Speaking & Events

A deep dive into the September 2025 NPM supply chain attack—one of the largest in history—and how to defend your enterprise JavaScript applications.

A Jfokus talk on building secure container images using SBOMs, OCI 1.1 attestations, and Docker Bake, told through the narrative of the Docker Commandos in Asgard.

When a single phished NPM maintainer led to 18 compromised libraries—including Chalk and Debug, downloaded billions of times weekly—it proved one thing: basic SBOMs alone aren't enough. But when the recent "Mini Shai Hulud" worm and its family of variants began silently tunneling through CI/CD pipelines to infect downstream containers, it proved our entire approach to build-time security needs a massive upgrade.

When a single phished NPM maintainer led to 18 compromised libraries—including Chalk and Debug, downloaded billions of times weekly—it proved one thing: basic SBOMs alone aren't enough. But when the recent "Mini Shai Hulud" worm and its family of variants began silently tunneling through CI/CD pipelines to infect downstream containers, it proved our entire approach to build-time security needs a massive upgrade.

Interview on JobRad's tech podcast 'Increase Cycle Time' about the process of writing a technical book.

Docker Commandos adapted for a Java audience at JCON Europe 2026. Supply chain security, SBOMs, and attestations — using Docker tooling with a Java project as the target.

Interview with Baruch Sadogursky at JCON Europe 2026 about container supply chain security.

Docker Commandos v1.5 at Rabobank, part of their Docker Champions program. Full supply-chain security pipeline from Docker Init to cryptographic signing and zero-day runtime defense.

A Jfokus talk on building secure container images using SBOMs, OCI 1.1 attestations, and Docker Bake, told through the narrative of the Docker Commandos in Asgard.

Celebrating the 10th anniversary of the CNCF, Hacktoberfest, and publication of Docker and Kubernetes Security.

The first private Docker Commandos workshop — v1.0 format delivered to the JobRad engineering team in Freiburg. Small group, fully hands-on.

One-hour podcast conversation about Docker, DevSecOps, and developer advocacy.

The workshop that started it all. Over 100 people queued for 40 seats at WeAreDevelopers World Congress 2025. Covered Docker Init, Docker Bake, SBOMs, attestations, and Docker Scout.

A PlatformCon talk on 10 lesser-known Docker commands for improving development workflows, vulnerability scanning, supply chain security, and local AI workflows.