April Event Round-Up and Public Speaking

Heading into April 2023 I wanted to share a few of the upcoming speaking engagements I have coming up, ranging from SaaS Security, Platform-as-a-Service (PaaS), AppSec/Compliance and Software Supply Chain Security.

Please find them below and feel free to check out any of them that may be of interest!

April Event Round-Up: Building a Compliance and AppSec Program for a Federal PaaS, Securing SaaS Applications, and Software Transparency at RSA

Friday, April 7 | Webinar: Building a Compliance and AppSec Program for a Federal PaaS

This Friday, I’ll be moderating a panel on Building a Compliance and AppSec program for a Federal Platform-as-a-Service (PaaS) alongside some experts who’ve been there.

This can be a particularly challenging endeavor — from cultural change, balancing competing priorities between Developers and Security/Compliance, and minimizing burden while maximizing velocity securely.

I’ll be joined by Keith Busby of Centers for Medicare & Medicaid Services, Bryon Kroger of Rise8, and Lloyd Evans 🌩 of Aquia to discuss these topics along with the role that cloud, security control inheritance, CI/CD and more. Register here.

Thursday, April 13 | Panel: Securing SaaS Applications

I’m also really looking forward to speaking on the topic of securing SaaS applications at ADAPT 2023 along with a great group of folks touching on SaaS Security, Binding Operational Directors (BOD)'s, and a closing keynote from none other than Jen Easterly from Cybersecurity and Infrastructure Security Agency.

I've been doing my best to spread awareness to the topic of SaaS Security for the past several years. From early articles in 2021 on CSO Online about the need for SaaS Governance and SaaSBOM's and Security to leading the publication of Cloud Security Alliance's SaaS Security Best Practices white paper.

In my book, "Software Transparency: Supply Chain Security in an Era of a Software-Driven Society," with Wiley (available for pre-order on Amazon now), I discuss at length the role that SaaS plays as an attack surface within the broader software supply chain.

Organizations have been increasingly utilizing SaaS as a critical lynchpin for business processes, workflows, collaboration and more and COVID has only accelerated that use.

However, the topic of securing SaaS is often sorely missing in our industry dialogue around Cloud Security.

Luckily, that tide is slowly changing, with SaaS Governance and Security becoming a focus.

My team at Aquia Inc. has been directly working on this problem in large complex Federal environments and gaining valuable lessons learned.

I'm looking forward to speaking on the topic and hope to see you there if you’re in the area. You can register here.

Monday, April 24 | Speaking on: Software Transparency: The Push for Software Supply Chain Security

Last, but certainly not least, I’m also excited to speak at RSA Conference DevOps Connect later this month on Software Transparency: The Push for Software Supply Chain Security. I'll be diving into a variety of topics such as the state of software supply chain attacks, emerging best practices and guidance, Open Source Software (OSS), Kubernetes and Cloud-native, and much more.

(In the event you haven’t already registered and you’d like to, here's a code you can use to waive the Expo Hall fee: 5U3TECHSTRNGXPO. Register here.)