Introducing the 2024 PKI & Digital Trust Report     | Download the Report

Community Tech Meetup

Promoting TECHSynergy

Solutions for Software Supply Chain Security and Crypto Agility

26 September 2024, Stockholm

Meet our experts and learn about Keyfactor's open-source tech and our eco-system integrations
Join the Conversation #communitytechmeetup

Community Tech Meetup banner image

About the Community Tech Meetup

We are thrilled to announce the third annual Keyfactor Community Tech Meetup, inviting engineers and security specialists from Stockholm, the Nordics and around the world. Prepare yourself for an immersive experience filled with engaging presentations, hands-on workshops, and demos.

This exclusive one-day, in-person event offers a unique platform to explore the latest advancements in software supply chain security and crypto agility. We will focus on cutting-edge concepts and solutions like SBOMs, in-toto and attestation, as well as topics such as crypto agility, with a special emphasis on PQC migration scenarios and ecosystem integrations. Our discussions will be grounded in the foundational pillars of cryptography, Public Key Infrastructure (PKI), certificates, and digital signing.

square image of Stockholm with the riverside in the foreground and a lovely sunsetting sky in the background

September 26 2024, 8:30 - 18:30

Epicenter, Stockholm

Malmskillnadsgatan 44A, Stockholm

How to get here: Stockholm public transport is accessible, affordable, and will get you wherever you want. If you prefer to drive, make sure you plan for traffic and research parking beforehand.

Our Sessions

Our exciting agenda is now live! Register today to secure your spot and stay tuned for more updates to come.

Securing Open Source, for Everyone | Keynote session by Omkhar Arasaratnam

Omkhar Arasaratnam, General Manager Open SSF

This Keynote explores the critical role of open source security and the initiatives of the Open Source Security Foundation (OpenSSF). As open source software becomes increasingly integral to global technology infrastructure, ensuring its security is paramount. The talk will cover the unique challenges open source projects face, such as widespread usage and diverse contributor bases, and how OpenSSF addresses these through collaborative efforts, best practices, and innovative tools. Attendees will gain insights into current open source security trends, the importance of community involvement, and practical steps to enhance the security of open source software in their own projects.

The Quantum Era: Updates on Quantum Readiness and Cryptographic Standards | Presentation by Tomas Gustavsson and David Hook

Tomas Gustavsson, Chief PKI Officer | David Hook, VP Software Engineering Bouncy Castle

This presentation shares the latest updates from renowned authorities such as NIST, BSI, IETF, and X.9. What is new regarding standardizations and other insights and guidelines for navigating the quantum landscape?

We will also explore the landscape of cryptographic protocols, formats, and standards that require adjustment to withstand the quantum onslaught, from TLS and CMS to other crucial cryptographic protocols.

PQC Crypto Agility and Hybrid Certificates, Different Formats, and Migration Strategies | Presentation by Tomas Gustavsson and David Hook

Tomas Gustavsson, Chief PKI Officer | David Hook, VP Software Engineering Bouncy Castle

This talk will cover hybrid cryptography within the context of post-quantum cryptography (PQC), exploring the rationale behind hybrid systems and their role in ensuring interoperability during migration and enhancing security against quantum threats.

We will discuss hybrid PKI, covering different suggested standards, their pros and cons, and contexts of use. Additionally, we will explore various PKI migration paths, offering strategies for different organizational needs. Organizations must navigate the quantum horizon with consideration of their unique circumstances.

Securing the Software Supply Chain: Industry-Standard Practices, Insights, and Getting Started | Presentation by Ben Dewberry, Sven Rajala and Christofer Vikström

Ben Dewberry, Product Manager, Signing and Key Management | Sven Rajala, International PKI Man of Mystery – PKI SME | Christofer Vikström, KTH Master Thesis Student

Ensuring the integrity and security of the software supply chain is crucial. This talk explores industry-standard practices like in-toto, SLSA, SBOMs, and SigStore Cosign, and their application to software development and distribution. We will also discuss leveraging the open-source signing software SignServer to fortify the software delivery process.

TechSynergy in Secure IoT Deployments: Secure Boot, Secure OTA, and Security in OPC/UA | Presentation by Andreas Philipp and Florian Handke

Andreas Philipp, Senior Business Development Manager, IoT | Florian Handke, Smart Production Engineer Campus Schwarzwald

This presentation explores collaborative efforts in the IoT ecosystem, highlighting partner use cases: Espressif Secure Boot v2, Mender Secure OTA with SignServer, and an Industrial Cybersecurity integrations with OPC-UA and EJBCA. We demonstrate deploying these solutions to fortify IoT infrastructures against security threats, emphasizing crypto agility and software supply chain security.

Bridging the Gap: Interoperability Testing of PQC PKI/EJBCA with HSMs | Presentation by Tomas Gustavsson

Tomas Gustavsson, Chief PKI Officer

We discuss the outcomes of our interoperability testing between PQC PKI/EJBCA and Hardware Security Modules (HSMs).

HSMs are foundational for building a production-ready PKI.

Secure Software Supply Chain Workshop: Live Integrations | Workshop by Sven Rajala and Christofer Vikström

Sven Rajala, International PKI Man of Mystery – PKI SME | Christofer Vikström, KTH Master Thesis Student

Join our interactive workshop to learn the implementation of industry-standard practices like in-toto and Cosign with SignServer. Through practical examples, gain insights into fortifying software delivery against tampering and supply chain attacks. By the end, attendees will have the knowledge and tools to enhance the security and integrity of their software supply chains.

Quantum-Ready Workshop: Building Hybrid PKIs and Demonstrating Interoperability | Workshop by Tomas Gustavsson and David Hook

Tomas Gustavsson, Chief PKI Officer | David Hook, VP Software Engineering Bouncy Castle

Join us for an interactive workshop. We will delve into the practical aspects of building hybrid PKIs and seamlessly integrating quantum-safe cryptography into TLS.

The attendees will learn step-by-step procedures for setting up hybrid PKIs capable of issuing both classic and post-quantum certificates. We will then demonstrate interoperability with the OQS provider for OpenSSL3 and Bouncy Castle.

Ask me Anything About EJBCA | Presentation by Henrik Sunmark and Magnus Normark

Henrik Sunmark, Senior Product Architect | Magnus Normark, Senior Product Manager

Whether you’re a beginner or an experienced user, this session is your chance to get answers to your questions, share insights, and explore the capabilities of EJBCA. Our experts are here to provide guidance, discuss best practices, and help you.

Ask me Anything About SignServer | Presentation by Markus Kilås and Ben Dewberry

Markus Kilås, Senior Product Architect | Ben Dewberry, Product Manager, Signing and Key Management

Whether you’re new to SignServer or an experienced user, this session is your opportunity to ask questions, share experiences, and explore the capabilities of SignServer. Our team of experts is here to provide insights, offer guidance, and discuss best practices to help you leverage SignServer effectively in your projects. Join us for an interactive session where we’ll dive into the world of SignServer and explore its potential in secure digital signing.

#TECHSynergy Demo Points

We recognize that tackling cybersecurity issues requires a collective effort. At Keyfactor we are part of a larger ecosystem where seamless integration and collaboration with other products and solutions are essential. Together with technology partners and solutions, we have prepared demonstrators that showcase how PKI and signing are utilized in various use cases.

The demonstrators will be available throughout the entire event. Discuss with our experts how integrating EJBCA and SignServer works, and learn details that can't be found in a git repository.

Secure FW Update 

Secure FW Update with

Artifact signing with SignServer integrated into Over The Air updates using the device management system.

Secure Boot with Espressif

Remote signing with SignServer for Espressif Secure Boot v2.

Code Signing with GitHub Actions

SignServer integrates with GitHub Actions for secure code signing in CI/CD pipelines.

Istio demo point

Industrial CyberSec with open62541

Industrial cybersecurity with OPC-UA, GDS (Global Discovery Service), and EJBCA integration.

Service mesh with uniform identity frameworks

EJBCA with Istio and SPIRE enables a secure uniform identity framework across distributed systems.

Cypto Agility with Command SaaS Light

Managing crypto agility: inventory of existing cryptography and how crypto agility can be imeplemented.

Confimed Speakers

Discover our confirmed speakers, with more to come! Stay tuned for the full agenda reveal.

Omkhar Arasaratnam

General Manager Open SSF

Tomas Gustavsson

Chief PKI Officer, Keyfactor

Malin Ridelius

VP Community, Keyfactor

David Hook

VP Software Engineering, Crypto Workshop

Sven Rajala

Senior Solutions Engineer – PKI SME, Keyfactor

Eric Mizell

Field CTO and VP, Solution Engineering, Keyfactor

Ben Dewberry

Product Manager, Signing and Key Management, Keyfactor

Magnus Normark

Senior Product Manager, Keyfactor

Andreas Philipp

Senior Business Development Manager, IoT, Keyfactor

Christofer Vikström

KTH Master Thesis Student

Henrik Sunmark

Product Architect, Keyfactor

Markus Kilås

Senior Product Architect, Keyfactor

Florian Handke

Smart Production Engineer, Campus Schwarzwald

Save Your Seat. Space
Is Limited

Secure your spot now and pre-register to be the first to get news about the meetup

The Keyfactor Community Tech Meetup promises to be an informative and engaging event, bringing together experts and enthusiasts in cryptography, PKI, certificates, and digital signing. This is your chance to stay up to date with the latest advancements in the field, participate in meaningful discussions, and gain hands-on experience through workshops. Join us for an inspiring day of learning, networking, and collaboration, and be at the forefront of the evolving landscape of digital security. 

Frequently Asked Questions

Who attends the Community Tech Meetup?

  • Engineers and developers interested in cryptography, PKI, and digital security. 
  • Security specialists and professionals responsible for cyber security questions. 
  • Researchers and academics working in the field of cryptography and digital signatures. 
  • Technical IT managers seeking to enhance their organization’s security posture. 

What's on the agenda?

The agenda includes a mix of presentations, hands-on workshops, demonstrations, and networking opportunities where you can connect with like-minded developers, architects and security and industry professionals, and other peers. We believe that this will be a day for exchanging ideas, forge new partnerships, and possibilities to expand your professional network. 

What's the timing?

What is it: One day and in-person event

Date: 26 September 2024

Timing: 8:30-18:30 including meals, coffee breaks, and After Work

Location: Epicenter, Malmskillnadsgatan 44A, Stockholm

Who do I contact for more information?

For additional information, please contact [email protected]   

Kindly be aware that registration for the Keyfactor Community Tech Meetup is binding. If you cannot make it, please let us know at [email protected] so that we can give your seat to another attendee.

What is the cost to attend?

Attending this event is complimentary.

Kindly be aware that registration for the Keyfactor Community Tech Meetup is binding. If you cannot make it, please let us know at [email protected] so that we can give your seat to another attendee.

Can I earn CPE's?

Your attendance at the Tech Meetup can give you up to 6 CPE’s.