2025-10-09 –, Belvedere II/ Community, Contribution & the Future
When encryption is everyone's job, it is no one's responsibility.
Who's in charge of encryption in DevOps? A simple question but rather challenging to implement. Tools are there, but lacking the understanding of 'why' largely contributes to this challenge. This presentation aims to bring a level of clarity to garner corporate buy-in. FedRAMP can be leveraged as a transformative tool in getting this accomplished.
Developers focus on features and functions delivery. Only until the last 10 years has security been part of the DevOps discussion. SAST and DAST test security holes in codes. But implementation of encryption for data at rest and in transit is not considered security holes. So who is responsible?
This presentation shows the challenges and purposes FedRAMP can be leveraged as a forcing function to overcome these challenges.
Bernie Leung is a Distinguish architect. He has over 20 years experience in cybersecurity. In the last 10 years, he has led the building and operating of multiple FedRAMP / FISMA systems. His hands-on experience in running these systems from inception to operation is invaluable in bringing practical security conversations to corporate business leaders.
I'm a passionate Security leader with 11+ years of proven expertise in building risk frameworks, vulnerability management programs, and GRC infrastructure at enterprise scale. My experience spans financial services, government compliance, and emerging technology risk assessment, backed by a Master of Science in Information Technology & Management from UT Dallas.
I build resilient systems—digital and human.
As a cybersecurity executive, I’ve spent 20+ years safeguarding some of the world’s most trusted companies, leading privacy, compliance, and risk programs across complex global environments.
But the deeper pattern I’ve seen—across data centers, executive teams, and leadership rooms—is this:
💡 The real system is the human one.
That’s what led me to found The Quantum Mind—a living theory for understanding how coherence, attention, and trauma-informed intelligence shape performance, meaning, and legacy.
I now operate at the intersection of:
● Cybersecurity and trust architecture
● Complexity and human-centered systems design
● AI, embodiment, and consciousness theory
Whether leading enterprise programs or developing frameworks for systemic coherence, I stay grounded in clarity, service, and action.