✨ Getting to know the wonderful Continuous Delivery Community
We’re happy to announce Tracy Ragan as strategic advisor to the CD Foundation Governing Board! Tracy will provide expertise and guidance on key initiatives and long-term planning. (This is a non-voting position).
Name: Tracy Ragan
Pronouns: She/Her
Location: Santa Fe, NM
Who are you?
I’m a technology entrepreneur and open source advocate who has spent more than two decades working to improve how organizations build, deliver, and secure software. I’m the CEO and co-founder of DeployHub, and I’ve been deeply involved in the DevOps and open source communities through work with the Continuous Delivery Foundation (CDF), OpenSSF, and projects like Ortelius. I’m especially passionate about strengthening software supply chain security and helping teams solve the growing challenge of managing vulnerabilities in live systems. I am deeply honored to be invited to the CDF Governing Board as a Strategic Advisor.
Much of my career has been about bringing people together, whether through open source collaboration, industry initiatives, or community events, to solve complex problems and move technology forward. I also care deeply about mentorship and creating opportunities for new contributors, particularly encouraging more women to take leadership roles in cybersecurity and DevOps.
Your hobbies?
Outside of technology, I try to keep life balanced and adventurous. I hold a black belt in Shotokan Karate, spend time riding big horses whenever I can, and I’m a lifelong dog lover. Music is another passion, especially punk, and I enjoy spinning records with friends. For me, the combination of discipline, community, and creativity in these pursuits mirrors what I value most in my professional life.
What did you want to be when you were a kid?
When I was a kid, I was convinced I could be just about anything, and my ambitions seemed to change with every birthday. For a while, I wanted to be an oceanographer, until I saw Jaws, which quickly made the ocean feel a lot less appealing. After that, geology seemed like a much safer bet.
In my early teens, I even thought it would be amazing to become a minister at the Black Baptist church I sometimes attended. I loved the energy, the music, and the sense of community. Eventually, my mother gently explained that little white girls rarely grow up to become Black Baptist ministers. That reality check nudged me toward something that came naturally to me, math.
What led you to a career in tech?
My path into tech wasn’t something I planned early in life, it evolved through opportunity and curiosity. My first job out of college gave me the chance to work on an IBM System/360, which was my first real exposure to computing at scale.
When I was about 25, I bought my first personal computer, a Commodore 64, mostly for practical reasons. I wanted a better way to track my budget and manage my bank account. But that practical purchase quickly turned into something more fun. I started playing Commodore video games and before long I was tinkering with them, customizing and experimenting with how they worked. That hands-on experimentation was really my first experience with programming outside of work.
In my late twenties, I moved to New York, where I had the opportunity to write code for firms on Wall Street. That experience accelerated everything, working in a high-pressure environment where software directly supported financial systems was both challenging and exciting.
Looking back, what led me to tech was a combination of curiosity, timing, and the willingness to jump into new opportunities. What started as a practical tool and a bit of experimentation turned into an amazing career journey.
Do you remember your first open source contribution?
Yes, but my first open source contribution wasn’t code. It was governance and community building.
Early in my career, I was selected by IBM to help launch the Eclipse Foundation, which was a major moment in the evolution of open source. At the time, Eclipse was transitioning from an IBM-led project into an independent open source foundation, and the goal was to create a sustainable model for companies and developers to collaborate around shared technology.
I served on the founding Governing Board and, for the first three years, I was the only woman on that board. It was an incredible learning experience because the work wasn’t just about technology, it was about building the structure, policies, and culture that would allow a global open source community to thrive.
One of the moments I’m most proud of from that time was being part of the team that hired Mike Milinkovich as the Executive Director of the Eclipse Foundation. Mike went on to lead Eclipse into becoming one of the most successful and influential open source foundations in the world.
That experience shaped how I think about open source today. Code is critical, but strong communities, governance, and leadership are what allow open source projects to endure and scale.
How did you get involved in the Continuous Delivery Foundation?
I got involved in the Continuous Delivery Foundation thanks to a conversation with an amazing woman in tech. Tracy Miranda, who was at CloudBees at the time, reached out to me when I was attending DevOps World and invited me to lunch. Tracy knew of me because after I left the Eclipse Foundation Governing Board, she stepped into the board seat I had previously held. So she knew my background in open source governance and community building.
Over lunch she shared the vision for a new foundation focused on continuous delivery, bringing together projects, companies, and practitioners around the tools and practices that help organizations deliver software faster and more reliably. She explained how CloudBees and others were working with the Linux Foundation to launch what would become the Continuous Delivery Foundation.
The idea immediately resonated with me. Continuous delivery was becoming foundational to modern software development, and it was clear the ecosystem needed a neutral home where projects like Jenkins and others could collaborate and evolve together.
I was 100% in from that moment. The mission aligned perfectly with the work I had been doing throughout my career, helping build communities and ecosystems that move the software industry forward.
What’s your favourite thing/project/tech to work on?
One of the projects I’m most passionate about is Ortelius, an open source project focused on improving how organizations understand and secure the software running in their live environments.
Most of the security tools in the industry today focus on pre-deployment scanning, SAST, SCA, container scans, and similar approaches designed to catch vulnerabilities before software is released. Those tools are important, and they do find a large portion of issues. In fact, we estimate that about 80% of known vulnerabilities can be identified before deployment.
But the reality is that 100% of threats ultimately exist in live systems. New vulnerabilities are disclosed every day, often weeks or months after software has already been deployed. Once that happens, organizations struggle to quickly determine where those vulnerable components are actually running and how to remediate them.
Ortelius addresses this gap by creating a digital twin of deployed software, built from SBOMs and deployment metadata. This allows teams to continuously detect newly disclosed vulnerabilities that impact running systems and understand exactly where those risks exist.
What I love most about working on Ortelius is that it tackles a problem the industry has largely ignored, defending live software, not just scanning code before release. It’s an exciting shift toward a more complete approach to software supply chain security.
Tell us about the thing you’re most proud of and why?
One of the things I’m most proud of is helping build the Ortelius open source community, not just the technology, but the people who make the project thrive.
Open source can be an incredibly powerful way to innovate, but historically, it hasn’t always been the most welcoming place for everyone. Women in particular are still significantly underrepresented in open-source projects. From the beginning of Ortelius, I made a conscious effort to change that dynamic by encouraging women to participate, contribute, and step into leadership roles within the community.
Over time, that effort has paid off in ways that mean more to me than any technical milestone. We now have an amazing group of women who contribute to Ortelius in meaningful ways, writing code, producing documentation, leading outreach, organizing events, and helping shape the direction of the project. They’ve become an integral part of the community and the culture we’ve built.
Seeing these contributors grow in confidence, influence, and leadership has been incredibly rewarding. Open source works best when it reflects the diversity of the people who rely on the technology.
For me, the Ortelius community proves that when you intentionally create space for people to participate, great things happen, for the project and for the people involved.
What is the best connection you’ve made through open source?
That’s a hard question to answer because open source has introduced me to so many incredible people over the years. If there’s one thing open source consistently delivers, it’s meaningful connections with people who are passionate about solving hard problems together.
Within the Ortelius community, I’ve had the privilege of working closely with contributors like Tony Carratto, Jing Chen, Ann Marie Fred, and Kate Scarcella. Each of them has brought unique perspectives and energy to the project, helping shape both the technology and the culture of the community. Watching contributors grow and take ownership within the project is one of the most rewarding aspects of open source.
I’ve also had the opportunity to collaborate with some truly influential leaders in the broader security and open source ecosystem. People like Jamie Thomas, Chief Client Information Officer, IBM, Vincent Danen, Vice President of Product Security at Red Hat, and Brian Fox, CTO and Co-Founder of Sonatype. Through the OpenSSF, the Ortelius Governing Board, and various technology committees, I’ve had the chance to work alongside these leaders as we tackle challenges around software supply chain security.
Their insight, experience, and willingness to contribute time and guidance to the Ortelius project has been invaluable. Open source thrives because people like this show up, not just to build technology, but to build communities around it.
What is your #1 tip for getting involved in the community?
My number one tip for getting involved in an open source community is simple: say yes.
Start with what you already do well. If you’re a developer, contribute code. If you’re good at writing, help with documentation or blogs. If you enjoy organizing people, volunteer for outreach or community events. Open source projects need far more than just code, and the best communities thrive because people contribute in many different ways.
That said, some of our best contributors are the brave ones who say “yes” to something they’ve never done before. Taking on a new challenge, whether it’s speaking at a meetup, writing your first technical article, or contributing your first pull request, can be incredibly rewarding and a great way to grow your skills.
If time is limited, look for tasks that can be done in small, manageable pieces. Many projects have short-term contributions like reviewing documentation, helping with social posts, testing releases, or writing a short blog. These allow you to participate and make an impact without committing all of your free time.
Open source is really about participation. Show up, speak up, and contribute where you can, and don’t be afraid to try something new.
What’s your favourite open source conference?
My favorite open source conferences tend to be the smaller, more focused ones rather than the massive industry shows. I enjoy events where you can actually have real conversations with people, dive into technical discussions, and connect with the community in a meaningful way.
One conference I never miss is Open Source Summit, especially when it’s paired with cdCon, the Continuous Delivery Foundation’s conference. What I love about these events is their strong focus on the people actually building and operating software, developers, DevOps practitioners, and platform engineers who are dealing with real challenges every day.
The conversations tend to be practical and technical rather than purely marketing-driven. You hear about what’s working, what isn’t, and how teams are solving problems around CI/CD, AI apps, security, and modern software delivery.
While I occasionally attend larger industry events, Open Source Summit and cdCon are the ones I always prioritize. The community is incredibly engaged, and the discussions are grounded in the real-world challenges that developers and operators face. For me, that’s where the most valuable learning and collaboration happens.
Connect with Tracy
More from Tracy
Most recently, Tracy is the Chair of cdCon 2026, happening May 18 to 19 in Minneapolis, Minnesota. Check out the program.
