Wednesday, April 27, 2022
Creating products is hard: it involves designers, developers, QA and a deployment story. While agile methodologies helped to accelerate the software development, other steps in the creation process are still lacking behind. How much friction does the interaction between various roles cause? Is there a chance to do better?
Join us to learn how to close this gap and speed up the software development process. Tapio and Maurice will discuss through case studies, based on their experience and findings from the Qt Company’s how to create an application framework that lasts for 25+ years and serves thousands of customers in more than 70 different industries.
Developers want to focus on their code, not on managing infrastructure. Ideally, a go live is only a git push away. This is comparably easy when only delivering static assets from the server, but increasingly complex when working with dynamic runtimes. You still use SSH or FTP to deploy your site? Stop doing manual deployments! In this session, we will show you how you can deploy your next PHP App like a breeze.
The rest of your application has moved to cloud-native; now it's time your application and security policies do as well. Long gone are the days of programming servers one by one. Infrastructure is now all push-button deploy powered by configurations that live in Git. The next logical step is to commit the security decisions that protect these systems into Git repositories. Becoming very popular over the last few years, GitOps has standardized application and infrastructure management processes. Within GitOps, smaller branches are starting to emerge to handle specific areas of your application. With tools like Open Policy Agent (OPA), we can define application and infrastructure security policies using Policy As Code and commit them to Git.
OPA is a general purpose policy engine that comes with a custom built dedicated policy language called Rego. Rego allows you to declaratively state the intent of your security policies using human readable expressions. It comes equipped with over 150 built-in functions tailor made for policy authoring. Together OPA and Rego allow you to supercharge your Policy As Code workflow in a Cloud Native way.
Join this talk to gain a general understanding of what policy-as-code is, the benefits in adding it to your application workflow, and see some examples of everyday use cases implemented with OPA and Rego.
We’ve all heard that it’s lonely at the top. For me though, having held both CEO and VP Engineering roles, I’ve often found VP Engineering to be even harder than the notoriously challenging role of CEO, and lonelier. For me, this was due to spending the lion’s share of my time translating between two completely disparate worlds - engineering and business. As the VP of Engineering, our peer executives see us as technical, while our teams on the other hand perceive us as business. Being the bridge between these worlds places us in a unique position to help our company succeed.
Over the years, I’ve found that the most valuable competency a great engineering leader brings to the role is being a great translator. An excellent tech leader will be able to provide much-needed context about the business to the developers, while continuously educating non-technical stakeholders on how software gets made.
In this session, I will share how to translate engineering concepts to execs, why it is important to provide non-technical leaders with more technical detail than you’re giving them now, and which metrics to share with your business every week. You’ll leave with actionable tips for achieving alignment with your business, negotiating for more headcount and non-functional investment, and having more constructive conversations with your CEO. Plus every attendee will get a copy of the engineering metrics scorecard I share every week with our exec team.
Creating functional deployments for k8s is hard enough without even beginning to think about doing it securely. Part of your team are at war backing Helm vs Kustomize and your dirty secret is that you love straight up yaml!
As a security fan you’re looking for an easy win with zero budget to help make sure the “Department of No” doesn’t block the deployment regardless of your Infrastructure as Code choice.
In this live demo, we’ll see how Checkov (you love Star Trek too!), the open source IaC scanning tool by Bridgecrew, can handle all of that AND do so right in your IDE.
DevOps + Security = SomethingSomething… let’s figure it out together.
Developers know what they want and don’t want. And we are pretty sure they don’t want ops. The world is becoming serverless…Including the database.
In this session, we will deliver a deep-dive exploration into the internals of a serverless database, exploring the following, and more:
-How to automatically scale your workload with zero downtime
-How Raft and MVCC are used to guarantee serializable isolation for transactions
-How Cockroach automates scale and guarantees an always-on resilient database
-How to tie data to a location to help with performance and data privacy
-How to only pay what you use and never overspend
CockroachDB - a Distributed SQL cloud-native database designed for consistency, resiliency, located data, and scale - is the core of CockroachDB Serverless. We’d love for you to join us and see how it works!
Once upon a time, developers wrote software and threw it over the fence to operators, who had to worry about deploying it and keeping it running. It was a mixed blessing: they could concentrate on providing value to the business, but they also had no control over the systems on which they worked, leaving them at the mercy of overworked operators who would get them what they needed as soon as possible, which might mean days, weeks, or even months.
Now we have DevOps, and developers can, in many cases, take advantage of self-service models and get what they need when they need it. Which is great. But now they have to worry about things they never had to think about before, like network setup, or security, or finding enough hardware to set up that dev cluster.
In this talk we’ll look at the top 7 things a developer should be able to ignore in favor of providing actual value to the business.
Prometheus is a well-known CNCF project which is a monitoring solution and time series database. Prometheus' differs from other monitoring solutions in that it wants to be able to reach out and 'scrape' targets of interest. Giving Prometheus access is easy when it's on the same network as the targets, but what happens when your centralized SaaS offering wants to monitor your clients? What happens when your Prometheus server is in AWS when you need to monitor targets in Azure or GCP? This is where the power of OpenZiti and Prometheus come into focus.
Using OpenZiti with Prometheus gives you the capability of monitoring anything, anywhere, and doesn't compromise your solution's security to do so. No open firewall holes. No exposed web hooks. All private and totally secure using a zero trust overlay that's both comprehensive - and FREE. That's right, OpenZiti is free, open source and available now.
Sounds too good to be true right? Come see it in action. In this session you will:
• Discover what OpenZiti is and how the magic works
• See what it takes to collect data from targets from anywhere over a secure zero trust network
• Learn how to extend OpenZiti to your own solutions
Given the amount of data to process and manage small latency requirements and high availability, what avenues can you follow to achieve this? This session will explore how to use a distributed data store (Apache Cassandra) and local cache (Redis) with some Go and Python in the mix that was used to achieve this!
OPEN TALK: Driving Security in DevOps, the Parallels in the Advancement of Autonomous Vehicles and DevSecOpsJoin on Hopin
Thanks to automation there is an evolution occuring in the way we get from A to B. We started out with driving aids like parking sensors and cruise control and now it's possible to be driven around in vehicles approaching a near fully automated experience where the automation itself monitors the driving environment. In this session we look at a parallel evolution in the way security is being implemented throughout the application lifecycle and look at different levels of maturity in the implementation of DevSecOps. We answer questions such as 'What do I implement next if I have some DevSecOps implemented already?' and also 'What do some of the more automated security environments look like today in the cloud including cloud native deployments such as microservices?
OPEN TALK: Principles and Practices to Encourage “Responsible” Machine Learning in Your OrganisationJoin on Hopin
Many organizations are using machine learning models to make important business decisions - including decisions about which candidates they hire. However, when these models include bias, there can be significant consequences for both the organization and its job candidates. This session will define “responsible” machine learning and why it should be prioritized, when incorporating machine learning into business decisions, using hiring as an illustrative example.
This talk covers the current perspective of WebAssembly and its drive within the cloud native community, the changes it implies, and the differences not everyone is aware of. I will go through some high-level examples of when WebAssembly (as of now) is very useful and when not. In addition, we will scribble some potential developments and what this means for developers, DevOps and infrastructure engineers.
A short spoiler: You maybe will change your current implementation strategies and most likely discover a scenarios which suits better to your needs.
Thursday, April 28, 2022
Discuss the why and how of micro frontends, together with a detailed walk-through of it's pipeline design for releasing and deliver of micro applications. In addition, I will demo how to apply automation in testing and packaging micro frontends projects.
The Internet of Things (IoT) is increasingly driven by sensor data, with devices taking measured actions based on everything from wind speed and direction, vital body functions, illumination intensity, and temperature.
In this session we will showcase how to build a fully functional sample IoT monitoring application built on the Flask framework and utilizing InfluxDB as its backend. With integrations to visualization libraries such as Plotly Express, creating automated alerts with InfluxDB as well as data downsampling.
This presentation includes industry benchmarks from 2,600 dev teams collected from January 2020 through June 2021, all of the data and citations from my research, multiple case studies from well known Israeli start-ups like Unbabel, Intsights and BigID, and tips for improving PR size, cycle time, MTTR, change failure rate and deployment frequency.
Notes: In my role as CTO of LinearB, I help engineering leaders improve through data and metrics. This presentation is NOT in any way a sales pitch for LinearB. In fact, the name of my company will only be mentioned twice in the session - once when I introduce myself and again when I reference how we collected the data for the study. But, that said, LinearB has allowed me to become a top expert in engineering metrics and I have real-life experience in how the Accelerate DORA 4 metrics are used by real dev teams around the world.
Zero Trust is the security industry’s latest hot buzzword. The OpenZiti open source project (https://openziti.github.io) is a one-stop shop for building true Zero Trust solutions. In this session you will learn what it means to embed Zero Trust directly into your app, discover the superpowers your app gains by incorporating an OpenZiti SDK, and find approaches for layering in additional trust when embedding into your app isn't a viable option.
Shifting Application Security Left and into the hands of developers has been a topic of discussion, but remains just that, a discussion. Legacy solutions in the market are not built from the ground up to enable this and achieve DevSecOps. In this session we will discuss the key features that your AppSec testing tools need to enable shift left, or shift everywhere, to empower developers to detect, prioritize and remediate security issues EARLY, as part of your agile development and unit testing processes, without slowing you down. The talk will include specific examples from leading organizations that have deployed these solutions, the business impact they have achieved and the steps you can take to achieve the same, across your applications and APIs
Building a SPA fully in .NET 6 with Blazor WebAssembly has become a hot topic in the last few months. AWS offers you several hosting options for your Blazor WASM apps. However, if you want to interact with AWS Services, there are a few things you need to know. In this session, I will demonstrate the different hosting options you have on AWS. Then I will discuss what you need to know to interact with AWS Services from your Blazor WASM app.
By leveraging the power of machine learning, human moderators can stay one step ahead of bad actors even with a large volume of users. However, harmful content is often vaguely defined and dependent on the context. So how can a model learn how to spot it if even humans have doubts? And how can this be scaled up to reach billions of end users? With these questions in mind, we combined an in-house message labelling solution with hierarchical clustering based on real messages from our chat apps. This method reduced uncertainty in human labelers and allowed us to catch creative spammers. Learn how we accelerated our data acquisition and the techniques we used to make social interactions healthier for our end users.
Poor application security is one of the leading causes of breaches. Yet, the increasing demand for rapid delivery puts pressure on the secure coding practices of developers.
So, let’s find out where to draw the line by unveiling the ten most critical application security concerns (‘the OWASP Top 10‘)–and why fending against these is vital for you and your business to flourish.