Brainberg
DSOLG July Event
Software EngineeringMeetupFree

DSOLG July Event

Wed 22 Jul ยท 17:00
London, ๐Ÿ‡ฌ๐Ÿ‡ง United Kingdom
< 50 attendees
Civo Tech Junction ยท Civo Tech Junction, First Floor, 32-37 Cowper St, EC2A 4AW

About this event

Details

Welcome to the DevSecOps London Gathering July Event on Wednesday 22 July! We bring you speakers, as well as the usual conversations, pizza and beer!

๐Ÿ“ Hosted at Civo Tech Junction, 1st Floor, 32-37 Cowper Street, London, EC2A 4AW
๐Ÿ“… Wednesday, 22 July
๐Ÿ•• 6:00โ€“8:00 PM

Talk Abstracts:

Lightning Talk - Using AI prompts for disaster recovery - by John Davies
After Zafrul Sattar's talk at the end of 2025, he gave out to those who asked the prompt he had demonstrated. This lightning talk will demonstrate a development of Zafrul's prompt that drafts disaster recovery plans. The talk will describe what changed and why, what worked
and didn't and what might be done next.
John's Bio:
John is an accountant with ingrowing computers. He started punching cards for fun in 1974 and has more accounting qualifications than anyone
could possibly need. An unrepentant bookworm, he still has Pascal and
COBOL manuals from the 1970s which he has been known to quote in answer to Perl problems in 2017. He yearns for the "good old days" when
documentation came in glossy manuals and didn't make him rant. His pipe
dream is for software that doesn't make him rant. Or even for accounting
laws and standards that don't.
Main Talk - How hackers are targeting deployment path developers by David Read and Valentino Duval
DevSecOps has spent years hardening CI/CD, but recent campaigns show that the developer is now part of the deployment path attackers are targeting. In this talk, we will walk through what Ossprey found while tracking real supply chain activity, including DPRK interview lures, second stage malware, credential theft, poisoned developer tools, malicious packages and AI assisted code compromise. Rather than treating these as isolated incidents, we will show the patterns that linked them together: reused infrastructure, obfuscation choices, token flows, package behaviour and attacker tradecraft across npm, PyPI, and GitHub. The focus is technical and investigative: what we saw, how we connected it, what surprised us, and what defenders can realistically monitor.
David's Bio:
David has over 16 years of experience working in cyber security working as a researcher, architect and security engineering manager. Recently David cofounded Ossprey a cyber security company that specialises in detecting and stopping open source malware attacks.
Valentino's Bio:
Valentino is an engineer and security researcher at Ossprey, working on the front lines of open source malware detection. He specialises in uncovering, analysing and disrupting malicious campaigns targeting developers, packages and the wider software supply chain.

Source: meetup