Joseph Katsioloudes
GitHub Security Lab
London, United Kingdom
Actions
Joseph is a security expert who empowers developers to ship secure software through his research and education work at the GitHub Security Lab. His recent contributions include video content with combined 1.2 million views packed with practical security tips, and the free game gh.io/securecodegame for software developers who want to build a security skillset with 6,000 players worldwide in the first year. As the speaker of 55 talks in 23 countries in the past 3 years, he captivates audiences with his insights and dynamic presentation style.
Links
Area of Expertise
Topics
Security as Code: A DevSecOps Approach
Security as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization.
In this session, we will review lessons learned from DevOps to implement a successful DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows us to implement security checks with code, and will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.
Code Security Reinvented: Navigating the era of AI
Artificial intelligence (AI) already serves as a copilot in our daily lives, acting as a digital assistant and delivering personalized experiences. Despite progress in many areas, AI has historically fallen short of improving software development practices. This changed with the introduction of AI pair programmers, which distill the collective technical know-how of the world’s developers, and their widespread adoption has been quite telling.
While the process of building software has become easier and faster, the question remains: What about more secure? In this session, we’ll demonstrate several ways developers can use AI to leverage the world's security knowledge through dozens of practical demos in GitHub Copilot. The audience will gain a deep understanding of AI capabilities, along with insights and best practices drawn from the lessons we learned as developers striving to ship secure code.
Breaking Barriers: The Art of (Free) Gamified Security Training
In a world where security training often feels like a mundane chore, discover the refreshing impact of gamification and turn learning into an enjoyable experience. Embark on an insightful journey as we unveil the success story of gh.io/securecodegame, an open-source game hosted on GitHub Skills, that attracted over 6,000 developers within the first year.
This session will provide you with an exclusive behind-the-scenes perspective, offering valuable insights and practical strategies to revolutionize various aspects of security training for your benefit. We’ll explore a case study from a tech startup that observed, among the developers who played the game, an increased sense of ownership for code security, improved communication with security teams, and a strong willingness to embrace further security training.
Navigating the Impact of AI, Developer Experience and Communities on Software Security
Discover the impact of AI, Developer Experience (DevEx), and communities on software security through real-world examples derived from securely building GitHub using GitHub. Uncover valuable insights into the dynamic interplays between these three transformative forces, paving the way for a new era in software development and, consequently, for software security.
This session will provide you with an exclusive behind-the-scenes perspective, offering insights into how GitHub enhances various elements of the Secure Software Development Life Cycle (SSDLC), benefiting from each driving force and their interplays. We will explore practical strategies for software security, supply chain, secrets hygiene, automation and security culture. The audience will gain a deep understanding of industry-leading software practices, drawn from our experiences as developers helping others with security in a rapidly changing landscape.
How GitHub secures open source
Uncover valuable insights into how GitHub secures the open-source software we all depend on, with real-world examples from the GitHub Security Lab, which uncovered 1,000+ vulnerabilities and was credited with 700+ CVEs over four years. Securing open-source software is critical because it underpins much of today’s digital infrastructure, and vulnerabilities in widely used components can create significant risks across entire software ecosystems.
This session will provide the latest updates on how GitHub enhances various elements of the Secure Software Development Life Cycle (SSDLC), leveraging the driving forces of Artificial Intelligence (AI), Developer Experience (DevEx), and community collaboration to secure open source. We will explore best practices in software security, including code scanning, secrets hygiene, dependency management, automation, and enhancing security awareness through gamification. The audience will gain a deep understanding of industry-leading initiatives and lessons learned from our experience in today's rapidly changing landscape.
Target audience are developers interested in software security and want to understand how GitHub uses GitHub to build GitHub securely and how we secure the open source software we all depend on.
WeAreDevelopers World Congress 2025 Sessionize Event Upcoming
Build Stuff 2024 Lithuania Sessionize Event
SOSS Community Day Europe 2024 Sessionize Event
WeAreDevelopers World Congress 2024 Sessionize Event
AI_dev: Open Source GenAI & ML Summit Europe Sessionize Event
KCD Czech & Slovak 2024 Sessionize Event
DeveloperWeek Global 2024 Sessionize Event
DevSum 2024 Sessionize Event
State of Open Con 24 Sessionize Event
NDC Security 2024 Sessionize Event
The DEVOPS Conference Scandinavia (Stockholm & Copenhagen) Sessionize Event
NDC Porto 2023 Sessionize Event
Infobip Shift 2023 Sessionize Event
WeAreDevelopers World Congress 2023 Sessionize Event
DevBcn 2023 Sessionize Event
DevSecCon24 2023 Sessionize Event
Appdevcon / Endpointcon 2023 Sessionize Event
DeveloperWeek Europe 2023 Sessionize Event
Future Tech 2023 Sessionize Event
NDC Security 2023 Sessionize Event
TechBash 2022 Sessionize Event
Joseph Katsioloudes
GitHub Security Lab
London, United Kingdom
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top