Roman Zhukov Relatore
Roman is a cybersecurity expert, engineer, and leader with over 17 years of hands-on experience securing complex systems and products at scale. Currently Principal Architect at Red Hat, he leads open-source security strategy, upstream collaboration, and cross-industry initiatives focused on building trusted ecosystems. He has built and scaled programs across security architecture, threat modeling, secure development, vulnerability management, incident response, and security education - for both engineers and senior leadership. His work spans trusted AI, privacy, compliance, and secure software supply chains. Previously, Roman led Product Security & Privacy for Data Center and AI software at Intel. He is a Security Champion for several open-source projects and an active contributor to working groups under the OpenSSF, Eclipse Foundation, and other global initiatives.
Lista Talk
- Hack and Defend (your) Open Source: Real Attacks, Real Tools, Real Insights Did you hear about the recent Shai-Hulud npm incident that led to silent exfiltration of secrets from thousands of machines? Or the XZ backdoor? Or the flood of AI-generated malware on PyPI? Let’s admit it: even if your company doesn’t build any commercial SW, you most likely use npm, pip, DockerHub, GitHub Actions, or AI code assistants. Yes, you're consuming open source every day. This talk is a practical, zero-fluff guide to both hacking and defending OSS - with real companies hacks that I witnessed first hand, free tools that actually work, and battle-tested advice from one of the world’s top open-source contributing companies. Whether you're a Pentester, AppSec engineer or working in Dev, Sec, or DevOps - you’ll leave with a concrete toolset, a checklist, and the ability to spot the attackers before they hit your build pipeline. - 14:30/15:15, 15 Nov 2025