zhukov

Intel

The Power of AWS Tags (Advanced IAM Session)

Yoav Yanilov

Axiom Security

Itamar Bareket

MobiMatter

Pragmatic Security Automation and DevSecOps in the Cloud

Joshua Arvin Lat

NuWorks Interactive Labs

Track: CICD

Building Universal CI/CD Pipelines

Lionel Lonkap Tsamba

CI/CD with Github Actions

Chris Ayers

Microsoft

Level Up Your CI/CD With Smart AWS Feature Flags

Ran Isenberg

CyberArk

Track: tools

Going Beyond Metadata: Why We Need to Think of Adopting Static Analysis in Dependency Tools

Joseph Hejderup

Endor Labs

Anonymize application logs in DevOps way

Leonid Yankulin

Google

Setting up and managing GitHub actions for multiple projects in an organization

Ranjan Mohan

Menlo Security

The Observant Developer - OpenTelemetry from code to prod

Roni Dover

Digma

Track: deep dive

SOS: Sustainable Open Source

Floor Drees

Aiven

Keep Your Enemies Close and Your Secrets Closer

Audrey Long

Microsoft

DevSecOps for AI: Introducing MLSecOps for Software 2.0

Eugene Neelou

Adversa

Top 13 best security practices for Azure

Radu Vunvulea

Endava

Proactive cluster autoscaling in Kubernetes

Chris Nesbitt-Smith

UK Government

Track: culture

How to become a digital nomad without losing your job!!

Arafat Khan

Shopify

Is Technical Debt the right metaphor for Continuous Update?

Giulio Vian

Unum

Red Teaming AWS: Practice What You Preach

Josh Armitage

Contino

Role of SRE in DevSecOps

Kalyan Dhokte

Cognizant Technology Solutions

Flow Engineering - Boost velocity, quality and happiness through your entire value stream

Steve Pereira

Visible Value Stream Consulting

Humans are hard, code is easy

Tom Henricksen

Code is Easy

Track: lessons learned

The Art of Defensive Programming

Joylynn Kirui

Microsoft

A journey of the thousand binaries

Ixchel Ruiz

JFrog

Let your Kubernetes environment flourish with just the right amount of resources

Eli Birger

PerfectScale

Amir Banet

PerfectScale

The Importance of Integrating Security Measures Throughout Development

Francesco Vecchi

Debugging Schrodinger's App

DeveloperSteve Coochin

Lumigo

Building an engineering platform from the trenches

Geert-Hinke Addink

Qxperts

Hylke Stapersma

Nationale-Nederlanden

Securing the Software Factory

Jon Peck

GitHub

Diamond sponsor

Platinum sponsors

Video sponsor

Gold sponsors

Silver sponsors

Diversity sponsor

Media partners

Awesome tech events for

Priority access to all content

Video hallway track

Community chat

Exclusive promotions and giveaways

Email address

First Name

Last Name

Company

Job Title

Phone Number

Country