 Awesome. Hey, everyone, I'm Jeremy. I'm a technical product marketer at Uptix, and I'm really excited to talk to you all today. So I'm going to be talking about securing the CI CD pipeline and kind of really the special place that developer laptops have from a security perspective. So I really only have two things to talk to you guys about. First, I want to take a look at a traditional CI CD pipeline and really break down some of the data silos and security gaps that we create for ourselves there. And then I want to dive a little deeper to security at the developer laptop. So on the right, I included a fun headline that grabbed me from about a month ago. It's pretty prevalent for this talk. So last pass got hacked, and hackers had access to the development environment for over four days. So Andrew was touching on this earlier when he gave the opening remarks. But kind of keep in mind that idea of software supply chain attacks and attackers embedding themselves into your development pipeline. So yeah, this is kind of the innovation pipeline or traditional CI CD pipeline as we see it. You know, on the far left, you have that development stage. You have developers working off laptops, crafting the crown jewels of your organization, and really building that intellectual property. You move into the CI CD stage. You maybe have a build server. You're scanning images. You're testing for compliance, vulnerabilities, registry scanning, maybe secret scanning as well. And then we hit runtime. And in runtime, we kind of split this up into two phases. We have the control plane layer of that orchestration and runtime services. And then you have the data layer of those actual running nodes and containers. And I want to reiterate what I said on the last slide where let's look at this, and let's see some of the data silos and security gaps we create for ourselves. So let's take runtime, for example. In runtime, you have this control plane layer and this data plane layer. And at the control plane layer, you have runtime orchestration. You're doing compliance. You're doing maybe network policy as well. And at the data plane layer, you have this rich socket event and process event data. But teams right now are really struggling with correlating this data together or correlating this data from, say, the data plane back to your back end infrastructure. And this is a problem. Let's imagine a container escape attack. Pretty high profile. Your node gets compromised. They're trying to hop to another container. They're trying to hop to another node. Maybe they're trying to hop to the control plane or to your AWS infrastructure. Are you able to correlate this data back together? And I think that's the big question right now is that attackers don't think in silos. And we need to be sure that we're securing across the CI CD pipeline so that we're not creating these security gaps. And we're able to correlate data together. So kind of with that in mind, I want to dive a little deeper into security at the developer laptop. Why security at the developer laptop? Well, first off, we've actually seen firsthand a rise in attackers targeting developer laptops. And I think that's for a few reasons. But one of the main ones is this is just a really high value asset. I think too often we focus on the shiny part of the hack where data gets exfiltrated or remote code gets executed. And I think we need to look a little layer deeper. Imagine a developer laptop is like the perfect entry point for an attacker. They can enumerate your environment. They can see what tooling you have. They can try and steal Git SSH keys. They can try and steal AWS credentials. So this is just a really strong point that we need to secure when we think holistically about our pipeline. So on the right here, I include in some of the fun examples that customers have been coming to us to help solve this problem of security at the developer laptop. So I'll go through them now. The first one, this one's pretty fun. Odd thing for vulnerable software packages are malicious Chrome extensions. We have some really fun war stories around Chrome extensions and malicious Chrome extensions. So, folks, attackers will actually clone real Chrome extensions, put them on the store, and try to entice in spearfish specific developers to try and download these Chrome extensions onto their developer laptops. So some really fun stuff, having to talk about it more after I can't share it all right now. But number two, dynamic trust scores for zero trust access. So this is a really good one. We know in real time, dynamically, quickly, assigning zero trust score, so being able to assess the identity and health of a developer's laptop as it's trying to access critical resources or infrastructure. And for me, this is a really big one because it goes back to that idea of security should really enable our development teams. Too often, we hear about security roadblocks. And I think zero trust access is a really fun one where we can break down those roadblocks and really enable teams to work from these untrusted or lightly secured home networks around the world as everyone works remotely nowadays. And then finally, detecting and protecting against malicious behavior. And this really synthesizes so much of the talk. Go back to that last past example of hackers having access to the environment for over four days or maybe two years ago, the SolarWinds Sunburst attack. Those of you who are familiar with the SolarWinds attack also will remember that was actually a software supply chain attack, which goes back to Andrew's point. And attackers embedded malicious code into the build. The build got distributed out, and then attackers actually executed the code. So keeping all of that in mind, I want to say thank you so much. I want to reiterate two points. First, attackers don't think in silos, and that's why we really need to normalize and correlate data regardless of whether it starts in that development section, that runtime control plane layer, or that data layer. And then my second point is really bringing laptops into the fold and enabling our developers through good security. So that's all I've had for you today. If any of this resonated with you, definitely come find me after it, even better actually. If any of this didn't resonate with you, come find me after. You know that's why we're all here, is to have these fun conversations. So upticks will be at booth number G29, and we'll be around all week in the purple shirt. So come say hi. Thank you so much for letting me talk with you all today.