How to get here: Stockholm public transport is accessible, affordable, and will get you wherever you want. If you prefer to drive, make sure you plan for traffic and research parking beforehand.
Community Tech Meetup
Promoting TECHSynergy
Solutions for Software Supply Chain Security and Crypto Agility
26 September 2024, Stockholm
Meet our experts and learn about Keyfactor's open-source tech and our eco-system integrations
Join the Conversation #communitytechmeetup
About the Community Tech Meetup
We are thrilled to announce the third annual Keyfactor Community Tech Meetup, inviting engineers and security specialists from Stockholm, the Nordics and around the world. Prepare yourself for an immersive experience filled with engaging presentations, hands-on workshops, and demos.
This exclusive one-day, in-person event offers a unique platform to explore the latest advancements in software supply chain security and crypto agility. We will focus on cutting-edge concepts and solutions like SBOMs, in-toto and attestation, as well as topics such as crypto agility, with a special emphasis on PQC migration scenarios and ecosystem integrations. Our discussions will be grounded in the foundational pillars of cryptography, Public Key Infrastructure (PKI), certificates, and digital signing.
September 26 2024, 8:30 - 18:30
Epicenter, Stockholm
Malmskillnadsgatan 44A, Stockholm
Our Sessions
Our exciting agenda is now live! Register today to secure your spot and stay tuned for more updates to come.
Securing Open Source, for Everyone | Keynote session by Omkhar Arasaratnam
Omkhar Arasaratnam, General Manager Open SSF
This Keynote explores the critical role of open source security and the initiatives of the Open Source Security Foundation (OpenSSF). As open source software becomes increasingly integral to global technology infrastructure, ensuring its security is paramount. The talk will cover the unique challenges open source projects face, such as widespread usage and diverse contributor bases, and how OpenSSF addresses these through collaborative efforts, best practices, and innovative tools. Attendees will gain insights into current open source security trends, the importance of community involvement, and practical steps to enhance the security of open source software in their own projects.
The Quantum Era: Updates on Quantum Readiness and Cryptographic Standards | Presentation by Tomas Gustavsson and David Hook
Tomas Gustavsson, Chief PKI Officer | David Hook, VP Software Engineering Bouncy Castle
This presentation shares the latest updates from renowned authorities such as NIST, BSI, IETF, and X.9. What is new regarding standardizations and other insights and guidelines for navigating the quantum landscape?
We will also explore the landscape of cryptographic protocols, formats, and standards that require adjustment to withstand the quantum onslaught, from TLS and CMS to other crucial cryptographic protocols.
PQC Crypto Agility and Hybrid Certificates, Different Formats, and Migration Strategies | Presentation by Tomas Gustavsson and David Hook
Tomas Gustavsson, Chief PKI Officer | David Hook, VP Software Engineering Bouncy Castle
This talk will cover hybrid cryptography within the context of post-quantum cryptography (PQC), exploring the rationale behind hybrid systems and their role in ensuring interoperability during migration and enhancing security against quantum threats.
We will discuss hybrid PKI, covering different suggested standards, their pros and cons, and contexts of use. Additionally, we will explore various PKI migration paths, offering strategies for different organizational needs. Organizations must navigate the quantum horizon with consideration of their unique circumstances.
Securing the Software Supply Chain: Industry-Standard Practices, Insights, and Getting Started | Presentation by Ben Dewberry, Sven Rajala and Christofer Vikström
Ben Dewberry, Product Manager, Signing and Key Management | Sven Rajala, International PKI Man of Mystery – PKI SME | Christofer Vikström, KTH Master Thesis Student
Ensuring the integrity and security of the software supply chain is crucial. This talk explores industry-standard practices like in-toto, SLSA, SBOMs, and SigStore Cosign, and their application to software development and distribution. We will also discuss leveraging the open-source signing software SignServer to fortify the software delivery process.
TechSynergy in Secure IoT Deployments: Secure Boot, Secure OTA, and Security in OPC/UA | Presentation by Andreas Philipp and Florian Handke
Andreas Philipp, Senior Business Development Manager, IoT | Florian Handke, Smart Production Engineer Campus Schwarzwald
This presentation explores collaborative efforts in the IoT ecosystem, highlighting partner use cases: Espressif Secure Boot v2, Mender Secure OTA with SignServer, and an Industrial Cybersecurity integrations with OPC-UA and EJBCA. We demonstrate deploying these solutions to fortify IoT infrastructures against security threats, emphasizing crypto agility and software supply chain security.
Bridging the Gap: Interoperability Testing of PQC PKI/EJBCA with HSMs | Presentation by Tomas Gustavsson
Tomas Gustavsson, Chief PKI Officer
We discuss the outcomes of our interoperability testing between PQC PKI/EJBCA and Hardware Security Modules (HSMs).
HSMs are foundational for building a production-ready PKI.
Secure Software Supply Chain Workshop: Live Integrations | Workshop by Sven Rajala and Christofer Vikström
Sven Rajala, International PKI Man of Mystery – PKI SME | Christofer Vikström, KTH Master Thesis Student
Join our interactive workshop to learn the implementation of industry-standard practices like in-toto and Cosign with SignServer. Through practical examples, gain insights into fortifying software delivery against tampering and supply chain attacks. By the end, attendees will have the knowledge and tools to enhance the security and integrity of their software supply chains.
Quantum-Ready Workshop: Building Hybrid PKIs and Demonstrating Interoperability | Workshop by Tomas Gustavsson and David Hook
Tomas Gustavsson, Chief PKI Officer | David Hook, VP Software Engineering Bouncy Castle
Join us for an interactive workshop. We will delve into the practical aspects of building hybrid PKIs and seamlessly integrating quantum-safe cryptography into TLS.
The attendees will learn step-by-step procedures for setting up hybrid PKIs capable of issuing both classic and post-quantum certificates. We will then demonstrate interoperability with the OQS provider for OpenSSL3 and Bouncy Castle.
Ask me Anything About EJBCA | Presentation by Henrik Sunmark and Magnus Normark
Henrik Sunmark, Senior Product Architect | Magnus Normark, Senior Product Manager
Whether you’re a beginner or an experienced user, this session is your chance to get answers to your questions, share insights, and explore the capabilities of EJBCA. Our experts are here to provide guidance, discuss best practices, and help you.
Ask me Anything About SignServer | Presentation by Markus Kilås and Ben Dewberry
Markus Kilås, Senior Product Architect | Ben Dewberry, Product Manager, Signing and Key Management
Whether you’re new to SignServer or an experienced user, this session is your opportunity to ask questions, share experiences, and explore the capabilities of SignServer. Our team of experts is here to provide insights, offer guidance, and discuss best practices to help you leverage SignServer effectively in your projects. Join us for an interactive session where we’ll dive into the world of SignServer and explore its potential in secure digital signing.
#TECHSynergy Demo Points
We recognize that tackling cybersecurity issues requires a collective effort. At Keyfactor we are part of a larger ecosystem where seamless integration and collaboration with other products and solutions are essential. Together with technology partners and solutions, we have prepared demonstrators that showcase how PKI and signing are utilized in various use cases.
The demonstrators will be available throughout the entire event. Discuss with our experts how integrating EJBCA and SignServer works, and learn details that can't be found in a git repository.
Secure FW Update with Mender.io
Artifact signing with SignServer integrated into Over The Air updates using the Mender.io device management system.
Secure Boot with Espressif
Remote signing with SignServer for Espressif Secure Boot v2.
Code Signing with GitHub Actions
SignServer integrates with GitHub Actions for secure code signing in CI/CD pipelines.
Industrial CyberSec with open62541
Industrial cybersecurity with OPC-UA, GDS (Global Discovery Service), and EJBCA integration.
Service mesh with uniform identity frameworks
EJBCA with Istio and SPIRE enables a secure uniform identity framework across distributed systems.
Cypto Agility with Command SaaS Light
Managing crypto agility: inventory of existing cryptography and how crypto agility can be imeplemented.
Confimed Speakers
Discover our confirmed speakers, with more to come! Stay tuned for the full agenda reveal.
Omkhar Arasaratnam
General Manager Open SSF
Tomas Gustavsson
Chief PKI Officer, Keyfactor
Malin Ridelius
VP Community, Keyfactor
David Hook
VP Software Engineering, Crypto Workshop
Sven Rajala
Senior Solutions Engineer – PKI SME, Keyfactor
Eric Mizell
Field CTO and VP, Solution Engineering, Keyfactor
Ben Dewberry
Product Manager, Signing and Key Management, Keyfactor
Magnus Normark
Senior Product Manager, Keyfactor
Andreas Philipp
Senior Business Development Manager, IoT, Keyfactor
Christofer Vikström
KTH Master Thesis Student
Henrik Sunmark
Product Architect, Keyfactor
Markus Kilås
Senior Product Architect, Keyfactor
Florian Handke
Smart Production Engineer, Campus Schwarzwald
Save Your Seat. Space
Is Limited
Secure your spot now and pre-register to be the first to get news about the meetup
The Keyfactor Community Tech Meetup promises to be an informative and engaging event, bringing together experts and enthusiasts in cryptography, PKI, certificates, and digital signing. This is your chance to stay up to date with the latest advancements in the field, participate in meaningful discussions, and gain hands-on experience through workshops. Join us for an inspiring day of learning, networking, and collaboration, and be at the forefront of the evolving landscape of digital security.
Frequently Asked Questions
Who attends the Community Tech Meetup?
- Engineers and developers interested in cryptography, PKI, and digital security.
- Security specialists and professionals responsible for cyber security questions.
- Researchers and academics working in the field of cryptography and digital signatures.
- Technical IT managers seeking to enhance their organization’s security posture.
What's on the agenda?
The agenda includes a mix of presentations, hands-on workshops, demonstrations, and networking opportunities where you can connect with like-minded developers, architects and security and industry professionals, and other peers. We believe that this will be a day for exchanging ideas, forge new partnerships, and possibilities to expand your professional network.
What's the timing?
What is it: One day and in-person event
Date: 26 September 2024
Timing: 8:30-18:30 including meals, coffee breaks, and After Work
Location: Epicenter, Malmskillnadsgatan 44A, Stockholm
Who do I contact for more information?
For additional information, please contact [email protected]
Kindly be aware that registration for the Keyfactor Community Tech Meetup is binding. If you cannot make it, please let us know at [email protected] so that we can give your seat to another attendee.
What is the cost to attend?
Attending this event is complimentary.
Kindly be aware that registration for the Keyfactor Community Tech Meetup is binding. If you cannot make it, please let us know at [email protected] so that we can give your seat to another attendee.
Can I earn CPE's?
Your attendance at the Tech Meetup can give you up to 6 CPE’s.