Trust No One: Securing the Modern Software Supply Chain with Zero Trust

Can you truly trust your software supply chain? As cloud-native software development surges, threat actors increasingly target the supply chain, exploiting vulnerabilities in CI/CD pipelines, dependencies, and container images. These risks can be further amplified by human factors such as misconfigurations and flawed access control policies.

In this talk, we will explore how seemingly trusted entities within your DevOps pipelines can be exploited by threat actors. We will discuss the critical need for a proactive approach to defend against upstream threats by verifying each interaction within the system. Learn how to decipher Zero Trust principles and translate them into security controls to protect your software supply chain.

Key Objectives:

  • Understand the threat landscapes and security challenges in the software supply chain.
  • Discuss the key principles of the Zero Trust and the advantages of applying this approach to enhance the security posture of your DevOps environment and CI/CD Pipelines.
  • Lean practical guidance to defend against supply chain attacks by implementing Zero Trust Security. 

Speaker

Emma Yuan Fang

Senior Cloud Security Architect @EPAM, DevSecOps, Cloud Security Advocate, Strategist and Public Speaker, Ex-Microsoft, CISSP

Emma is a Senior Manager, Cloud Security Architect at EPAM, with extensive experience in cloud, DevSecOps, and security architecture & strategy. In her role, she designs and architects security solutions for cloud consulting projects. Formerly at Microsoft, she delivered cybersecurity projects and technical workshops to a diverse range of clients from tech startups to established FTSE 100 firms. Alongside her professional work, Emma is an international public speaker, dedicated to advocate for a more diverse workforce in cybersecurity through mentorship programs and community engagements. She is an ambassador for Google's Women Techmaker and CyberFirst NI, volunteers in the leadership team at Women in Cybersecurity (WiCyS) UK&I affiliate, lead WiCyS mentorship cohort, and serves as a member of Industry Advisory Board at the University of Buckingham.

Read more
Find Emma Yuan Fang at:

Date

Tuesday Apr 8

Share

Share Share

From the same track

Session

Securing AI Copilots: Including Supply Chain Security in AI Strategy

Details coming soon.

Speaker image - Andra Lezza

Andra Lezza

Principal Application Security Engineer @Sage, Co-Leader OWASP London Chapter, and ex-Checkout.com, Bulb, and Worldpay

Session

Secure by Design: Building Security into Engineering Workflows and Teams

Security doesn't have to be a blocker- it can be an enabler. In this session, we’ll explore how to seamlessly integrate secure development practices into engineering workflows while fostering a culture of collaboration and shared ownership.

Speaker image - Stefania Chaplin

Stefania Chaplin

Solutions Architect @GitLab