Aamiruddin Syed
Supply Chain Software Security
West Palm Beach, Florida, United States
Actions
Aamiruddin Syed is Cybersecurity Professional with over decade in years of experience in the industry. He specializes in DevSecOps, Shift-Left Security, cloud security, and internal penetration testing. He authored book title "Supply Chain Software Security-AI,IoT,Application Security " with Apress/Springer .He has extensive expertise in automating security into CI/CD pipelines, developing security automation, and building security into infrastructure as code. He has worked on securing cloud platforms by applying security best practices to infrastructure provisioning and configuration. Leveraging his penetration testing skills, he routinely conducts targeted internal assessments of critical applications and systems to proactively identify risks. He excels at bridging the gap between security and engineering teams to enable building security directly into products.
Aamiruddin Syed holds Dual Master’s degree in Cybersecurity from Northeastern University and Jadavpur University. A recognized advocate for secure development, Aamiruddin is a frequent speaker and session chair at leading industry conferences including RSA Conference, DEFCON, and Black Hat. In 2024, he was honored with the Impact Award for Professional Excellence in Dubai.
Links
Area of Expertise
Topics
Generative AI in Supply Chain Security: Enhancing Container Protection Amid Regulatory Challenges
Participants will emerge from the session with a transformative understanding of how Generative AI can revolutionize supply chain security. They’ll discover how AI can act as a powerful ally in safeguarding containers against sophisticated threats, turning potential vulnerabilities into fortified assets. Beyond just compliance, attendees will gain the tools to proactively navigate the regulatory maze with confidence, using AI to not only meet but exceed industry standards. By the end of the session, participants will be equipped to spearhead AI-driven innovations in their organizations, positioning themselves as leaders in the next generation of supply chain security.
Hand-on workshop Container Security
In the ever-evolving landscape of containerized applications, ensuring the integrity and security of your container images is paramount. Join us for an immersive, hands-on workshop titled "Hands-On Container Image Security: Mastering Sigstore for Unbreachable Integrity," where we'll dive deep into securing your container images using the cutting-edge open-source tools Cosign and Rekor from the Sigstore project.
This workshop will provide a comprehensive, practical introduction to Sigstore tools, demonstrating how they can be seamlessly integrated into your DevOps workflows. We'll begin with a brief overview of the common security challenges associated with container images and how Sigstore addresses these issues by providing automated and tamper-proof signing and verification processes.
Participants will then engage in hands-on exercises, where they'll:
1. Learn to sign container images and verify their integrity using Cosign. We'll guide you through setting up Cosign, signing your first image, and verifying its signature, ensuring you have a solid understanding of this powerful tool.
2. Delve into using Rekor, Sigstore's transparency log, to record and verify signed image metadata. You'll experience firsthand how Rekor enhances security by providing an immutable log of all signed images, ensuring accountability and traceability.
3. Discover how to seamlessly integrate these tools into your existing DevOps pipelines, automating the signing and verification process, and ensuring that only trusted and verified images make it to production environments.
By the end of this workshop, you'll have gained hands-on experience with Sigstore tools and a deep understanding of how to implement them in your own environment. This session is tailored for DevOps engineers, security professionals, and software developers who are committed to enhancing their container security practices.
https://dc32.cloud-village.org/#talks?collapseMohammedIlyasAhmed_SyedAamiruddin
Hidden Risks of Cloud Supply Chains: Securing Third‑Party Integrations
This talk explores the overlooked vulnerabilities in cloud supply chains—specifically third-party integrations like CI/CD tools, APIs, and dependencies—and demonstrates how attackers exploit them to breach cloud environments. Through a live attack demo and original research, we’ll reveal practical defenses, including SBOM adoption and runtime security, to help the cloud community secure their stacks collaboratively.
Third-party integrations are the lifeblood of cloud-native development, powering everything from SaaS tools to automated CI/CD pipelines and open-source libraries. Yet, as organizations race to innovate, these dependencies have become a critical blind spot, exposing cloud environments to supply chain attacks reminiscent of SolarWinds and Codecov. This talk, rooted in a year-long research effort, unveils the hidden risks lurking in cloud supply chains and arms attendees with both offensive insights and defensive strategies to safeguard their deployments.
We begin by dissecting real-world incidents that highlight the diverse entry points attackers exploit. For instance, in the 2025 Coinbase reviewdog GitHub Action attack, adversaries poisoned the reviewdog/action-setup@v1 tag, targeting the tj-actions/changed-files workflow and introducing a malicious commit to manipulate Coinbase’s pipeline. This case, alongside others like misconfigured API tokens and unvetted IaC templates, underscores the fragility of third-party integrations.
In a live demo, we’ll simulate a sophisticated attack: injecting malicious code into an AWS pipeline via a rogue third-party dependency, escalating privileges to exfiltrate data from an S3 bucket, and pivoting across a multi-cloud environment. Attendees will see firsthand how seemingly benign integrations can unravel an entire security posture.
From there, we pivot to a community-driven defense playbook. We’ll walk through generating SBOMs with tools like Syft and Trivy to map dependency risks, deploying runtime container security with Falco to detect anomalies, and implementing a vendor risk scoring system to prioritize mitigation efforts.
Aamiruddin Syed
Supply Chain Software Security
West Palm Beach, Florida, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top