Speaker

Bill Bensing

Bill Bensing

I Build Things That Build Things

Tampa, Florida, United States

Actions

Meet Bill Bensing, the tech guru who discovered the power of Notepad and hasn't stopped fueling the world with tech ever since. He's passionate about creating inclusive environments that allow anyone to develop software and takes pride in building Shadow IT organizations. Yes, you heard that right - he believes in the magic of Shadow IT and how it can drive real Business-IT alignment.

As if that weren't impressive enough, Bill is also a co-author of Investments Unlimited. The book describes bringing security, compliance, and audit into the software delivery lifecycle by automating governance. It's a novel that will make you want to trade your favorite book for it!

But that's not all. Bill's day job is the founder of Attestify and a Governance Engineering evangelist. By night, he's a dreamer, researcher, and creator of various open-source projects. You could say he's a tech superhero fighting for a better world!

Area of Expertise

  • Business & Management
  • Energy & Basic Resources
  • Government, Social Sector & Education
  • Information & Communications Technology
  • Law & Regulation
  • Manufacturing & Industrial Materials
  • Media & Information
  • Transports & Logistics
  • Consumer Goods & Services
  • Environment & Cleantech
  • Finance & Banking
  • Health & Medical

Topics

  • Modern Governance
  • Automated Governance
  • Continous Delivery
  • Continuous Integration
  • Automation
  • Edge
  • IoT
  • DevOps
  • DevSecOps
  • Governance risk and compliance
  • open source compliance
  • PCI DSS Compliance
  • Healthcare Compliance
  • Cybersecurity Regulations and Compliance
  • Cybersecurity Compliance and Auditing
  • Open source license compliance and vulnerability scanning (SCA)
  • Legal & Compliance
  • Cloud & DevOps
  • DevOps & Automation
  • DevOps Transformation
  • DevOpsCulture
  • DevOps Skills
  • DevOps Agile Methodology & Culture
  • DevOps Journey
  • Azure DevOps
  • AWS DevOps
  • Microsoft Azure DevOps
  • MobileDevOps
  • DevOps Enterprises
  • Azure Services and DevOps
  • devops security
  • SecDevOps
  • Azure DevOps Pipelines
  • Migrating to devops
  • FinDevOps
  • Decision Making
  • decentralized governance
  • Governance
  • IT governance
  • open source governance
  • Cybersecurity Governance and Risk Management
  • Digital Governance
  • cloud governance
  • Data Governance
  • Data Compliance
  • Compliance
  • Security & Compliance
  • Container
  • DevSecOps and GitOps in practice
  • Continuous compliance (DevSecOps perspective)
  • continuous delivery
  • Continuous Deployment
  • Containerization
  • Continuous Testing
  • Container and Kubernetes security
  • cybersecurity compliance
  • Information Security Governance and Risk
  • Identity Governance
  • Teams Governance
  • devsec
  • Containers
  • Responsible Decision-Making

AI Integration Without Upheaval

It’s easy to feel like we need to reinvent the wheel within our organizations to keep up in an era where AI feels like a tidal wave poised to revolutionize every corner of the tech landscape. But what if the key to embracing AI isn’t a sweeping overhaul but the foundations we already have? This session invites you to a journey that demystifies integrating AI into your organization without turning your operational world upside down.

Whether you're steering the ship as a CEO, crafting code as a developer, or architecting solutions, this session speaks your language. It's designed for a broad audience - from the guardians of governance and management mavens to the visionaries of the C-suite, Digital CxO leaders, and IT all-rounders.

We'll explore why embracing AI doesn’t mean bidding farewell to your current operation strategies. Instead, we'll dive into how the pillars of good data governance—think data provenance, pedigree, and the classic duo of authentication and authorization—are surprisingly your best allies in welcoming AI into your realm.

Expect to walk away with insights that empower you to harness AI’s potential without the fear of needing a massive operational makeover. This session promises to be an enlightening exploration of how the basics you’re already familiar with are the secret sauce to thriving in the AI era. Join us for a candid, jargon-free conversation on making AI work for you, not against you. Let’s navigate these new horizons together, leveraging what we know to unlock what’s next.
What will we cover?

We will strip back the complexities and get down to the essentials of integrating AI into your organization.

Here’s what’s on the agenda:

- Unlocking the First Principles - We start by exploring the bedrock of information access management within your organization. It's all about ensuring the correct keys are in the right hands.

- Demystifying Data Provenance and Pedigree - Ever wonder about your data's backstory? We'll define and unwrap these concepts, showing you how to trace your data's lineage like a seasoned genealogist.

- The Zero Trust Expedition - We’ll decode the concept of zero trust by enturing into NIST 800-207. No, it's not about skepticism; it's about assuming nothing and verifying everything, especially in AI.

- Navigating the AI Landscape - Learn how to apply the Data Plane, Control Plane, and Policy Enforcement Point to your AI systems. Think of it as setting up the ultimate navigation system for your AI journey.

- Bridging the Old and New - Discover how to marry existing information management principles with the zero-trust model in your AI systems. It’s like renewing your vows but with your data security strategy.

- The Art of AI Safety - We’ll explore applying field-based authentication and zero-trust to AI Models, vector databases, and more. Let’s explore ways to make our AI as safe as Fort Knox.

- Introducing the Neural Gatekeeper - Imagine a guard wielding the power of authentication, authorization, and knowledge mapping at the entry of your AI systems. We'll unveil a new concept that allows you to ask critical questions about data use and access within your AI systems.

Three Takeaways

1) Foundation First: Unlocking Access Management and Data Heritage: Begin the adventure by mastering the essentials. We'll delve into how managing access to information sets the stage for AI integration and unfolds the stories behind your data—its provenance and pedigree. It's about ensuring a secure and informed start, having the right keys, and knowing your data’s ancestry.

2) Navigating AI with Zero Trust and Existing Principles: Journey through zero trust, as defined by NIST 800-207, and see how this principle transforms your approach to AI security. We’ll apply the Data Plane, Control Plane, and Policy Enforcement Point, showing you how to blend these ideas with information management principles. This segment paves the way for a secure, zero-trust AI environment and promises a harmonious marriage between innovative and time-tested concepts.

3) The Art of AI Security with the Neural Gatekeeper: Meet the Neural Gatekeeper architecture, an evolving concept that combines practices such as field-based authentication, vector databases, and knowledge mapping, all within a zero-trust architecture. This session will empower you to answer critical questions about your AI system's data usage and access using existing authentication and authorization approaches. Imagine this as the master key to ensuring the data in your AI is available for the right eyes to see while tracing its lineage and authority with precision.

Policy As Code 2.0: The Right Way to Rock It

Hey there, policy enthusiasts! Are you tired of feeling like your policy as code approach is as confusing as a Rubik's Cube in a tornado? Well, fear not, because this session is here to rescue you from the clutches of policy-engine-induced headaches!

Picture this: you're trying to tie what you do in your policy engine to the business's policies, but it feels like trying to teach a goldfish ballet. It's painful, my friends. Painful because this lack of a clear connection between your actions and the company's "why-you-should-do-it" leads to more unnecessary conversations than an overly talkative parrot at a dinner party. It's like a never-ending game of charades where nobody knows the answer!

But fret not, my fellow warriors of governance! We're about to drop some knowledge bombs that will blow your socks off (figuratively speaking, of course). Say goodbye to the ambiguity that's been haunting your policy as code adventures and say hello to a world of governance theater-free existence!

In this mind-blowing talk, we're going to show you how to fix your policy as code woes once and for all. How, you ask? By designing your policy as code implementations to reflect the magical ways of the Governance, Risk, and Compliance (GRC) domain. Yes, folks, it's time to align your stars and let your policies dance harmoniously with your company's grand vision.

If you're a technologist, prepare for an architectural revelation that will leave you feeling like the Michelangelo of governance systems. You'll walk away with a newfound understanding of how to build systems that scream "GRC-approved" from every line of code. It's time to make your tech dreams come true!

And GRC professionals, oh boy, do we have a treat for you! We'll equip you with the superpowers to communicate with those techno-wizards in a language they understand. No more feeling like you're trying to speak Dothraki to a group of Klingons. You'll become the master of driving governance automation like a boss!

Now, get ready for the juiciest part. We're going to cover not one, not two, but three critical aspects of doing policy as code the right way! We'll spill the beans on how to use the word "policy" like a pro, unravel the mysterious business architecture of Policy and Governance, and guide you on building a clear path from policy to technology. It's like getting the keys to the kingdom, but without any of the drama or dragons.

But wait, there's more! We won't just leave you hanging, itching to get started. Oh no, my friends. We'll provide you with an immediate action plan so you can dive headfirst into the policy as code revolution today! No time to waste. Let's make it happen!

So, mark your calendars, set your alarms, and get ready for a session that will leave you saying, "I must attend this session!" Prepare to laugh, learn, and unlock the secret to policy as code success. Trust me, you won't want to miss it! See you there!

From Tunnel Vision to Full Spectrum: Embracing Development Experience

Attention, software aficionados and developer enthusiasts! Get ready to have your mind blown as we dive into a world where developers reign supreme, and the quest for a remarkable "Development Experience" takes center stage. Trust me, folks, this is not your average rollercoaster ride—it's a thrilling journey through the kingdom of code!

Remember when "The New Kingmakers" emerged and everyone suddenly realized that developers hold the power in an organization? Well, software vendors had their "aha" moment and decided to shower developers with attention and cash, thinking they were the almighty rulers of the tech kingdom. But hold your horses, folks, because there's a twist!

While the developer experience got all the love and fancy funding, it seems we've forgotten a crucial detail—there are other players in the software development lifecycle! Yes, you heard it right, there are other brave souls battling the dragons of the SDLC, and their experiences matter too! It's time to bring them all together and create a symphony of harmony and efficiency.

In this mind-blowing talk, we'll unveil the secrets to achieving an effective and efficient Development Experience that will leave you feeling like the Gandalf of software development. Prepare to embark on an epic quest as we unravel the mysteries of this unexplored territory.

But first things first, let's clear the fog and understand what exactly a Development Experience entails. Buckle up, my friends, because we're about to decode the DNA of a stellar Development Experience that will make your heart skip a beat!

Now, I know what you're thinking, "What's the difference between the Developer Experience and the Development Experience?" Ah, a brilliant question! We'll navigate these treacherous waters and shed light on the nuances that set them apart. It's like discovering the secret recipe that makes your favorite dish taste like magic!

But fear not, brave adventurers, we won't leave you hanging there with a pile of unanswered questions. Oh no! We'll equip you with the knowledge and tools you need to kickstart your very own Development Experience strategy. Consider it your personal roadmap to success, a treasure map leading you to the holy grail of development efficiency!

So, mark your calendars, sharpen your pencils, and get ready for a session that will make you say, "I must attend this session!" Trust me, folks, you don't want to miss this captivating adventure through the realms of Development Experience. Prepare to laugh, learn, and level up your development game like never before. See you there, my fellow code conquerors!

The Governance Engineering Chronicles: Defying the Organizational Divide

Calling all software wizards and governance enthusiasts! Get ready to witness a mind-bending journey into the mystical realm where software engineers become governance superheroes. Yes, my friends, we're about to embark on an adventure filled with tech wonders and human-to-human conundrums that will make your brain tingle with excitement!

Picture this: you ask a software engineer to build a governance team, and like magic, "governance engineering" happens. But here's the kicker—governance, my friends, is the ultimate human-to-human puzzle. It's like trying to teach a cat to tap dance or explaining quantum physics to a squirrel. It's tricky business, I tell ya!

Now, hold on to your coding hats, because we're about to uncover a truth that will blow your mind. While everyone is raving about automating governance for software delivery, there's one teeny-tiny detail they've missed. DevOps, bless its tech-savvy soul, is all about tech folks working with other tech folks to solve tech-specific challenges. But governance engineering? Oh, that's a whole different ball game!

Enter the epic world of governance engineering, where tech folks team up with non-tech folks to tackle the most fundamental human problems. It's like assembling the Avengers of problem-solving, but instead of fighting alien invaders, we're conquering the complexities of governance together. Bits and bytes alone won't cut it—it's time for a new concept of operations!

In this awe-inspiring talk, we're going to unveil the secrets of building your very own Governance Engineering practice. Prepare to travel back in time as we explore the rich history of this noble pursuit. We'll dive deep into the fundamentals of Governance Engineering, like uncovering hidden treasures in an ancient tomb (minus the booby traps, of course).

But wait, that's not all! We won't just leave you standing there, itching to get started. Oh no! We'll equip you with the tools and knowledge to kickstart your Governance Engineering adventure right away. It's like having a GPS that leads you straight to the treasure trove of governance mastery.

So mark your calendars, sync your smartwatches, and get ready for a session that will make you exclaim, "I must attend this session!" Prepare to laugh, learn, and witness the birth of a new era where tech and humanity collide in the pursuit of governance greatness. See you there, my fearless governance warriors!

The Mafia Offer - Bottom Line Impact without Breaking Legs

Most companies unceremoniously accept vast amounts of undesirable effects. Especially highly regulated companies. There is no need for such acquiescence. To address these undesirable effects, companies need a Mafia Offer. What is a Mafia Offer? It is an offer, so good no one can refuse. No, a Mafia offer is not a hard-hitting intimidating enforcer within a company. The Mafia offer, popularized by Goldratt in his book “It’s Not Luck,” is a fundamental change to internal operations that resolves a customer’s core issue or market problem.

Jaimie & Bill will cover the start of the Controlant journey to their Mafia Offer. Conrolant is a highly-regulated cold-chain supply chain company whose software must abide by FDA and other national state compliance standards. Controlant Mafia Offer is their approach to modern governance approach. This talk will cover

The core internal-market problem to address
The litany of undesirable effects
The Mafia Offer
Inner workings of the Mafia Offer

Dear Security, Compliance, and Auditors, We’re Sorry. Love, DevOps.

Stop it with the DevSecAuditComplianceOps buzzwords. Let’s simply talk about Modern Governance.

Great software requires governance. Governance stinks because we do it wrong. I promise to give you the means to go from commit to production with 100% no-human-hands. All while meeting visibility, security, compliance, and audit requirements without fail. Modern Governance applies to standard line-of-business software, machine learning, edge, IoT, and any other software artifact.

DevOps solved the Developer and Operators conflict. It forgot other essential folks of the delivery lifecycle: Security, Compliance, and Audit.

We will talk about Modern Governance. Modern Governance resolves governance toil with a software engineering approach. It is no different than applying Site Reliability Engineering (SRE) principles & practices to the dull, mundane, and toil-ridden governance processes.

Bill Bensing

I Build Things That Build Things

Tampa, Florida, United States

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top