From Lockpicking to Leadership: Tabatha DiDomenico on Security, Open Source, and Building Community
In this episode of What’s in the SOSS? host Yesenia Yser sits down with open source security engineer and community leader Tabatha DiDomenico for an inspiring conversation about her unexpected path into open source, the vibrant communities behind security, and her role as president of BSides Orlando.From discovering Netscape in the early days to shaping security strategy at G-Research and OpenSSF, Tabatha shares how her career evolved from necessity to purpose. She talks about the power of DevRel, the invisible work behind sustainable open source, and the magic of volunteering - pro-tip: working the registration table is great for networking.Whether you're new to the ecosystem or a seasoned contributor, this episode is packed with insight, warmth, and practical advice on getting involved and staying connected.Topics Covered:The accidental beginnings of an open source careerHow DevRel supports healthy OSS ecosystemsBuilding internal open source culture through innersourceThe impact of local security communities like BSidesAdvice for contributing, volunteering, and thriving in open sourceChapters:00:00 The Journey into Open Source06:10 Current Projects and Roles in Open Source11:57 Involvement with B-Sides Orlando18:07 Understanding Developer Relations in Open Source27:08 Rapid Fire Questions and Final ThoughtsEpisode links:Tabatha DiDomenico’s LinkedIn pageHacker Summer CampHacker in HeelsSecurity B-sides OrlandoSecurity B-sides VegasThe Diana InitiativeGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn
--------
29:49
--------
29:49
Bridging DevOps and Security: Tracy Reagan on the Future of Open Source
In this episode of What's in the SOSS, we sit down with longtime open source leader and DevOps champion Tracy Ragan. From her early days with the Eclipse Foundation to her current work with Ortelius, the Continuous Delivery Foundation, and the OpenSSF, Tracy shares her journey through the ever-evolving world of open source security.We dig into the importance of configuration management, what DevSecOps really means, and how projects like the OpenSSF Scorecard and Ortelius help make our software supply chains more transparent and secure. Plus, we tackle the education gap between security pros and DevOps engineers—and how we can bridge it.If you're curious about building more secure pipelines or just want to geek out about SBOMs and Scorecard, this episode is for you.Chapters:00:25 – Welcome + Tracy's Open Source Origin Story02:00 – Early Days at the Eclipse Foundation03:10 – DevOps + DevSecOps: Why It Matters04:20 – Explaining the DevOps “Factory Floor”06:00 – DevOps Pipelines as Security Data Engines07:50 – What Is the OpenSSF Scorecard?09:30 – Ortelius: Aggregating DevOps + Security Insights11:20 – The DevOps Budget Problem + Exposing Insecure Packages13:00 – Why DevRel Is Critical for DevOps Security Education15:40 – Crossing the Divide Between DevOps and Security Teams16:10 – 🎉 Rapid Fire: Editors, Mascots & Spicy Food17:30 – Final Call to Action + How to Get InvolvedEpisode links:Tracy Ragan’s LinkedIn pageOrtelius ProjectScorecard ProjectEclipse FoundationCD FoundationGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn
--------
20:04
--------
20:04
Yoda, DEI, and the Jedi Council: A Conversation with Dr. Eden-Reneé Hayes
In this enlightening and entertaining episode of What's in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and Star Wars superfan Dr. Eden-Reneé Hayes. From her academic roots to her entrepreneurial journey, Dr. Hayes shares how diversity, equity, inclusion, and accessibility (DEIA) drive sustainable growth—and how she found inspiration for her TED Talk in the wisdom of Yoda. The two discuss the myths around DEIA, how the Jedi Council reflects ideal collaboration, and why unlearning old beliefs is key to progress. Plus, stay for the rapid-fire questions and discover if Dr. Hayes is more Marvel or DC.Chapters:00:00 – Introduction01:30 – Career Journey03:10 – Navigating DEIA in Today’s Landscape07:49 – TED Talk Inspiration: Star Wars & DEI11:31 – The TED Experience13:12 – The TED Talk Message14:38 – Favorite Yoda Quote16:34 – Rapid Fire Round18:37 – Final Thoughts19:10 – OutroEpisode links:Dr. Eden-Reneé Hayes LinkedInDr. Eden-Reneé Hayes Ted Talk: Yoda's Jedi Mind Tricks for Rethinking DEI | TEDxWaldenPondJoin the BEAR Working GroupGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn
--------
19:49
--------
19:49
Cybersecurity Framework Launch
In this episode of What's in the SOSS, host CRob interviews Clyde Seepersad from the LF Education Department. They discuss Clyde's journey into open source, the role of LF Education in supporting the community, and the importance of cybersecurity education. They also delve into the development of the Global IT Cyber Skills Framework, emphasizing the need for continuous learning and community engagement in the tech industry.Chapters:00:00 Introduction to Open Source and LF Education02:59 Clyde's Journey into Open Source05:54 The Role of LF Education in Open Source09:00 Cybersecurity and the Global IT Cyber Skills Framework11:59 Framework Development and Industry Collaboration15:13 Continuous Learning and Community EngagementEpisode links:Clyde’s LinkedinLinux Foundation TrainingGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn
--------
20:45
--------
20:45
Scaling Security: Inside the GitHub Securing Open Source Software Fund
In this episode of What’s in the SOSS?, CRob sits down with Kevin Crosby and Xavier Rene-Corail from GitHub to unpack the GitHub Secure Open Source Fund - an innovative program that combines funding, education, and community to strengthen open source security. Learn how this unique initiative connects maintainers with training, resources, and a $10K stipend to scale security best practices. The trio also shares the origins of the fund, surprising takeaways from the first cohort, and what’s next for this rapidly growing initiative.Chapters:00:00 – Introduction00:58 – Meet the Guests02:26 – Open Source Origin Stories06:10 – The Spark Behind the SOS Fund10:19 – What Participating in the Fund Looks Like12:39 – Inside the Curriculum14:50 – Unique Program Design & Outcomes16:23 – Key Learnings from the First Cohort19:09 – Feedback & Areas to Improve21:50 – What’s Next for the Fund23:00 – Rapid Fire Round24:23 – Call to ActionEpisode links:Kevin Crosby LinkedInXavier René-Corail LinkedInGitHub Secure Open Source FundMay is Maintainer Month with the theme of Securing Open SourceGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn
What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure. Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments. Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software community.About Christopher Robinson (aka CRob), hostCRob is a 43rd level Dungeon Master and a 26th level Securityologist. He is a leader within several Open Source Security Foundation (OpenSSF) efforts and is a frequent speaker on cyber, application, and open source security. He enjoys hats, herding cats, and moonlit walks on the beach.
Netherlands