Trust No One: Securing the Modern Software Supply Chain with Zero Trust

Can you truly trust your software supply chain? As cloud-native software development surges, threat actors increasingly target the supply chain, exploiting vulnerabilities in CI/CD pipelines, dependencies, and container images. These risks can be further amplified by human factors such as misconfigurations and flawed access control policies.

In this talk, we will explore how seemingly trusted entities within your DevOps pipelines can be exploited by threat actors. We will discuss the critical need for a proactive approach to defend against upstream threats by verifying each interaction within the system. Learn how to decipher Zero Trust principles and translate them into security controls to protect your software supply chain.

Key Objectives:

  • Understand the threat landscapes and security challenges in the software supply chain.
  • Discuss the key principles of the Zero Trust and the advantages of applying this approach to enhance the security posture of your DevOps environment and CI/CD Pipelines.
  • Lean practical guidance to defend against supply chain attacks by implementing Zero Trust Security. 

Speaker

Emma Yuan Fang

Senior Cloud Security Architect @EPAM, DevSecOps, Cloud Security Advocate, Strategist and Public Speaker, Ex-Microsoft, CISSP

Emma is a Senior Manager, Cloud Security Architect at EPAM, with extensive experience in cloud, DevSecOps, and security architecture & strategy. In her role, she designs and architects security solutions for cloud consulting projects. Formerly at Microsoft, she delivered cybersecurity projects and technical workshops to a diverse range of clients from tech startups to established FTSE 100 firms. Alongside her professional work, Emma is an international public speaker, dedicated to advocate for a more diverse workforce in cybersecurity through mentorship programs and community engagements. She is an ambassador for Google's Women Techmaker and CyberFirst NI, volunteers in the leadership team at Women in Cybersecurity (WiCyS) UK&I affiliate, lead WiCyS mentorship cohort, and serves as a member of Industry Advisory Board at the University of Buckingham.

Read more
Find Emma Yuan Fang at:

Date

Tuesday Apr 8 / 01:35PM BST ( 50 minutes )

Location

Mountbatten (6th Fl.)

Topics

software supply chain cloud security zero trust

Slides

Slides are not available

Share

Share Share

From the same track

Session security

Securing AI Copilots: Strategies and Practices for Protecting Data

Tuesday Apr 8 / 03:55PM BST

The data behind AI copilots is not only their most critical asset but also a key strategic consideration for enterprises and SMBs alike.

Speaker image - Andra Lezza

Andra Lezza

Principal Application Security Specialist @Sage, 10+ Years of Experience Building AppSec Programs, OWASP London Chapter Leader

Session

Secure by Design: Building Security into Engineering Workflows and Teams

Tuesday Apr 8 / 02:45PM BST

Security doesn't have to be a blocker- it can be an enabler. In this session, we’ll explore how to seamlessly integrate secure development practices into engineering workflows while fostering a culture of collaboration and shared ownership.

Speaker image - Stefania Chaplin

Stefania Chaplin

Founder & CEO @DevStefOps, Previously Solutions Architect @GitLab, AWS Certified Security - Speciality

Session open source

Empower Your Developers: How Open Source Dependencies Risk Management Can Unlock Innovation

Tuesday Apr 8 / 11:45AM BST

As security practitioners, we face the challenge of driving innovation whilst needing to balance security risks.

Speaker image - Celine Pypaert

Celine Pypaert

Vulnerability Manager @Johnson Matthey

Session supply chain security

Supply Chain Security and the Real World: Lessons From Incidents

Tuesday Apr 8 / 10:35AM BST

Supply chain security is becoming more and more important, but it is often talked about in abstract and general terms that do little to help the average organization.

Speaker image - Adrian Mouat

Adrian Mouat

Technical Community Advocate @Chainguard, Complainer of Supply Chain Security & Author of "Using Docker"

Session

Unconference: Resilient Engineering Practices for Security Against Modern Threats

Tuesday Apr 8 / 05:05PM BST