Tracy
Ragan
CEO at DeployHub
"Winning the Cybersecurity War: Integrating Offensive and Defensive Tactics to Secure the Software Supply Chain"
"Winning the Cybersecurity War: Integrating Offensive and Defensive Tactics to Secure the Software Supply Chain"
Don’t miss out and join visionaries, innovators, and thought leaders from all over the world at the Women in Tech Global Conference.
Vote by Sharing
Unite 100 000 Women in Tech to Drive Change with Purpose and Impact.
Do you want to see this session? Help increase the sharing count and the session visibility. Sessions with +10 votes will be available to career ticket holders.
Please note that it might take some time until your share & vote is reflected.
Session: Winning the Cybersecurity War: Integrating Offensive and Defensive Tactics to Secure the Software Supply Chain
Modern software development increasingly depends on open-source components, accelerating innovation but dramatically expanding the attack surface. High-profile supply chain compromises and the prolific growth in open-source vulnerabilities have exposed a critical gap: traditional vulnerability scanning alone cannot defend complex software supply chains. Security teams must adopt an integrated approach that combines offensive tactics (pre-deployment actions) with defensive tactics (post-deployment detection and real-time remediation) to effectively mitigate risk.In this session, Tracy Ragan, CEO of DeployHub and a recognized leader in DevSecOps and software supply chain hardening, will guide attendees through a practical framework for understanding and operationalizing this integrated approach. Drawing from real-world enterprise DevSecOps experience, Tracy will demonstrate:
• Why offensive tactics (e.g., SCA, Repository Scanning) are essential to uncover open-source package vulnerabilities before deployment
• How defensive tactics (continuous post-deployment detection and auto-remediation) reduce MTTR from months to days
• Suggested open-source security tooling and new organizational approaches needed to shorten the time between discovery and remediation.
Attendees will leave with actionable strategies for reducing mean time to remediation (MTTR), closing visibility gaps in the software supply chain, and transforming security from a gatekeeping function into an enabler of rapid, secure software delivery.
Key Takeaways
- Understand the Dual Threat Landscape: Learn how offensive and defensive cybersecurity tactics work together to secure modern software supply chains and, critically, how this combined approach builds long-term trust in open-source software.
- Practical Playbooks: Gain concrete, actionable steps for adding defensive tactics directly into the software factory floor, reducing threat response times and minimizing risk without disrupting developer velocity.
- Places to Learn: Leave with curated resources, guides, and community entry points to continue learning, deepen expertise, and engage with open-source security and DevSecOps initiatives.
- Join an Open-Source Community: Understand how to get involved in open-source projects, where to start, how to contribute meaningfully, and how participation builds skills, confidence, and leadership opportunities, especially for women entering cybersecu
Bio
Tracy Ragan is the CEO and co-founder of DeployHub and a well-known leader in software delivery and security. She currently serves on the OpenSSF Technology Advisory Committee and the Continuous Delivery Foundation (CDF) Technology Oversight Committee, and has previously served as a governing board member of the OpenSSF. Tracy has co-founded two companies in the software supply chain space, OpenMake Software and DeployHub, where she serves as CEO. Earlier in her career, she also helped establish the Eclipse Foundation, reflecting her long-standing commitment to open-source software, secure software delivery, and industry collaboration. Learn more: https://www.linkedin.com/in/tracy-ragan-oms/