Building for the Future: Why Ephemeral Build Environments Are Essential

One of the most effective ways to defend against modern threats is to rethink how we build software. Persistent build environments are vulnerable to tampering and malware installation and credential exposure. This talk shows how ephemeral builds remove these risks to establish true DevOps security.

Software supply chains are under attack - insider threats, malware injection, and credential leaks are exploiting persistent build environments like never before. The old ways of building software simply can’t keep up with today’s security challenges.

In this must-see Conf42 session, discover how Ephemeral Build Environments are revolutionizing secure software delivery. By creating isolated, short-lived, and confidential build spaces that vanish after every build, you can completely eliminate lingering risks and lock down your supply chain.

You’ll learn how ephemeral builds: - Eradicate insider threats by wiping out build artifacts and environments after each run - Prevent stealthy malware and credential theft through airtight isolation - Enable fully reproducible, auditable, and trustworthy build processes

If you’re serious about safeguarding your code and building software you can trust, this talk will give you the vision and tools to transform your build workflows for the future. Join us to build smarter, build safer, and build for tomorrow.

I have over 18 years of experience in secure software engineering and cloud-scale architecture and am currently a Principal Software Engineer at Microsoft. For the past ten years, I have led the design and development of Microsoft’s secure software supply chain platform. The platform has been adopted by core products including Azure, Office, and Windows. The proposed talk “Isolated Build Environments for Supply Chain Security: Defending Against Insider Threats” is informed by my experience delivering confidential, tamper-resistant build systems using secure enclaves, ephemeral containers, and attestation workflows. This architecture was effective to eliminate interactive access vectors such as SSH and shell injection which represent a significant risk from a malicious insider threat.

I have also written papers on cloud-native security and confidential computing and helped multiple internal teams transition to this model. I believe I am uniquely qualified to deliver this topic since I built and deployed at scale in one of the most heavily threatened software environments in the world.

There are no special technical requirements for this session. I will be using standard slides, and maybe some diagrams/architectural flows to aid understanding of the concepts. I look forward to sharing practical experiences with the Conf42 audience to harden supply chains against internal threats.