Speaking & Events

When a single phished NPM maintainer led to 18 compromised libraries—including Chalk and Debug, downloaded billions of times weekly—it proved one thing: SBOMs alone aren’t enough. In this talk, I explore how modern supply-chain attacks unfold and how the next generation of tools—attestations, provenance, and signing—can prevent a repeat of the September 2025 NPM breach.

Interview on JobRad's tech podcast 'Increase Cycle Time' about the process of writing a technical book.

Docker Commandos adapted for a Java audience at JCON Europe 2026. Supply chain security, SBOMs, and attestations — using Docker tooling with a Java project as the target.

Interview with Baruch Sadogursky at JCON Europe 2026 about container supply chain security.

Docker Commandos v1.5 at Rabobank, part of their Docker Champions program. Full supply-chain security pipeline from Docker Init to cryptographic signing and zero-day runtime defense.

A Jfokus talk on building secure container images using SBOMs, OCI 1.1 attestations, and Docker Bake, told through the narrative of the Docker Commandos in Asgard.

Celebrating the 10th anniversary of the CNCF, Hacktoberfest, and publication of Docker and Kubernetes Security.

The first private Docker Commandos workshop — v1.0 format delivered to the JobRad engineering team in Freiburg. Small group, fully hands-on.

One-hour podcast conversation about Docker, DevSecOps, and developer advocacy.

The workshop that started it all. Over 100 people queued for 40 seats at WeAreDevelopers World Congress 2025. Covered Docker Init, Docker Bake, SBOMs, attestations, and Docker Scout.

A PlatformCon talk on 10 lesser-known Docker commands for improving development workflows, vulnerability scanning, supply chain security, and local AI workflows.