Enhancing Supply Chain Security with TestifySec
The Evolution of Software Supply Chain Security
At KubeCon + CloudNativeCon Europe 2024 in Paris, TestifySec CEO Cole Kennedy presented a compelling vision for the future of software supply chain security. In an era where software vulnerabilities can have global impact—from SolarWinds to Log4j—organizations need a fundamentally new approach to securing their build pipelines.
This interview-style presentation dives deep into how TestifySec is revolutionizing supply chain security by applying zero-trust principles directly to the build process. Rather than treating security as an afterthought or a gate at the end of development, TestifySec embeds verification and attestation throughout the entire software development lifecycle.
Breaking Down the Developer-Security Divide
One of the key challenges in modern software development is the disconnect between development teams who prioritize velocity and security teams who prioritize risk mitigation. Cole explains how TestifySec bridges this divide by providing a platform that satisfies both needs—developers maintain their productivity while security teams gain unprecedented visibility into the build process.
The presentation also explores the emerging challenges of AI/ML model security, where the supply chain extends beyond code to include training data, model parameters, and computational environments. As organizations increasingly rely on AI, securing these new attack vectors becomes critical.
Key Takeaways
Zero-trust governance can be seamlessly integrated into existing build pipelines without disrupting developer workflows
Treating build steps as verifiable attestations creates an immutable audit trail for compliance
The platform bridges the gap between developers and cybersecurity teams with shared visibility
Software supply chain attacks can be prevented by cryptographically verifying every step of the build process
AI/ML model generation requires the same level of supply chain security as traditional software
Transparency and accountability are achieved through automated evidence collection and policy enforcement
Watch the Full Presentation
30 minutes of insights on supply chain
About the Speaker
Cole Kennedy
CEO & Co-founder, TestifySec
Cole Kennedy is the CEO and co-founder of TestifySec, where he leads the company's mission to revolutionize software supply chain security through zero-trust governance and automated compliance. With over a decade of experience in cybersecurity and DevOps, Cole has been at the forefront of securing cloud-native applications and CI/CD pipelines.
Prior to founding TestifySec, Cole held senior security positions at several Fortune 500 companies, where he witnessed firsthand the challenges of securing modern software development at scale. This experience inspired him to create a solution that bridges the gap between development velocity and security requirements.
Cole is a frequent speaker at conferences including KubeCon, RSA, and DevSecOps Days, and contributes to open-source projects in the supply chain security space. He holds a degree in Computer Science and multiple security certifications.