Remember the X-Files television show? Dana Scully was one of the main characters - a brilliant FBI agent who worked on unsolved cases involving paranormal phenomena. Often skeptical of the supernatural, she was always willing to keep an open mind, and she was also a great role model. 

She inspired many women in Technology, one of them being Lauren Hanford. Scully’s inspiration led Lauren into the field of Criminal Justice and Chemistry, and then she made a pivot into Computer Science, and Design. The catalyst being a desire to make doing homework easier.  

It’s funny how technology always finds us. 

Lauren has been a part of the open source community for years, and has a massive understanding of the space.

Recently, she brought the TACOS framework (Trusted Attestation and Compliance for Open Source) to the community to help assess the secure development practices of open source software. It’s a perfect companion to a software bill of materials. 

…and the name? It’s a nod to GUAC and to SLSA.  

Welcome back, to daBOM

There's no better way to get to know someone than staying awake for 24 hours straight while moderating sessions of the world's biggest virtual DevOps conference - All Day DevOps. It's One of the many times I've gotten to spend with Hasan Yasar over the years. 

We were hunkered down in an office in Tyson's Corner, just outside of Washington, DC, broadcasting throughout the day to an audience spanning the world, introducing some of the world's most talented minds before they shared their stories.

Hassan and I met back in 2017 when we were both speaking at DevOps Connect at RSA, and I was floored at the wealth of knowledge he had about DevSecOps. He's done the research, knows the practice, and has the mind of an architect. 

Hassan isn't only a speaker in the community, though, he's also an organizer of events such as DevSecOps Days Istanbul, DevSecOps Days Tokyo, and one very memorable panel I was on at an event hosted by the Software Engineering Institute at Carnegie Mellon University. Hassan placed me on a panel beside Brigadier General Greg Tohill in front of an audience of military personnel to discuss DevSecOps. 

I will never forget fielding a question with General Tohill from a member of the Air Force. They asked "how do you fail fast with a ballistic missile?" 

" You better have some good simulators."

When Hassan and I caught up again at the RSA conference this year, our conversation turned to the topic of Software Bill of Materials and how they fit into the SDLC. 

... and then Hassan started talking about how we could shift them extremely far left... 

Welcome back, to daBOM.

I'll never forget the day I met Tracy, although I really think we were actually separated at birth. We were scheduled to be on a podcast together and after introducing ourselves to each other in the call lobby, we began a discussion that most likely would've gone on forever at the host, not interrupted us to get the show started.

It turns out we both have similar passions in the DevOps, DevSecOps, and SRE spaces, and not just philosophical ideas and hoopla high fives. We've actually done it. Practical implementation of ideas that have injected security into the software we all develop. 

An architect, a programmer, a dreamer, and a visionary, she's also a strong advocate for diversity and inclusion in the technology industry, and has often shared her experiences about being a woman in technology. 

Two topics that are very close to my heart as well... 

Earlier this year, Tracy and I were brought together by Mark Miller for "It's 5:05", a podcast produced by The Sourced Network that brings snack sized news about open source and security topics to the masses on a daily basis.

From the seeds of "It's 5:05" came the opportunity for me to create this podcast. And also for Tracy to create a podcast called "Real Technologists". And if you haven't heard it, you need to. It's a brilliantly done production about the people "behind the technology". 

And speaking of real technologists, Tracy is one of them.

Welcome back, to daBOM.