What's in the SOSS? An OpenSSF Podcast

Tabatha DiDomenico, an open source security engineer and community leader, shares her inspiring journey from a curious techie to a leader at G-Research and BSides Orlando. She discusses the pivotal role of DevRel in fostering vibrant open source ecosystems and the importance of local communities in cybersecurity. Tabatha emphasizes the value of volunteering for networking and shares insights on creating internal open source cultures. This captivating conversation offers practical advice for anyone looking to thrive in the open source world.

In this episode of What's in the SOSS, we sit down with longtime open source leader and DevOps champion Tracy Ragan. From her early days with the Eclipse Foundation to her current work with Ortelius, the Continuous Delivery Foundation, and the OpenSSF, Tracy shares her journey through the ever-evolving world of open source security.We dig into the importance of configuration management, what DevSecOps really means, and how projects like the OpenSSF Scorecard and Ortelius help make our software supply chains more transparent and secure. Plus, we tackle the education gap between security pros and DevOps engineers—and how we can bridge it.If you're curious about building more secure pipelines or just want to geek out about SBOMs and Scorecard, this episode is for you.Chapters:00:25 – Welcome + Tracy's Open Source Origin Story02:00 – Early Days at the Eclipse Foundation03:10 – DevOps + DevSecOps: Why It Matters04:20 – Explaining the DevOps “Factory Floor”06:00 – DevOps Pipelines as Security Data Engines07:50 – What Is the OpenSSF Scorecard?09:30 – Ortelius: Aggregating DevOps + Security Insights11:20 – The DevOps Budget Problem + Exposing Insecure Packages13:00 – Why DevRel Is Critical for DevOps Security Education15:40 – Crossing the Divide Between DevOps and Security Teams16:10 – 🎉 Rapid Fire: Editors, Mascots & Spicy Food17:30 – Final Call to Action + How to Get InvolvedEpisode links:Tracy Ragan’s LinkedIn pageOrtelius ProjectScorecard ProjectEclipse FoundationCD FoundationGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

In this enlightening and entertaining episode of What's in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and Star Wars superfan Dr. Eden-Reneé Hayes. From her academic roots to her entrepreneurial journey, Dr. Hayes shares how diversity, equity, inclusion, and accessibility (DEIA) drive sustainable growth—and how she found inspiration for her TED Talk in the wisdom of Yoda. The two discuss the myths around DEIA, how the Jedi Council reflects ideal collaboration, and why unlearning old beliefs is key to progress. Plus, stay for the rapid-fire questions and discover if Dr. Hayes is more Marvel or DC.Chapters:00:00 – Introduction01:30 – Career Journey03:10 – Navigating DEIA in Today’s Landscape07:49 – TED Talk Inspiration: Star Wars & DEI11:31 – The TED Experience13:12 – The TED Talk Message14:38 – Favorite Yoda Quote16:34 – Rapid Fire Round18:37 – Final Thoughts19:10 – OutroEpisode links:Dr. Eden-Reneé Hayes LinkedInDr. Eden-Reneé Hayes Ted Talk: Yoda's Jedi Mind Tricks for Rethinking DEI | TEDxWaldenPondJoin the BEAR Working GroupGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

In this episode of What's in the SOSS, host CRob interviews Clyde Seepersad from the LF Education Department. They discuss Clyde's journey into open source, the role of LF Education in supporting the community, and the importance of cybersecurity education. They also delve into the development of the Global IT Cyber Skills Framework, emphasizing the need for continuous learning and community engagement in the tech industry.Chapters:00:00 Introduction to Open Source and LF Education02:59 Clyde's Journey into Open Source05:54 The Role of LF Education in Open Source09:00 Cybersecurity and the Global IT Cyber Skills Framework11:59 Framework Development and Industry Collaboration15:13 Continuous Learning and Community EngagementEpisode links:Clyde’s LinkedinLinux Foundation TrainingGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

In this engaging discussion, Kevin Crosby, who leads funding programs at GitHub, and Xavier Rene-Corail, Senior Director of Security Research, delve into the GitHub Secure Open Source Fund. They reveal how this initiative combines funding and community resources to boost security in open source projects. The duo shares insights on the program’s unique curriculum, the impressive outcomes from the first cohort, and the significance of tailored education in empowering maintainers. Plus, they discuss what’s next for this evolving initiative!

In this special episode of What’s in the SoSS?, we welcome Stacey Potter, the new Community Manager at the Open Source Security Foundation (OpenSSF). Stacey shares her winding journey from managing operations at a vitamin company to becoming a powerful advocate and connector in the open source world. We explore her community-first mindset, her work with CNCF and Platform Engineering Day, and her passion for inclusion and authenticity. Whether you're curious about how to get started in open source or want insight into how community shapes security, this episode is for you.Chapters:00:00 – Welcome + Introduction01:06 – Stacey’s Origin Story in Open Source03:10 – Discovering Community Management at Weaveworks04:02 – Projects and Evolution Across CNCF and Beyond05:44 – Co-Chairing Platform Engineering Day09:06 – Being Openly Queer in Open Source13:10 – What Stacey Hopes to Bring to OpenSSF16:20 – Rapid Fire Round17:36 – Final ThoughtsEpisode links:Stacey Potter’s LinkedIn pageOpenSSF.org/events OpenSSF Community Day JapanOpenSSF Community Day North AmericaOpenSSF Community Day IndiaOpenSSF Community Day North AmericaOpenSSF Community Day EuropeGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

In this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” - Dr. David Wheeler of the OpenSSF and Dave Russo from Red Hat — for a deep dive into the intersection of secure software development and education. From their open source origin stories to the challenges of educating developers and managers alike, this conversation covers key initiatives like the LFD121 course, upcoming resources on the EU Cyber Resilience Act, and how AI is shifting the landscape.Whether you're a developer, manager, or just open source curious, this is your crash course in why security training matters more than ever.📚 Episode Chapters:Intro & Meet the Council of Daves (0:16)Open Source Origin Stories (1:22)The Role of the Education SIG (4:05)Why Secure Software Education Is Critical (6:30)Inside the LFD121 Secure Development Course (8:01)Training Managers on Secure SDLC Practices (12:24)Why AI Makes Education More Important, Not Less (13:53)What’s Next in Security Education: CRA 101 and More (16:04)Rapid Fire Round: VI vs. EMACS, Tabs or Spaces & Mascots (20:20)Final Thoughts & Call to Action (22:04)Episode links:Dave Russo LinkedInDavid Wheeler LinkedInOpenSSF Free Training:LFD121: Developing Secure SoftwareLFD125: Security for Software Development ManagersLFEL1001: Understanding the EU Cyber Resilience Act (CRA)Get involved with the OpenSSFSubscribe to the OpenSSF NewsletterFollow the OpenSSF on LinkedIn

In this episode of What’s in the SOSS, we sit down with the OpenSSF’s new General Manager, Steve Fernandez — a seasoned enterprise tech leader whose resumé spans giants like L’Oréal, Coca-Cola, AIG, and Ford. Steve shares his “origin story,” what drew him into the world of open source, and how his decades of experience as a consumer of open source software are shaping his vision for the Foundation.00:21 Welcome & Introductions00:57 Steve’s Tech Journey03:13 Why OpenSSF?05:02 The Role of Security & Strategic Vision08:17 Rapid Fire & Final Thoughts 

Robin Bender Ginn, Executive Director of the OpenJS Foundation, joins us to talk about JavaScript’s massive footprint, the challenges of sustaining critical open source projects, and the importance of security in the web ecosystem. She shares her journey, insights on community-led development, and how OpenJS is building a healthier future for the JavaScript ecosystem.Learn more and register for JSConf North America: https://events.linuxfoundation.org/jsconf-north-america/register/Chapters:0:00 JavaScript's Critical Web Presence0:51 Robin Ginn Introduces OpenJS Foundation2:01 Core Challenges Facing JavaScript Ecosystem4:12 Managing Older Projects and Outdated Software8:23 Solutions and Security Improvements12:12 Individual Impact and Community Involvement14:35 Wrap-Up and Call to ActionEpisode links:Robin Bender Ginn LinkedIn pageOpenJS websiteOpenJS YouTube channelOpenJS Slack channelLearn more and register for JSConf North America Get involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

Yesenia Yser, a cybersecurity expert and open source advocate from Microsoft, shares her inspiring journey from Red Hat to AI security. She discusses blending her passions for cybersecurity and Brazilian jiu-jitsu, including her nonprofit, Lioness Instincts, which empowers women through self-defense and digital security education. Yesenia emphasizes the power of personal branding in tech, advocating for diversity through the BEAR group, and engaging the open source community to mentor new contributors. Tune in for actionable insights!