DevSecCon Community Call - Getting Started in DevSecOps
I share some insights on how to integrate tooling from the GitHub marketplace on your projects, use ChatOps and GitHub boards, implement Dependabot and GitHub actions.
Sonya Moisset
France
👋 Bonjour! I’m a Staff Security 🥑 and a lifelong traveler. Always looking for new challenges - I made a career change from International Business Consulting in 🇹🇳, 🇸🇦 and 🇸🇬 to Engineering in 🇰🇷 to Cybersecurity in the 🇬🇧. 💖 Passionate about DevSecOps, Cybersecurity and AI ☁️ OpenUK Security Advisory Board Member 🎓 CyberGirls Lead Mentor 🪲TryHackMe room creator ✍️ 5x Top contributor for freeCodeCamp 🎤 International public speaker, Tech advocate & Mentor 😀🌍🇫🇷🌈🦄🍱✈️💻☕️🎧🎬📷🕹️
Community Contributions
오픈 소스 소프트웨어 보안 핸드북 — 프로젝트 보안을 위한 최선의 방법
I translated my handbook on how to secure open source projects using GitHub tools in Korean.
이 핸드북에서는 데브시큐어옵스 접근 방식의 채택, 오픈 소스 취약점 대응, 보안 업무 자동화, 자산 파악 및 개발자에 대한 보안 교육 등 오픈 소스 프로젝트의 보안 상태를 개선할 수 있는 주요 단계에 대해 알아볼 수 있습니다.
Guía de seguridad para software de código abierto — Mejores prácticas para asegurar tus proyectos
I translated my handbook on how to secure open source projects using GitHub tools in Spanish.
En esta guía, descubrirás los pasos clave que puedes seguir para mejorar la seguridad de tus proyectos de código abierto, incluyendo la adopción de un enfoque de DevSecOps, abordar las vulnerabilidades de código abierto, automatizar las tareas de seguridad, conocer tus propios activos y proporcionar capacitación en seguridad a los desarrolladores.
Guide de sécurité pour les logiciels open source — Meilleures pratiques pour sécuriser vos projets
French version of my handbook on how to secure open source projects using GitHub tools.
Dans ce guide, vous découvrirez les étapes clés que vous pouvez suivre pour améliorer la sécurité de vos projets Open Source, notamment en adoptant une approche DevSecOps, en traitant les vulnérabilités Open Source, en automatisant les tâches de sécurité, en connaissant vos propres actifs et en proposant une formation en sécurité aux développeurs.
Securing AI: A Practical Guide to AI Threats and Mitigation Strategies
Deep dive into the types of threats outlined by OWASP and beyond. You’ll learn concrete, actionable steps to protect your teams AI projects from the biggest threats and get a chance to grasp the gravity of AI security by live-hacking AI applications/LLMs.
Demo of GitHub Copilot, how to use it, and how to secure vulnerable code. Implement tools to increase the visibility of vulnerabilities within your pipeline.
Code Fast, Secure Smarter The Dual Path of AI Development
Webinar for Ladies Hacking Society organisation on risks in using gen AI in coding, how to get around the vulnerabilities, how to (and not to) use GitHub Copilot in your IDE and more
CodeSecDays - How to augment DevSecOps with AI?
Roundtable on GenAI's dual role in cybersecurity. Discussions on threat mitigation versus internal tool adoption, securing coding assistants, leveraging LLMs in supply chain security, and valuable insights on harnessing GenAI to enhance your DevSecOps practices.
CodeSecDays - How to build a better security and developer relationship?
Roundtable discussion on overcoming challenges in software supply chain security, focusing on open-source dependencies and DevSecOps collaboration. Discussions on improving security and developer relationships, leveraging emerging tools, and addressing fragmentation in security solutions.
