Agenda subject to change.

  • Registration & Networking Breakfast
  • Opening Remarks
  • Keynote
  • Transforming Government Tech: Exploring the Potential of Software Factories
    Troy Schneider TKS Strategies
    Jason Anderson NIWC Atlantic/USMC Manpower IT System Modernization (MITSM) Portfolio
    Lieutenant Colonel Gary Thompson Ops C2 Acquisition Delta (SSC/BCC)

    In today's rapidly evolving digital landscape, government agencies face unprecedented challenges in delivering efficient and citizen-centric services. To address these challenges, many government organizations are turning to innovative approaches like Software Factories. This panel session will delve into the transformative potential of Software Factories to drive digital transformation, featuring insights, experiences, and real-world case studies from our panelists. Join us as we uncover the potential of Software Factories to revolutionize government tech, empower public sector employees, and ultimately, enhance the delivery of services to citizens in the digital age.

  • Networking Break
  • Securing Tomorrow: Navigating the Future of DevSecOps
    Troy Schneider TKS Strategies
    Alex Barbato VMware by Broadcom
    Matt Glinski AFWERX
    Arjuna Rivera Atlassian

    In an era defined by digital transformation and evolving cybersecurity threats, government agencies are increasingly turning to DevSecOps as a strategic approach to software development and security integration. This session brings together a mix of vendor and government speakers to explore the future of DevSecOps and its critical role in ensuring the security and resilience of government IT systems. Join us for a forward-thinking discussion on the future of DevSecOps in government, and discover how this transformative approach is shaping the way government agencies secure tomorrow's digital landscape.

  • Networking Lunch
  • DevSecOps and the AI Revolution: Shaping Tomorrow's Tech Landscape
    Nicolas Chaillan Ask Sage
    Michelle Davis Red Hat
    Willie Hicks Dynatrace
    Major Jorge Martinez Space Launch Delta 45 Inspector General

    The convergence of DevSecOps and artificial intelligence (AI) presents unprecedented opportunities to revolutionize how government agencies develop, deploy, and secure software solutions. DevSecOps has emerged as a key paradigm for integrating security practices into the software development lifecycle, enabling government agencies to deliver secure, high-quality software at speed and scale. Concurrently, AI technologies are reshaping traditional approaches to cybersecurity, data analytics, and automation, offering new avenues for innovation and efficiency. In this session we will explore the transformative potential of this intersection and its implications for shaping tomorrow's tech landscape.

  • Procurement Power Play: Navigating Government Contracts for Innovation and Efficiency
    Bonnie Evangelista DoD Chief Digital and Artificial Intelligence Office
    Brian Morrison D2Insights LLC

    In the dynamic landscape of public sector procurement, unlocking innovation and efficiency is essential for government agencies to deliver impactful services to citizens effectively. The panel will explore various aspects of procurement, including strategic sourcing, vendor management, contract negotiation, and performance monitoring, highlighting the critical role that procurement plays in driving innovation. Through a series of engaging discussions and practical examples, attendees will learn how to identify and engage with innovative vendors and address common challenges and complexities of contracts and procurement.

  • Networking or Demo Sessions (Onsite Only)
  • Cloud Compliance: Safeguarding DevSecOps in the Cloud Era
    Paul Puckett Clarity Innovations
    Matt Conner Second Front Systems
    Justin Fanelli Department of the Navy
    Chris Hurlbutt Palo Alto Networks
    Bryon Kroger Rise8

    As government agencies increasingly adopt cloud technology to enhance agility and scalability, ensuring compliance with regulatory requirements and security standards becomes paramount. DevSecOps is instrumental in fostering a culture of continuous security and compliance. However, the migration to cloud infrastructure introduces unique challenges and considerations, including data sovereignty, shared responsibility models, and the dynamic nature of cloud environments. Join us for an enlightening discussion on how government agencies can navigate cloud compliance challenges while safeguarding DevSecOps practices in the cloud era. Discover practical strategies and solutions to ensure that security and compliance remain top priorities as agencies embark on their cloud journey.

  • Closing Remarks
  • Networking Happy Hour
  • Operationalizing Zero Trust in Containerized Workloads: A Runtime Perspective
    Marc Altschuler Aqua Security

    Embracing a Zero Trust security model in containerized workloads is a key strategy for modern cyber resilience, particularly within dynamic runtime environments. In this session, we’ll explore the intricate relationship between Zero Trust architecture and the continuous security enforcement required for containerized applications during runtime. We’ll discuss aligning Zero Trust with industry compliance standards like DISA’s Security Technical Implementation Guide (STIG) and NIST’s Special Publication (SP) 800-53, which underscore the necessity of these frameworks for maintaining a secure state in an ever-changing threat landscape. Participants will learn about the importance of Continuous Authority to Operate (cATO) principles, important for secure operations, especially in response to U.S. Executive Order 14028’s emphasis on robust cybersecurity practices. Drawing upon our experience in runtime protection, we’ll also talk about the practical application of security tools that are crucial for enforcing Zero Trust principles in real-time, including during active threat scenarios. By examining Aqua’s methodologies in the Bakery Pipeline case study, we’ll highlight the role of continuous monitoring, vulnerability management, and compliance checks as foundational elements of a Zero Trust strategy. This approach highlights proactive defense mechanisms crucial for safeguarding organizations against emerging and sophisticated cyber threats in operational workloads. Attendee Key Takeaways: • Grasp Zero Trust Principles: Understand the integration of Zero Trust within runtime environments, aligning with the stringent cybersecurity mandates. • Insight into Runtime Security and Compliance: Learn how to operationalize DISA STIG and NIST SP 800-53 controls within the real-time operational context of container workloads, enhancing security and facilitating cATO. • Defense Mechanisms Against Runtime Attacks: Gain a deeper understanding of the critical role played by continuous runtime protection strategies in maintaining resilient containerized applications against potential threats.

  • A Day in the Life of a Developer with GitLab, the Complete DevSecOps Platform

    The "Day In The Life of a Developer" demonstration is tailored to the unique needs of public sector organizations, showcasing how GitLab's comprehensive suite of tools can streamline and enhance software development processes. This session provides a deep dive into the daily workflows of developers, identifying key areas for improvement and optimization. Through detailed analysis and strategic planning, GitLab helps public sector agencies reduce inefficiencies, enhance collaboration and achieve greater accuracy and speed in their development cycles. By leveraging GitLab’s capabilities, public sector teams can effectively modernize their IT infrastructure, ensuring robust and secure application development that meets the evolving demands of their constituents.

  • Catalyzing Agility: Jira Service Management for DevSecOps
    Arjuna Rivera Atlassian

    Building on our exploration of the five transformative paths to the future of DevSecOps, this demo will showcase the power of Jira Service Management in driving cross-team collaboration and promoting agile practices within DoD and data center environments. In this session, you'll learn how Jira Service Management can create a unified platform where data flows seamlessly, enabling tools to be effortlessly integrated within an open toolchain. We will demonstrate how engineers can leverage Jira Service Management to become catalysts for agility, fostering collaboration across missions and programs. Discover how this tool enhances visibility, streamlines processes, and empowers teams to respond swiftly to changing demands. Join us to unlock the full potential of your DevSecOps initiatives with Jira Service Management, and transform your approach to collaboration, agility, and mission success.

  • Make ATO Easy with TRACER
    Bryon Kroger Rise8

    Achieve and maintain an Authority to Operate (ATO) with the only Risk Management Framework platform tailor-made for secure, agile, and compliant Continuous Delivery. Use TRACER to streamline procedures, create and assign actionable tasks, and automate evidence management. Stay current on your system compliance with real-time data ensuring you know exactly what is required and when.

  • Beyond CVEs: Uncovering Hidden Security Risks in Libraries and SDKs
    Chris Gogoel Quokka

    Libraries and SDKs present many challenges when integrating them into a secure development process, including limited visibility into how they secure your data, where they send your data, and potential zero-day issues. In this session, we will explore why simply checking for CVEs is not enough when evaluating the SDKs and Libraries to package with your app. We’ll detail real threats we’ve discovered that did not get flagged with traditional Software Composition Analysis, such as an app built by the US government that was leaking data to Russia and an analytics library consuming geo-IP information in conflict with the developer’s own stated privacy policy.

  • Security: From Code to Cloud
    Dana James Traversie Check Point

    From code to cloud, Check Point's cloud security allows you to prevent threats and prioritize risks throughout your cloud environments. Leveraging the power of a comprehensive, unified security management platform, organizations can block attacks and significantly reduce their risk profile using the best in AI-powered technology. Join us to learn why Check Point used a prevention-first cloud security approach.