07-13, 10:00–14:00 (US/Eastern), Tobin 223 (Workshop 3)
This is a hands-on workshop that provides participants with an introduction to secure software development and leveraging DevSecOps tooling to aid in this. Participants will learn about setting up a local development environment that includes security tooling. Following this, they will progress into learning how to use DevSecOps tooling within GitHub to detect security issues and flag accidentally committed secrets. The workshop will then conclude with a review of how GitHub runners and other features can be used to aid in secure deployments.
Having a GitHub account (which is free) set up in advance would be good. Optional: Have a license for Copilot or set up a 30-day trial: https://docs.github.com/en/copilot/quickstart
Andy Dennis leads the cloud and platform practice at Modus Create, which spans DevOps, build systems, internal developer platforms, cloud infrastructure, and cybersecurity. Andy has spoken at multiple BSides events around the U.S. and at the DEFCON Recon Village.
Bill Reyor is the director of security at Modus Create, specializing in DevSecOps, AI/LLM security, and software supply chain integrity. He has extensive experience in incident response and has held CISO roles in higher education. Bill leads the OWASP Connecticut chapter and contributes to the OWASP Top 10 for the LLM apps project. He co-founded Security BSides Connecticut, promoting community and knowledge since 2011. As a queer hacker, Bill champions diversity in cybersecurity to enhance problem-solving and mitigate groupthink.
github