Tracy Bannon

It's the humans that matter...

Upstream: OSS supply chain security in the wake of Log4Shell

For years, experts have been telling the government to take stock of the software supply chain by generating software bills of materials and defining standards and policies for use. But it took a few big “oh !@#$%” moments like the SolarWinds and Colonial Pipeline breaches to get the wheels of government really turning around improving software supply chain security.

SEI DevSecOps Day Pittsburgh - #NoHobbyists

#NoHobbyists - How to Shift Security Everywhere CyberSecurity has traditionally been regarded as a function of a distinct security group. In reality, security and cyber resilient software is the responsibility of everyone in the organization. There is a well intended call to “shift security left” but no one knows how! Instead, organizations are depending on developers to become cyber-savvy on their own. Attendees will learn about why to not shift left, how to build a new security culture, and tips, tricks, and tools for moving away from security hobbyists to having experienced pros.