Kevin E. Greene is public sector CTO at OpenText Cybersecurity. Prior to his current role, Kevin worked at the MITRE Corporation supporting DevSecOps initiatives for sponsors, ATT&CK research, and MITRE’s Common Weakness Enumeration program, and served as cyber research and development program manager at the US Department of Homeland Security. Kevin's research in Hybrid Analysis Mapping (HAM) helped shape and influence Gartner’s Application Security Posture Management Magic Quadrant.

He has been an outspoken public advocate of challenging the status quo in software engineering practices as well as government policies and procedures to improve cybersecurity. This episode features a wide-ranging conversation about what's broken about software security and how the concept of software resiliency can improve the industry's cyberdefense.

Christopher Crowley is an independent consultant and senior instructor at the SANS Institute, who has 20 years of experience managing and securing networks. He is considered a leading expert in building a security operations center, or SOC, and authored the SANS 2024 SOC Survey report in May, which focused on the top challenges facing security operations.

In this episode, Crowley's survey provides an entry point for a bigger-picture discussion about the last 20 years of SecOps, the pros and cons of cloud-based SOCs, the trough of disillusionment with AI and predictions for the future.

The number, magnitude and costs of cyberattacks have steadily escalated, year after year, for the last two decades as software has eaten the world. Fresh vendor products continue to proliferate to address increasingly sophisticated threats, but time-honored problems with human error, systems visibility and vulnerability remediation continue to plague security operations (SecOps) teams. When even the world's largest tech companies continue to be breached by attackers, what hope is there for everyone else that software-based security disasters won't continue to spiral? In this season of IT Ops Query, beginning on September 5, you'll hear from a range of experts about the mounting pressures of security operations, and how the tech industry can begin to relieve them.

Josh Koenig and David Strauss are co-founders at Pantheon, a platform for building and operating websites. Josh is the chief strategy officer, and David is the CTO. Open source software is a big part of the web, and Pantheon is a downstream user as well as a contributor to several open source projects. David is an early contributor to systemd, a component of Linux distributions, a member of the Drupal security team, and was a founding member of the first Fedora Server working group in 2011.

Josh and David share their views as downstream consumers of open source software as well as members of the community, touching on why enterprises don't contribute more to open source, the approach to open source policy and licensing changes by two different major vendors in Red Hat and HashiCorp, efforts to shore up the security of the web by moving to memory-safe languages, and more. Come for the industry insights, and stay for the many colorful analogies in this discussion, from tugboats to tofurkey.

Editor's Note: This episode was recorded before IBM agreed to acquire HashiCorp.

Justin Warren is founder and principal analyst at PivotNine, a technology consulting and analyst firm based in Melbourne, Australia. Until 2023, he was a board member at Electronic Frontiers Australia, a non-profit national organization representing Internet users. At KubeCon North America last year, he asked a press conference panel of enterprise IT leaders what they were doing to compensate open source maintainers "so they don't starve to death." A self-described "filthy socialist," Warren favors a tax or tax-like system for funding open source libraries that are widely used but not full-fledged products -- especially when the alternative is an offer from a malicious actor maintainers can't refuse. Together, Warren and Beth explore various approaches to shoring up the maintenance, security and sustainability of open source software and discuss the future outlook for the industry in this episode.

Emily Fox has held multiple roles at household-name organizations in her 13-year IT career and is currently senior principal software engineer at Red Hat. Previously, she worked as an engineer at Apple, and DevOps Security Lead at the National Security Agency. She also serves as chair of the CNCF's technical oversight committee and is involved in a variety of open source communities and activities.

From her unique vantage point, she addresses the delicate balance the CNCF must strike between enterprises, open source maintainers and open product companies; growing awareness about open source sustainability issues; and how all of that feeds into a general "crisis of conscience" going on in cybersecurity.

How is open source sustainability similar to the subprime mortgage crisis? And what can an episode of South Park teach us about open product business models?

Dan Lorenc has a uniquely multifaceted view of these and other questions – he worked at Google from 2012 to 2021, began contributing to open source projects in the Kubernetes community in 2016, and along the way, developed the tooling that would become the Sigstore project, which helps to verify the provenance of open source code packages. Sigstore is now governed by the OpenSSF, where Dan is a member of the Technical Advisory Council. He is also co-founder and CEO of Chainguard, a software supply chain security startup.

Find out what Dan's take is on everything from the "Tragedy of the Commons" idea itself to the government's role in open source maintenance, the CNCF's role in open products, "open source lite" licenses and what's worked for Chainguard's business so far in this episode.

Tobie Langel is Principal and Managing Partner at UnlockOpen, a consulting firm in Geneva that advises clients on working with the open tech ecosystem. Langel is a passionate advocate for open source, and in February, he gave a presentation at the­ State of Open Conference in London urging funding for open source maintainers.

Here, he discusses the distinction between open source development and open source maintenance, why open source sustainability issues persist and why $1 billion or even $10 billion per year isn't too much to ask of the global tech industry to fund open source maintenance -- especially in an age of vulnerabilities such as log4shell and ongoing software supply chain attacks.