Marcus Burghardt
Marcus Burghardt is a Senior Product Security Engineer at Red Hat and Technical Lead of the team behind the ComplyTime initiatives. With his diverse experience as a Red Hat instructor and examiner, pentester, startup founder, and IT Security Officer, Marcus masters security from multiple perspectives. He combines the drive of a founder with the vocation of an instructor, leading high-impact initiatives and helping people smile while using open source for security, compliance, and innovation.
Red Hat
Senior Product Security Engineer
Session
"I thought we turned that on?" is a phrase no engineer wants to hear after a security incident. In a growing GitHub organization, branch protection rules—like mandatory PR reviews and signed commits—often suffer from configuration drift.
In this compact, demo-driven session, we’ll move beyond "manual checklists" to an automated governance model using the OpenSSF Gemara project. We’ll demonstrate a "simple-by-design" architecture that uses Gemara to define policy, ComplyTime to manage the lifecycle, and Ampel to provide "Traffic Light" verification via signed attestations.
The secret sauce? GitHub Reusable Workflows. I will showcase a live "Red-to-Green" transition, showing how any team can adopt these hardened controls instantly. Attendees will leave with a practical 25-minute blueprint for turning branch protection into a continuously monitored, verifiable asset of their software supply chain.