Loading…
Join us on the slack channel for live discussion with the speakers and your peers.
All times shown are EASTERN DAYLIGHT TIME (GMT-4).

TO VIEW A SESSION, MOUSE OVER THE TITLE AND SELECT "CLICK TO VIEW THIS SESSION"
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, June 6
 

8:50am

Welcome and Overview
Click to watch this session

Welcome from the hosts of the Nexus User Conference, Derek Weeks and Mark Miller, including a brief overview of what to expect during the first day of sessions.

Speakers
avatar for Mark Miller, Sonatype

Mark Miller, Sonatype

Senior Storyteller
I build massive online community projects. The most recent project is All Day DevOps, with 32,927 registrations.Malcom Gladwell would call me "A Connector". Wherever I go, one of the things I am most happy with is the ability to introduce people to each other, making connections where... Read More →
avatar for Derek Weeks, Sonatype

Derek Weeks, Sonatype

VP and DevSecOps Advocate
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevSecOps practices... Read More →


Wednesday June 6, 2018 8:50am - 9:00am
Live, Online

9:00am

DevSecOps is Not Lipstick on a Pig
Click to watch this session

There are a lot of DevSecOps tools that are just new DevOps lipstick on a traditional security tool pig. Tools that don't give results for hours or sometimes days or lack the ability to integrate well with the dev team's other tools and practices are a non-starter. What's needed to add security to DevOps are tools that must be able to do their job within a rapid-cycle CI/CD pipeline.

This is disruptive to the entire security tool landscape. This talk lays out the security tool categories that have traditionally been used by development teams and describes the characteristics of ones that fit as ones that don't fit in a DevOps world.

Further, the talk presents a novel approach to evaluating DevSecOps tools and the results of using this evaluation approach on a subset of the most popular tools currently in the market.

Speakers
avatar for Larry Maccherone, Comcast

Larry Maccherone, Comcast

DevSecOps | Lean/Agile | Analytics
Larry Maccherone is an industry-recognized thought leader on DevSecOps, Lean/Agile, and Analytics. He currently leads the DevSecOps transformation at Comcast. Previously, Larry led the insights product line at Rally Software where he published the largest ever study correlating development... Read More →


Wednesday June 6, 2018 9:00am - 9:30am
Live, Online

9:30am

Open Source Developers And Infrastructure Are The New Front Line Of Security
Click to watch this session

To succeed in today's marketplace, companies need to innovate, driving everyone from tractor manufacturers to airlines to become software development shops. The pace of innovation precludes building everything from scratch, resulting in 80-90% of a modern application consisting of open source components. This translates to global downloads of open source components in the tens of billions. For the last 5 years there has been a rapidly increasing escalation of attacks leveraging the open source ecosystem, culminating in 2018 with the direct hijacking of publisher credentials and the publishing of malicious components. I'll talk about the unfolding events, what it means for the future and how you should think about protecting yourself.


Speakers
avatar for Brian Fox, Sonatype

Brian Fox, Sonatype

CTO
Co-founder and CTO, Brian Fox is a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin, he has over 20 years of experience driving the... Read More →


Wednesday June 6, 2018 9:30am - 10:00am
Live, Online

10:00am

The Sonatype Story
Click to watch this session

Wayne Jackson, CEO of Sonatype, has a unique perspective on the direction of security in the software industry. He'll give his insights as to where automated software security is headed and his vision of how the Nexus Platform fits into that picture.

Speakers
avatar for Wayne Jackson, Sonatype

Wayne Jackson, Sonatype

CEO
Wayne is the CEO of Sonatype, a role he has held since 2010. Prior to Sonatype, Wayne served as the CEO of open source network security pioneer Sourcefire, Inc. (NASDAQ:FIRE), which he guided from fledgling start-up through an IPO in March of 2007, later acquired by Cisco for $2.7... Read More →


Wednesday June 6, 2018 10:00am - 10:30am
Live, Online

10:45am

The Nexus Repository You Don't Know: Insights from the Product Owner
Click to watch this session

In this session, Michael Prescott will give a sneak peek at features you might not know exist in Nexus Repository. You can't get closer to the source than in this session with Michael... he's the Product Owner.

Speakers
avatar for Michael Prescott, Sonatype

Michael Prescott, Sonatype

Product Owner, Nexus Repository
Michael is product owner of the Nexus Repository


Wednesday June 6, 2018 10:45am - 11:15am
Live, Online

11:15am

ABN AMRO DevSecOps Journey
Click to watch this session

Hear how ABN-AMRO utilizes Nexus Lifecycle as part of their end-to-end CI/CD pipeline. Stefan starts by stating the business case for CI/CD and the challenges his team was trying to overcome. Included are the metrics and measurements used to gauge the success of the project. 

Speakers
avatar for Stefan Simenon , ABN-AMRO

Stefan Simenon , ABN-AMRO

Head of Centre of Expertise Software Development & Tooling
Stefan is an IT professional passionate about topics such as Continuous Integration Continuous Delivery, Software Quality, Tooling, DevOps and the management of the cultural, organizational, team and technological changes associated with these approaches.Next to above interest Stefan... Read More →
avatar for Wiebe de Roos, ABN-AMRO

Wiebe de Roos, ABN-AMRO

CI/CD Consultant / Engineer
Wiebe de Roos is a very enthusiastic IT consultant. He studied Communications and Multimedia Design in Maastricht (NL) and attended a part-time study Master of Management and ICT besides his job.During the last 10 years he worked for different customers in The Netherlands and abroad... Read More →


Wednesday June 6, 2018 11:15am - 11:45am
Live, Online

11:45am

The Nexus Platform: DevSecOps for 1000 Apps in 30 Days
Click to watch this session

This talk will walk you through the journey of how Capital Group utilizes the Nexus Platform as part of their DevSecOps CI/CD pipeline. This session will start with the business use cases, challenges, and needs for Nexus Platform. Followed by the detail implementation of Nexus Lifecycle that addresses all the challenges and becomes part of the DevSecOps CI/CD pipeline. You will also hear how Hiep and his team were able to leverage automation to onboard 1000 apps to use the Nexus Platform in their existing CI/CD pipeline.

Speakers
avatar for Hiep Tran, Capital Group

Hiep Tran, Capital Group

Sr. Technology Engineering Lead
Hiep Tran is Sr. Technology Engineering Lead and DevSecOps Solutions Engineer who is passionate about leading-edge distributed computing platforms and has an obsession with efficiency using automation and a DevSecOps CI/CD pipeline. In his current role, Hiep is responsible for architecting... Read More →


Wednesday June 6, 2018 11:45am - 12:15pm
Live, Online

12:15pm

Immutable Infrastructure as Artifacts: Nexus as a Single Point of Control
Click to watch this session

Mykel will talk about how Nexus Repository is used as part of the Cotivi healthcare solution.

Speakers
avatar for Mykel Alvis, Cotiviti

Mykel Alvis, Cotiviti

DevOps Computational Demonologist
Mykel Alvis has had 4 decades of working in software development to arrive at the hot mess that he is today. His career has covered essentially every phase of the software delivery lifecycle, including support, operations, testing, architecture and management. Mykel currently coaches... Read More →


Wednesday June 6, 2018 12:15pm - 12:45pm
Live, Online

1:30pm

What You Don't Know About Nexus Lifecycle - Updates from the Product Owner
Click to watch this session

Jamie Whitehouse is the Product Owner for Nexus Lifecycle. In this session he'll review features and capabilities you may not be aware of, and why it's good to upgrade at least quarterly.

Speakers
avatar for Jamie Whitehouse, Sonatype

Jamie Whitehouse, Sonatype

Product Owner, Nexus Lifecycle
Jamie Whitehouse is Coffee Boy at Sonatype, doing what it takes to make our teams and product successful. Despite being from Ontario, Canada, he doesn't follow hockey, but does enjoy building with Lego.


Wednesday June 6, 2018 1:30pm - 2:00pm
Live, Online

2:00pm

Automating Security with the Nexus Platform
Click to watch this session

The world of DevOps presents a unique and unprecedented opportunity for Security teams to engage with developers and IT Operations to deliver high quality secure software to consumers. When Security teams integrate and collaborate with DevOps teams the entire organization reaps significant benefits.
This session will dig into the idea that “Agile” may not be agile enough in a world where external actors threaten the security and stability or organizations on a day to day basis. As new vulnerabilities are discovered quick remediation often becomes an unnecessary fire-drill. With a well-tuned, documented, and understood “DevSecOps”pipeline, vulnerabilities in both underlying operating systems and custom code bases can be resolved or mitigated quickly and re-deployed into a production environment in minutes.
If your Development teams can deploy “50 times before breakfast”, or seeks the maturity to do so, then it is essential that your business understands how rapid and continuous releases, continuous SDLC operational KPI’s, and DevOps maturity can reduce risk in your business and how introducing a bit of chaos into your resilient infrastructure brings security benefits. Join DJ as he discusses how to turn skepticism and caution of DevOps into adoption and understanding

Speakers
avatar for DJ Schleen, Aetna

DJ Schleen, Aetna

DevOps Security Architect
DJ is a DevOps Security Architect at a large healthcare organization, assisting them though their journey of digital transformation and containerization. He specializes in automating security controls in DevOps environments and is a hacker by training – doing significant R&D work... Read More →


Wednesday June 6, 2018 2:00pm - 2:30pm
Live, Online

2:30pm

CI/CD and Nexus at the NIH, National Cancer Institute
Click to watch this session

Sarah Elkins, Configuration Manager at General Dynamics, talks about integrating the Nexus Platform into the solutions at GD 

Speakers
avatar for Sarah Elkins, General Dynamics

Sarah Elkins, General Dynamics

Configuration Manager
Extensive experience in configuration management and sustainable software development, including version control, build and deploy automation, standards and training development, and process facilitation for change and release management. ITIL Expert. Occasional pager duty and light... Read More →


Wednesday June 6, 2018 2:30pm - 3:00pm
Live, Online

3:00pm

Quick Wins for Securing Continuous Delivery
Click to watch this session

Jim Bird has been investigating where teams should start if they want to improve (or introduce) security into DevOps/CD workflows and pipelines. Where can they get the biggest bang for their investments to demonstrate quick and clear results?  One of these is managing dependencies (identifying them, checking for vulnerabilities, tracking them…) . Jim will talk about his investigations and describe how you can get started managing your open source dependencies..

Speakers
avatar for Jim Bird, BIDS Trading

Jim Bird, BIDS Trading

CTO
I have been building and supporting software for more than 25 years. For the last 15 years I have been leading and managing teams building and implementing electronic trading engines for stock exchanges and investment banks around the world.Specialties: Software development management... Read More →


Wednesday June 6, 2018 3:00pm - 3:30pm
Live, Online

3:45pm

Making Nexus Repository Manager More Helpful
Click to watch this session

When you use the Nexus Repository Manager UI, you’re trying to get work done. In this session, we talk about our efforts to make the welcome page more helpful and give an overview of the feedback we’ve received. You’ll see how that feedback has shaped the product over the past year, and how you can get more involved in the future.

Speakers
avatar for Daniel Sauble, Sonatype

Daniel Sauble, Sonatype

User Experience Product Owner
I’m a product designer who takes great care in understanding user needs, translating those needs into conceptual solutions, prototyping the solutions in code, and iterating as needed.
avatar for Shade Solon, Sonatype

Shade Solon, Sonatype

Senior UX Researcher
Shade Solon is the UX Research Product Owner at Sonatype where she connects customers with product teams and works on initiatives focused on providing quality customer experiences in Sonatype products. As an advocate for human-centered design, Shade incorporates customer perspectives... Read More →


Wednesday June 6, 2018 3:45pm - 4:15pm
Live, Online

4:15pm

Rolling Out Nexus in a Large Organization
Click to watch this session

What does it take to rollout Nexus in a large organization. Not just any organization, an international one such as Delta Airlines. Chris and Jasmine will talk about how they integrated Nexus into their DevOps initiatives at Delta.

Speakers
avatar for Chris Bolton, Delta Airline

Chris Bolton, Delta Airline

Senior Engineer
Chris Bolton became interested in Computer Science during his middle school years where he created his first static HTML webpage .Now he is working as a Development Tools engineer at Delta Air Lines to enable developers in CI/CD. Chris Bolton has a back ground in application development... Read More →
avatar for Jasmine James, Delta Airlines

Jasmine James, Delta Airlines

Development Tools Engineer
Jasmine James is a Development Tools Engineer at Delta Air Lines, where she administers, documents and supports the development tools to enable the faster delivery of quality software. Before Delta, Jasmine was a subject matter expert in automated acceptance testing for web and mobile... Read More →


Wednesday June 6, 2018 4:15pm - 4:45pm
Live, Online

4:45pm

Towards Personalised Precision Medicine - A Technical Overview
Click to watch this session

Genome. One researches Disease Diagnostics, Discovery Genomics, Personal Health Genomics and Precision Health Applications. Software innovation is central to these efforts and Nexus Repository and Nexus IQ Server are utilized to automatically enforce licensing, security,  and governance policies with respect to open source components.

Speakers
avatar for Tudor Groza, Genome.One

Tudor Groza, Genome.One

CTO
Specialties: Deep phenotyping, Genomics, Knowledge Representation, Text Mining, Machine Learning, Micro-services, AWS, Kubernetes.


Wednesday June 6, 2018 4:45pm - 5:15pm
Live, Online

5:15pm

Kaiser Permanente: Eliminating Vulnerable Libraries Before They Enter Your DevOps Pipeline
Click to watch this session

Abstract - Open source comprises over 90% of new applications at Kaiser Permanente Hospital & Health Care.  The development team at Kaiser Permanente IT has built an internal system for evaluating open source libraries and components during the planning phase of a new application. Their in-house solution filters and eliminates open source frameworks with known vulnerabilities before they are even downloaded!. This provides a significant savings in time and development resources before a project is built.  In this presentation, Xin Xu, Development Manager at Kaiser Permanente IT, will show how you can build a similar system using an internal web page integrated with Nexus Firewall and IQ Server.

Speakers
avatar for Xin Xu, Kaiser Permanente

Xin Xu, Kaiser Permanente

Development Manager
Xin is the Development Manager at Kaiser Permanente. His team is responsible for providing web facing products to over 200,000 users.


Wednesday June 6, 2018 5:15pm - 5:45pm
Live, Online

5:45pm

The Daily Roundup
Click to watch this session

Review of today's sessions, overview and logistics for tomorrow.

Speakers
avatar for Mark Miller, Sonatype

Mark Miller, Sonatype

Senior Storyteller
I build massive online community projects. The most recent project is All Day DevOps, with 32,927 registrations.Malcom Gladwell would call me "A Connector". Wherever I go, one of the things I am most happy with is the ability to introduce people to each other, making connections where... Read More →
avatar for Derek Weeks, Sonatype

Derek Weeks, Sonatype

VP and DevSecOps Advocate
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevSecOps practices... Read More →


Wednesday June 6, 2018 5:45pm - 6:00pm
Live, Online
 
Thursday, June 7
 

8:50am

Welcome, Review and Overview
Click to watch this session

Welcome to the second day of the Nexus User Conference. We'll start with a quick overview of the previous day's session and give a brief overview of what to expect on the second day.

Speakers
avatar for Mark Miller, Sonatype

Mark Miller, Sonatype

Senior Storyteller
I build massive online community projects. The most recent project is All Day DevOps, with 32,927 registrations.Malcom Gladwell would call me "A Connector". Wherever I go, one of the things I am most happy with is the ability to introduce people to each other, making connections where... Read More →
avatar for Derek Weeks, Sonatype

Derek Weeks, Sonatype

VP and DevSecOps Advocate
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevSecOps practices... Read More →


Thursday June 7, 2018 8:50am - 9:00am
Live, Online

9:00am

Nexus Platform Integration w/ Electric Cloud
Click to watch this session

John and Damon Edwards helped bring the DevOps Days movement to the United States. He's now globally evangelizing DevSecOps Days, putting security at the center of the DevOps pipeline. In the presentation, John will give an overview of how to quickly build a secure developer environment using the Nexus Platform integrated with Electric Cloud.

Speakers
avatar for John Willis, SJ Technologies

John Willis, SJ Technologies

Vice President of Devops and Digital Practices
John Willis is Vice President of Devops and Digital Practices at SJ Technologies. Prior to SJ Technologies, John was Director of Ecosystem Development for Docker, he joined Docker when the company he co-founded (SocketPlane, which focused on SDN for containers) was acquired in March... Read More →


Thursday June 7, 2018 9:00am - 9:30am
Live, Online

9:30am

Fannie Mae: Scaling the DevOps Enterprise
Click to watch this session

Barry talks about the DevSecOps journey at Fannie Mae, and how they've been able to implement DevSecOps at scale.

Speakers
avatar for Barry Snyder, Fannie Mae

Barry Snyder, Fannie Mae

Leader | Innovator | Technologist
Accomplished enterprise change leader delivering lean, creative, innovative solutions.Envisioned and led enterprise IT transformation strategies delivering enterprise Agile & DevOps product platforms, IT process transformation, and building IT service portfolios from the ground up... Read More →


Thursday June 7, 2018 9:30am - 10:00am
Live, Online

10:00am

CI/CD Platform in AWS with Terraform, Ansible & Docker
Click to watch this session

This talk will walk you through how to setup a CI/CD Pipeline in AWS using Infrastructure as Code tools like Terraform, usage of configuration management tools like Ansible to provision infrastructure, and Docker Swarm to deploy isolated containers on top. You will learn also how to manage your Docker images in Nexus Registry and how to cleanup unused Docker images with Nexus CLI. Followed by some best practices and recommendations of deploying applications in AWS.

Speakers
avatar for Mohamed Labouardy, FoxIntelligence

Mohamed Labouardy, FoxIntelligence

AWS Solution Architect | DevOps Engineer
Senior Software Engineer/DevOps - 3x AWS Certified - Scrum Master Certified - #Containers #Serverless #Gopher #Alexa #NLP #DistributedSystems #Android - Blogger & writer at Medium, DZone, Hackernoon & A Cloud Guru - Open Source Contributor (DialogFlow, Jenkins, Docker, Nexus, Telegraf... Read More →


Thursday June 7, 2018 10:00am - 10:30am
Live, Online

10:00am

Build Better Component Practices: Crawl. Walk. Run.
Click to watch this session

Whether you're just getting started or attempting to take the next step in improving your organization's Open Source processes, there are lessons you can learn from your peers. Chris Carlucci, Lead Customer Success Engineer, shares his team's experiences and lessons learned through assisting organizations in their journey towards building better component practices.

The session will focus on:

- How to assess which stage your company is in
- Where to begin or how to take the next step in the process
- Helpful guidance on what to consider at each step


Speakers
avatar for Chris Carlucci, Sonatype

Chris Carlucci, Sonatype

Lead Customer Success Engineering


Thursday June 7, 2018 10:00am - 10:30am
Live, Online

10:45am

From the Source: Nexus Platform Integrations
Click to watch this session

What are something of the coolest integrations you can play around with on the Nexus Platform, In this session, Justin shows you his favorite solutions and talks about how you can submit your own integrations for the Nexus Exchange.

Speakers
avatar for Justin Young, Sonatype

Justin Young, Sonatype

Product Owner, Strategic Integrations
Justin runs the strategic integrations team at Sonatype. He's they guy you want to talk with if you're looking at how to integrate various tools and plugins into the Nexus Platform.


Thursday June 7, 2018 10:45am - 11:15am
Live, Online

10:45am

Operating Without an OSS License? That Could Be Dangerous!
Click to watch this session

Are you operating without a license?  That could be dangerous!  In this session, Jerry and Melanie hope to raise your awareness of OSS licensing, and why it is important to you when using Open Source software.  

After the presentation, you will be able to answer:
  • What is OSS licensing, and more importantly, why do I care?
  • What do I really need to know to get started?
  • What are the woes of those who didn't care (or were unaware)?
  • How can Sonatype's Nexus Lifecycle help you?

Speakers
avatar for Jerry Gergel, Sonatype

Jerry Gergel, Sonatype

Customer Success Engineer
Jerry is a member of the Sonatype Customer Success team and is based in southeast Michigan near Detroit.  He has over 20 year experience working with software development companies in a variety of customer facing roles.  With a focus in application lifecycle management, the majority... Read More →
avatar for Melanie Latin, Sonatype

Melanie Latin, Sonatype

Sr. Instructional Designer
Melanie is a newest member of the Sonatype Customer Education Team. She has dedicated the past 15 years to developing results-oriented, blended learning solutions and training programs in both corporate and higher education settings. Melanie is part of the team that creates self-service... Read More →


Thursday June 7, 2018 10:45am - 11:15am
Live, Online

11:15am

Automated Container Security Nexus and Twistlock
Click to watch this session

Twistlock andSonatype have teamed up to provide a solution for managing security in containers. John will walk us through the integration.

Speakers
avatar for John Morello, Twistlock

John Morello, Twistlock

CTO
John Morello is the Chief Technology Officer at Twistlock. As CTO, John leads the work with strategic customers and partners and drives the product roadmap. Prior to Twistlock, John was the CISO of Albemarle, a Fortune 500 global chemical company. Before that, John spent 14 years... Read More →


Thursday June 7, 2018 11:15am - 11:45am
Live, Online

11:15am

Steps to Success with the Nexus Platform
Click to watch this session

Want to learn how to have a successful Sonatype deployment? Join Fernando Cremer, Customer Success Engineer at Sonatype, to learn common traits among the Sonatype customer base that have successful deployments. At the conclusion of this session you have a clearer understanding of what you can do in your company to encourage successful deployment of the Nexus Platform.

Speakers
avatar for Fernando Cremer, Sonatype

Fernando Cremer, Sonatype

Customer Success Engineer
Fernando Cremer has been helping customers for over 15 years in various roles such as Technical Support, Consulting, Product Management, Pre Sales and most recently, Customer Success. Fernando Cremer joined Sonatype on July of 2017 and worked previously for ServiceNow, Serena Software... Read More →


Thursday June 7, 2018 11:15am - 11:45am
Live, Online

11:45am

11:45am

Objective Learning: Educational Resources to Make you a Kickass Nexus User.
Click to watch this session

In this discussion, we’re going to talk about how the Sonatype Customer Education team is working to help make you a kickass Nexus user. We’re redefining our model to focus on the success and happiness of our customers. This session will show you who we are, how we develop our content, and where you can find it. At the end, we’d love to get your ideas on what we should work on next.

When this session is over, you’ll walk away with:
  • A newfound knowledge of how the Sonatype team is working for your success. We have the best users and we’re committed to providing the best educational resources to help you become a Nexus Champion.
  • An expert understanding of what we’re developing. Not only have you learned where to find Learning Center materials from the Customer Education team, but you’ve also discovered our vast range of resources from support, online help, blogs, and community.
  • A thirst to learn more. We’ve opened your eyes to what’s out there, and you’re excited to check out these available resources and then provide your expert input on what we should work on next.

Speakers
avatar for Brianne Strozewski, Sonatype

Brianne Strozewski, Sonatype

Senior Content Developer
What educational content is available for the Nexus Platform? Brianne will walk you through the available content and resources that can smooth out your Nexus journey.


Thursday June 7, 2018 11:45am - 12:15pm
Live, Online

12:15pm

The CI/CD Pipeline in the Age of Containers
Click to watch this session

Curt and Siamak start with a reference implementation of a CI/CD pipeline running in OpenShift where we show how to secure containers as they are being built. The project is available on GitHub and atttendees will learn how to run Jenkins with ephemeral agents with an example pipeline to secure application before being published to Nexus. Included is an example of how to use ‘staging’ in Nexus to ensure only validated containers can be published to production environments.


Speakers
avatar for Siamak Sadeghianfar, Red Hat

Siamak Sadeghianfar, Red Hat

Principal Product Marketing Manager
Siamak Sadeghianfar is Technical Product Marketing Manager for OpenShift at Red Hat and passionate about app dev, middleware, containers, microservices, and DevOps and how they can be used to solve business problems quicker with less friction and more fun. A developer at heart, Siamak's... Read More →
avatar for Curtis Yanko, Sonatype

Curtis Yanko, Sonatype

DevOps Evangelist and Coach
I work with organizations and large enterprises to help integrate automated security into their DevOps initiatives. With 18 years’ experience in Application Development and Delivery practices Curtis has become a leading evangelist for DevSecOps in the enterprise. My career has matured... Read More →


Thursday June 7, 2018 12:15pm - 12:45pm
Live, Online

12:15pm

A Dive into Reference Governance Policies for Nexus Lifecycle
Click to watch this session

Sonatype's Nexus Lifecycle is easy to stand up and start scanning application, however, if you are not already a license or security expert, understanding the complete list of preconfigured reference policies can be daunting.  In this session, we will simplify the reference policy set, drill into how the more complex policies tick, and review some common modifications that may better work for your team.  We might even see a best practice or two because everyone likes those, right?


Speakers
avatar for Chris Tolo, Sonatype

Chris Tolo, Sonatype

Customer Success Engineer
Chris enjoys walks on San Diego beaches, brewing/drinking rich meads and dark stouts, and playing video games with his daughter.  During the rest of his time, he works with the Customer Success team at Sonatype to integrate the Nexus Platform into customer's DevOps pipeline... Read More →


Thursday June 7, 2018 12:15pm - 12:45pm
Live, Online

1:30pm

Vulnerability Scanning is Just the Beginning: Don't Stumble with Remediation
Click to watch this session

You’ve scanned all your applications, but what’s the next step with the security vulnerability and licensing information you now have? Tom Tapley, Customer Success Engineer, shows tips on setting goals and developing remediation processes to ensure you achieve those goals.

After this session you will have a clear path forward so that you don’t stumble with remediation.

Speakers
avatar for Tom Tapley, Sonatype

Tom Tapley, Sonatype

Customer Success Engineer
Tom Tapley is a Customer Success Engineer at Sonatype and has 20 years of experience providing consulting and software development services to Federal agencies. In the past few years he has focused on integrating agile and DevOps processes and methodologies into quality management... Read More →


Thursday June 7, 2018 1:30pm - 2:00pm
Live, Online

2:00pm

The Foundational Nature of Artifact Repositories in a DevSecOps Toolchain
Click to watch this session

Helen Beal gives an overview of why artifact repositories are critical to your DevSecOps pipeline.

Speakers
avatar for Helen Beal, Ranger4

Helen Beal, Ranger4

DevOpsologist
Helen Beal has twenty years’ experience working in the technology industry with a focus on the Software Development Lifecycle for a wealth of cross industry clients in the UK and abroad. Helen is passionate about DevOps and is the creator of the Ranger4 DevOps LiftOff Workshop and... Read More →


Thursday June 7, 2018 2:00pm - 2:30pm
Live, Online

2:00pm

Leveraging the Nexus Platform in a CI/CD pipeline
Click to watch this session

This session will go through an example architecture for a CI/CD pipeline with the Nexus Platform.  Get some pointers for your DevSecOps journey and gain ideas on how to improve the performance of your organization.

Speakers
avatar for Arsenie Jurgenson, Sonatype

Arsenie Jurgenson, Sonatype

Customer Success Engineer
Arsenie is a customer success engineer at Sonatype and a fan of all things DevOps.  Loves being involved in IT transformations at large enterprises, experience with Microservice Architectures, Container Orchestration Platforms, Data Virtualization and CI/CD tech stacks.


Thursday June 7, 2018 2:00pm - 2:30pm
Live, Online

2:30pm

DevSecOps Community Survey Analysis
Click to view the session

Discussion of DevSecOps Community Survey Results

Speakers
avatar for Helen Beal, Ranger4

Helen Beal, Ranger4

DevOpsologist
Helen Beal has twenty years’ experience working in the technology industry with a focus on the Software Development Lifecycle for a wealth of cross industry clients in the UK and abroad. Helen is passionate about DevOps and is the creator of the Ranger4 DevOps LiftOff Workshop and... Read More →
avatar for James Wickett, Signal Sciences

James Wickett, Signal Sciences

Head of Research
James is an innovative thought leader in the DevOps and InfoSec communities and has a passion for helping big companies work like startups to deliver products in the cloud. He got his start in technology when he ran a Web startup company as a student at University of Oklahoma and... Read More →
avatar for Mark Miller, Sonatype

Mark Miller, Sonatype

Senior Storyteller
I build massive online community projects. The most recent project is All Day DevOps, with 32,927 registrations.Malcom Gladwell would call me "A Connector". Wherever I go, one of the things I am most happy with is the ability to introduce people to each other, making connections where... Read More →
avatar for Derek Weeks, Sonatype

Derek Weeks, Sonatype

VP and DevSecOps Advocate
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevSecOps practices... Read More →


Thursday June 7, 2018 2:30pm - 3:00pm
Live, Online

3:00pm

The Path of DevOps Enlightenment for Infosec
Click to watch this session

Security as we have known it has completely changed. Through challenges from the outside and from within there is a wholesale conversion happening across the industry where DevOps and Security are joining forces. This talk is a hybrid of inspiration and pragmatism for dealing with the new landscape.

Speakers
avatar for James Wickett, Signal Sciences

James Wickett, Signal Sciences

Head of Research
James is an innovative thought leader in the DevOps and InfoSec communities and has a passion for helping big companies work like startups to deliver products in the cloud. He got his start in technology when he ran a Web startup company as a student at University of Oklahoma and... Read More →


Thursday June 7, 2018 3:00pm - 3:30pm
Live, Online

3:45pm

Intuit: Red Teaming with Nexus
Click to watch this session

As one of the major voices and leaders in the DevSecOps community, Shannon has been at the forefront of the movement since it's inception. In this session, she will discuss how Intuit uses the Nexus Platform to track down and manage open source vulnerabilities as part of the Red Team initiative.

Speakers
avatar for Shannon Lietz, Intuit

Shannon Lietz, Intuit

Red Team and DevSecOps Lead
Award winning leader in security innovation with experience developing emerging security programs for Fortune 500 companies: Intuit, ServiceNow, Sony, Sempra Energy, Savvis, Cable and Wireless, 99 Cents Only, Exodus, Bank of America, among others internationally. Received the Scott... Read More →


Thursday June 7, 2018 3:45pm - 4:15pm
Live, Online

4:15pm

The "Ops" Side of DevSecOps
Click to watch this session

In DevSecOps, where does the "Ops" come in? That's what Damon is all about. In this talk, he'll discuss how he approaches the ops side of the equation. 

Speakers
avatar for Damon Edwards, RunDeck

Damon Edwards, RunDeck

DevOps and Operations
Damon Edwards is a Co-Founder and Vice President of Solution Advocacy for SimplifyOps, a provider of support and services for Rundeck users. Damon Edwards is also a co-founder of DTO Solutions, a consultancy where his focus is business and technology alignment and applying Lean and... Read More →


Thursday June 7, 2018 4:15pm - 4:45pm
Live, Online

4:45pm

Removing License and Security Risk for CD with IQ Server
Click to watch this session

Tasktop delivers software to 43 of the Fortune 100, 11 of the top banks in the world, six of the top six health plans and four of the top ten US insurance companies. Delivering software to these companies sets a high bar for our open source software security and licensing governance. Without automation this process can hinder our ability to scale and deliver software quickly.  In this talk I will cover how Tasktop has leveraged IQ Server in our continuous delivery pipeline to reduce the security risk and enforce licensing policies of the open source software we distribute in Tasktop Integration Hub.


Speakers
avatar for David Slater, TaskTop

David Slater, TaskTop

Engineering Manager
David is the Manager of Engineering at TaskTop.


Thursday June 7, 2018 4:45pm - 5:15pm
Live, Online

5:15pm

We Are All Equifax
Click to watch this session

In March 2017, hackers took three days to identify and exploit a new vulnerability in Equifax’s web applications. In the post-Equifax world, moving new business requirements (e.g., a non-vulnerable version of Struts2) into production in under three days might just be your new normal. Join this session to better understand how DevSecOps teams are applying lessons from W. Edwards Deming (circa 1982), Malcolm Goldrath (circa 1984) and Gene Kim (circa 2013) to improve their ability to respond to new business requirements and cyber risks.

Learning Outcomes:
  1. What our analysis of 17,000 applications reveals about the quality and security of software built with open source components
  2. How organisations like PayPal, Intuit, Fannie Mae and the Department of Defense are utilising the DevOps principles of software supply chain automation
  3. Why avoiding open source components and containers over 3 years old might be a really good idea
  4. How to balance the need for speed with quality and security early in the development lifecycle
  5. Leverage these insights to understand how your organisation's application of DevOpsSec practices compare to others

Speakers
avatar for Derek Weeks, Sonatype

Derek Weeks, Sonatype

VP and DevSecOps Advocate
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevSecOps practices... Read More →


Thursday June 7, 2018 5:15pm - 5:45pm
Live, Online

5:45pm

Conference Wrap Up
Click to watch this session

So where do we go from here? We round out the conference with a brief summary of what was learned and how to access the session recordings as they are published. 

Speakers
avatar for Mark Miller, Sonatype

Mark Miller, Sonatype

Senior Storyteller
I build massive online community projects. The most recent project is All Day DevOps, with 32,927 registrations.Malcom Gladwell would call me "A Connector". Wherever I go, one of the things I am most happy with is the ability to introduce people to each other, making connections where... Read More →
avatar for Derek Weeks, Sonatype

Derek Weeks, Sonatype

VP and DevSecOps Advocate
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevSecOps practices... Read More →


Thursday June 7, 2018 5:45pm - 6:00pm
Live, Online