Lucy Kerner | SpeakerHub

Personal Details

Bio

Lucy Kerner is currently the Director, Security Global Strategy and Evangelism at Red Hat and leads security thought leadership, evangelism, and the technical and go-to-market strategy for security across the entire Red Hat portfolio globally. In addition, she helps create and deliver security related technical content to the field, customers, partners, analysts, and press and has spoken at numerous events, including security conferences, such as RSA, Black Hat, Hack3rCon/SecureWV, and more, and is a Red Hat Summit Top Presenter. Lucy is also a frequent author of security articles at various online magazines , such as TechBeacon, TechSpective, Increment Magazine, and more. Prior to her current role, she was a Senior Cloud Solutions Architect for the North America Public Sector team at Red Hat where she presented and designed cloud solutions for a wide range of North America public sector customers. Lucy has 20 years of professional experience as both a software and hardware development engineer, solutions architect, and global security strategist and evangelist, where she worked on various aspects of security. Prior to joining Red Hat, she worked at IBM as both a Mainframe microprocessor design engineer and a solutions architect for IBM x86 servers. She has also interned at Apple, Cadence, Lockheed Martin, and MITRE, where she worked on both software and hardware development. Lucy graduated from Carnegie Mellon University with a Master of Science (M.S.) and Bachelor of Science (B.S.) in Electrical and Computer Engineering and a Minor in Spanish.Lucy Kerner is currently the Director, Security Global Strategy and Evangelism at Red Hat and leads security thought leadership, evangelism, and the technical and go-to-market strategy for security across the entire Red Hat portfolio globally. In addition, she helps create and deliver security related technical content to the field, customers, partners, analysts, and press and has spoken at numerous events, including security conferences, such as RSA, Black Hat, Hack3rCon/SecureWV, and more, and is a Red Hat Summit Top Presenter. Lucy is also a frequent author of security articles at various online magazines , such as TechBeacon, TechSpective, Increment Magazine, and more. Lucy has 20 years of professional experience as both a software and hardware development engineer, solutions architect, and global security strategist and evangelist, where she worked on various aspects of security. Prior to joining Red Hat, she worked at IBM as both a Mainframe microprocessor design engineer and a solutions architect for IBM x86 servers. She has also interned at Apple, Cadence, Lockheed Martin, and MITRE, where she worked on both software and hardware development. Lucy graduated from Carnegie Mellon University with a Master of Science (M.S.) and Bachelor of Science (B.S.) in Electrical and Computer Engineering and a Minor in Spanish.

Current position (1)

Director, Security Global Strategy and Evangelism

Red Hat

Degrees (3)

Master of Science (M.S.) Electrical and Computer Engineering

Carnegie Mellon University

2002 to 2003

BS Electrical and Computer Engineering

Carnegie Mellon University

1998 to 2002

Minor in Spanish

Carnegie Mellon University

1998 to 2002

Presentations

Presentations (4)

Automating security and compliance for hybrid environments

Maintaining visibility, control, and security, and ensuring governance and compliance remains paramount. But it becomes more difficult and time consuming in a hybrid infrastructure consisting of physical, virtual, cloud, and container environments. Also, it's becoming more and more challenging for security teams to examine and respond to the growing number of security alerts coming in from the increasing number of security tools in their security operations center.

In this session, we’ll look at how a combination of Red Hat technologies can help you with these challenges for the infrastructure, operations, application, and security operations center across a hybrid environment by automating security and compliance. Specifically, in your hybrid infrastructure, you’ll learn how Red Hat’s management and automation products, Red Hat OpenShift Container Platform, and OpenSCAP can help you:
• Perform automated audit scans to quickly detect and automatically remediate security and compliance issues in a controlled way for compliance against regulatory or custom profiles for automated configuration compliance.
• Automatically provision a security-compliant host.
• Implement both infrastructure and security as code.
• Implement consistent and automated patching, configuration management, and security hardening at scale.
• Proactively identify and remediate security threats at scale with predictive analytics.
• Centrally manage your hybrid infrastructure for continuous security and monitoring.
• Build security into your application by implementing DevSecOps at scale using OpenShift Container Platform and several other tools, such as OWASP ZAP, SonarQube, Clair, and more to build a secure CI/CD application pipeline.
• Automate your security operations center by integrating and orchestrating the activity of multiple classes of security tools and unifying the automated response to security alerts across various security tools.

Successfully implementing DevSecOps: Lessons learned

Security doesn't happen in one place in the infrastructure or application life cycle. Instead, security must be addressed continuously across the application pipeline, infrastructure pipeline, and the supply chain. And all of these areas need to be continuously monitored.

In this session, we'll:
• Discuss how developers, operators, and security teams can achieve DevSecOps through automation, standardization, everything-as-code, centralized management and visibility, and automated security compliance.
• Examine how this process provides built-in security in the application and infrastructure pipelines and secures the supply chain, in addition to monitoring, logging, and proactive security and automated risk management.
• Share DevSecOps lessons learned from various Red Hat Innovation Labs residencies, including best practices, techniques, and tools that can be used to improve security while reducing the workload of security professionals, developers, operators, and managers.
• Discuss how participating in a Red Hat Innovation Labs residency can be like implementing “DevSecOps-in-a-box." In other words, we’ll learn how Red Hat Innovation Labs residencies can help build a starting point for DevSecOps and help customers successfully adopt DevSecOps best practices.
• Detail how Red Hat Innovation Labs residencies helped customers accelerate their adoption of automating security, development, and operations, all simplified by using Red Hat OpenShift Container Platform and Red Hat Ansible Automation.

The current and future state of security: A discussion of security challenges

Security is on everyone’s mind. Whether you’re looking to safely and securely deploy containers into the cloud or you’re worried about managing your large fleet of servers to keep them compliant with new regulations and security frameworks, security is part of corporate conversations.

In this session, we'll discuss the issues that plague implementing security in modern deployments. Topics to be explored include:
• Infrastructure modernization and DevSecOps.
• Security and compliance automation.
• Defense-in-Depth , continuous, and long-term approach to security.
• Patch management.
• Security in a hybrid cloud world.
• How Red Hat weaves security through all of its products.

Bring your questions, and your experience. Learn how Red Hat tackles security across the entire Red Hat Portfolio and learn from your peers about the security challenges that keep them awake at night—and what they're doing about them. Join Red Hat security thought leaders and your peers in a lively discussion addressing the current and future state of security.

What does DevSecOps mean for you?

From the developer writing the applications, to the operations team deploying and managing the platform, to the security team keeping the business safe, DevSecOps impacts the business. Developers need a greater awareness of security issues. Ops teams need to focus on automating security processes. Security teams need to work more cooperatively with other functions to manage risk. Security does not happen in one place in the infrastructure or application life cycle. Instead, security must be continuous across both development and operations. DevSecOps means everyone is responsible for security and security is no longer an afterthought.

In this interactive session, we'll explore DevSecOps with you. Share your best practices, ask questions, and learn from your peers. Gain a fuller understanding of what DevSecOps means for you and your organization—and the steps you can take to make your application development, operations, and security processes both more agile and more secure.

Workshops (3)

Creating customized security policy content to automate security compliance

2 hours

Defend yourself using built-in Red Hat Enterprise Linux security technologies

2 hours

Implementing proactive security and compliance automation and DevSecOps

2 hours

Past talks (9)

Presented multiple security and cloud related sessions

Red Hat Summit

Boston, MA

May 6, 2019