Cloud & CI/CD security Techspot

Community of 100+ engineers, expert speakers, and a dive into protecting development pipelines. We’ll focus on real cases, discuss practical mitigations and security tools, and connect over pizza and beer. Valuable for DevOps, security professionals, architects, and anyone who wants to secure what they build.

Google for Startups Campus, Warsaw

November 7, 2025, 18:00

Registration
Registration
get your ticket
get your ticket

Google for Startups Campus, Warsaw

November 7, 2025, 18:00

Agenda

17:00

Doors open, registration starts

Register and get a snack before the talks begin.

18:00

Panel discussion: How AI tooling affects product security

We’ll explore how AI and security influence each other across the software development lifecycle:

1. AI for coding — how developers use AI to write applications and infrastructure code.

2. AI for security automation — how AI helps scan code for vulnerabilities and enforce security compliance.

3. AI in production — embedding AI-powered features into products and new security challenges that come with it.

18:45

Breaking the CI/CD chain: security risks in GitHub Actions

A talk from an engineer at one of Israel’s leading cybersecurity companies about real cases of misconfigurations and exploits, including the recent tj-actions/changed-files issue.

Igor will show how third-party or transitive actions can open attack paths inside your pipeline.

He’ll also demo a new tool that maps and analyzes transitive dependencies between actions, helping teams understand their impact and reduce exposure.

See how security tools — from static analysis to runtime monitoring — fit together to protect CI/CD environments, and learn practical steps for securing your own workflows.

Igor Stepansky

Security Engineer, Orca Security

19:30

Networking break

Lots of pizza and beer coming! You just bring your appetite — for both food and conversation 🙂

20:00

DevOps gone rogue: hidden threats in CI pipelines

Michał will share an unusual take on supply-chain attacks and show what happens when these techniques combine with insider scenarios.

Learn how an attacker with developer-level repo access can abuse technical debt in CI/CD to gain control over production environments like Docker or Kubernetes while staying invisible to threat detection systems.

The talk focuses on the defensive perspective: we’ll look at realistic chains of misconfiguration and detection gaps and then cover practical mitigations you can apply immediately. 

Michał El Fartas

Cloud Security Team Lead, Egnyte

21:00

Afterparty

Video highlights

Photo gallery

Featured speakers & panelists

Igor Stepansky

Security Engineer
Orca Security

Michal El Fartas

Cloud Security Team Lead
Egnyte

Alexey Krasnov

Staff Cloud Security Engineer | Panelist
Capital Com

Kiryl Surahatau

Head of JS Department | Panelist
Oxagile

Dror Zalman

Product Manager | Panel Moderator
Orca Security

Igor Stepansky

Security Engineer
Orca Security

Michal El Fartas

Cloud Security Team Lead
Egnyte

Alexey Krasnov

Staff Cloud Security Engineer | Panelist
Capital Com

Kiryl Surahatau

Head of JS Department | Panelist
Oxagile

Dror Zalman

Product Manager | Panel Moderator
Orca Security

Friends, partners & communities

Would you join us online or offline?

Thanks for registering! We’ll send you a confirmation email soon with all the event details and helpful links.

Oops! Something went wrong while submitting the form.

Secure your spot

Please note that the event is ticketed. The moderate fee helps us keep the audience engaged.

Get your ticket
Get your ticket

Share your feedback

Tell us what you loved about the event and how we can improve. It’ll only take 5 minutes.

Fill in the form
Fill in the form
Minsk
Warsaw
Georgia
Belarus
Poland
Remote
Hybrid
Office
Miracle Studio
Notte
Finonex
Dexcelerate
AITHENA
44pixels
On The Spot
Unity
Supersonic
365Scores
Honeybook
Unity Playworks
Aura from Unity
Cycode
Orca Security
Other
HR & Recruitment
User Research & Design
Marketing & Sales
Data & Analytics
Software Testing
Engineering & DevOps