Niek Palm
Niek is a Cloud Security Architect within the Philips Security Center of Excellence, passionately focused on enabling Philips to deliver innovative products with speed, particularly in cloud environments, while embedding robust security throughout the product lifecycle and data handling. His role is pivotal in shaping secure software engineering practices for the cloud, with a strong emphasis on DevSecOps principles and securing the entire software supply chain as it extends into cloud services.
Deeply committed to fostering a culture of secure DevOps, Niek is instrumental in Philips’ DevOps transformation, especially for cloud-native development and operations, aiming to build better, more secure software, faster, together. He also plays a key role in driving the InnerSource community within Philips. As an active community contributor, Niek is an organizer for DevOpsDays Eindhoven. A public speaker, blogger, open-source maintainer, and book reviewer, he frequently shares his extensive expertise in Cloud Security, cloud architecture, DevSecOps, modern Software Development, and secure engineering practices
GitHub Actions Security: From CI Nightmare to Supply Chain Sentinel
This talk exposes GitHub Actions security risks: token leaks, script injections, and threats from untrusted third-party Actions or compromised runners. We'll then detail actionable strategies to secure your GitHub Actions. Key topics: Principle of Least Privilege (GITHUB_TOKEN, OIDC), vetting third-party Actions, securing runners, and hardening workflows (input sanitization, code signing). Attendees gain practical knowledge to turn GitHub Actions from a vulnerability into a strong supply chain defense, ensuring secure automation.