Breakout Session
2:45 PM - 3:15 PM (EST)
NIST Standards and the DevOps Journey: How to Jump-Start Software Security

In today's software security world, supply chain advice can be confusing. For DevOps professionals, stringing together a cohesive strategy is a challenge when you try to untangle the elements. So how do we put software supply chain security into a framework that humans understand? What if we approach this as a storytelling problem, such as the Hero's Journey? In this breakout session, Anchore's Josh Bressers will frame the discussion using the new NIST 800-161 framework, explaining the elements of software supply chain security through the lens of the Hero's Journey. Attendees will come away with: why the supply chain journey starts with leadership buy-in and planning; an understanding of what's critically important; and how to prioritize — and when to implement — technology, process, and ownership. After this session, DevOps professionals and security engineers will understand WHY software supply chain security is important and HOW to make a human-understandable plan for their organization.

Josh Bressers