Joseph Katsioloudes
GitHub Security Lab
London, United Kingdom
Joseph is a security expert who empowers developers to ship secure software through his research and education work at the GitHub Security Lab. His recent contributions include video content with combined 1M+ views packed with practical security tips, and the free game gh.io/securecodegame for software developers who want to build a security skillset with 3K+ players worldwide in the first 6 months. As a speaker with 36 talks in the past 2 years, he captivates audiences with his insights and dynamic presentation style.
Links
Awards
Area of Expertise
Topics
Security as Code: A DevSecOps Approach
Security as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization.
In this session, we will review lessons learned from DevOps to implement a successful DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows us to implement security checks with code, and will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.
Code Security Reinvented: Navigating the era of AI
Artificial intelligence (AI) already serves as a copilot in our daily lives, acting as a digital assistant and delivering personalized experiences. Despite progress in many areas, AI has historically fallen short of improving software development practices. This changed with the introduction of AI pair programmers, which distill the collective technical know-how of the world’s developers, and their widespread adoption has been quite telling.
While the process of building software has become easier and faster, the question remains: What about more secure? In this session, we’ll demonstrate several ways developers can use AI to leverage the world's security knowledge through dozens of practical demos in GitHub Copilot. The audience will gain a deep understanding of AI capabilities, along with insights and best practices drawn from the lessons we learned as developers striving to ship secure code.
Breaking Barriers: The Art of (Free) Gamified Security Training
In a world where security training often feels like a mundane chore, discover the refreshing impact of gamification and turn learning into an enjoyable experience. Embark on an insightful journey as we unveil the success story of gh.io/securecodegame, an open-source game hosted on GitHub Skills, that attracted over 3,000 developers within the first 6 months.
This session will provide you with an exclusive behind-the-scenes perspective, offering valuable insights and practical strategies to revolutionize various aspects of security training for your benefit. We’ll explore a case study from a tech startup that observed, among the developers who played the game, an increased sense of ownership for code security, improved communication with security teams, and a strong willingness to embrace further security training.
Navigating the Impact of AI, Developer Experience and Communities on Software Security
Discover the impact of AI, Developer Experience (DevEx), and communities on software security through real-world examples derived from securely building GitHub using GitHub. Uncover valuable insights into the dynamic interplays between these three transformative forces, paving the way for a new era in software development and, consequently, for software security.
This session will provide you with an exclusive behind-the-scenes perspective, offering insights into how GitHub enhances various elements of the Secure Software Development Life Cycle (SSDLC), benefiting from each driving force and their interplays. We will explore practical strategies for software security, supply chain, secrets hygiene, automation and security culture. The audience will gain a deep understanding of industry-leading software practices, drawn from our experiences as developers helping others with security in a rapidly changing landscape.
AI_dev: Open Source GenAI & ML Summit Europe Sessionize Event Upcoming
DeveloperWeek Global 2024 Sessionize Event Upcoming
DevSum 2024 Sessionize Event Upcoming
State of Open Con 24 Sessionize Event
NDC Security 2024 Sessionize Event
The DEVOPS Conference Scandinavia (Stockholm & Copenhagen) Sessionize Event
NDC Porto 2023 Sessionize Event
Infobip Shift 2023 Sessionize Event
WeAreDevelopers World Congress 2023 Sessionize Event
DevBcn 2023 Sessionize Event
DevSecCon24 2023 Sessionize Event
Appdevcon / Endpointcon 2023 Sessionize Event
DeveloperWeek Europe 2023 Sessionize Event
Future Tech 2023 Sessionize Event
NDC Security 2023 Sessionize Event
TechBash 2022 Sessionize Event
Joseph Katsioloudes
GitHub Security Lab
London, United Kingdom
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top