BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: Hands-On Container Image Security: Mastering Sigstor e for\n Unbreachable Integrity\n When: Friday\, Aug 9\, 15:40 - 17:40 PDT\n Where: LVCC West/Floor 1/Hall 2/HW2-09-01 - [1]Map\n\n Descripti on:\n\n In the ever-evolving landscape of containerized applications\, e nsuring\n the integrity and security of your container images is paramou nt. Join\n us for an immersive\, hands-on workshop titled "Hands-On Cont ainer\n Image Security: Mastering Sigstore for Unbreachable Integrity\," where\n we'll dive deep into securing your container images using the\n cutting-edge open-source tools Cosign and Rekor from the Sigstore\n p roject.\n\n This workshop will provide a comprehensive\, practical intro duction to\n Sigstore tools\, demonstrating how they can be seamlessly i ntegrated\n into your DevOps workflows. We'll begin with a brief overvie w of the\n common security challenges associated with container images a nd how\n Sigstore addresses these issues by providing automated and\n tamper-proof signing and verification processes.\n\n Participants will t hen engage in hands-on exercises\, where they'll: 1.\n Learn to sign con tainer images and verify their integrity using\n Cosign. We'll guide you through setting up Cosign\, signing your first\n image\, and verifying its signature\, ensuring you have a solid\n understanding of this powerf ul tool. 2. Delve into using Rekor\,\n Sigstore's transparency log\, to record and verify signed image\n metadata. You'll experience firsthand h ow Rekor enhances security by\n providing an immutable log of all signed images\, ensuring\n accountability and traceability. 3. Discover how to seamlessly\n integrate these tools into your existing DevOps pipelines\ , automating\n the signing and verification process\, and ensuring that only trusted\n and verified images make it to production environments.\n \n By the end of this workshop\, you'll have gained hands-on experience\ n with Sigstore tools and a deep understanding of how to implement them\ n in your own environment. This session is tailored for DevOps\n engin eers\, security professionals\, and software developers who are\n commit ted to enhancing their container security practices.\n\n Don't miss this unique opportunity to acquire practical knowledge and\n skills in secur ing your container images. Join us and learn how to\n leverage Sigstore' s powerful tools to ensure your container images are\n secure\, verified \, and trustworthy\, safeguarding your applications from\n potential thr eats.\n\n Speakers:Mohammed Ilyas Ahmed\,Syed Aamiruddin\n\n SpeakerBi o: Mohammed Ilyas Ahmed\n\n Mohammed Ilyas Ahmed is an industry profess ional with extensive\n expertise in security within the DevSecOps domain \, where he diligently\n works to help organizations bolster their secur ity practices. With a\n fervent dedication to enhancing security posture \, Mohammed's insights\n and guidance are invaluable to those navigating the complex landscape\n of DevSecOps. In addition to his involvement in industry events\,\n Mohammed is an active speaker and judge\, lending h is expertise to\n technical sessions at prestigious conferences. His com mitment to\n advancing knowledge is evident through his research contrib utions at\n Harvard University\, where he contributes to journal publica tions\,\n enriching the academic discourse surrounding security practice s\, and\n as a distinguished member of the Harvard Business Review Advis ory\n Council\, underscores his commitment to advancing knowledge and\n fostering collaboration between academia and industry. Mohammed Ilyas\n Ahmed's influence extends even further as a Member of the Global\n Adv isory Board at Vigitrust Limited\, based in Dublin\, Ireland. This\n add itional role highlights his international reach and his involvement\n in shaping global strategies for cybersecurity and data protection.\n Moha mmed's dedication to excellence is further highlighted by his\n numerous certifications\, which serve as a testament to his proficiency\n and de pth of knowledge in the security domain. However\, beyond his\n professi onal pursuits\, Mohammed is a multifaceted individual with a\n diverse r ange of interests\, adding richness to his character and\n perspective.\ n\n SpeakerBio: Syed Aamiruddin\n\n Aamiruddin Syed is a Senior Produ ct Security Engineer with over eight\n years of industry experience. Spe cializing in DevSecOps\, Shift-Left\n Security\, cloud security\, and in ternal penetration testing\, he excels\n in automating security within C I/CD pipelines\, developing security\n automation\, and integrating secu rity into infrastructure as code. His\n work involves securing cloud pla tforms by implementing best\n infrastructure provisioning and configurat ion practices. His\n penetration testing skills enable him to conduct ta rgeted internal\n assessments of critical applications and systems\, pro actively\n identifying risks. He bridges the gap between security and en gineering\n teams\, embedding security directly into products\, includin g those in\n the manufacturing sector. Aamiruddin holds dual master’s degrees in\n Cybersecurity from Northeastern University and Jadavpur Uni versity. As\n a recognized security advocate\, he frequently speaks at i ndustry\n conferences\, chairs technical conferences such as ICCTICT\, a nd serves\n as a judge for the Globee Awards for Cybersecurity. He activ ely\n contributes to open-source security tools designed to make securit y\n seamless for developers. In his free time\, Aamiruddin enjoys travel ing\n and photography.\n\n '\n\n 1. #LVCCW_Level1_Hall2\n\n\n DTEND:20240810T004000Z DTSTART:20240809T224000Z LOCATION:CLV - LVCC West/Floor 1/Hall 2/HW2-09-01 SUMMARY:Hands-On Container Image Security: Mastering Sigstore for Unbreacha ble Integrity END:VEVENT END:VCALENDAR