TestifySec

Happy Wednesday! Help us celebrate Tanner J., our technical account manager for our public sector partners here at TestifySec. Tanner's love and deep passion for cybersecurity have been evident since his college days when a mentor introduced him to both offensive and defensive security within information technology. Graduating from Carnegie Mellon University in 2023 with a Master of Information Systems and Policy Management, Tanner quickly transitioned into his role as a Technical Account Manager at the tech startup, TestifySec. Educationally, Tanner also got his undergrad at Weber State University. At TestifySec, Tanner plays a pivotal role in supporting the US Navy's efforts to modernize combat systems through their software factory, The Forge. “Tanner’s ability to understand customer perspectives and business needs, combined with his technical capability, makes him a uniquely valuable team member at TestifySec. He has been able to quickly ramp up on Terraform and K8s, which will enable product deployment. He also played a key role in the creation of documentation for our AWS Marketplace offering.” - Robbi Kenney, Director of Channel Delivery. Tanner has had the opportunity to work on various projects, including TestifySec's #opensource efforts around #intoto, #Witness, and #Archivista, which are part of the Cloud Native Computing Foundation (CNCF) within the The Linux Foundation. He also supports the platform development team, sales engineering, marketing, and enjoys collaborating with frontline developers and teams to align efforts with customer needs. “Tanner brings a refreshing personality and go-getter attitude to everything he does,” Matt “Mohawk” Denny, Marketing & Outreach Director at TestifySec. “His ability to shift from engineering to security to business development is unparalleled. He is an asset to the team and is a fun person to work with.” Outside of work, Tanner cherishes time with his wife and one-year-old son, exploring the outdoors and dabbling in woodworking. Have you had the pleasure of working with Tanner? Share your stories below! 👇 #EmployeeSpotlight #testifysec Pictured below is Tanner, top left, with a few of his TestifySec teammates at #KubeCon last year in Chicago.

The DoD has unveiled the Fulcrum Advanced Strategic Plan, a comprehensive roadmap designed to drive growth, innovation, and operational excellence. What are your thoughts about the new DOD Strategy? We found a highlight about changes in Software Supply Chain Security Section - 1.3.6 Building Supply Chain Security Ensuring the supply chain is secured provides flexibility to accelerate the acquisition of national security systems while reducing the risk of injecting unnecessary system vulnerabilities. The document also highlights the Key Lines of Effort: 1️⃣ Provide Joint Warfighting IT Capabilities: Enhance strategic dominance with advanced, secure, and interoperable IT systems. This includes leveraging AI and machine learning to outpace adversaries and ensure superior operational capabilities. 2️⃣ Modernize Information Networks and Compute: Transition to a data-centric Zero Trust security model, optimizing the DoDIN foundation for performance and resilience. This effort aims to integrate scalable, secure IT infrastructure that adapts to modern threats. 3️⃣ Optimize IT Governance: Streamline IT governance processes to enhance efficiency and mission alignment. This involves overhauling governance tools, improving data quality, consolidating legacy systems, and accelerating IT acquisition with DevSecOps practices. 4️⃣ Cultivate a Premier Digital Workforce: Build and maintain a highly skilled digital workforce ready to deploy emerging technologies. Focus areas include continuous learning, competitive compensation, and fostering collaborative partnerships with industry and academia. #cybersecurity #dod #compliance #fulcrum

Explore the latest episode of "Cloud Unfiltered" featuring Cole Kennedy, co-founder and CEO of TestifySec, as he delves into the critical role of attestations in securing software supply chains. Learn how attestations can fortify your CI/CD pipelines against threats, ensuring compliance and integrity. Stay ahead with insights on cloud-native applications, security innovations, and open-source projects. Thanks to Outshift by Cisco for hosting us to share why we believe Everyone Deserves Secure Software. Read more or go to full recording here: https://lnkd.in/dXVAgAwE

We have THREE talks today at #cnscon! Join Frederick Kautz, John Kjell and Tom Meadows at Cloud Native Security Conference North America today to learn about a variety of software supply chain topics. Today is a day you don't want to miss for #SupplyChainSecurity. Demystify Modern Signing: Keys, Certs, and Envelopes - John Kjell, Director of #OpenSource at TestifySec. Thursday, June 27 • 11:50am - 12:25pm Ballroom 2-3 Guardians of the Dataverse: Securing the AI Supply and Data Chain - Frederick Kautz, Director of R&D, TestifySec. Thursday, June 27 • 2:45pm - 3:20pm Ballroom 2-3 The Story of Crush: The Microservice That Navigated the Cloud Native Ocean with a SPIFFE Identity - Mattias Gees, Venafi & Tom Meadows, open source engineer at TestifySec. Thursday, June 27 • 4:40pm - 5:15pm Venue: 435 Send them a message to meet up outside their talks. The Linux Foundation #cloudnative #security #intoto

John Kjell kicked off Cloud Native Security Con today as one of the #keynote speakers with his fellow #opensource advocates Brandt Keller, Marina Moore , Michael Lieberman, and ⚙️ Eddie Knight. Their topic was Tag Security, you’re it! Highlights: Contributing to the security of cloud native technologies, security best practices and how TAG can help you today. If you are in Seattle, reach out to John Kjell to chat. Frederick Kautz and Tom Meadows are also in town and all three of them have talks on Thursday. Great work team! Thanks for representing open source and TestifySec so well.

We are thrilled to join the Fintech Open Source Foundation. At TestifySec, we believe in the power of collaboration and innovation in open source communities. Joining FINOS aligns perfectly with our mission to enhance AI and application security across the financial services industry. We look forward to contributing to and growing with this vibrant ecosystem, advancing secure and compliant software practices together.

Jason R... Weiss and Tanner J. Jones are going strong at #technetcyber and had a great chat with Gregory T.,from Wiz. If you are in town, come stop by our booth to chat about attestations, #ssdf, software supply chain security and more. AFCEA International

We are excited to announce our partnership with Carahsoft. At TestifySec, we believe that everyone deserves secure software. This conviction drives our mission to ensure that every user can trust the integrity and safety of their software. In partnership with Carahsoft, we are committed to enhancing software supply chain security across all sectors. Our collaboration leverages advanced security solutions to protect against vulnerabilities and threats, making the digital world a safer place for everyone. Everyone Deserve Secure Software #carasoft #partnership #government

Meet our team in person this week at three exciting events! Catch Jason, Tanner, Cole and Matt at #TechNetCyber in Baltimore. Meanwhile, John, Tom, and Frederick will be speaking at #CNSCON in Seattle. And don't miss Cole meeting our public sector partners at #AWS Summit Washington DC. Our experts will dive into software supply chain, attestations, #intoto, #opensource, and achieving verified telemetry. Don't miss this chance to chat in person! Send us a message to connect. #security #testifysec

Our #opensource community call today reminded us of when Jesse S. from Autodesk, shared the value they have gained using #Witness and #intoto and how these tools use attestations to cryptographically prove all of your individual build steps and prove that they were known. As an #opensource project we developed, donated to #CNCF and still maintain, Witness is a major component of our enterprise supply chain security tool, JUDGE. Jesse goes on to say, "While witness an in-toto both uses in-toto attestation, with Witness you can now perform unplanned and ad hoc attestations, while still having the ability to validate them later with witness policies." "This flexibility allows for a more diverse array of pipelines, not necessarily planned in advance. Plus, Witness seamlessly integrates with another TestifySec developed open source tool, #Archivista, enabling centralized storage and querying of attestations from various sources," Jesse said as he led into the next conversation about the CI/CD pipeline. Thanks Jesse S. for being an advocate and supporter of Witness, Archivista and in-toto. This video is clipped from Jesse's full talk at Open Source Summit North America in 2023 about [Securing Your Infrastructure as Code Pipeline], which can be found on the The Linux Foundation YouTube under the same name. #Attestation #adaptive #Validation