Toddy Mladenov
Principal Product Management Manager @ Microsoft
Seattle, Washington, United States
Actions
Toddy has over 25 years of experience in software engineering and design, consulting, and product management for companies like Microsoft, T-Mobile, and SAP. He started his cloud journey 14 years ago as part of the Azure team. Since then, Toddy worked on large-scale cloud implementations using Azure and AWS by utilizing cloud-native technologies. Now, he is part of the Azure Cloud Native and Ecosystem team and is responsible for container supply chain security for Azure services and customers.
Area of Expertise
Topics
Using Notary Project to ensure authenticity and integrity of artifacts within the enterprise
In this session, we will go over the steps and considerations the enterprise goes through to select a reliable and future-proof signing technology and improve the integrity and authenticity of their software artifacts. We will share the questions and constraints in the enterprise and how those were addressed by Notary Project. We will also provide an update on the latest features and the roadmap for Notary Project.
Notary Project: The Key to Secure Software Supply Chain
Ensuring a secure software supply chain for container images is crucial in the cloud-native ecosystem. The Notary Project provides a robust solution for signing and validating container images and other artifacts, ensuring they come from trusted sources and have not been tampered with before use. In this session, Guillaume from OrangeLogic will discuss their enterprise practice of using the Notary Project to secure container images during the transformation to a cloud-native approach. Attendees will learn about the challenges faced, lessons learned, and benefits of using the Notary Project. Additionally, attendees will get a deep dive into the Notary Project, covering: mission and strategy, security audit, New scenarios and Roadmap. Join this session to discover why the Notary Project is the key to a secure software supply chain. Whether you’re new to container security, an experienced professional, or interested in contributing to the Notary Project, this session is not to be missed!
Scan, patch, VEX - using open source tools to manage vulnerabilities in containers
Do you feel overwhelmed managing vulnerabilities at cloud-native scale? Keeping track of patches and exceptions can be daunting. There must be a better way to automate the process and reduce the noise.
In this talk you will learn how you can manage vulnerabilities with open source tools like Trivy and Copacetic as well as open standards like VEX. The speakers will explain the roles of the tools and the standards in your vulnerability management process and demonstrate their use in various scenarios. You will see how you can improve the vulnerability posture of your cloud native workloads in development, test and production settings. Attendees will leave the session with practical knowledge that will help them improve the security of their organizations.
Improving the security of software supply chains with Notary Project
With the release of a stable version of the signature specification and Notation tooling for signing, the Notary Project community is looking to expand its role in securing the supply chain for software. Join this session to learn more about how the current tools can help you secure the supply chain for containers and what is coming up in the future to expand to other software artifacts.
Enabling the software supply chain ecosystem with Notary Project
Securing the software supply chain involves various components and hence it requires a vibrant ecosystem. In addition, real-world organizations are constrained to using existing tools while improving security. They insist on smooth transition. Come join this session to learn how the Notary Project is designed to be extensible, enabling other CNCF projects and ecosystem tools to implement solutions for authenticity and integrity across the supply chain. It also enables enterprises to leverage their existing investments while becoming more secure. As a bonus, you will learn about exciting new features and the future plans for the project.
CloudNativeSecurityCon North America 2024 Sessionize Event
Maintainer Track + ContribFest: KubeCon + CloudNativeCon Europe 2024 Sessionize Event
KubeCon + CloudNativeCon North America 2023 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top