Ayse Kaya
VP, Strategy & Analytics
Boston, Massachusetts, United States
Actions
Ayse Kaya is the VP of Strategy and Analytics at Root. She is an accredited data scientist and cybersecurity enthusiast. A graduate of the MIT Sloan School of Management's Operations Research Center, Kaya was previously a strategy and analytics lead at Slim.AI, CloudLock and Cisco Systems. She is an avid runner and student of philosophy.
Area of Expertise
Topics
From Chaos to Actionable Intelligence: Operationalizing SBOMs For Effective Vulnerability Management
Vulnerability management is reactive, with the landscape constantly evolving. Organizations worldwide are struggling to keep pace with the growing number of CVEs, perpetually feeling behind the curve.
While identifying CVEs is straightforward, the analysis that follows is anything but. It requires substantial resources & becomes more challenging due to the involvement of numerous software producers and consumers, manual processes, & the overwhelming presence of false positives. The norm is to spend each day reacting to newly identified weaknesses and the latest headlines.
In this talk, we aim to arm security professionals with practical, real-world insights on operationalizing SBOMs and BOVs effectively in alignment with the latest NIST guidelines and VEX statements. We will challenge conventional wisdom, showcasing how proactive transparency is a critical facet of effective vulnerability management, increasing trust and reducing noise for AppSec practitioners and security leaders.
Numbers at the Frontline: Shifting Winds in Cloud Native Security
Recent joint research from ESG and Slim.AI, polled from SREs, DevOps & Platform Engineers explores the state of cloud native security, shedding light on an increasingly worrying attack surface that is only growing. Analyzing the data we learn that a mere 12% are managing to achieve security SLOs. This is compounded by regulatory pressures, the complexity of the supply chain with its own set of exploits & challenges, all this with a fragmented tooling ecosystem that is making it difficult to understand how to prioritize & remediate rapidly in a single consolidated place.
This session will dive into these new findings, on how container & OSS security continues to add difficulty with triaging security––as well as the cascading impact of the continuous rise in cloud native sec, vulns, and the supply chain as a whole. Join this session to learn how to take cloud native security from reactive to proactive along with real practical tips for minimizing the noise & achieving security SLOs.
Open Source Security for the Cloud Native Era
The state of security across disciplines and industries is a moving target with hackers constantly evolving and technology becoming more complex. Over the years many diverse and interesting open source technologies have popped up to help solve for cloud native security––and we’d love to learn from the pros how they actually stack up and what they’re good for.
In this panel with some of the foremost open source security experts, we’ll find out what we need to know about everything from eBPF to code & config scanning, container security, what the heck is an SBOM and what do I with it?! and much more. Join this panel to tap into Liz Rice, Rory McCune, Ayse Kaya, David Melamed, moderated by Craig Box––to ask everything that keeps you up at night about cloud native and open source security in the real world.
The Only Constant is Change: The Evolution Of Vulnerabilities In the Most Popular Public Containers
While container scanning & security is becoming more widely adopted, it’s still not well-understood how these containers evolve over time from a security perspective. This includes understanding the long-term security posture of these containers, whether it is improving or declining as new vulnerabilities are discovered. This talk will take a look at why handling vulnerabilities in containers is a really sticky problem to begin with, with known vulnerabilities requiring patching, as new vulnerabilities arise constantly, and many other vulnerabilities simply falling into a catchall bucket of "won't fix" . We'll show data visualizations of how the attack surface popular public container images have changed over the past year, highlighting the problem developers and DevSecOps teams are facing. But stick around to the very end, because on the upside, we'll wrap up with practical steps developers can take to stay on top of vulnerabilities and prevent their dev process from grinding to a halt.
What We Learned Dissecting the World’s Most Popular Containers
Data scientist and container enthusiast Ayse Kaya and her team at Slim.AI analyzed more than 100 of the world’s most popular public container images using open source tools to better understand what developers encounter when running containers in Kubernetes. What they found was a vast, varied, and complex world that gives developers massive opportunities to scale, but also presents risks to both security and productivity. This talk shares the data, visualizations, and insights they generated from their research. Kaya shows the current paradox in software supply chain practices (i.e. taking advantage of abstraction vs. knowing what’s in the software you ship), and that even small, special purpose containers could have thousands of packages, libraries, and licenses, not to mention critical vulnerabilities. Finally, she’ll highlight the current trade-offs teams make between “developer experience” and “production readiness”, and open a discussion about how we can improve as an industry.
KCD Istanbul 2024 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top