DevSecOps Days Tokyo

Join DevSecOps Days Tokyo to Learn Cutting-edge Software Development from the US Department of Defense and Carnegie Mellon University

October 5 and 6, 2020
@ Online Conference

Supported by U.S. Embassy in Japan

Keynote Speeches

Nicolas Chaillan

The Chief Software Officer at the United States Air Force
The co-lead for the Department of Defense Enterprise DevSecOps Initiative at the United States Department of Defense

Mr. Nicolas Chaillan, a highly qualified expert, currently serves as the first Air Force Chief Software Officer, under Dr. William Roper, the Assistant Secretary of the Air Force for Acquisition, Technology and Logistics, Arlington, Virginia. He is also the co-lead for the Department of Defense Enterprise DevSecOps Initiative with the Department of Defense Chief Information Officer. As the Air Force’s senior software czar, Mr. Chaillan is responsible for enabling Air Force programs in the transition to Agile and DevSecOps to establish force-wide DevSecOps capabilities and best practices, including continuous Authority to Operate processes and faster streamlined technology adoption. He also authored the DoD Enterprise DevSecOps Reference Design.

Hasan Yaser

The Technical Manager of the Secure Lifecycle Solutions Group in the SEI's CERT Division

Hasan Yasar is the technical manager of the Secure Lifecycle Solutions Group in the SEI's CERT Division. His group focuses on software development processes and methodologies, specifically on DevOps and development, and researches advanced image analysis, cloud technologies, and big data problems. It also provides expertise and guidance to SEI's clients. Yasar has more than 25 years’ experience as senior security engineer, software engineer, software architect, and manager in all phases of secure software development and information modeling processes. He has an extensive knowledge of current software tools and techniques. He also specializes in secure software solutions design and development in the cybersecurity domain, including data-driven investigation and collaborative incident management, network security assessment, automated, large-scale malware triage/analysis, medical records management, accounting, simulation systems, and document management. He is also an adjunct faculty member in the CMU Heinz College and Institute of Software Research where he currently teaches Software and Security and DevOps: Engineering for Deployment and Operations.

Main Sessions

What is DevSecOps?

DevSecOps is the industry best practice for rapid, secure software development. DevSecOps is an organizational software engineering culture and practice that aims at unifying software development (Dev), security (Sec) and operations (Ops). The main characteristic of DevSecOps is to automate, monitor, and apply security at all phases of the software lifecycle: plan, develop, build, test, release, deliver, deploy, operate, and monitor. In DevSecOps, testing and security are shifted to the left through automated unit, functional, integration, and security testing - this is a key DevSecOps differentiator since security and functional capabilities are tested and built simultaneously. (Source: The DoD Enterprise DevSecOps Reference Design)

What is DevSecOps Days?

DevSecOps Days is a global community event founded by volunteers from Carnegie Mellon University and cutting-edge technology companies. It is a forum promoting discussions on methods for generating advanced secure system development that can counter emerging cyber threats.

In 2020, DevSecOps Days held events in twelve cities around the globe, including San Francisco, London, Singapore, and Istanbul with more than 10,000 participants. These events are the world’s largest DevSecOps community forum.

In October 2020, DevSecOps Days will host its first Japanese event in Tokyo. It will feature speakers from the US Department of Defense and Carnegie Mellon University.

Event Details

Event Dates

9:00 - 12:00, Monday, October 5, 2020
9:00 - 18:00, Tuesday, October 6, 2020
Bilingual simultaneous translation available


5,000 (We have increased the maximum capacity to promote our event as a public forum thanks to official support from the US Embassy in Japan)

Event fees

Free (only for the 2020 event)

Event Format

Online (Registered participants will be issued unique URLs prior to the event)


DevSecOps Days Tokyo Community
(managed by Resilience Japan LLC.)


Day 1

9:00 - 12:00, Monday, October 5, 2020 (US-EST)

Speaker: Hasan Yaser
Moderator: Yusuke Nirahara

Demo Session: DevSecOps Process and Implementation


We deliver a custom version of the training course, DevSecOps Process and Implementation, offered exclusively at the Software Engineering Institute at Carnegie Mellon University.

The original training course at Carnegie Mellon University lasts for three days and is offered with hands-on exercises at $3,500 per participant. We offer a three hour-long version for free of charge to all participants of our event.

The original training course at Carnegie Mellon University caters to Fortune 500 firms, CTOs and CIOs at US and other governments around the world. DevSecOps Days Tokyo is pleased to waive participation fees to commemorate the community’s first Japanese event.

The three-hour session would promote understanding of the overview of DevSecOps software development, main tools and technologies used for DevSecOps, and organizational culture required for implementing DevSecOps.

Based on past case studies, including failures, the participant can expect to gain understanding of how to achieve an agile, advanced secure system development process through the implementation of DevSecOps.

Moreover, the session will deliver unique contents providing Japanese audience with substantial learning experience without expert knowledge on DevSecOps, agile development, and DevOps.

The session would be particularly beneficial for the following target audience, but it is open to all.

  • Those seeking enhanced understanding of DevSecOps
  • Those seeking to implement DevSecOps in their organizations
  • Those seeking to upgrade their existing DevOps and implement DevSecOps
  • Those seeking to learn about which technology stacks to integrate for achieving DevOps and DevSecOps

Requirements for Participation

A device, such as computer and smartphone, for viewing online contents will be required for viewing the online streaming during the session.

Day 2

20:00 - 0:00, Monday, October 5, 2020 (US-EST)

20:00 - 20:05

Yusuke Nirahara
Organizer of DevSecOps Days Tokyo

Welcome Note & Logistics

20:05 - 20:15

Dr. Hideto Tomabechi (CMU-CyLab)
Fellow, CyLab, Carnegie Mellon University
Visiting Professor, Center of Excellence in C4I&Cyber, George Mason University
Chairman, Resilience Japan, LLC.
Chairman, Cognitive Research Labs, Inc.

Opening Remarks

20:15 - 21:00

Nicolas Chaillan (U.S. Air Force)
The Chief Software Officer at the United States Air Force

Key Note: How did the Department of Defense move to Kubernetes and Istio?

21:00 - 21:25

Malu Milan (Cryptopon)
President, Cryptopon


21:25 - 21:50

Mark Miller (Sonatype)
Co-Founder, All Day DevOps
Senior Storyteller, Sonatype

Slouching Towards DevSecOps: Incremental Growth and Transformation

21:50 - 22:15

Linton Wells II (George Mason University)
Executive Advisor, Center of Excellence in Command, Control, Communications and Intelligence (C4I) and Cyber, George Mason University (GMU)
Special Advisor, Resilience Japan

Cyber Resilience and DevSecOps in an Age of Accelerating Change

22:15 - 22:40

Michelle Watson (Cyber Intelligence Partners)
Cyber Intelligent Partners, Founder, President & CEO

5G What is it & What are the National and Economic Security Risks?

22:40 - 23:05

Joe Saunders (RunSafe Security)
RunSafe Security, Founder & CEO

Building security into your CI/CD pipelines

23:05 - 23:30

Yusuke Nirahara (Resilience Japan)
Organizer of DevSecOps Days Tokyo, Vice President & COO, Resilience Japan

Cyber Threats of AI/ML and Japanized way of DevSecOps Implementation

Lunch Break 23:30 - 0:00

0:00 - 4:55, Tuesday, October 6, 2020 (US-EST)

0:00 - 0:45

Hasan Yasar (CMU-SEI)
The Technical Manager of the Secure Lifecycle Solutions Group in the SEI's CERT Division

Key Note: 5 Common Challenges to Implement DevSecOps Successfully

0:45 - 1:10

Ren Kimura (Ricerca Security)
Founder&CEO, Ricerca Security


1:10 - 1:35

Evan Dornbush (Point3 Security)
Point3 Security, Inc.
Co-Founder and CEO


1:35 - 2:00

Keisuke Tsukagoshi (Google Cloud Japan)
Google Cloud
Application Platform Specialist

Enabling DevSecOps with Google Cloud and k8s

2:00 - 2:25

Shigeya Tanabe (Datadog Japan)
Datadog Japan
Enterprise Sales Engineer

Baking Cupcakes : Experiments in DevSecOps

2:25 - 2:50

Cameron Townshend (Sonatype)
Sonatype  Lead Solution Architect, APJ

The Do's and Don'ts of Open Source Software Composition Analysis (SCA)

Break 2:50 - 3:20

3:20 - 3:50

Yusuke Nirahara & other available JP speakers

Q&A Session

3:50 - 4:15

Saburo Yukawa (BrainPad)
BrainPad, Inc. Manager, Engineering Group

DevSecOps by AI/Analytics Service Company: What's done & What to be done

4:15 - 4:40

Shingo Kitayama (Red Hat Japan)
RedHat  Cloud Solution Architect  OpenShift Architect

What should Container secuirty be like? Tips from RedHat's experiences

4:40 - 4:55

US Ambassador to Japan (TBD)

Closing Remarks

Speakers Wanted

DevSecOps Days Tokyo is currently seeking additional speakers.
Please contact us at if you are interested.