OPEN Talks

Wednesday, April 27, 2022

- BST
OPEN TALK: Full Software Development Lifecycle in a Box
Join on Hopin
Maurice Kalinowski
Maurice Kalinowski
The Qt Company, Product Director
Tapio Haantie
Tapio Haantie
The Qt Company, Product Business Line Director

Creating products is hard: it involves designers, developers, QA and a deployment story. While agile methodologies helped to accelerate the software development, other steps in the creation process are still lacking behind. How much friction does the interaction between various roles cause? Is there a chance to do better?

Join us to learn how to close this gap and speed up the software development process. Tapio and Maurice will discuss through case studies, based on their experience and findings from the Qt Company’s how to create an application framework that lasts for 25+ years and serves thousands of customers in more than 70 different industries. 

- BST
OPEN TALK: A New PHP App Should Only Be a Git Push Away
Join on Hopin
Robert Schleinhege
Robert Schleinhege
IONOS, Product Owner
Markus Hunsalz
Markus Hunsalz
IONOS, Head of Development Agency Products

Developers want to focus on their code, not on managing infrastructure. Ideally, a go live is only a git push away. This is comparably easy when only delivering static assets from the server, but increasingly complex when working with dynamic runtimes. You still use SSH or FTP to deploy your site? Stop doing manual deployments! In this session, we will show you how you can deploy your next PHP App like a breeze.

- BST
OPEN TALK: Demystifying Policy-as-Code with OPA and GitOps
Join on Hopin
Anders Eknert
Anders Eknert
Styra, Developer Advocate

The rest of your application has moved to cloud-native; now it's time your application and security policies do as well. Long gone are the days of programming servers one by one. Infrastructure is now all push-button deploy powered by configurations that live in Git. The next logical step is to commit the security decisions that protect these systems into Git repositories. Becoming very popular over the last few years, GitOps has standardized application and infrastructure management processes. Within GitOps, smaller branches are starting to emerge to handle specific areas of your application. With tools like Open Policy Agent (OPA), we can define application and infrastructure security policies using Policy As Code and commit them to Git.
OPA is a general purpose policy engine that comes with a custom built dedicated policy language called Rego. Rego allows you to declaratively state the intent of your security policies using human readable expressions. It comes equipped with over 150 built-in functions tailor made for policy authoring. Together OPA and Rego allow you to supercharge your Policy As Code workflow in a Cloud Native way.
Join this talk to gain a general understanding of what policy-as-code is, the benefits in adding it to your application workflow, and see some examples of everyday use cases implemented with OPA and Rego. 

- BST
OPEN TALK: Batten Down The Hatches: Using Open Source for Smooth (and Secure) Sailing Through K8s
Join on Hopin
Steve Giguere
Steve Giguere
Bridgecrew, Developer Advocate

Creating functional deployments for k8s is hard enough without even beginning to think about doing it securely. Part of your team are at war backing Helm vs Kustomize and your dirty secret is that you love straight up yaml!
As a security fan you’re looking for an easy win with zero budget to help make sure the “Department of No” doesn’t block the deployment regardless of your Infrastructure as Code choice.
In this live demo, we’ll see how Checkov (you love Star Trek too!), the open source IaC scanning tool by Bridgecrew, can handle all of that AND do so right in your IDE.
DevOps + Security = SomethingSomething… let’s figure it out together. 

- BST
OPEN TALK: The Architecture of a Serverless Database
Join on Hopin
Jim Walker
Jim Walker
Cockroach Labs, Principal Product Evangelist
Rain Leander
Rain Leander
Cockroach Labs, AppDev Technical Evangelist

Developers know what they want and don’t want. And we are pretty sure they don’t want ops. The world is becoming serverless…Including the database.
In this session, we will deliver a deep-dive exploration into the internals of a serverless database, exploring the following, and more:
-How to automatically scale your workload with zero downtime
-How Raft and MVCC are used to guarantee serializable isolation for transactions
-How Cockroach automates scale and guarantees an always-on resilient database
-How to tie data to a location to help with performance and data privacy
-How to only pay what you use and never overspend
CockroachDB - a Distributed SQL cloud-native database designed for consistency, resiliency, located data, and scale - is the core of CockroachDB Serverless. We’d love for you to join us and see how it works! 

- BST
OPEN TALK: Top 7 Things a Developer Shouldn’t Have to Worry About
Join on Hopin
Stephane Montri
Stephane Montri
Mirantis, Sr Solution Architect

Once upon a time, developers wrote software and threw it over the fence to operators, who had to worry about deploying it and keeping it running. It was a mixed blessing: they could concentrate on providing value to the business, but they also had no control over the systems on which they worked, leaving them at the mercy of overworked operators who would get them what they needed as soon as possible, which might mean days, weeks, or even months.
Now we have DevOps, and developers can, in many cases, take advantage of self-service models and get what they need when they need it. Which is great. But now they have to worry about things they never had to think about before, like network setup, or security, or finding enough hardware to set up that dev cluster.
In this talk we’ll look at the top 7 things a developer should be able to ignore in favor of providing actual value to the business. 

- BST
OPEN TALK: Practical Use of OpenZiti: "Monitor Anything Anywhere With Prometheus"
Join on Hopin
Clint Dovholuk
Clint Dovholuk
NetFoundry, Developer / Zero Trust Advocate

Prometheus is a well-known CNCF project which is a monitoring solution and time series database. Prometheus' differs from other monitoring solutions in that it wants to be able to reach out and 'scrape' targets of interest. Giving Prometheus access is easy when it's on the same network as the targets, but what happens when your centralized SaaS offering wants to monitor your clients? What happens when your Prometheus server is in AWS when you need to monitor targets in Azure or GCP? This is where the power of OpenZiti and Prometheus come into focus.

Using OpenZiti with Prometheus gives you the capability of monitoring anything, anywhere, and doesn't compromise your solution's security to do so. No open firewall holes. No exposed web hooks. All private and totally secure using a zero trust overlay that's both comprehensive - and FREE. That's right, OpenZiti is free, open source and available now.

Sounds too good to be true right? Come see it in action. In this session you will:

• Discover what OpenZiti is and how the magic works

• See what it takes to collect data from targets from anywhere over a secure zero trust network

• Learn how to extend OpenZiti to your own solutions

- BST
OPEN TALK: Worldwide Distributed Processing of 2TB/day of Data
Join on Hopin
Carlos Rolo
Carlos Rolo
Instaclustr, Consultant and Technical Account Manager

Given the amount of data to process and manage small latency requirements and high availability, what avenues can you follow to achieve this? This session will explore how to use a distributed data store (Apache Cassandra) and local cache (Redis) with some Go and Python in the mix that was used to achieve this!

- BST
OPEN TALK: Driving Security in DevOps, the Parallels in the Advancement of Autonomous Vehicles and DevSecOps
Join on Hopin
David Maclean
David Maclean
Palo Alto Networks, Manager, Prisma Cloud Solutions Architects

Thanks to automation there is an evolution occuring in the way we get from A to B. We started out with driving aids like parking sensors and cruise control and now it's possible to be driven around in vehicles approaching a near fully automated experience where the automation itself monitors the driving environment. In this session we look at a parallel evolution in the way security is being implemented throughout the application lifecycle and look at different levels of maturity in the implementation of DevSecOps. We answer questions such as 'What do I implement next if I have some DevSecOps implemented already?' and also 'What do some of the more automated security environments look like today in the cloud including cloud native deployments such as microservices?

- BST
OPEN TALK: Principles and Practices to Encourage “Responsible” Machine Learning in Your Organisation
Join on Hopin
Ashley Pitlyk
Ashley Pitlyk
Codility, Senior Director of Data Science
Neil Morelli
Neil Morelli
Codility, Chief I-O Psychologist

Many organizations are using machine learning models to make important business decisions - including decisions about which candidates they hire. However, when these models include bias, there can be significant consequences for both the organization and its job candidates. This session will define “responsible” machine learning and why it should be prioritized, when incorporating machine learning into business decisions, using hiring as an illustrative example. 

Thursday, April 28, 2022

- BST
OPEN TALK: Building an IoT App with InfluxDB, Python and Flask
Join on Hopin
Jay Clifford
Jay Clifford
InfluxData, Developer Advocate

The Internet of Things (IoT) is increasingly driven by sensor data, with devices taking measured actions based on everything from wind speed and direction, vital body functions, illumination intensity, and temperature.
In this session we will showcase how to build a fully functional sample IoT monitoring application built on the Flask framework and utilizing InfluxDB as its backend. With integrations to visualization libraries such as Plotly Express, creating automated alerts with InfluxDB as well as data downsampling. 

- BST
OPEN Talk: Pull Request Size: The Most Important Indicator of Development Pipeline Health
Join on Hopin
Yishai Beeri
Yishai Beeri
LinearB, CTO

This presentation includes industry benchmarks from 2,600 dev teams collected from January 2020 through June 2021, all of the data and citations from my research, multiple case studies from well known Israeli start-ups like Unbabel, Intsights and BigID, and tips for improving PR size, cycle time, MTTR, change failure rate and deployment frequency.

Notes: In my role as CTO of LinearB, I help engineering leaders improve through data and metrics. This presentation is NOT in any way a sales pitch for LinearB. In fact, the name of my company will only be mentioned twice in the session - once when I introduce myself and again when I reference how we collected the data for the study. But, that said, LinearB has allowed me to become a top expert in engineering metrics and I have real-life experience in how the Accelerate DORA 4 metrics are used by real dev teams around the world. 

- BST
OPEN TALK: AppSec Testing Automation for Developers & CICD
Join on Hopin
Oliver Moradov
Oliver Moradov
Bright Security, Head of Product Marketing

Shifting Application Security Left and into the hands of developers has been a topic of discussion, but remains just that, a discussion. Legacy solutions in the market are not built from the ground up to enable this and achieve DevSecOps. In this session we will discuss the key features that your AppSec testing tools need to enable shift left, or shift everywhere, to empower developers to detect, prioritize and remediate security issues EARLY, as part of your agile development and unit testing processes, without slowing you down. The talk will include specific examples from leading organizations that have deployed these solutions, the business impact they have achieved and the steps you can take to achieve the same, across your applications and APIs 

- BST
OPEN TALK: Blazor WebAssembly on AWS; What You Need to Know
Join on Hopin
François Bouteruche
François Bouteruche
AWS, Senior Developer Advocate, Modern Apps

Building a SPA fully in .NET 6 with Blazor WebAssembly has become a hot topic in the last few months. AWS offers you several hosting options for your Blazor WASM apps. However, if you want to interact with AWS Services, there are a few things you need to know. In this session, I will demonstrate the different hosting options you have on AWS. Then I will discuss what you need to know to interact with AWS Services from your Blazor WASM app. 

- BST
AI Chat Moderation: How to Identify Harmful Content?
Join on Hopin
Chiara Caratelli
Chiara Caratelli
Stream, Machine Learning Engineer

By leveraging the power of machine learning, human moderators can stay one step ahead of bad actors even with a large volume of users. However, harmful content is often vaguely defined and dependent on the context. So how can a model learn how to spot it if even humans have doubts? And how can this be scaled up to reach billions of end users? With these questions in mind, we combined an in-house message labelling solution with hierarchical clustering based on real messages from our chat apps. This method reduced uncertainty in human labelers and allowed us to catch creative spammers. Learn how we accelerated our data acquisition and the techniques we used to make social interactions healthier for our end users.