Secure Software and Automated Operations

Modern defense software can no longer afford the latency of traditional acquisition and closed development models. Speed has become a core element of security.

This talk explores how open source ecosystems enable rapid, continuous delivery of mission capability while maintaining trust and resilience in contested environments. By leveraging global communities, organizations can outpace adversaries, reduce duplication, and operationalize innovation at scale.

We’ll examine how community-driven development, combined with secure supply chain practices, transforms software into a strategic deterrent rather than a vulnerability. Attendees will gain insight into how to align platform, process, and culture to unlock this advantage without sacrificing control or compliance. Ultimately, this session reframes open source not just as a development model, but as a force multiplier for mission success.

Speaker: Tommy Scherer | Defense Unicorns

Tommy is focused on helping the defense industrial base deliver mission software with greater speed, security, and resilience. With over eight years of Kubernetes experience, he has supported the shift from legacy systems to continuously delivered, cloud-native platforms across critical DoW programs. His work centers on applying open source and secure delivery practices to enable rapid capability in even the most constrained, high-security environments. Tommy brings a practical perspective on how community-driven innovation can turn software into a strategic advantage.

Most organizations treat vulnerability scanning as the last line of defense, but tools like Trivy only interrogate package manager metadata. They have no visibility into binaries compiled from source, vendored dependencies, or anything dropped into an image outside of a package manager’s inventory.

That blind spot is the symptom of a bigger problem: we’ve been trying to inspect our way to supply chain security instead of building it in from the start. Building from source with full provenance means every byte in your container image has a verifiable origin, an SBOM generated at build time (not bolted on after) and a cryptographic signature proving it hasn’t been tampered with.

Chainguard operationalizes this model at scale, producing hardened images rebuilt daily from source so that your security posture isn’t dependent on a scanner’s best guess but on a verifiable chain of custody from code commit to runtime. When your ATO package and mission-critical deployments depend on knowing exactly what’s inside your software, the question isn’t whether you scanned it… It’s whether you can prove where it came from.

Speaker: Philip Brooks | Chainguard
Philip Brooks is a Solutions Engineer at Chainguard, where he helps DoD and federal customers secure their software supply chains through hardened container images and zero-CVE base images built from source. With over 14 years of hands-on experience in container security, STIG development, FIPS compliance, and RMF workflows across multiple defense contractors, he has deep roots in the DoD DevSecOps ecosystem and has seen firsthand how compliance gaps in the software supply chain create real risk to mission systems. Philip specializes in translating mission requirements into secure, compliant technical architectures that actually hold up under scrutiny.

Details to be announced soon!

As organizations accelerate adoption targets of AI and RPA to enhance productivity and mission response, success increasingly depends on operational alignment with those goals, meaning not just the technology itself.

AI models and automation are only as effective as the quality and structure of their training data, the completeness of the workflows they execute, and the ongoing refinement of their functionality and resiliency over time. This makes the “how” of implementation, particularly integration with existing systems, services, and processes, a critical challenge. A mature ITSM Service Center, grounded in Knowledge-Centered Service (KCS) and enabled by platforms like ServiceNow, provides a strong, structured foundation for scalable automation.

By improving data quality, standardizing processes, and enabling seamless integration, organizations can better support AI and RPA adoption. CWS operationalizes this through a disciplined Stabilize → Standardize → Optimize → Prioritize approach, transforming legacy service models into resilient, scalable, and continuously improving AI/RPA-enabled Service Centers that enhance mission performance.

Speaker: David Orlando | CWS
David Orlando is a Solutions Architect and Program Manager at CWS, where he leads several Zero Trust Architecture, RMF and enterprise Identity Management program initiatives supporting DoD and federal missions. With over 20 years of IT leadership experience, and more than a decade directing DISA technical teams, he has managed distributed workforces across major DISA programs including ILOBE, ILOBW, BSYS, IBAS, ISS, GSD, PDOS, and CTAS. David specializes in combining his deep technical expertise with disciplined program leadership to translate complex modernization requirements into practical, mission-ready solutions.

Following on to the conversations started during the day’s presentations