 Hi, welcome to SuperUserTV here at the OpenStack Summit in Austin. Can you introduce yourself and tell me about your role in the community? Hey, nice to meet you. I'm Travis. I'm a senior security architect for IBM. I'm also a member of the OpenStack security project. Awesome. So security is a big thing when it comes to people talking about OpenStack. So what does the OpenStack security team do for the community? Sure. Yeah. So we actually have two things we focus on. We want to help developers of OpenStack and we also want to help people that are using OpenStack. And so we kind of branch off in those two areas and we have services that we offer for each. For example, for developers, we offer tools such as Bandit that help them find security issues in their code before it gets into OpenStack. And then on the deployment side, we have things like the security notes and the security guide that make it easy for somebody that's not a security expert to know what are the things they should be doing when they're using OpenStack. So what are some of the comments? You're working with two very different groups of people. What are some of the common pieces of feedback that you receive from developers and then from operators? I'd say the common piece is that we really just want to do everything we can to make it easier. So both of these groups are people that are very busy. They have things they're trying to get done and they don't want to become security experts. So basically they say, what can you do for us to make our jobs easier? Awesome. And so what's the best way for someone to get in contact with y'all if they do have concerns or they want to learn more about what y'all are doing? Sure. There are a few ways. We hang out all the time on IRC and FreeNode in a channel called OpenStack Security. We also have weekly meetings on FreeNode. And we have the mailing list. If you post anything with security, then we'll read it and respond quickly. Awesome. And so how big is this team that you're on? We have about 250 listed members, but we're not even close to that big. A lot of people just hang around and lurk. We have probably about 25 to 30 members at any time, but we're looking to grow. So if there's anybody that's interested, we'd love to have them stop by. Awesome. So for folks that are interested, is IRC the best way to get to share that voice? I'd say so, yeah. Just show up in the OpenStack Security channel, say you're new and what you're interested in, and somebody will definitely respond and get you involved. Awesome. And so I picked up a magazine today for the Super User Magazine and I saw the Bandit article. So can you talk to me a little bit more about what Bandit is and how it's helping developers? Sure. So Bandit is a tool. Basically, OpenStack is a lot of Python code. And since it's a lot of code, it can be difficult to find issues. And the idea with Bandit is it's a tool that makes it easier to find possible security issues. So it runs quickly against a large code base, shows you where there might be potential issues, and then from there you can drill down and find out whether it's a real issue or not. Awesome. And so what is the security team doing here at the summit? Do y'all have sessions or what are y'all talking about? Sure. Yeah. We have sessions. We have design sessions. One of the things we're working on this time is threat modeling. So what we want to do is develop a comprehensive process by which we can go for a project that's either existing or new, find out any potential issues before it actually makes it into the code, and then publish documentation based on that. Awesome. Sounds like you'll have a very busy week here. I think so. Awesome. Well, thank you so much for your time today and it was great to meet you. Great. Great to meet you too. Thank you.