OpenSSF Community Day North America
""

Tabletop Exercise (TTX)

Join us for a dynamic and interactive Tabletop Exercise (TTX), held as part of the OpenSSF Community Day programming. This 60-90 minute session is designed to simulate a real-world security incident and foster open dialogue and collaboration within the open source software ecosystem.

what to expect

The TTX is open to all Community Day attendees as audience observers and will be divided into two main phases:

  • Phase One: Scenario Walkthrough
    A moderated panel of experts will walk through a security incident scenario, each stepping into a specific role, such as an open source maintainer, a package registry operator, an open source software consumer, etc. Through roleplay, panelists will demonstrate how each stakeholder might respond during a real-world incident.
  • Phase Two: Postmortem & Discussion
    Following the scenario, panelists and selected contributors will engage in a collaborative debrief. They’ll reflect on how the incident played out, share insights, and identify opportunities for improving coordination, tools, and response processes.

This session brings together professionals with expertise in open source software production, distribution, vulnerability management, and incident response.

audience participation

  • Audience members will have the opportunity to engage through a dedicated Q&A session and can submit questions throughout the exercise using Slido or a similar platform.

key takeaways

Through participation in the TTX, attendees will:

  • Deepen their understanding of open source software security and incident response.
  • Gain access to a template or framework for running their own tabletop exercises.
  • Explore how OpenSSF tools and technologies can support response efforts.
  • Discover opportunities for process improvement or new tooling in security workflows.

Meet the Panelists

  • Christopher “CRob” Robinson headshot

    Christopher Robinson (aka CRob) is the Chief Security Architect for the Open Source Security Foundation. With over 25 years of Enterprise-class engineering, architectural, operational and leadership experience, CRob has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals, and spent 6 years helping lead the Red Hat Product Security team as their Program Architect.

  • Mihai Maruseac headshot

    Mihai Maruseac is a member of the Google Open Source Security Team (GOSST), working on Supply Chain Security for ML. He is a co-lead on a Secure AI Framework (SAIF) workstream from Google. Under OpenSSF, Mihai chairs the AI/ML working group and the model signing project. Mihai is also a GUAC maintainer. Before joining GOSST, Mihai created the TensorFlow Security team and prior to Google, he worked on adding Differential Privacy to Machine Learning algorithms. Mihai has a PhD in Differential Privacy from UMass Boston.

  • John Kjell headshot

    John is a Principal Consultant at ControlPlane, where he helps some of the world’s most security-conscious organizations build and assure mission-critical platforms. He is a maintainer of the Witness and Archivista sub-projects under in-toto and serves as a co-chair of the CNCF’s TAG Security. John is also actively involved in several initiatives within the OpenSSF. Prior to joining ControlPlane, he was the Director of Open Source at TestifySec and held engineering leadership roles at VMware.

  • Seth Larson headshot

    Seth is the Security Developer-in-Residence at the Python Software Foundation. Seth focuses on the security posture of the CPython language runtime, Python packaging tools, and the broader Python package ecosystem.

  • Tabatha DiDomenico headshot

    Tabatha is an OSS DevRel Engineer at G-Research bringing over two decades of experience in community development, IT, and cybersecurity to the role. She holds an MS in Cybersecurity from the University of South Florida and a BA in Interdisciplinary Studies from the University of Central Florida. Tabatha is the current president of Security BSides Orlando and has presented at industry conferences, including ShmooCon, Black Hat, BlueTeamCon, and Grace Hopper Celebration.

  • Yesenia Yser headshot

    As a cybersecurity expert, Yesenia has managed global crises with the unique skill set she’s gained as a practitioner and instructor in Brazilian Jiu Jitsu. During her 12 year career, she’s helped Fortune 100 companies strategize their software supply chain security risks and initiatives. Currently, she is empowering the world with changes for AI Safety and Open Source Security at Microsoft. She advocates and mentors folks in their pursuit of cyber security careers, while spending weekends teaching women self-defense with the principles of Brazilian Jiu Jitsu.

Breaks