Job description

Join Microsoft Reactor and engage with developers, entrepreneurs, and startups live Ready to get started with AI and the latest technologies? Microsoft Reactor provides events, training, and community resources to help developers, entrepreneurs, and startups build on AI technology and more. Join us! Spotlight on GitHub Advanced Security Welcome to the GitHub Advanced Security series – enabling you to deliver native, developer-first application security on both GitHub and Azure DevOps. Whether you’re new to GitHub Advanced Security or looking to expand your knowledge, we’ll help you learn how to scale and optimize security in your development pipelines, while also diving deeper into specific features. This content is geared towards anyone who wants to improve their code security, from developers and security engineers to DevSecOps managers and CISOs. Upcoming Events Click on an event below to learn more and register for individual events. All times in - Coordinated Universal Time In this talk we walk through the OWASP DevSecOps Maturity Model (DSOMM) and look at how implementing GitHub can aid in shifting-left. Alongside discussing the basics of the DSOMM, we also map the use of GitHub services to the model's various dimensions and sub-dimensions and demonstrate how to measure the current maturity state. Accelerating AppSec: How to Implement a Comprehensive DevSecOps Program using GitHub GHAS and Copilot with Coveros. Much attention is spent on using GitHub Advanced Security (GHAS) and GitHub Copilot to support tactical application security tasks such as code scanning, dependency checking, secrets management, and vulnerability remediation. While these activities are all part of a comprehensive application security program, there are many other aspects of app sec that GHAS and Copilot can accelerate. Some of these include: Threat modeling Architectural risk analysis Automated governance Root cause analysis of vulnerabilities Join Jeffery Payne and Thomas Stiehm from Coveros as they discuss the business need for a comprehensive DevSecOps program and how GitHub GHAS and Copilot can be used end-to-end in your SDLC to accelerate the delivery of secure and reliable applications. What You’ll Learn: How GHAS and Copilot support much more than vulnerability identification and remediation. Understand why code scanning is necessary but insufficient for finding vulnerabilities. Using Copilot to support early lifecycle risk management activities. How to effectively automate your governance processes within the GitHub platform. Take home valuable information on structuring and running a DevSecOps program using GitHub GHAS and Copilot. Past Events in this Series All times in - Coordinated Universal Time In this session Ray Kao will share an overview of GitHub Advanced Security key features including code scanning, secret scanning, and supply chain security. Join us as Lindsey Bocatto and Dan Shanahan highlight the latest AI-powered features in GitHub Advanced Security. In this session, learn how to set up GitHub Advanced Security into your GitHub and Azure DevOps pipelines to keep your developers engaged and ensure security throughout your development cycles. This session will showcase GitHub's new AI-powered application security testing capabilities and cover how Microsoft views the code to cloud security synergy between GitHub Advanced Security and Defender for Cloud. The event will include educational sessions and hands-on labs. Participants will have the opportunity to connect with each other, elevate their expertise, and enhance their development capabilities. In this session, Andrew McCoy will show how you can meet your regulatory requirements by enforcing compliance standards and security policies with GitHub Advanced Security. In this talk we provide a brief walk-through using Copilot to aid in detecting and fixing security vulnerabilities in source code. Topics covered include: A basic introduction to improving SDLC security using IDE and local environment tools Detecting OWASP Top 10 style vulnerabilities in an example application Remediating detected issues Creating .gitignore files to prevent environment files being committed Looking at how GHAS can be combined with Copilot to improve security further. Join GitHub's Pierre Tempel - Director, Product Management - for a demo and GitHub Advanced Security 101 session. You'll see how code scanning seamlessly integrates vulnerability prevention and remediation into your development workflow and experience the power of Copilot Autofix, which helps fix vulnerabilities up to 3x faster through AI-powered fix suggestions. These features are designed to enhance collaboration and empower both developers and security professionals to build the best and more secure software. #J-18808-Ljbffr

Requirements