Visible to the public Compliance as Code: Policy Governed Automated Security CheckpointsConflict Detection Enabled


David González is a DevOps enthusiast coming from a software engineering background that loves speaking at events.

He is the author of three books, and planning a 4th one (DevSecOps pipelines):

He is also the only Google Developer Expert in Kubernetes on Europe. Nowadays, he is a consultant in nearForm that enjoys facing new challenges with customers that require help with Software, infrastructure or security helping them to achieve their goals on the best possible way.

David is an open source enthusiast who contributes to a number of projects and created few of them such as:

Gammaray (vulnerability scanner)
Vishnu (circuit breaker for kubernetes, in progress)
Visigoth (a load balancer with circuit breaker incorporated)

On his free time, he loves riding his bike and walking his dogs on the green Ireland.

Nikola Vouk is an information security and software security leader at McKinsey New Ventures. Nikola has been working in software development, Computer Networking, systems architecture/design for 22 years.  He specializes in building and maturing software organizations and solutions to build secure software solutions that meet business, client and regulatory requirements. Most recently he started and led the secure development lifecycle at McKinsey New Ventures -- integrating security from corporate policy, governance, development and support. Previously he build SDLC and software at SAS Institute and IBM.

Twitter: @nikolavouk



The Framework for Improving Critical Infrastructure Cybersecurity (“the Cybersecurity Framework”) is a voluntary framework developed through a collaborative process by industry, academia, and government stakeholders. NIST continues, as directed by the Cybersecurity Enhancement Act of 2014, to facilitate and support the development of voluntary, industry-led cybersecurity standards and best practices for critical infrastructure.

In this session, attendees will learn about the Framework's 3 components (the Core, Profiles, and Implementation Tiers), and how those components provide an approach to prioritize cybersecurity resources, make risk decisions, and take action to reduce risk. The workshop will include hands-on exercises including some discussion about challenges observed in implementing the Framework over the last 5 years.

Creative Commons 2.5

Other available formats:

Compliance as Code: Policy Governed Automated Security Checkpoints