GitLab / PubSec & Regulated Industries

What is GitLab?

GitLab is a complete DevOps platform delivered as a single application. Learn how GitLab can help your organization deliver better products faster, work more efficiently, and reduce security and compliance risk.

Read more about our product vision: http://bit.ly/2IyXDOX

Get in touch with Sales: http://bit.ly/2IygR7z

No description provided.

No description provided.

We find ourselves in the middle of a new paradigm, forced to either work from home or be at home and not work at all. How does that affect our delivery to the mission? Can we maintain our technological advantage or deliver what we promised to our citizens in light of this new way of working?
In this Lightning Talk, we will briefly explore this new paradigm from the context of DevSecOps, that is how do we make fundamental structural changes to how we work to continue to deliver critical application enhancements and updates while working away (silo’d), from our normal office. We will discuss some tips and tricks other government agency programs have embraced to begin this new journey. In addition, we will look at software technology that enables this journey across all the stages of DevSecOps and allows silo’d teams to work seamlessly as if they were co-located.

Times have changed, the new normal is very different from the old way of supporting the mission. Are you ready to embrace this change?

Speaker: Marc Kriz

Government development teams need the ability to work seamlessly across disparate network enclaves, with all artifacts, issues, and code intact as if they were working on the same DevSecOps project. How can they accelerate their speed to mission without compromising security?

Discover how two Intelligence Community organizations empowered their teams with seamless collaboration across enclaves to dramatically increase their delivery on the mission.

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Mark Peters

Many organizations attempt adopting DevOps and Agile practices only to crash against a compliance wall such as Risk Management Framework (RMF), PCI-DSS, or even GDPR. Even Gene
After being a Product Owner on an Agile team, I transferred to a security lead, operating the RMF with an org newly committed to Agile. My team worked through a mindset change without the breakdown, incorporating small compliance goals, integrating with developers, shifting security left, and building cooperative risk ownership. This session shares my experiences incorporating an Agile workplace with U.S. Government compliance.Kim’s “The Unicorn Project'', shows a security officer experiencing a complete breakdown before becoming a DevOps enthusiast. But really, it’s not that hard.

Get in touch with Sales: http://bit.ly/2IygR7z

Speakers: Jonathan Schreiber, Ram Kailasanathan, Rand Waldron

Cloud-Native development with containers and serverless functions are being deployed at an increasing pace. This shift to cloud-native development puts more responsibility on developers to secure their applications and development toolchain. In this session, we will discuss how, where and when to apply a security-centric approach to application development. We will cover the security best practices followed within Oracle Cloud Infrastructure (OCI) as a case-study.

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Rayvn Manuel

Did you ever make a promise you were not sure you could keep? Did you ever wish someone would just tell you how to get started or offer practical tidbits of what to think about BEFORE you began implementing a new process? Learn how one agency began their DevOps journey doing the right things but focused on the short-term wins which ultimately lead to unmet expectations.

‘Getting to Minimal Viable DevOps-ness’ is the story of how the National Museum of African American History and Culture started with a blank slate and embraced their implementation challenges to develop a robust set of lessons learned and a flexible DevOps design pattern.

Get in touch with Sales: http://bit.ly/2IygR7z

While it may not be obvious, both Government and Industry face the same challenges:

- Responsiveness to changing conditions to bring new features and functions to market
- Need to keep ahead of competition / threats
- Security risks and posture
- Rapid time to deliver

Join us as Nicolas Chaillan, Chief Software Officer for the U.S. Air Force, who has been instrumental in leveraging DevSecOps in exciting new ways, highlights some of the innovations that the USAF has implemented, such as:

- Software Factory Concept
- Setting up off-base teams to address specific software requirements
- Engaging Interns and enlisted/employees in the process
- Hardened Software Images
- Repository of Government approved, hardened software
- Process to submit and obtain approval
- Best Practices in Government and Regulated industries to adopt this new paradigm of software development

80+ speakers from 20+ industries presenting over 8+ tracks: All for free. Belong to a community of people passionate about DevOps.

Speaker: Nicolas Chaillan - Chief Software Officer, US Air Force

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Anshuman (Andy) Patel

The ability to have the most recent, updated information at the tactical edge—where there is no or intermittent network connectivity—can save lives or cause the loss of a battalion. Constantly updated evolutionary data in the form of “DevSecOps in a Box” can enable operations at the tactical edge and give the ability to modify any application to fit an environment, updating intermittently when a network is established. Warfighters, airmen, marines, sailors, and other sectors of the military rely heavily on this capability.

Learn how tactical applications like logistics, cyber, information gathering, and ISR are using offline capabilities for DevSecOps to meet field requirements securely and reliably.

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Saumya Upadhyaya

Compliance requires organizations to adopt processes that help them adhere to regulatory and legal requirements. Often, these processes are costly, manual, and cumbersome to implement and maintain. Even organizations that are advanced in compliance maturity still maintain processes within spreadsheets, file storage systems (such as Google Drives or Dropbox) ,and emails—making wading through the documentation required to prove compliance extremely painful.

The good news is that it does not have to be so overwhelming. GitLab can make compliance management friendly, straightforward, and as frictionless as possible.
Learn how GitLab can help make your compliance initiatives seamless:
* Why is achieving compliance so difficult?
* Prerequisites for building your compliance program
* Achieving compliance success with GitLab

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Ben Allison

While the information security space is constantly changing, the United States Army training enterprise operates on a three-year curriculum update cycle. At its inception, the U.S. Army Cyber School recognized this challenge and created a streamlined courseware process using Git to track all instructional material as code. Rather than office documents and static virtual machine snapshots, the school uses markup languages to define instructor and student material, slide decks, and facilitation guides linked to code-driven frameworks to define all training networks, workstations, and activities.

Learn how the Cyber School reduces effort and increases efficiency and transparency necessary to maintain their curriculum relevance and currency.

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Trishank Karthik Kuppusamy

CI/CD is critical to any DevOps operation today, but when attackers compromise it, they get to distribute malicious software to millions of unsuspecting users. We present how Datadog used TUF and in-toto to develop, to the best of our knowledge, the industry’s first end-to-end verified pipeline that automatically builds integrations for the Datadog agent. That is, even if this pipeline is compromised, users should not be able to install malware. We will show a demonstration of our pipeline in production being used to protect users of the Datadog agent, and describe how you can use TUF + in-toto to secure your own pipeline.

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Keith Rhea, Tim Jones

Let’s talk about compliance—just the word makes people either want to fall asleep or worse, run and hide. Between the development process and the cycle of endless audits, it’s no wonder that people try to avoid this topic at all costs. However, it’s clear that in order to move toward cloud migration and modernization, public sector organizations must transform their existing processes to obtain an Authority to Operate (ATO). In this talk, we’ll walk through the process of how implementing automation took our federal customer from an average ATO time of an average of 3-4 months per application to only 1-2 weeks, and more importantly, why Gitlab is the superior tool to help us do that.

Not a federal customer? That’s ok, too. Managing policy through automation is an important way you can more easily pass any regulatory audit like PCI DSS, HIPAA, and more!

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Liran Haimovitch

Do you have experience with security in your software development process but none at all with compliance? Join this session to hear our journey as we set out to become SOC-2 compliant.

Armed with very little public documentation on how to become SOC-2 compliant, we built SOC-2 procedures around Agile software development and DevOps patterns such as CI/CD and GitOps. Although it typically takes about a year to complete SOC-2 compliance, we obtained certification in less than six months.

You will learn how Agile processes and DevOps can address and outperform traditional methods for managing security and compliance. This talk will empower you to tailor your enterprise compliance needs to your desired software development process.

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Leonn Paiva

The Brazilian Federal Public Ministry has evolved its deployment strategy from a basically manual approach with few automations to a fully automated, continuous delivery strategy based on GitLab, Docker, and Kubernetes.

Learn about their DevSecOps Flow, which includes test automation, source code quality assurance, deployment tests, automation of Docker container builds, and deployment in Kubernetes clusters. See how security requirements are validated during the continuous delivery process by validating vulnerabilities in the source code (static analysis) and security scanning of Docker images...all created exclusively with open source tools.

Get in touch with Sales: http://bit.ly/2IygR7z

Like many large public sector organizations, the National Security Agency (NSA) had a volunteer-led source code repository running on old hardware. Through a team of passionate developers, the NSA developed a public-private partnership with GitLab and Amazon Web Services (AWS). Through this partnership, NSA migrated from on-premises hardware to AWS. This effort involved refactoring a non-version controlled environment to a version controlled, fully automated deployment strategy using Infrastructure-as-Code. The migration leveraged AWS managed services to drastically improve the reliability of the service, in order to provide the performance and stability the NSA’s mission requires. Join this talk to learn about NSA’s DevOps journey and the technology they used along the way.

Speaker:
Eric Mosher - Technical Lead, NSA

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Edmond Kuqo

Currently, many government organizations use multiple tools and platforms to accomplish their cost, schedule, and performance activities. Consequently, developers waste time tracking their work across different platforms and on tool integration as well as on how they operate when they should be focusing on the product delivery that supports the mission.

Discover how NIWC Atlantic is introducing and driving adoption of GitLab as their all-inclusive platform for DevSecOps development Navy-wide and how they are overcoming the government infrastructure deployment challenges of:
* GitLab 13.x via AWS and integration with the RedHat OpenShift Container Platform
* Deployment of HA and AutoScaling in AWS

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Brandon Dewitt

Do you have experience with security in your software development process but none at all with compliance? Join this session to hear our journey as we set out to become SOC-2 compliant.

Armed with very little public documentation on how to become SOC-2 compliant, we built SOC-2 procedures around Agile software development and DevOps patterns such as CI/CD and GitOps. Although it typically takes about a year to complete SOC-2 compliance, we obtained certification in less than six months.

You will learn how Agile processes and DevOps can address and outperform traditional methods for managing security and compliance. This talk will empower you to tailor your enterprise compliance needs to your desired software development process.

Get in touch with Sales: http://bit.ly/2IygR7z

Speaker: Frank Ford

Public cloud is great. We love public cloud. But sometimes, regulatory, company compliance, and legal restrictions necessitate an on-prem solution.

This session will explore ways to remain compliant with an on-prem solution while you work through your organization’s public cloud challenges. Using GitLab and Kubernetes allows for workload portability that will enable a simple transition once your organization gives the green light.

Get in touch with Sales: http://bit.ly/2IygR7z

Discover how the US Government uses GitLab for collaboration across enclaves, enabling mission critical work among teams with different classifications in disparate locations.

GitLab has always been a grassroots favorite in the developer community and many GitLab installations are championed and adopted by developers and IT departments. While it’s easy to start coding in a small team and create products with all the integrated features of GitLab, it takes planning and effort to align with an existing enterprise.

Discover:
- Hurdles for pushing GitLab company-wide
- How GitLab fits into the bigger picture of an enterprise organization
- Why it’s so hard to scale in a heavily regulated environment

In this talk by DevOps Engineer Joost Evertse, learn how companies of all sizes--start-ups to large institutions to organizations in cloud environments--have scaled GitLab to transform their businesses.

Slide deck: https://drive.google.com/file/d/1EH3t4avMGiYROnETRE6u100Ej5Ayy91T/view?usp=sharing

Read more about our product vision: http://bit.ly/2IyXDOX

Learn about FOSS & GitLab: http://bit.ly/2KegFjx

Get in touch with Sales: http://bit.ly/2IygR7z

Have disparate, distributed teams? A plethora of tools, processes, and development practices? Silos of people and data with obstacles to communication and knowledge transfer?

Learn how SRI rapidly transitioned over 2,500 projects across 350+ groups to radically improve their development practices, CI, artifact delivery, and client collaboration.

See how they:
- Lead by example to increase GitLab adoption
- Educate internal teams and clients on best development practices
- Continually improve operational efficiencies and delivery through cultural and organizational transformation
- Meet compliances for heavily regulated environments

In this talk, SRI International Software Engineer Roland Heusser offers valuable practices for undergoing rapid transition. Take away tips to improve delivery practices and visibility throughout your SDLC.

Slide deck: https://drive.google.com/file/d/1kVE7uXORokJtDq-9Q5us2iKGcXSI4fGm/view

Read more about our product vision: http://bit.ly/2IyXDOX

Learn about FOSS & GitLab: http://bit.ly/2KegFjx

Get in touch with Sales: http://bit.ly/2IygR7z

The U.S. Department of Energy has many authentication systems, and even more disjointed GitLab instances. In order to securely run CI jobs in this environment, they needed more fine-grained user access control than GitLab provided. In this talk, David Nicholaeff, a mathematician with the U.S. Department of Energy, walks through the technical details of developing and deploying federated auth as well as extending zero trust data zones and automation for GitLab. Additionally, he will share some insights on the process of contributing to GitLab as they have decided to open source the code and contribute it upstream.

Link to referenced issue/more info: https://gitlab.com/gitlab-org/gitlab/issues/33665

Read more about our product vision: http://bit.ly/2IyXDOX

Learn about FOSS & GitLab: http://bit.ly/2KegFjx

Get in touch with Sales: http://bit.ly/2IygR7z

Join Bill Nystrom, CTO of Air Combat Command Directorate of Communications, Harold Smith III, Co-Founder and CEO of Monkton, Pradeeb Chhabra, Director, Security Engineering at Capital One, and John Jeremiah, Product Marketing Leader at GitLab in a panelist discussion around improving your speed to market in a highly regulated environment.

Hear about upcoming webcasts: https://bit.ly/2U9ACfv

Read more about our product vision: http://bit.ly/2IyXDOX

Learn about FOSS & GitLab: http://bit.ly/2KegFjx

Get in touch with Sales: http://bit.ly/2IygR7z

Tom Suder, President and Founder of ATARC, Leo Garciga, Chief of JD-OI6 and Chief Technology Officer for the JIDO/DTRA, Rob Brown, Division Chief and Senior Solutions Architect with Infrastructure Enterprise (EID) at USCIS, and John Jeremiah, Subject Matter Expert at GitLab discuss what powerful impact DevOps is having on the Federal government and how DevOps can power your speed to mission.

Register for upcoming webcasts: https://bit.ly/2vUMzYb

Read more about our product vision: http://bit.ly/2IyXDOX

Learn about FOSS & GitLab: http://bit.ly/2KegFjx

Get in touch with Sales: http://bit.ly/2IygR7z