Skip to main content

📣 Submit your proposal: OpenSSF Community Day Korea | Open Source SecurityCon

search
Tag

Open Source Community

Jun 03
Love0

What’s in the SOSS? Podcast #32 – S2E09 Yoda, Inclusive Strategies, and the Jedi Council: A Conversation with Dr. Eden-Reneé Hayes

By Podcast

Summary

In this enlightening and entertaining episode of What’s in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and Star Wars superfan Dr. Eden-Reneé Hayes. From her academic roots to her entrepreneurial journey, Dr. Hayes shares how diversity, equity, inclusion, and accessibility (DEIA) drive sustainable growth—and how she found inspiration for her TED Talk in the wisdom of Yoda. The two discuss the myths around DEIA, how the Jedi Council reflects ideal collaboration, and why unlearning old beliefs is key to progress. Plus, stay for the rapid-fire questions and discover if Dr. Hayes is more Marvel or DC.

Conversation Highlights

00:00 – Introduction
01:30 – Career Journey
03:10 – Navigating DEIA in Today’s Landscape
07:49 – TED Talk Inspiration: Star Wars & DEI
11:31 – The TED Experience
13:12 – The TED Talk Message
14:38 – Favorite Yoda Quote
16:34 – Rapid Fire Round
18:37 – Final Thoughts
19:10 – Outro

Transcript

00:18 Yesenia Yser:
Hello and welcome to this podcast where we talk to interesting people throughout the open source ecosystem. My name is Yesenia Yser, I’m one of your hosts, and today we have an amazing treat. I’m talking to a very, very dear friend of mine and someone that comes from a galaxy far, far away, Dr. Eden-Renee Hayes. Eden-Renee, please introduce yourself to the audience and tell us a little bit about yourself.

00:45 Dr. Eden-Reneé Hayes:
I just have to say how fun it is to be announced as an amazing treat and from a galaxy far, far away. Not taken from your TED Talk, was it? So again, I’m Eden-Renee, or Dr. E is also totally fine. But basically, I’m in that dirty little acronym, DEI, diversity, equity, and inclusion. But I basically help companies to drive sustainable growth through inclusive strategies, aligning people, purpose, and performance, which basically leads to them keeping their employees longer.

01:20 Yesenia Yser:
Nice. And then we’ll start with the first question. I’ll continue on from that. For those who may not be familiar with the background, can you share your career journey with us?

01:30 Dr. Eden-Reneé Hayes:
Sure. I have been in academia for a really long time, but now I am an entrepreneur, so I’ll fill in the gaps. So I was a tenured professor. My area within psychology is social psychology. So I’m not a clinician. I’m more studying the research. I’m working in research and understandings around what happens with people in different situations. And with that, I always focused on the ideas related to diversity, equity, and inclusion. So from academia, I moved into administration, but still in colleges. And I liked doing that because I had a much greater impact on what was going on at each school. I was also the director of a multicultural center, but then I decided to branch out and become a solo. entrepreneur, where I have that opportunity to help companies to be able to use my vast knowledge within social psychology to be able to figure out what they need to do in order to have more equitable hiring practices that are fair for everybody, to be able to keep their employees with inclusive practices and lots of other things in between. 

02:38 Yesenia Yser:
Nice. And that brings you here to today. I believe you own your own, you run your own consulting business, if that’s what I understood. That’s right. Nice. Given that, and with the recent shifts in the U.S., I’m sure that’s kind of taken a little change in the way you approach now, especially with the U.S. administration stance on DEIA, diversity, equity, inclusion, accessibility. What challenges have you observed in the industry?

03:10 Dr. Eden-Reneé Hayes:
And if you want to speak more on that. course. Yeah, no, it feels like a lot of people are worried. Yeah, absolutely. I mean, I think it’s important to think about all of the things that they were doing previously, and is that consistent with the legal landscape? And actually, it is. DEIA is not illegal. As stated by 16 different attorney generals, and to make it very, very clear that all of those best practices are still 100% legal because they’re consistent with the things that have been placed into law that are much harder to overturn than with just an executive order. What’s also very interesting to me is the executive order’s focus on merit and fairness, and so does DEIA. So that is one of the wonderful things is just really reiterating to people, this is what’s going on. We were always about fairness. We were always about ensuring that the person that has the greatest merit gets the position. But DEIA is not just about hiring and just about, like, talent acquisition. There’s more to it, because DEIA also focuses on those external things, like the way that we present our companies to the masses. So how is it that we can do that in a way that is inclusive, that is reaching all of our potential clients? Because we have a very, very diverse world, and it’s getting more and more diverse by the minute. Literally, each, you know, like, there’s a new baby born every minute. A lot of those babies, they’re all people of color. And what we see now is, what is it? I think something like 46, 49% of Generation Z are people of color. So Generation Alpha, who are currently in elementary school, are even more diverse ethnically. But that’s not the only diversity we can have. DEIA is also not just about what’s going on with ethnic groups. It’s also gender. It’s gender identity and expression. So that’s a big part of it. And so I think that’s a big part of it. And I think that’s thinking about our trans and non-binary friends. It’s also disability. What about neurodiversity in the workplace? What about well-being in the workplace? It’s also about different people and their needs regarding the different languages that we speak, the different passports that we may hold. It’s so many different, of course, sexualities, so LGBTQ. And there’s so many different demographics to be thinking about. If you were actually to try to put everybody in a demographic, it’d be a minority of people that basically don’t fit within one of those, what we call underprivileged or minoritized or basically what tends to be undervalued groups. So it’s a lot more likely that we are going to be thinking a lot about the full human being in all the demographics that we inhabit and what that great benefit is. So I think that’s a big part of it. And I think that’s a big part of it. is to our various workplaces. So the changes that I’m seeing is really more helping people to understand that to be the truth instead of those myths that people believe about DEI not being about fairness and about having quotas, which aren’t actually legal and weren’t before, about trying to hire people because of their demographics instead of their skills and experience. So it’s a lot more likely that we’re going to be thinking about that. So a lot of the changes that I’m seeing is really just making DEI more clear so that people know that this is what it is. And that’s one of the reasons why I did my TED Talk.

06:59 Yesenia Yser:
Oh, there you go. You’re ready for the next one. I wonder why. But yeah, it just sounds like for DEI, I’m used to saying DEI. So just like my brain’s like, there’s an A. It’s just an umbrella of things because you said it very nicely. It’s the human aspect. And as a human, we identify in different aspects from our gender, from where we live, from the culture’s experiences. But moving on to the next question, you and I actually met at a TED Talk cohort that has continued into this fabulous group. And you recently delivered your TED Talk. Congratulations. It’s one of my favorites. Share with the audience what inspired you to speak on that particular idea. Share what the idea is. And what was the overall experience like?

07:49 Dr. Eden-Reneé Hayes:
Okay, so this is an unexpected answer about what inspired me. What inspired me was actually the failure of my partner to watch Star Wars as a child.

08:04 Yesenia Yser:
Tell us more. I still remember in like college, my first, I’m going to sidetrack real quick. My first job, I was there for like a couple months. They found out that I didn’t watch Star Wars. So they’re like, you cannot work until you watch Star Wars. I spent literally a whole week at work. They paid me just to watch Star Wars. And they’re like, okay, now we’ll give you IT tickets. And I was like, sure. I’m educated now.

08:25 Dr. Eden-Reneé Hayes:
I love that they paid you to do it. And yes, you are educated now. So by the time I, it’s pretty funny. I’m such a Star Wars geek that immediately when my friends found out that he didn’t watch Star Wars, they’re like, oh my gosh, are you going to break up with him now? And it’s like, no, they’re just movies. You just have to sit down and watch them. So we finally did like sit down and start watching. And for the Star Wars geeks out there, we watched in episode order, not chronological release order. That’s a general question that many people will ask. So we start with episode one. So not when they were released, but basically when you’re starting with Baby Anakin. So just watching the movies again in the, the climate that we’re in, in, uh, in being an entrepreneur and trying to help people to understand what DEI is and how it’s valuable. And just being in that space, like while watching it next to someone who’s never seen these before and only has like cursory idea of what might happen. And I just starting putting two and two together. It’s just like, oh my goodness. I knew that I’m in DEI because like, and I start my, Ted talk this way. My mom sat me down and like Yoda was my babysitter. So that, that is how I learned in the first place. And of course I get the education. I literally have a PhD in DEI. I, I really do have the, like both the lived experience, the, um, the sci-fi knowledge as, as well as the, the educational academic background that comes all together in one, but watching it with him, like I had to go grab my phone and pull up the notes app. And start like really typing in that. There’s all of these different ideas and quotes that just like, of course, this is where I am now because this seed in star Wars, all the diversity that we see. I mean, even look at the Jedi high council. It’s like, everybody’s from a completely different species and what are they doing? They are working together. Think about a boardrooms look like that. You know, if everyone’s coming in from a different angle of their upbringing and of their educational experience, and then, like they’re in the same space, trying to reach the same goals, you’re able to attack that problem with those angles that you need in order to figure out, okay, how can we get to the best place? And most efficiently in with as few hiccups as possible, because you don’t want something to be unrolled. And then it’s like, oh my goodness, we forgot this. And we didn’t think about the impact on this group. And now we’re getting a lot of negative press that you want to think about all those things and ensure that that’s not like, oh, we’re not going to be able to do this. That’s not likely to be the problem. And that you’re not likely to waste time, like trying to go and fix something that shouldn’t have been an issue in the first place. If you had more voices in the room. 

11:31 Yesenia Yser:
Yeah, it’s really great. And then what was your experience like with the TED talk? 

11:35 Dr. Eden-Reneé Hayes:
Oh my gosh, it was so much fun. For me, it was the epitome of that thing people say about enjoying the journey just as much as the destination. I enjoyed every minute of sitting and writing down, like practicing it and talking about ideas with our TED cohort, with practicing –  because one of the things about TED that’s less likely known is that it’s not like, oh, I write down what I want to say. And I get up on the stage and I say it’s like, no, there’s, there’s training, there’s editing, there’s, there’s time, there’s a pretty long runway from you’re going to have a TED to actually being on the stage. It’s not like three days and you’re on the stage. It’s people helping you to figure out how to really, like kind of, act it out a little bit. So that, that was one of the wonderful things. Like I had like a speech coach to help me to make sure that I’m bringing my best self out there. And that’s the great thing, because it’s like, of course, being a professor, I was on plenty of stages, but TED stage is a completely different place than a classroom. So it, there’s a different way to impart information. And it’s still also about kind of like, how you find your writer’s voice. Like you find your, it’s your voice on the stage as well. So that’s totally fun.

12:58 Yesenia Yser:
It’s, it’s a big journey. I can’t wait for mine. I’m so excited, but I’m so glad yours was one of the first, would you like to share with the audience for those that haven’t seen it yet a little bit about what your TED, your TED talk idea was?

13:12 Dr. Eden-Reneé Hayes:
Sure. Of course. So if you haven’t placed two and two together, I talked about Star Wars and DEI at the same time. So what I did was, I specifically focused on quotes from Yoda, because there’s a lot of things you can draw from, but TED, technically you’re allowed to go 18 minutes, but we all know what attention spans look like. So the best case scenario, yeah, best case scenario is your TED talk is in the neighborhood of 10 minutes. So I organized it using Yoda’s quotes, but basically I highlighted, this is what DEI really is, dispel all those myths. I didn’t spend time on like, this is how you define each letter of DEI. Instead, I just, I decided to be a little bit more like fun and animated and like make it not like, no, it’s, it’s TED. It’s, it’s not my class. I’m not going to give you a, like a paper that I’m grading or quiz afterwards. I’m trying to give you all the information that is really applicable in a way that’s also entertaining so that you can see it all there. And, and know that, no, this is really about respect and fairness and being the human being that I know that you want to be too.

14:31 Yesenia Yser:
That’s great. I love your TED talk. And with our last question, what’s your favorite Yoda quote and why did it resonate with you?

14:38 Dr. Eden-Reneé Hayes:
Oh my gosh. There are so many great ones to choose from. I feel like I should refuse to answer. Um, but basically, um, no, my favorite one is, uh, Yoda is training Luke. And and Yoda says to Luke, he’s like, Luke kind of gets really frustrated. And Yoda says like, no, like “only different in your mind, you must unlearn what you have learned.” And that’s one of the most fundamental things that we all really need to be doing a better job of is in an unlearning and trying to figure out, okay, what are these messages that I keep receiving that are not satisfying? And I think that’s one of the most fundamental things that I keep receiving. And are not helping me to be the human being that I want to be. And instead are moving us into a place where we have greater division.

15:31 Yesenia Yser:
Nice. I’m going to butcher this one, but you can, you can fix it. You can fix it. “Luminous, luminous beings, are we” that one is one of my favorites, especially the way you delivered it. Um, and then I forgot what the ending of that was. 

15:47 Dr. Eden-Reneé Hayes:
Not this crude matter. 

15:48 Yesenia Yser:
Not this crude matter. That was one of my favorites.

15:50 Dr. Eden-Reneé Hayes:
Yes. “Luminous beings are we. Not this crude matter.” And yeah, that’s, I use that one to help us to think about how we are, we’re focused on, on ourselves and we’re focused on someone else fitting into a box unless we already know that person and not focused even on ourselves being luminous. And that’s part of DEI too, is stopping and thinking like, no, you are amazing. You are worthy. You are valuable. And you bring value to this space. And so does everybody else that you are encountering. So luminous beings, are we not this crude matter.

16:34 Yesenia Yser:
Love it. I got goosebumps all over again. And with that, we’re going to move over to our rapid fire interview part. So hold your breaks. Don’t get off on your millennium Falcon just yet. All right. First question. This one, this one might be an easy one. Marvel. Marvel or DC?

16:53 Dr. Eden-Reneé Hayes:
Marvel, but no, no, I’m just going to double down on Marvel, but I, but I do love them both. We go to all, all the movies, except for Venom.

17:05 Yesenia Yser:
All right. For you Venom fans. I’m sorry. Sorry. Next question. Coke or Pepsi? 

17:13 Dr. Eden-Reneé Hayes:
Pepsi. 

17:15 Yesenia Yser:
Okay. 

17: 16 Dr. Eden-Reneé Hayes:
More delicious. 

17:18 Yesenia Yser:
Okay. We’re a little different there. 

17:22 Dr. Eden-Reneé Hayes:
Specifically cherry. 

17:23 Yesenia Yser:
I do love the cherry. I’ll give you that one. Books or podcasts?

17:30 Dr. Eden-Reneé Hayes:
Books. I’m an audio book lover.

17:32 Yesenia Yser:
Yeah. I like the physical. I’ll have to listen to like audio books, like self-development audio books, but I just, there’s something about physically holding it and the smell. I don’t know.

17:42 Dr. Eden-Reneé Hayes:
No, I’ll never get through a book if it’s physically there, unless. No, I need audio because I need to read it while I’m like driving and I’m totally destroying the rapid fire-ness of this. You know, while I’m like cutting vegetables or anything, oh, that’s, that’s mindless. So I need the audio books.

18:02 Yesenia Yser:
That’s fine. We’re making this rapid the way we are. Spicy or mild food? 

18:06 Dr. Eden-Reneé Hayes:
Oh my gosh. Spicy. Who would go with mild? I mean, like. 

18:11 Yesenia Yser:
<Laughs> You didn’t listen to mine then. I said neither, just seasoned. 

18:17 Dr. Eden-Reneé Hayes:
No, it needs to be spicy. Yes. No.

18:21 Yesenia Yser:
Must be spicy. Well, thank you for giving us a lovely rapid conversational fire interview. This is, you know, towards the end. Do you want to leave the audience with any last minute words before we close out?

18:37 Dr. Eden-Reneé Hayes:
Oh, just that we really do all need to foster that wonder and curiosity. Instead of believing the things that we already believe, we need to do a better job of venturing outside of our comfort zone and venturing into that learning zone instead.

18:58 Yesenia Yser:
Beautifully said. Well, thank you, Eden-Reneé, for joining us. Thank you for those listening. We’ll catch you on the next episode.

19:10
Like what you’re hearing? Be sure to subscribe to What’s in the SOSS on Spotify, Apple Podcasts, AntennaPod, Pocket Cast, or wherever you get your podcasts. There’s a lot going on with the OpenSSF and many ways to stay on top of it. Check out the newsletter for open source news, upcoming events, and other happenings. Go to openssf.org/newsletter to subscribe. Connect with us on LinkedIn for the most up-to-date OpenSSF news and insight, and be a part of the OpenSSF community at openssf.org/getinvolved. Thanks for listening, and we’ll talk to you next time on What’s in the SOSS.

Apr 22
Love0

What’s in the SOSS? Podcast #28 – S2E05 Secure Software Starts with Awareness: Education & Open Source with the Council of Daves

By Podcast

Summary

In this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” – Dr. David A. Wheeler of the OpenSSF and Dave Russo from Red Hat – for a deep dive into the intersection of secure software development and education. From their open source origin stories to the challenges of educating developers and managers alike, this conversation covers key initiatives like the LFD121 course, upcoming resources on the EU Cyber Resilience Act, and how AI is shifting the landscape.

Whether you’re a developer, manager, or just open source curious, this is your crash course in why security training matters more than ever.

Conversation Highlights

Intro & Meet the Council of Daves (0:16)
Open Source Origin Stories (1:22)
The Role of the Education SIG (4:05)
Why Secure Software Education Is Critical (6:30)
Inside the LFD121 Secure Development Course (8:01)
Training Managers on Secure SDLC Practices (12:24)
Why AI Makes Education More Important, Not Less (13:53)
What’s Next in Security Education: CRA 101 and More (16:04)
Rapid Fire Round: VI vs. EMACS, Tabs or Spaces & Mascots (20:20)
Final Thoughts & Call to Action (22:04)

Transcript

[Dave Russo] (0:00 – 0:16)
If you’re a people manager, understanding the amount of time and effort and skills that are needed to perform these different activities is vital to know.

[CRob] (0:16 – 0:46)
Hello and welcome to What’s in the SOSS, the OpenSSF’s podcast where we talk to interesting people from around the amazing open source ecosystem. I’m Krobe, your host. Today we have a real treat.

I’m joined by the Council of Daves and we’re going to talk about a topic that is near and dear to both our hearts, but let’s start off with some introductions. I’ll go with David Wheeler first, and then we’ll go to Dave Rousseau. So David, why don’t you introduce yourself real quick?

[David Wheeler] (0:47 – 1:03)
Okay, sure. David Wheeler. I work at the Open Source Security Foundation, OpenSSF, which is part of the Linux Foundation, and I’ve been involved in how do you develop secure software or developing open source software for literally decades.

[Dave Russo] (1:03 – 1:20)
My name is Dave Russo. I work at Red Hat on the product security team. I’m the governance portfolio manager.

I don’t have quite as long a history with open source as Dr. Wheeler does, but I’ve been working on SDLC related activities for quite some time.

[CRob] (1:22 – 1:33)
Awesome. I think we’re gonna have a great chat today about secure software development and education, but let’s get your open source origin stories. Dave Rousseau, how did you get involved in upstream open source?

[Dave Russo] (1:34 – 2:18)
So I was not directly involved in open source for very long in my previous arrangement. I did do some work in the software industry, then I was working in an industry that was not around development. So around 2016, when I joined Red Hat, my good friend Krobe introduced me to a lot of the awesome open source stuff that was going on in and around Red Hat and the upstreams a little bit prior to that.

And a lot of the conversation was aligned with SDLC activities, specifically secure development practices, which is an interest of mine. And then after joining Red Hat, obviously I became much more involved in a lot of different areas of open source, primarily around, again, secure development.

[CRob] (2:19 – 2:24)
Cool.

David Wheeler, how did you get involved? What’s your origin story?

[David Wheeler] (2:24 – 3:46)
That one’s a little challenging because I’ve been involved in it for such a long time, I don’t even remember the first time I gave, you know, I just just contributed to release some, well, what wasn’t called open source software, because the term hadn’t been invented yet.

People were occasionally sharing around source code. Since before I was born, frankly, they just didn’t use these terms. And, you know, necessarily have figured out some of the legal stuff.

So I think the big change to me, though, was the first time I held a very, very early version of Red Hat Linux in my hand. This is back when it was being distributed on CDs. Because at the time, there was a general agreement that yes, of course, people can share source code on, you know, on bulletin boards, and maybe this internet thing, but you couldn’t build something big with it.

And all of a sudden, an entire operating system was open source, and useful. And I think this is where instead of the, oh, sure, we can sometimes share with this, oh, this can be used for building large scale systems. And that was kind of the, and I later on did analysis of this and been doing things involving open source for quite well, since before the name was created.

[CRob] (3:46 – 4:04)
Cool. Well, thanks for sharing, gentlemen. So let’s dive into it.

Dave Russo, you are the current chair of the OpenSSF’s Education SIG, which is part of the BEST working group. Could you maybe talk a little bit about what the Education SIG is and what you all get into?

[Dave Russo] (4:05 – 4:27)
Sure. So the Education SIG is obviously around educating our open source developers to do a better job of incorporating security practices in the development and delivery of these projects. Now, a lot of my previous life experience was in development, so I’ve got a fairly good amount of experience in this area.

[David Wheeler] (4:28 – 4:39)
It is very obvious to a lot of people who’ve been doing this for a while that education has not been a focus area when it comes to developers, especially around security.

[Dave Russo] (4:40 – 6:17)
Developers are mostly interested in creating cool new stuff, which I completely agree with. That is the primary purpose is to put new features and functionality in their software to make it do more cool things, better, faster, stronger, etc. However, security for the longest time was not even a consideration for a lot of software development and delivery.

And over the past 10, maybe 15 years, there’s been a little bit more attention paid to it. But there’s been a movement to try and provide good education courses that talk about secure development practices to the development communities themselves. So at the Education SIG, what we are trying to do is help address that need.

We’re trying to help understand what kind of information and materials we can provide to our upstream communities to help the developers understand what it means when we talk about developing and delivering software more securely and specific techniques and ways that they can incorporate this into their projects, such as hardening guides, delivery guides, compiler rules, general awareness of some of the reasons behind having security, not only from a risk based perspective, just making the project a little bit more robust, but now also because of a lot of international regulations and expectations by different industries and geos that are compelling developers of various types to provide very specific attestations or statements of conformity when it comes to doing things in a certain way while they’re doing their development delivery.

[CRob] (6:17 – 6:30)
Awesome. So it sounds like, Dave, you touched on it a little bit. But David, could you maybe expand a little bit about you know, why do you feel it’s important to get this type of content in the hands of developers?

[David Wheeler] (6:30 – 8:01)
Well, I think the short answer is that if developers don’t know how to develop secure software, they won’t develop secure software. It really is that simple. I often tell people that we get software that’s more secure than we deserve.

Because why should we expect that software be secure when for the most part, developers aren’t told how to do that? It’s it’s it’s not a magic trick, but it does require some knowledge. By the way, we actually did a survey of developers about the state of secure software development education last year.

And I mean, we found that overall, you know, 28% of the professionals weren’t familiar with secure software development. It jumped up to 75% for those who had less than a year of experience because the colleges and universities for the most part, are not requiring it. And so yes, they they increasingly get it over on the job.

But the on the job is often spotty, it has holes. And by the time they become more knowledgeable, there’s more that have come in, again, with that lack of knowledge. And so we’re just constantly on this treadmill of people who don’t know how to do it.

And lack of training was the was one of the primary reasons that people gave for why don’t you know how to do this.

[CRob] (8:01 – 8:17)
So I’m aware that the SIG has a couple artifacts that they work on. The first thing we’ll talk about is the LFD 121 course. So maybe Dr. Wheeler, if you could give a little taste about what that is all about.

[David Wheeler] (8:18 – 8:30)
Absolutely. I’ll quickly note, by the way, both of my participants have used my title doctor, I do have a PhD. But my experience is when people use my title, they’re just yanking my chain.

[CRob] (8:30 – 8:32)
So we love you, sir.

[David Wheeler] (8:33 – 10:14)
Well, thank you. Yeah, so the so we’ve got a course called LFD 121, developing secure software.

Now, we’re here talking about open source. But I want to make sure everybody knows that this is absolutely for open source software. It’s also for closed source software.

It’s for anybody who develops software, because the frank reality is attackers don’t care what your license is. They just don’t. They just want to take over things and do bad stuff and make everyone stay miserable.

So we’re here to help developers deal with that. I just looked at the numbers and we have including, you know, up to now, for both our Japanese and English through edX and through TI, all these are, we’ve had over 30,000 in [Crob: Wow], in that course, which is, you know, fantastic. That’s a lot of people.

That’s a lot of people. So we’ve got a course, we very much focus on the practical, how do you do stuff. And we have optional hands on labs, they’re not required.

But we do encourage people at least do a few. Because doing things hands on is really, really helpful. I’ll do a quick note.

Some people have gotten the wrong impression that security is always expensive. Generally, that’s not true. It’s retrofitting security.

That’s expensive. And so what we should be doing is stopping the retrofit. It’s not hard to do most of the stuff if you just know ahead of time what you’re supposed to do.

But once you once you’ve dug the hole deep, it’s very hard to get out.

[CRob] (10:15 – 10:21)
Speaking of security, not being expensive. This sounds like an amazing class. How much does it cost to take?

[David Wheeler] (10:23 – 10:48)
Oh, what a pitch. Of course, as you know, it’s completely free. The course is free, the labs are free, whole thing’s free.

So, you know, please don’t please don’t make costs a limiting factor for this. You know, it’s basically important for us all around the world that anybody who develops software knows the basics. And that’s what this this particular course covers.

[CRob] (10:49 – 11:08)
So a big part of your world, Dave Russo, is, you know, secure software development and SDLC, secure development lifecycle. From your perspective, you’ve looked at the LFD 121 class. What do you find that to be a useful artifact as you’re sharing it with your engineers?

It is.

[Dave Russo] (11:08 – 12:23)
The content in the course does a very good job at talking about what the different activities that should take place along the different times of the software lifecycle should be. And again, to kind of repeat from what we said earlier, awareness is a big problem that we have. A lot of developers don’t understand what it means when we say we should develop things securely.

And then you start using words like risk assessment, penetration testing, threat modeling, attack surface analysis, and people’s eyes just kind of glaze over because they have no idea what you’re talking about. The course is able to go into these topics and provide a good amount of information, provide an understanding to a developer what we mean when we talk about these sorts of things. And additionally, to David’s point earlier, making the developers aware of this early so they can build it into the plan instead of trying to go back and do it after certain things have been done, makes adopting and implementing these things much, much easier.

So the combination of knowing what these activities actually are, the amount of effort that is needed to complete them, and when to insert them into the lifecycle make the course absolutely invaluable for people who are doing software development.

[CRob] (12:24 – 12:38)
That was one of the OG projects that David Wheeler brought into the foundation. Let’s talk about some of the more current work. Who would like to talk about the security for developer manager class we’ve all been working on?

[Dave Russo] (12:38 – 13:52)
So I’ll go and I’ll start off from a general level. And then I’ll let David go into some things a little bit more in depth. So the intent of the secure software development for managers course is to again, inform.

Awareness is a problem. If I’m a development manager, and someone says to me, you need to do your stuff securely, what does that mean? There’s a lot of different factors involved.

From a risk perspective, if we don’t do these activities, what does that mean? What does it mean for the actual software itself? What does it mean for the organization or company that I work for?

What kind of risk may be exposing the company to? More importantly, if you’re a people manager, understanding the amount of time and effort and skills that are needed to perform these different activities is vital to know. You need to understand when to put these things into roadmaps and timelines, how much time to allocate for them.

And does anybody on your team actually know what it means to do, for example, a penetration test? If not, you’re going to need to find some additional resources to help you with that. So again, not necessarily diving down into the deep weeds on a lot of these topics.

This is meant to provide additional awareness and understanding to someone who’s in a development manager position.

[David Wheeler] (13:53 – 16:04)
And if I can jump in with some additions. Fundamentally, if management’s not on board, it’s probably not going to happen.

And unfortunately, some managers are kind of assuming things like, well, the the IT security department will somehow take care of it. Well, no, they won’t. They certainly do have an important role to play.

There are things that they that they will do that will be very, very helpful. But if you’re managing the development of software, there are things that you as a manager need to know need to do need to make possible. We spend more than a little time in the course helping you understand some terminology, understanding what needs to happen, and frankly, making sure one of the key things a manager needs to do is making sure that the developers know what they need to know.

In many organizations, managers aren’t necessarily writing the code, but they need to make sure that the people they’re bringing in know what they need to know. And if they don’t, fixing that with what is fundamentally a training problem, an education problem. Because just like any other field, if you don’t know what you’re doing, you’re not likely to do a good job.

And it doesn’t mean that they’re stupid. It just means that they lack some important information. I will quickly note, just because I’m thinking of it.

Lots of people talking about AI. AI is awesome. The majority of developers nowadays are using AI to develop code, according to some surveys.

And here’s the problem. Just because some AI generated code does not make it secure code. What do you think that that system was trained on?

Right. So this actually AI is actually increasing the need for education by developers and by their managers. Because if you’re using an AI system, who is going to be reviewing it?

Not just the AI, I hope. You’re going to need people to know what they’re doing. Which brings us back to the need for more education.

The increased need for education, not the decreased need because of AI.

[CRob] (16:04 – 16:15)
Excellent point. Broadly, what other things are on the horizon from an education perspective? What do you got in the hopper in the back? It’s going to come down the road.

[David Wheeler] (16:18 – 16:20)
Well, Dave, you want to go ahead?

[Dave Russo] (16:20 – 18:23)
Sure. So the USSF is putting a lot of attention on education.

There’s some expectations as to what our SIG can help contribute moving forward in 2025. And again, I’ll hit this from an awareness perspective, I think, and I’ll let David dive in to a couple things a little bit deeper. We need to get the message out.

We need to get information out there into the upstream communities and the projects and let them know what it is we’re trying to accomplish and what materials we already have that they could leverage and use right now, as well as understanding how to bring more people into the group, into the USSF in general, and provide their subject matter expertise to help us generate even more materials on top of that.

So we’re going to be making some additions to the information we’ve got on our GitHub page and such. We’re going to try and socialize some of the things that we’ve already put together as a group, some of the hardening guides we’ve done, we already talked about some of the education courses that are being worked on. We’re taking a little bit of a look right now, something that’s in progress, a little bit of behind the curtain for everybody.

We’re working on a CRA 101 course. Again, the EU Cyber Resiliency Act has been passed by their parliament, and everyone is trying to understand exactly what that means to them. So we’re trying to put, again, a general information course together that makes it digestible for people with a couple different types of roles to understand what the CRA means and what the expectations are going to be moving forward as it begins to come into effect.

So these regulations are becoming more common. There’s a couple other ones that are in progress at various geographies around the world, so we expect we’re probably going to do this for a couple other ones as they become available. Hopefully, we’ll have some representatives speaking at certain conferences, talking about the OSSF mission in general, some of the education information in particular, and again, trying to make sure that we are looking at the right ways to bring the right information to our constituency.

David?

[David Wheeler] (18:24 – 20:18)
Yeah, so let me jump in specifically on the Cyber Resilience Act, which is kind of a big thing that’s coming up. Strictly speaking, it only applies to software, and so on, that is released to the EU market.

I guess more accurately, I should say products with digital elements, which is the term of art that they use within the regulation. But the reality is, Europe’s a big place. Most organizations, especially in the software world, are global.

So this is going to affect many, many, many. Indeed, it’ll affect many who have never really needed to look at this kind of thing before. And so we’ve been trying to develop this, what we’ve been calling a CRA 101.

We actually even have an official number for it, it’s LFEL 1001, when it’ll get released. But basically, it’s a little introduction, explanation, what does this say? What does it require?

And it’s going to be a big change, I think, to industry, to the market. It even has some requirements specifically on what’s called open source software stewards. It’s a relatively light touch, but it does impose some requirements.

It does talk about open source software developers. I think in many cases, it will be much less of a touch, but it’s not completely none. And so this is going to affect, and of course, people who develop open source software, that software usually gets pulled into larger systems in many cases.

So this is going to affect a lot of folks. And so it’s gonna be important for us all to be prepared. So we’ve been working very hard to get that introduction developed, and we’re hoping to get that out the door as soon as we can.

[CRob] (20:20 – 20:43)
Excellent. Well, I’m looking forward to taking it, so I can become smart about the CRA. Thank you, gentlemen.

Let’s move on to the rapid fire part of the interview. All right. I got a couple wacky questions, and I would like you both to answer the first thing that comes to your mind.

First, most important question. VI or EMACS?

[Dave Russo] (20:43 – 20:44)
VI.

[David Wheeler] (20:44 – 20:45)
VIM.

[CRob] (20:46 – 20:54)
Excellent answer. Now, the next one, potentially even more controversial.

Tabs or spaces?

[David Wheeler] (20:55 – 20:56)
Spaces.

[Dave Russo] (20:56 – 20:56)
Spaces.

[David Wheeler] (20:58 – 20:59)
Always spaces.

[CRob] (20:59 – 21:09)
I can go back and count, but that is a very contentious, verging on religion for many people. What’s your favorite open source mascot?

[Dave Russo] (21:11 – 21:11)
Tux the Penguin.

[David Wheeler] (21:12 – 21:14)
Oh, it’s it’s hard to beat Tux.

[CRob] (21:16 – 21:17)
Classic.

[David Wheeler] (21:18 – 21:27)
Classic.

I’m planning to print up one on a 3D printer soon, because Tux is fun. But I will say that Honk the Goose. Honk the Goose?

[CRob] (21:28 – 21:28)
Honk the Goose.

[David Wheeler] (21:28 – 21:29)
He is a kind of fun goose.

[CRob] (21:29 – 21:36)
I am personally a fan of the goose. And last question. What’s your favorite vegetable?

[Dave Russo] (21:37 – 21:38)
None of the above.

[David Wheeler] (21:39 – 21:43)
I’ll count corn as a vegetable. Corn on the cob.

[CRob] (21:43 – 22:04)
There you go. Thank you, gentlemen.

Now, as we wrap up, do you have a call to action or some advice you’d like to share with our listeners who are where they have a lot of people across the industry that listen to this newcomers or people that aren’t familiar with open source or cyber security? So what kind of advice or what call to action do you have for our listeners?

[Dave Russo] (22:04 – 22:31)
Get involved.

Get involved. Understand what’s out there. The OpenSSF has a lot of really good information, a lot of different working groups that are going through things that affect all the open source communities, trying to, you know, make our security better, reach farther, make us more proficient in those areas. So if there’s something you think you contribute or if it’s something you want to learn or just want to listen and see what’s going on, join a couple of the working group calls and see what’s happening.

[CRob] (22:32 – 22:34)
Excellent. David?

[David Wheeler] (22:34 – 23:41)
I’ve got a couple.

So for get involved, if you’re interested in security, open source and security, obviously OpenSSF, if you are the happy user of an open source project where it’s starting to become important to you, get involved in that project. If you are a developer of software, please, please learn how to develop secure software. I think our course is great.

I don’t really care if you take that course per se. If you take another course, that’s great. Because what’s more important is all of society now depends on software.

We need that software to be more secure. And the vast, vast, vast majority of the problems we’re seeing today are the same problems we’ve been having for decades. It’s well understood how to systemically counter them.

But people need to know how to do it first. And I, I don’t, as I said earlier, AI is not going to change that. AI will simply mean that we can write bad code faster.

It means we can write good code faster. But to write the good code, the humans have to know what good code looks like.

[CRob] (23:43 – 24:05)
Well, what a difference some Daves make. Gentlemen, some of my favorite people to collaborate with. I appreciate your time and all of your contributions to help trying to improve the quality of life for open source developers and ultimately the users that use all that amazing software.

So that’s a wrap. Thank you all for joining What’s in the SOSS and happy security, everybody.

(24:09 – 24:46)
Like what you’re hearing? Be sure to subscribe to What’s in the SOSS on Spotify, Apple Podcasts, Antenapod, Pocketcast, or wherever you get your podcasts. There’s a lot going on with the OpenSSF and many ways to stay on top of it all.

Check out the newsletter for open source news, upcoming events and other happenings. Go to OpenSSF.org slash newsletter to subscribe. Connect with us on LinkedIn for the most up to date OpenSSF news and insight and be a part of the OpenSSF community at OpenSSF.org slash get involved. Thanks for listening, and we’ll talk to you next time on What’s in the SOSS.

Mar 25
Love0

What’s in the SOSS? Podcast #25 – S2E02 Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding

By Podcast

Summary

In this inspiring episode of “What’s in the SOSS?”, we welcome our new Co-Host, cybersecurity expert and open source advocate Yesenia Yser. Join hosts CRob and Yesenia as they delve into her compelling journey from discovering open source at Red Hat to pioneering AI security at Microsoft. Learn how Yesenia blends her passion for cybersecurity, Brazilian jiu-jitsu, and empowering communities—especially women—to shape her personal brand and advocacy efforts. Don’t miss this lively conversation full of actionable insights for anyone interested in cybersecurity, open source communities, and personal growth.

Conversation Highlights

00:18 – Introduction to Yesenia Yser
00:55 – Yesenia’s open source origin story
03:30 – From cybersecurity professional to jiu-jitsu practitioner
05:56 – Building a personal brand in tech and beyond
09:04 – Advocating diversity in tech through the BEAR group
12:40 – Fun rapid-fire round (VI or Emacs, Coke or Pepsi, favorite open source mascot, spicy vs. mild food, and more)
13:52 – Yesenia joins as new co-host of “What’s in the SOSS?”
15:39 – Advice for breaking into open source and cybersecurity

Transcript

Soundbite – Yesenia Yser
One thing that you’ll hear me advocate over and over again is to find an open source project that will support your career growth. Whether you’re looking to go into program management, business analyst, management, or your technical skills, find a project that aligns with you. You can jump on the open source Slack and hit up in general, just say, I’m interested in doing this, this, this. This is how many hours I have. And I bet you someone’s going to be.

Hey, come over to our group, join us. We’ll teach you along the way. That’s the best thing I know about open source and the tech is that folks are very open to teach.

Intro – CRob (00:18)
Hello and Welcome to “What’s in the SOSS?” OpenSSF’s podcast where we talk to interesting people throughout the open source ecosystem. My name is CRob, one of your hosts, and today we have an incredible treat. I’m talking to a very dear friend of mine and amazing open source contributor, Yesenia. We have some amazing news to share at the end of the podcast today.

CRob (00:49):
Yesi, please introduce yourself to the audience and tell us about your open source origin story.

Yesenia Yser (00:54):
Hey everyone! Thank you for those listening. I’m Yesenia, born and raised in Miami, South Florida. I’m Cuban American, I’ve been in the cyber tech industry for over 12 years, a bachelor’s in computer science, and a master’s in digital forensics. I usually like to joke that I “social engineered” my way into my first security role. It was always interesting because in school I used a bunch of tools that were online and free.
My first couple of jobs, we used a bunch of libraries and things of that nature. It wasn’t until my time at Red Hat, which was like six years into my career that I realized what I was actually using and that it was open source and there was a huge community of great and amazing folks behind it that are part of it. So from there, I started exploring open source more exploring OpenSSF, a community that I do a lot of, advocacy work and contribution to. But it was just, it was very interesting that for someone that uses it, this is just, you know, everyday person that’s like learning how to code. You bring in Python, you import your libraries and you got to keep them up to date every now and then. And you don’t really know where they come from, but they come from a little black hole that’s called the open source space. Then, my journey took me from Red Hat. worked at the Linux foundation on the Alpha-Omega project. So I was helping with the Omega piece of it and we, in which we were automating, security vulnerability identification and open source software. Then my career took me to Microsoft where right now I’m working on artificial intelligence and open source security research. In that space, I get to explore both AI from the large tech industry and all the threats and yumminess that is in this emerging new technology. And then I get to share my love and passion for open source.

CRob (02:48):
That’s awesome. And as we mentioned, you and I both work together at Red Hat, where you were the very first supply chain security engineer. So I am a little bit more up to speed with your background than other folks may be. But, I think what I find very fascinating about you is that you not only are an amazing technologist and super smart, but you also have a lot of outside of work activities that I find very fascinating. Could you maybe talk about how things like your passion for jiu-jitsu and outside activities kind of inform your practice around open source security and AI security?

Yesenia (03:30):
Yeah. So starting at Red Hat was pretty, pretty cool. I was there as the first supply chain security engineer. A very big breach happened called SolarWinds, in which it blew up the supply chain security space for the industry. So, it was really great to be in the forefront of that in such a big company that is big and open source and be able to see all the plethora of things that happened in the wild wild west that is the development industry.

So outside of work is usually what I like to say about my day job. So by the day, I’m a security professional. By night, I’m a jiujiteira, which means a jiu-jitsu practitioner. I’ve been working, I’ve been training and teaching jiu-jitsu for almost seven years now. Started with the kids and working with them. And it was just lovely to see their faces bright light up when they learned a new technique. And over the years I’ve seen parallels between jiu-jitsu and my own cyber career, in which I became a mirror of things that I was seen as myself in a leader in the cyberspace that was holding me back. And then that was being mirrored into my jiu-jitsu. A year or so ago, I started a nonprofit called the Lioness Instincts, in which our mission is to empower women to protect themselves both physically and digitally, because as a security professional and a presented to jiu-jitsu instructor, which we would teach women’s self-defense classes and teach kids. I saw a huge boost in just their self-confidence and being able to work through some of the traumas that does happen through some of the crazy things that happen throughout the world. So we started the nonprofit. And if I’m not in the cyber world, I’m on the mat teaching and training. I also have two dogs that I teach and you’ll see me with them as well.

They’re their own plethora of tricks and cuteness.

CRob (05:25):
That’s awesome. And I know how much this kind of outside advocacy and your jiu-jitsu kind of affects, know, it colors your thinking and how you conduct yourself. Let’s think about this. I know you’ve kind of taken this and kind of started to develop a personal brand around these types of things. Can you maybe say why it’s important for people to find these opportunities and these passions and kind of try to do this for themselves? How does this personal branding help you?

Yesenia (05:56):
Yes. So for me, it’s my personal brand. And for those that follow, I’m called cyber jiujiteira online because of the mixture of, me, gives me a purpose and an avenue. And usually when I make a decision of something that I’m going to do, I ask myself, does it match or fit my brand? And my brand has its own pillars of advocacy as it has its five, has its five pillars, which is, cybersecurity and promoting advocacy, education and guidance to get more folks into the industry. There’s just the empowerment, self-defense, digital privacy piece that involves digital and the physical side, teaching and lessons, motivation, and then lifestyles. Because I normally talk to folks and they’re like, you have a very interesting lifestyle of just working in training, working in training, and then running a nonprofit. So I feel like a brand helps you not only keep because I have ADHD, so I’m all over the place, but it helps me keep aligned with what I’m doing and then ensuring that I can go back to it when it comes to social media platforms, it helps people know who I am and what I stand for. So I’ve been in conferences, both physical, like for jiu-jitsu things, and then for cybersecurity things or open source. And they’re like, you’re the jiu-jitsu girl. You’re the cyber girl. So it’s great. I’m like, yeah, you know me.

It becomes a cool way for folks to connect with you on a more personal level, and understand who you are. And in that, once you hear that you understand that I’m a martial artist and any thoughts around martial artists, you relate it to me in a, in a way. So martial artists tend to be disciplined. They tend to be focused. They tend to have patience. So as an individual that’s applying to cybersecurity roles that are fast pacing, working with executives. Things are constantly moving. You have to adapt quickly. The mindset of a martial artist, I think, falls very well into that, which helps with interviewing. And somebody said it the other day, which I think is great for branding, is your brand should be getting you the interviews. So instead of you searching out for these interviews, your brand should be helping you acquire what’s right for you.

And it’s just very important when you’re networking and connecting with folks that your brand speaks on who you are, whether or not you’re in the room.

CRob (08:29):
Excellent. Yeah. And thank you for all you do for especially, you know, late getting ladies into cyber and talking about self-defense. I think that’s amazing contribution back given back. We get to work together in the open SSF as part of a group that also has a lot of very strong advocacy bent to it. So maybe could you talk a little bit about the bear group that we participate in and you know, why is it so important to kind of bring awareness and kind of reach out to people that may not be currently in this career path of this world.

Yesenia (09:03):
Yes. So the BEAR, I think what we’re doing in the group is great. So bear stands for belonging.The E is empowerment, is for allyship and R is for representation. And I, I strongly feel very passionate about this because in the open source space, let’s just start with the challenges. A lot of the times are open source maintainers. They created this when they were younger. It was a college project. It was just a fun idea that they had and somehow it went very mainstream. It went viral, blew up, and now is in 80 to 90 % of software that’s out there, right? So we have this one tool that’s maintained by one person who probably has a family, who probably works two or three jobs. And it’s crucial to everything from US government infrastructure to maybe you know, outside sources to big tech company, industries. So the idea of Bayer is to be able to make that bridge a little bit easier for folks. Cause I know myself when I was starting, as I mentioned earlier, I didn’t know what open source was. was just like, okay, some cool thing that I can pull from online, but having these like community office hours, which we do once a month, we get to highlight different areas of like how to get started into space, how to look for mentorships.

We talk about your branding and how to get that. And we just highlight a lot of amazing voices in the community and that we are associated with to bring out different representations and ideas that will help folks understand how to get into the industry. This is also for folks already in the industry, because if you want to give back or you have knowledge that’s very important, you can set up your own mentorship. You can join our community and plan different events.

We’re looking to also host conversations at different OpenSSF and open source community conferences. And this advocacy is important because it’s going to give maintainers and open source contributors a little bit of extra break room to bring more folks in. One of the biggest issues you hear is that people just don’t have time. But if they have an individual…it’s willing to take on a task, right? And it doesn’t have to be a coding task. It can be writing documentation to make it easier for other people to use it. It could be updating the website. It could be a plethora of different skills that doesn’t require coding that can assist the maintainer in coming on. And we can just improve our open source software and tools usage.

CRob (11:43):
Yeah, it’s an, love the mission of the bear group and I love kind of the, how we’re moving forward with the community office hours. I think it’s been really impactful to kind of give these different perspectives and try to help have a very broad contributor base and help people break into something that sometimes there’s a lot of obstacles to, right?

Yesenia (12:04):
There’s a lot. And if you’ve missed any of the previous ones, they’re on YouTube. You can check them out and join us on Slack and ask, know, questions. We’ll be willing to either make a community office hours specific for that or just answer your questions right there on Slack. Even if you’re looking for a project.

CRob (12:23):
Cool. Well, let’s move on to the rapid fire part of the interview. All right. I have a couple of wacky questions. You probably don’t want to be drinking a drink when I ask you this. We don’t need any spit takes, but first question, VI or Emacs.

Yesenia (12:42):
VI or Emacs, we’re going to go with VI.

CRob (12:45):
Nice. Excellent, excellent. There are no wrong answers.

Yesenia (12:49):
Here. Haha.

CRob (12:52):
Next question, Coke or Pepsi? Yes, there was a right answer for that one and you’ve got it. Who’s your favorite open source mascot?

Yesenia (12:54):
CRob with the goose hat.

CRob (13:05):
CRob the goose hat?! Haha.

I don’t think you have a tattoo of that one yet though.

Yesenia (13:11):
Yet, but the one I do have a tattoo is Tux

CRob (13:15):
Very nice. What’s your favorite adult beverage?

Yesenia (13:19):
Coffee. This place is coffee.

CRob (13:23):
Yum yum yum. Love me some coffee. And last rapid fire question, spicy or mild food?

Yesenia (13:31):
None of the above. I’m Cuban. We don’t do spicy. It all hurts. haha.

CRob (13:39):
Fair enough.

Yesenia (13:40):
Seasoned, seasoned with a dull.

CRob (13:43):
Okay, excellent.

Well, thank you for playing rapid fire. So before I move on to our last question, I wanted to let the audience know that Yacinia is going to be joining us as a featured co-host of What’s in the SOSS. So you’re going to see her talking to some other amazing, interesting people. Do you want to give us kind of a little taste of what you, kind of the types of topics or people you’re interested in exploring as you’re going through and doing interviews?

Yesenia (14:11):
Yeah, I’m just interested in getting folks in the open source community and then external that may not even be aware that they’re using open source or how they can get involved. Our upcoming community office hours is going to bring in some amazing voices. But really just anybody that’s interested in speaking, speaking in the open source, talking about their journey in any shape or form or bringing in some technical coolness that, you know, like to spice up the SOSS, right?

So if you are interested… Was that the play if I said spicy? Yeah, I had feeling that was going be the audio.

Yeah, just looking at my list, but, once I post, this episode or just a general call for action, I’ll keep the community up to date, but if anyone listening to this is interested or has an awesome voice that they would love to share the space with, let me know.

CRob (15:11):
Yeah, I think this is going to be really amazing. Kind of reaching out to new voices and perspectives and just kind of broadening the awareness of the things the foundation does and the importance of open source security. So thank you for joining us. Yeah. And to that end, as we launch you off on your new endeavor, what’s your call to action or what advice do you have for people trying to get into this crazy field of cyber and open source security?

Yesenia (15:24):
Thank you for having me.

One thing that you’ll hear me advocate over and over again is to find an open source project that will support your career growth. Whether you’re looking to go into program management, business analyst, management, or your technical skills, find a project that aligns with you. You can jump on the open source Slack and hit up in general, just say, I’m interested in doing this, this, this. This is how many hours I have. And I bet you someone’s going to be.

Hey, come over to our group, join us. We’ll teach you along the way. That’s the best thing I know about open source and the tech is folks are very open to teach.

CRob (16:18):
Well, again, thank you for joining us today and thank you for volunteering to help us co-host the podcast. And we look forward with eager anticipation to the amazing interviews you’re going to do for us. And with that, it’s a wrap. Thank you all for joining us today.

Yesenia (16:29):
It’s going to be amazing. Thank you.

CRob (16:38):
Thank you.

Outro (18:40):
Enjoyed the podcast? Subscribe to “What’s in the SOSS?” on Spotify, Apple Podcasts, Pocket Casts, or your favorite platform. Stay updated with OpenSSF news and events by subscribing to our newsletter at openssf.org/newsletter. Join the OpenSSF community at openssf.org/get-involved, and connect with us on LinkedIn.

Thanks for listening, and we’ll catch you next time on “What’s in the SOSS?”

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get Involved
Close Menu