On behalf of the Atlantic Council’s Cyber Statecraft Initiative, please join us for a virtual panel discussion about the Secure by Design (SBD) initiative from the US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday, April 25, from 1:30 to 3:00 pm ET.  

Persistent insecurity poses a threat to US national security and personal privacy alike, with businesses and end users continuing to face risks from insecure software. CISA’s Secure by Design initiative seeks to move security earlier in the product lifecycle for organizations that produce and sell software , reducing vulnerability and increasing the resilience of software to make it safer for its many users.  

In light of the initiative’s one-year anniversary, this event will discuss SBD’s progress so far and the work yet to come. Which organizations have adopted SBD principles, and what is in the way of organizations that have not? What is industry’s perspective on the most impactful and efficient principles and practices within the SBD framework with respect to security outcomes? How can CISA advance the adoption of these principles in cooperation with software developers large and small, as well as other influential ecosystem actors like cyber insurers? 

This discussion will pose the above questions to speakers including Lauren Zabierek, Senior Advisor, CISA; Jack Cable, Senior Technical Advisor, CISA; Dan Lorenc, CEO and Co-Founder, Chainguard; and Sarah Novotny, Founder, Klever Consulting. The event will also feature pre-recorded remarks from Jen Easterly, Director, CISA.

Opening remarks

Jen Easterly, Director, CISA

Jen Easterly is the Director of the Cybersecurity and Infrastructure Security Agency (CISA). She was nominated by President Biden in April 2021 and unanimously confirmed by the Senate on July 12, 2021. As Director, Jen leads CISA’s efforts to understand, manage, and reduce risk to the cyber and physical infrastructure Americans rely on every day. She is a proud Mom, a mental health advocate, a Rubik’s Cube enthusiast, and an aspiring electric guitarist. Before serving in her current role, Jen was the head of Firm Resilience at Morgan Stanley, responsible for ensuring preparedness and response to business-disrupting operational incidents and risks to the Firm. She also helped build and served as the first Global Head of Morgan Stanley’s Cybersecurity Fusion Center, the Firm’s center of gravity for cyber defense operations.

Panel discussion

Jack Cable, Senior Technical Advisor, CISA

Jack is currently a Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency, where he helps lead the agency’s work on Secure by Design and open source software security. Before CISA, Jack worked as a TechCongress Fellow for Senator Gary Peters, advising on cybersecurity policy, including election security and open source software security. Jack previously was a Security Architect at Krebs Stamos Group. Jack studied computer science at Stanford, where he worked as a researcher with the Stanford Empirical Security Research Group and the Stanford Internet Observatory. 

Dan Lorenc, CEO and Co-Founder, Chainguard

Dan Lorenc is co-founder and CEO of Chainguard, a leading software supply chain security company. Dan has been working on and worrying about containers since 2015 as an engineer and manager. He started projects like Minikube, Skaffold, and Kaniko to make containers easy and fun, then got so worried about the state of OSS supply-chains he partnered up with Kim and others to found the Tekton and Sigstore projects to make it easier to build and use containers securely, as well as SLSA to create a common language for software security and supply chain integrity. He has been involved with the Cloud Native Computing Foundation, chaired the Continuous Delivery Foundation technical oversight committee, and sits on the governing board and technical advisory committee for the OpenSSF.

Lauren Zabierek, Senior Advisor, CISA

Lauren Zabierek is a Senior Advisor in the Cybersecurity Division at CISA with over twenty years in national security. Previously, she served as the Executive Director of the Cyber Project at the Harvard Kennedy School’s Belfer Center, where she ran a policy-relevant research program and managed students and nonresident fellows. She came to that role as a 2019 graduate of the Kenney School’s midcareer MPA program. Her previous experience includes working at an early-stage cybersecurity startup, serving as a civilian intelligence officer, and serving in the US military. Lauren is also the co-founder of the online movement #ShareTheMicInCyber, a mentor, and fellow at New America and the National Security Institute. 

Sarah Novotny, Founder, Klever Consulting

Sarah Novotny is a technology executive with pioneering leadership in open source, cloud computing, infrastructure automation, and big data.  Her more than 25-year career has focused on leading technical operations and development teams as well as engaging in external-facing work such as developer relations, marketing, sales engineering, and more. She worked with the Microsoft Azure Office of the CTO and also led an Open Source Strategy group for Google Cloud Platform, where she grew the Kubernetes open source project leadership while representing Google during the founding of the Cloud Native Computing Foundation. Sarah has represented both Google and Microsoft on the Linux Foundation Board of Directors, and during her tenure at Google as a Node.js Foundation Director she led a merger between the Node.js Foundation and the JS Foundation, which together now host more than thirty projects under the combined entity Open JS Foundation.

Moderated by

Presented by

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.