Jump to navigation Jump to content

Speaker

Eric Evans

Eric Evans

Chief Technology Officer, HanaByte

Atlanta, Georgia, United States

Actions

Eric is the Chief Technology Officer of HanaByte, a cloud and application security consultancy. He has over a decade of experience in in DevSecOps, Cloud Security Architecture, and compliance automation. He is an organizer for the Atlanta HashiCorp User Group, a former AWS APN Ambassador, and a Google Cloud Certified Fellow.

Links

Area of Expertise

  • Information & Communications Technology

Topics

  • Cloud & DevOps
  • Cloud
  • Cloud Architecture
  • Cloud Computing
  • Cloud Security
  • Cloud & Infrastructure
  • Cloud Computing on the Azure Platform
  • Google Cloud
  • Cloud Technology
  • Cloud Computig
  • Cloud Native
  • Cloud App Security
  • Cloud Security Architecture
  • Cloud Native Infrastructure
  • Google Cloud Paltform
  • aws
  • Amazon Web Services

Sessions

Terraforming CMMC 2.0 Environments: Secure by Design for DIB and Beyond

Organizations in the defense industrial base (DIB) and beyond must meet stringent security requirements to protect Controlled Unclassified Information (CUI). With Cybersecurity Maturity Model Certification (CMMC) 2.0 assessments starting in 2025, achieving compliance while maintaining agility is a challenge.

This talk demonstrates how Terraform enables agility in high security environments aligned with NIST 800-171 controls, meeting CMMC Level 2.0 technical requirements. Through a detailed case study following implementation for a DIB customer, learn how to implement robust security controls with minimal friction using templatized infrastructure as code and reusable modules. Empower your organization to protect sensitive data without compromising operational efficiency. From this talk, the audience will leave with practical Terraform code and strategies for building secure-by-design, compliant infrastructure with minimal effort – providing insights applicable to other compliance frameworks.

SLSA and GUAC: A Tasty Combination for Supply Chain Security featuring Waypoint

Supply chain attacks are an increasing security concern for organizations and developers who use third party software and build systems. In order to mitigate the risks of supply chain attacks, Supply chain Levels for Software Artifacts, or SLSA (salsa) was created in order to help improve the security of software solutions. A great pairing with SLSA - known as GUAC can help to bring together many sources of software security metadata to enhance security throughout the SDLC.

In this talk, we will implement SLSA and GUAC in a CI/CD system using Waypoint. This demonstration will show how to utilize supply chain security with containerized applications that can run on Kubernetes. We will go through a source to deployment scenario that utilizes SLSA and GUAC to attest to a high level of software security throughout the process.

Eric Evans

Chief Technology Officer, HanaByte

Atlanta, Georgia, United States

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top