DevSecOps Day @ RSAC 2018 San Francisco

April 16, 2018


DevOps Connect: DevSecOps Day @ RSAC 2018

Moscone South Level 3

Monday, April 16, 2018

RSAC 2018 & Security Boulevard are excited to announce the 4th annual DevOps Connect: DevSecOps Day @ RSAC 2018. Once again DevSecOps Day @ RSAC will take place on the Monday of RSAC week, April 16th. This year DevSecOps Day will be held Moscone South Level 3.


DevOps Connect: DevSecOps Day is free to all RSAC badge holders

Here is a code for a free DevSecOps Day/RSAC expo pass badge or $100 dollars off a full pass:

You can register using the codes above at:

DevOps Connect: DevSecOps Day Schedule & Agenda - Monday, April 16

DevOps Connect: DevSecOps Day will kick off at 9am at the Moscone South Level 3 on Monday April 16th. Sessions will run until 4pm that day with a 45 minute lunch break (lunch is not included) and two refreshment breaks through the day. Full schedule of sessions and speakers details are here:

Start End Session Title Speakers Host
9:00 9:05 Welcome and Introductions Alan Shimel
Co-founder, Editor-in-Chief, & Security Boulevard
Mark Miller
Senior Storyteller and DevSecOps Advocate, Sonatype
Alan Shimel/Mark Miller
9:05 9:55
Security is the Center of a DevOps World
Shannon Lietz
Director, DevSecOps, Intuit
Paula Thrasher
Director of Digital Services, CSRA
Caroline Wong
Vice President of Security Strategy, Cobalt
Mark Miller

Senior Storyteller and DevSecOps Advocate, Sonatype

10:00 10:25
Evolving Your Security Mindset to Embrace DevSecOps
Bankim Tejani
Sr. Manager, Digital Product Security, Under Armour
James Wickett

Head of Research at Signal Sciences

10:25 11:15 Break Break Break
11:15 11:40
Fannie Mae’s Journey to DevSecOps
Chitra Elango
Cyber Security Manager , Information Security, Fannie Mae
John Willis

Vice President of Devops and Digital Practices, SJ Technologies

11:45 12:10
Release the Monkeys!” and Reduce Enterprise Risk with DevSecOps
DJ Schleen
DevSecOps Evangelist, Aetna
Shannon Lietz

Director, DevSecOps, Intuit

12:10 01:30 Lunch Lunch Lunch
01:30 01:55
Driving Security through ReUse in Mission Critical Applications
Colin Wynd
Vice President of Common Services, Federal Reserve Bank of New York
Jonathan DeRose
Assistant Vice President, Federal Reserve Bank of NYC
Derek Weeks

VP and DevOps Advocate, Sonatype

02:00 02:25
Managing Cyber Risk while Modernizing the Gaming Business
Lee Hsiao
Director of information systems Bandai Namco
Mike Kail
Cybric’s Chief Technology Officer
Damon Edwards

Co-Founder and Chief Product Officer, Rundeck

02:30 02:55
Zero to Ninety in Securing DevOps
J. Wolfgang Goerlich
VP for strategic security programs, CBI
Courtney Kissler

Vice President of Digital Platform Engineering, Nike

03:00 03:20 Break Break Break
03:25 03:50
Eat Your Veggies and Prevent Vulnerabilities
Anaf Durrani
IT Director, DevOps, Product Engineering, Quality Engineering, Cigna
Chris Lockery
Deputy Chief Information Security Officer (CISO) at Cigna
Mark Miller

Senior Storyteller and DevSecOps Advocate, Sonatype

03:55 04:30
DevSecOps – It’s a People Thing (Panel)
Stephanie Derdouri
Director Vulnerability Management, Information Security, Fannie Mae
Sandra Escandor-O’Keefe
Security Engineer at Fastly, Fastly
Jayne Groll
CEO, DevOps Institute
Chenxi Wang
Founder, The Jane Bond Project
John Willis

Vice President of Devops and Digital Practices, SJ Technologies

Alan ShimelCo-founder, Editor-in-Chief, & Security Boulevard

Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.

Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.

Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.

Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded and then the DevOps Institute. is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.

Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience. His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.

Anaf DuraniIT Director, DevOps, Product Engineering, Quality Engineering, Cigna - Health Services
My goal is to change the way we deliver business value. My teams do this by automating the software supply chain and deal with people who don’t want to change. I am an engineer at heart and by leveraging this experience, have been able to drive change across a 5000 person organization by starting small and then scaling.

I began my career as an engineer at Motorola working on the push to talk Nextal product. I Moved to, where I deploy call centers and led projects that provided a consistent digital experience. I also played a few roles in Quality Engineering and Product Development. I then, joined Cigna to lead their DevOps journey.

Bankim TejaniSr. Manager, Digital Product Security, Under Armour
Bankim Tejani has conducted security research, assessments, training, and consulting for over a decade. His recent focus is on helping companies and government agencies integrate application security and static analysis into their software development life cycles (SDLC). Tejani is an active member of the Austin Open Web Application Security Project (OWASP) and co-founder of the Agile Austin Security SIG.
Caroline WongVice President of Security Strategy at Cobalt (
Caroline’s close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga. She is a well known thought leader on the topic of security metrics and has been featured at industry conferences including RSA (USA and Europe), OWASP AppSec, and BSides.

Caroline was featured as an Influencer in the 2017 Women in IT Security issue of SC Magazine and has been named one of the Top Women in Cloud by CloudNOW. She received a 2010 Women of Influence Award in the One to Watch category and authored the popular textbook Security Metrics: A Beginner’s Guide, published by McGraw-Hill in 2011. Caroline graduated from U.C. Berkeley with a B.S. in Electrical Engineering and Computer Sciences and holds a certificate in Finance and Accounting from Stanford University Graduate School of Business.

Chenxi WangManaging General Partner, Rain Capital
Dr. Chenxi Wang is the founder of the Jane Bond Project, a Cybersecurity consultancy. She is a strategic partner at IT Security Planet and serves on the advisory board of various startups. Previously, Chenxi served as the Chief Strategy Officer at Twistlock, responsible for corporate strategy and thought leadership.

Chenxi is the 2016 & 2017 program co-chair for Security & Privacy at the Grace Hopper Conference and was named by SC Magazine as a 2016 Women of Influence. Prior to Twistlock, Chenxi built an illustrious career at Forrester Research, Intel Security and CipherCloud. At Forrester, Chenxi covered mobile, cloud and enterprise security, and wrote many hard-hitting research papers. At Intel Security, she led the ubiquity strategy that spans both hardware and software platforms.

Chenxi started her career as a faculty member of Computer Engineering at Carnegie Mellon University. Chenxi is a sought-after public speaker and a trusted adviser for IT executives. She has been quoted/featured by New York Times, Wall Street Journal,, Fox Business News, Bloomberg, Dark Reading and many other media outlets. Chenxi holds a Ph.D. in Computer Science from the University of Virginia

Chitra ElangoCyber Security Manager , Information Security, Fannie Mae
Chitra Elango is a Senior Cyber Security Manager leading the Application Security program at Fannie Mae. Before moving into Application Security field, she had 15+ years of experience as a software developer, which gives her insight into how development teams operate at Fannie Mae. This enabled her to play a key role in introducing security to the existing service delivery pipeline and establishing a true DevSecOps model at Fannie Mae that supports greater business agility and provides assurance in the overall security of the delivered product.

Chitra was a driving force in aligning software security and business needs by empowering and enabling developers to identify software security vulnerabilities during active development cycles.


Chris LockeryDeputy Chief Information Security Officer (CISO) at Cigna
Colin WyndVice President of Common Services, Federal Reserve Bank of New York
Colin Wynd is the Vice President & Head of Common Services at the Federal Reserve Bank of New York and has responsibility overseeing multiple teams including the development of Common Micro-Services, Frameworks, Digital Experience, DevOps, Engineering and Enterprise Data Management. Common Services acts as an internal software company within the Federal Reserve Bank of New York and provides products, services, consulting and training to various groups within the Federal Reserve System. The group is responsible for changing the way the Federal Reserve System thinks about building and delivering applications.

Colin is also a frequent speaker at various industry events. Previously Colin was a partner in TRG, a boutique consulting firm in New Jersey, focused on delivering solutions to a variety of businesses based in the tri-state area. He started his career at Hewlett-Packard in the UK. Originally from Scotland, Colin holds a B.S in Computing Science from the University of Glasgow.

Courtney KislserVice President of Digital Platform Engineering, Nike
Courtney is the Vice President of Digital Platform Engineering at Nike. Her teams are accountable for building a re-usable seamless platform to power Nike Direct to Consumer experiences. She is leading the teams accountable for core commerce services, user services, consumer data engineering and global retail solutions.

Prior to that, Courtney was the VP of Retail Technology at Starbucks. She was accountable for the global POS and retail store technology experiences. Prior to Starbucks, Courtney spent 14 years at Nordstrom with her last role being the Vice President of E-Commerce and Store technologies where she drove a technological transformation essential for outpacing the demands of today’s Omnichannel consumers. She was accountable for program management, delivery, and support for all customer facing technologies including in-store, Web, and mobile touch points. Courtney joined Nordstrom as a security engineer in 2002 and held a variety of leadership roles across the technology organization.

Courtney is a graduate of Eastern Washington University with a B.S. in Computer Information Systems and worked at two startups, CyberSafe and WorldStream Communications, prior to joining Nordstrom.


Damon EdwardsCo-Founder and Chief Product Officer, Rundeck
Damon Edwards is a Co-Founder and Chief Product Officer of Rundeck, Inc., the makers of Rundeck, the popular Operations as a Service platform. Damon Edwards was previously a Managing Partner at DTO Solutions, a DevOps and IT Operations improvement consultancy. Damon has spent over 15 years working with both the technology and business ends of IT operations and is noted for being a leader in porting cutting-edge DevOps techniques to large enterprise organizations. Damon is a frequent conference speaker and writer who focuses on DevOps and operations improvement topics. He is active in the international DevOps community, including being a co-host of the DevOps Cafe podcast, an early core organizer of the DevOps Days conference series, and a content chair for Gene Kim’s DevOps Enterprise Summit.
Derek WeeksVP and DevOps Advocate, Sonatype
Derek is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies and sustain long-lasting competitive advantages. He currently serves as vice president and DevOps advocate at Sonatype, creators of the Nexus repository manager and the global leader in solutions for software supply chain automation.

Derek is the co-founder of All Day DevOps — an online community of 40,000 IT professionals, and the lead researcher behind the annual State of the Software Supply Chain report for the DevOps industry. In 2018, Derek was recognized by as the “Best DevOps Evangelist” for his work in the community.

DJ SchleenDevSecOps Evangelist, Aetna
DJ is a DevOps Security Architect at a large healthcare organization, assisting them though their journey of digital transformation and containerization. He specializes in automating security controls in DevOps environments and is a hacker by training – doing significant R&D work in mobile Security, ethical Hacking and penetration Testing.

As an expert in Application Lifecycle Management (ALM) and ITIL, DJ has worked to streamline development pipelines for many Fortune 100 organizations He is active on the speaker circuit and most recently gave a talk at RSAC 2017 in San Francisco that focused on security automation and the advantages of continuous delivery.



J. Wolfgang GoerlichVP for strategic security programs, CBI
J Wolfgang Goerlich provides strategic guidance for securing development and DevOps programs in the healthcare, education, financial services, and energy. He is currently with CBI, a cyber security consultancy, as the VP for strategic security programs. Wolfgang also leads the CBI Academy teams, providing mentoring and coaching to the junior-level talent. Prior roles included VP for a managed security services provider, VP for an IT firm specializing in high speed high secure networks, and IT security officer and manager for a financial services firm. He is an active part of the security community; co-founding the Converge Detroit and organizing the BSides Detroit conferences. Wolfgang regularly advises on and presents on the topics of secure development life cycle, DevOps, risk management, incident response, business continuity, and more.
James WickettHead of Research at Signal Sciences
James Wickett is the Head of Research at Signal Sciences, a web protection platform that high performing DevOps teams love. He is the author of the most popular courses on DevOps topics in the and LinkedIn Learning platforms. James lives in Texas and has helped run DevOps Days Austin for the last six years. In his spare time he is trying to make a perfect BBQ brisket. Follow him @wickett @signalsciences
John WillisVice President of Devops and Digital Practices, SJ Technologies
John Willis is Vice President of Devops and Digital Practices at SJ Technologies. Prior to SJ Technologies, John was Director of Ecosystem Development for Docker, he joined Docker when the company he co-founded (SocketPlane, which focused on SDN for containers) was acquired in March 2015.

Prior to founding SocketPlane in Fall 2014, John was the Chief DevOps Evangelist at Dell, which he joined following the Enstratius acquisition in May 2013. He has also held past executive roles at Opscode/Chef and Canonical/Ubuntu. John is the author of 7 IBM Redbooks and is co-author of the “Devops Handbook” along with authors Gene Kim, Patrick Dubois and Jez Humble.

The best way to reach John is through his Twitter handle @botchagalupe.


Jonathan DeRoseAssistant Vice President, Federal Reserve Bank of NYC
Jonathan R. DeRose is a Solution Delivery Officer in the Technology Group at the Federal Reserve Bank of New York. His current responsibility is within Common Services, overseeing development of Common Components & Frameworks, Development Services, and User Interface/Experience.


Lee HsaioDirector of information systems Bandai Namco
Lee Hsaio has been the director for information systems at Bandai Namco for over 17 years. He is responsible for security and operations and has been recently focused on accelerating Bandai Namco’s DevOps and DevSecOps efforts. This includes strategy, tool rationalization and ensuring security is tightly integrated into the development tool chain. He holds a degree from Washington University in St. Louis.
Sandra Escandor-O’KeefeSecurity Engineer, Fastly
Sandra Escandor-O’Keefe is a Security Engineer at Fastly, where she conducts security reviews for core infrastructure, and analyzes the design of the network to help ensure that Fastly can provide a secure edge for the biggest online platforms in the world. Before joining Fastly, Sandra was a software developer with experience in low-level software development using C/C++. Sandra has a B.Eng in Electrical and Biomedical Engineering from McMaster University.


Mark MillerSenior Storyteller and DevSecOps Advocate, Sonatype
I build massive online community projects. The most recent project is as co-founder of All Day DevOps, with 32,927 registrations.

Malcom Gladwell would call me “A Connector”. Wherever I go, one of the things I am most happy with is the ability to introduce people to each other, making connections where they didn’t previously exist. I’ve done this on every continent in the world as part of an ongoing desire to see connections where other people see differences.

My main expertise is in developing and supporting live online communities built around specific market verticals. These online communities bleed over into the real world, where relationships are strengthened and expanded. I look forward to becoming a part of your network.

Mike KailCybric’s Chief Technology Officer
Mike Kail is Cybric’s Chief Technology Officer. Previously, he served as Yahoo’s CIO and SVP of Infrastructure and as VP of IT Operations at Netflix. He has been recognized widely for his insightful industry commentary on Twitter, and was named by the Huffington Post as one of the “Top 100 Most Social CIOs on Twitter.” He holds a B.S. in Computer Science from Iowa State University.
Paula ThrasherDirector of Digital Services, CSRA
Paula is the Director of Digital Services at CSRA and leads the Agile, Testing, User Experience and DevOps centers of excellence delivery organizations. She has over 18 years’ experience in information technology and works in the federal market leading agencies and teams towards Agile and DevOps. Paula’s first Agile project was in 2001, since then she has led 20+ programs and projects as an Agile developer, technical lead, Scrum master, or Agile coach. Her teams have helped three separate federal agencies migrate applications to Amazon AWS GovCloud, and done some other amazing DevOps ninja work along the way.

Improvements experienced on Ms. Thrasher’s current program include increasing quantity of deployments by 220%, completing 18 months of backlog in 12 weeks, increasing quantity of features delivered by 30%, and using increasing automation around test and verification to accomplish 6 FTE worth of testing effort per 1 FTE. Last year she co-authored the paper Tactics for Leading Change with other industry leaders for IT Revolution and the DevOps Enterprise Forum.

Paula holds a B.S. in Statistics from Carnegie Mellon University and is a Certified Scrum Master (CSM) and a Project Management Professional (PMP), but prefers learning new things through experience and working with smart people.


Shannon LietzDirector, DevSecOps, Intuit
Award winning leader in security innovation with experience developing emerging security programs for Fortune 500 companies: Intuit, ServiceNow, Sony, Sempra Energy, Savvis, Cable and Wireless, 99 Cents Only, Exodus, Bank of America, among others internationally. Received the Scott Cook Innovation Award in 2014 for developing and cultivating a world class Cloud Security Program that allows for sensitive data to be protected in AWS.

Ms. Lietz is currently the Director of DevSecOps for Intuit where she is responsible for setting and driving the company’s Cloud Security Strategy, Roadmap, and full-scale Program in support of corporate innovation. She has previous experience as a Master Security Architect, an Entrepreneur, and often volunteers to educate on security topics. Ms. Lietz is a passionate DevSecOps and Rugged evangelist.

Stephanie DerdouriDirector Vulnerability Management, Information Security, Fannie Mae
Stephanie Derdouri operates as Fannie Mae’s Director of Vulnerability Management, ensuring the organization is protected against information security vulnerabilities that could jeopardize Fannie Mae’s mission of providing support to homebuyers. Derdouri oversees Fannie Mae’s Application Security (AppSec) and the Vulnerability Threat Management (VTM) teams that perform application security assessments, vulnerability scanning, and facilitate network penetration and data exfiltration testing.

Experience: Previous to her time at Fannie Mae, Stephanie worked for a.i. Solutions and led the NASA Headquarters Risk Management and Federal Compliance Team to develop and apply strategies to manage cybersecurity risks. She has also worked as a Security Analyst for the U.S. Department of Justice, where she honed and exercised her expertise in information security and vulnerability management.

Education: Derdouri has earned a Bachelor of Science degree in computer science from The George Washington University and a master of science in information systems engineering from Johns Hopkins University.

No Wine-ing DevSecOps Cocktail Party - Monday 4:30pm @ Jillians

Following the day sessions, the 5th annual No Wine-ing DevSecOps Cocktail party will take place @ Jillians, San Francisco, 4:30pm till 6pm, down the block from the Marquis. Registration for the No Wine-ing event is required and attendance is free. Register here.

DevSecOps: The Road to Better, Faster and Stronger - Tuesday 11:45am @ Jillians

The DevSecOps: The Road to Better, Faster and Stronger – Panel and Luncheon, featuring an all star lineup of DevSecOps experts will take place on Tuesday, April 17th, 11:45am, again @ Jillians. The panel will be based on the 2nd annual Security @ the Speed of DevOps reports by George Hulme. Once again admission and lunch are free, but registration is required. Printed copies of the report will be available to attendees. Register Now.

Sponsorships Available

Sponsorships for DevOps Connect: DevSecOps Days @ RSAC 2018 are almost sold out. There are just a few sponsorships open. If interested write to