Save the Date: Defense in Depth 2014!


It’s been awhile since originally posting about Defense in Depth 2014, but we’ve sorted things and registration is now open:

We’ll be hosting the event on Wednesday 30-JULY, 2014, at the Tysons Corner Marriott in Northern VA (full details on website). Last year brought ~200 attendees together, spanning the U.S. Defense, Intelligence and Civilian communities. This year we’re planning for a slightly bigger event (likely ~300) and have added several tracks. You’ll see everything listed on the webpage, but some highlights:

* We’ve broken things into three primary tracks:
Deployment Stories:  We’ve received permission from COTRs to discuss a few ongoing projects within the DoD/IC community. For example, within the DoD community a program has received ATO to perform cross domain super computing. We’ve plugged in multiple networks, from multiple agencies, into a single host, created a front-end job submission form, and wrapped the whole thing with SELinux. Another session will cover how we pushed KVM through ICD 503 accreditation within the U.S. Intelligence Community. ‘Deployment Story’ sessions bring together the tech leads on various programs to share their mission, how they’re accomplishing it, and hopefully act as a catalyst for information sharing on approaches taken;

Labs: These are hands-on technical labs with the instructors being the actual developers of the technology. Steve Grubb will be leading the hands-on Linux Audit lab, with Jeff Blank/Dave Smith/myself leading the SCAP and STIG sessions. The labs will give you hands-on experience with the technologies, and allow for immediate feedback to the developers. Gripes against the RHEL6 STIG? Come to the SCAP session! 🙂

Tech Briefings: Covering newly released technology, such as RHEL7+Docker integration, and emerging tech, such as forensics for KVM-based environments. Again, the speakers are the upstream developers (such as Dan Walsh) of the technology. While not hands-on labs, generally these sessions have live demos of the technology and not just slides. RHEL7 was released 10-JUNE; come learn all about it.

* You may notice some session blocks have been left “TBD” — this is to afford an opportunity to hear community feedback on any additional session requests, and give potential speakers an opportunity to share what they’re working on. If you’re interested in presenting, contact me off-list (

For those attending the labs, BYOD. We’ll be providing wifi and virtual machines; your laptop must support wifi connectivity and have an SSH client installed (you’ll be SSH’ing into EC2-hosted virtual machines).

For those who couldn’t make Red Hat Summit, the Defense in Depth workshops bring many upstream developers to the Washington D.C. area for a single day. Many of the speakers, such as Dan Walsh, were voted the best sessions of Red Hat Summit 2014; other sessions bring out the lead engineers for several of DoD/IC initiatives. It’s a very informal, very technical, day. We hope to see you there!

Questions? Sound off on Red Hat’s government users mailing list, gov-sec! And again, the workshop webpage: