Workshop Stage 1
Tuesday, December 7, 2021
It is very important nowadays to stay up to date with all of the cyber threats that are posing all over the world. It is widely known that there are not enough resources to be found to fill up every Security Operation Center (i.e. SOC). Therefore, many organizations struggle with coping with the massive amount of new type of attacks and generated alerts from their tooling.During this session, you will learn how to hunt (and automate your hunt) for active cyber threats in your environment and contain them using integrated connections to network, endpoint, and cloud products. This session is targeted at SOC management, cyber security engineers, threat hunters, and analysts. It will touch on threat detection, investigation and response. All the code will be made available after the session.
Building an exceptional enterprise API is no easy feat. Earlier this year, Foursquare launched the new Places Enterprise API, built from the foundation of our renowned Developer API. In this session, we'll take you through every step of the process to create a delivery method that can meet enterprise standards and upgrade the developer experience - from understanding your customer's UX criteria and auditing the performance and security of your API infrastructure, to best SLA practices and everything in between.
Cadence (cadenceworkflow.io) is an open-source solution for workflow orchestration developed at Uber. It allows developers to focus on writing code for business logic, without worrying about the complexity of distributed systems. Cadence is widely adopted at Uber and in the open source community for a broad variety of use cases. In this session, you will hear from Cadence users at Uber and Instaclustr talk about how Cadence is used to solve various business problems. It will also cover some of the most interesting features and improvements that were shipped throughout the past year, as well as its future roadmap.
A detailed talk on how to approach app modernization covering the following --
how to move web apps running on plain virtual machines to a containerized setup and how to orchestrate those with a managed kubernetes service
how to scale these out?
Why IaC (Infrastructure as code) is important and a sample show casing resource spin off.
How to continously integrate and deliver these applications?
And finally touch base a little bit on security aspects
APIs are the data fabrics connecting modern applications. While it is a powerful tool for Dev and DevOps, it has also become a new attack surface for bad actors to gain access to sensitive data. Many existing API security solutions today are so inflexible and rule driven that they risk slowing down the development process. Lebin Cheng, Imperva’s Head of API Security, will help you navigate through the API Security noise with insights on:DevSecOps does not mean Dev and Sec need to slow each other down. How automated SecOps can speed up Dev and DevOps? What is the right DevSecOps approach to implement API Security?First hand insight into how a DigitalFirst organization took the first steps towards DevSecOps API Security, and how you can too?Other DevSecOps best practices.
Cloud engineers need tools that help them check that the infrastructure as code templates they’re developing adhere with all applicable industry compliance standards and custom security policies. And the organization needs to ensure their developers are using those tools, and that they’re using the correct policies.In this session, Josh Stella will talk about how to establish effective, efficient, and consistent IaC security, which is critical to preventing cloud misconfiguration vulnerabilities from reaching the runtime without slowing teams down. But if teams are using a completely different system and set of policies for checking the runtime for security and compliance, things start to fall apart. He will review: -How to prevent Critical vulnerabilities from slipping through the cracks -How to use policies to govern your cloud environment -Suggestions on how to prioritize and remediate issues
Cloud is complex. We are running ever more services in ever more places with ever more dependencies. As a result, we see deployments stir up failures and breaches go undetected. Service meshes help manage the explosion in east-west traffic but running a complex environment is not a matter of better routing or tracing requests. It must be controlled at runtime.This talk recounts the learnings from running a service mesh for reliability and security engineers at a large managed-services provider.
Microservices are complex, but don't need to be. Simplifying a microservice architecture is all about knowing who wrote them, who is using them and where they are running across all clusters. This is the purpose of a microservice catalog where microservice developers and application teams can share and collaborate around microservices, and provide support teams the information they need to respond to an incident quickly. In this presentation, Tracy Ragan, CEO of DeployHub and Ortelius Community Director will introduce the concepts of a microservice catalog along with the Continuous Delivery Foundation's Ortelius Open Source project focused on delivering a unified solution for all to use, automated via the CD Pipeline.
Kubernetes is hard. Running your data rich applications on Kubernetes platform does not make it any easier. One of the key challenges with cloud native applications is data management.
Join this session to learn:
1. Common challenges with provisioning and protecting data used in Kubernetes applications
2. How to define application 'state' in holistic terms
3. How to seamlessly provision and protect data to Kubernetes applications
Wednesday, December 8, 2021
Event-Driven Architectures (EDA ) are perceived as mythical objects that instantly transform your systems into "real-time" ones! BUT, come to think of it, aren't they already "real-time"? I mean, adding an item to the cart is pretty much instant in ( most ) webshops. In fact, EDA solves an entirely different set of problems and with the help of Apache Kafka, we will walk through the (re)evolution path. Microservices are easy to get started with, but once we do, we keep stumbling across the same issues: data access, consistency, and failures ( sounds familiar? ).The solution? Patterns, patterns, patterns … You’ve probably heard about terms such as “Event Notification”, “Event-carried State Transfer”, or even “Event Sourcing”, but how can they be used to solve our problems? And more importantly, how can we use Apache Kafka to take advantage of these patterns I guess we will find out soon!
As you adopt cloud native technologies and Kubernetes, you will face a myriad of technology, process, policy and people decisions. What tools and patterns are needed to be successful? How can you ensure Kubernetes is a success across your DevOps team and organization?Rachel Sweeney, Product Advocate SRE at Fairwinds, discusses why Kubernetes plays an important role in your DevOps experience and the 5 things to help your team succeed at Kubernetes. Learn a few critical steps to achieving your Kubernetes Maturity around technology, security, visibility and consistency.
Experience a combination of a blazing-fast React-based framework (Gatsby) and the headless CMS (Storyblok) that works for developers & business users.You'll learn how to develop & deploy a blazing fast blog using the real-time visual editor & component-based approach which makes content editing easier. All in less than 30 minutes! I promise you - your marketers & content editors will love it and you will finally develop without any restrictions or hidden traps. Long live Jamstack!
Static analysis tools are often used by a separate QA or security team, but recent advances enable tight integration into agile development processes, shifting left the detection of critical errors. This talk reviews these advances, highlighting examples from Google and Facebook, and summarizes the commercial landscape, concluding with best practices for companies adopting static analysis tools.
Is it possible for a computer program to write its own programs? While this kind of idea could seem far-fetched, it may actually be closer than we think. This presentation introduces “AI Programmer”, a machine learning system, which can automatically generate full software programs requiring only minimal human guidance. The system uses genetic algorithms coupled with a tightly constrained programming language. We’ll cover an overview of the system design and see examples of its software-generation capabilities.