Sai Sravan Cherukuri
IRS, DevSecOps Technical Advisor
Actions
Sai Sravan Cherukuri is a visionary technology leader, DevSecOps Technical Advisor, PaaS Automation Lead, and Program Manager at a U.S. federal agency. With over 20 years of experience in federal IT transformation, he is a recognized expert in DevSecOps, FinOps, AI governance, CMMC readiness, Infrastructure as Code (IaC), open-source advocacy, and Policy as Code (PaC). He is the creator of the FIBER AI Maturity Model and contributes as a member to the national AI safety initiatives through NIST’s U.S. Artificial Intelligence Safety Institute Consortium.
Sai Sravan, an IRS Commissioner’s 2024 Award recipient, has led enterprise-scale automation, modernization, and capacity planning initiatives that deliver measurable results. He serves on the Board of Directors at TMMi America and is a dedicated community mentor and volunteer.
As a Platform Engineer and Open-source advocate, Sai is committed to advancing accessibility in engineering and inclusivity in the community. He is a strong proponent of the "Docs-as-Code" movement, maintaining that long-term project sustainability relies on clear documentation and automated CI/CD pipelines that lower barriers for contributors. Currently, he is bridging the gap between agentic workflows and cloud-native standards; as an active explorer of the Model Context Protocol (MCP), he utilizes OpenTelemetry to build open-source AI observability frameworks, enabling the scaling of reliable, self-service agents.
Sai Sravan currently serves as the program lead for the application team, spearheading the institutionalization of Infrastructure as Code (IaC) through Terraform practices.
Badges
Area of Expertise
Architecting for Onboarding: Building a "Docs-as-Code" Pipeline for Open Source Sustainability
In open source, a project's survival depends on its contributor funnel. If developers can't build, test, or grasp your project in the first ten minutes, they'll leave. Documentation is the primary interface for that experience, but is often the most neglected part of the repository.
This session goes past the basic README to show how maintainers can set up a clear Documentation Development Life Cycle. We will explore the 'Docs-as-Code' idea, treating documentation like code by keeping it in Git, peer-reviewing it, and checking it with CI/CD pipelines.
Key takeaways include:
The Pipeline: Setting up automated linters (Vale, Markdownlint) to enforce style and technical accuracy.
The Process: Make sure every new feature includes updated documentation to prevent it from becoming outdated.
The Community: Learn ways to help non-coders contribute, and manage docs with people all over the world.
Join this session to learn actionable steps you can implement right away to make your open-source project more welcoming, robust, and future-proof. Start applying these strategies today and transform your documentation process.
Federal Zero Trust: Scaling Sigstore & Keyless Attestation for Linux
As federal mandates like EO 14028 and OMB M-22-18 redefine software integrity, agencies face a critical challenge: how to implement "Zero Trust" without paralyzing the development lifecycle. This session provides a strategic and technical blueprint for modernizing the Linux supply chain in a highly regulated environment.
Drawing on the dual perspectives of a PM and a DevSecOps Technical Advisor, we explore the transition from legacy, manual GPG management to automated, keyless attestation using Sigstore (Cosign/Rekor). We dive into "Day 2" operational realities:
https://github.com/saisravan909/fed-sigstore-blueprint-zero-trust-linux
Policy-as-Code: Translating NIST SSDF into automated controllers (Kyverno) to enforce signature verification.
Identity over Keys: Leveraging OIDC and federal providers (PIV/CAC) to eliminate "key debt."
Auditable Integrity: Using the Rekor transparency ledger as a tamper-proof "Source of Truth" for audits and procurement.
Blueprint for Scale: Navigating friction when moving to a cryptographically verified "Verify-Before-Deploy" architecture.
Attendees will gain a framework for aligning open-source innovation with federal compliance to ensure security enhances mission delivery.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top