DeveloperWeek 2021 DeveloperWeek 2021

DevOps Summit

Wednesday, February 17, 2021

- PST
PRO WORKSHOP (ProductWorld): Safe to Fail Agile Culture
Join on Hopin
Sylvia Lobo
Sylvia Lobo
Seera Group, Project Manager, Program Manager

Building a new software product is a highly innovative and creative process. Things simply don't go to plan all the time, setbacks and failures are inevitable along the way. What makes a difference is how a team deals with them. Each failure is an opportunity to reassess, make a change and try a different approach

- PST
PRO WORKSHOP (CloudWorld): How Cisco Embraced a DevOps Culture within Its Network Engineering Team
Join on Hopin
Stuart Clark
Stuart Clark
Cisco Systems, Network Automation Developer Evangelist

BUSINESS PROBLEM & CHALLENGE
Network automation was not well practiced or well understood inside our network engineering team, but was sorely needed. We needed to decrease effort and mistakes on daily management tasks by minimizing the direct human interaction with network devices. High on our priority list of goals, was improving network security by recognizing and fixing security vulnerabilities and increasing the network performance.

HOW WE OVERCAME THE CHALLENGE
We started by simplifying daily workflows, baselining our configurations and removing snowflakes. While this can be very labour-intensive at the outset when you’re working on a global scale in a highly critical customer environment, the long-term benefits far outweighed the labour.
Next, we created an inventory file which listed all network devices by type, model, location and IP address - this enabled us to retrieve info about devices and using network programming and automation, allowing us to deploy to all devices, or even a subset of devices (eg. only those in a specific area), depending on what was needed. The benefit to this is we avoided manual configuration and logging into hundreds of different devices to add configuration to each one.
Overcoming these two big challenges set us up for success and enabled us to deploy at a global scale. We lived by the mantra:

“If it’s not repeatable, it’s not automatable. And if it’s not automatable, it’s not scalable.”

LEARNINGS AND MEASURABLE OUTCOMES
So what did we learn? For starters, it can be hard to automate a use case or test in the same way you would if doing it manually. Testing that requires physical movement, for example losing service provider links or hardware failure is also a challenge, as automating something like that is very tricky. We also learned that code reviews are extremely important. Shared code ownership means the entire team can make changes anywhere, at any time.

And what we’re the measurable outcomes?

Faster deployment times - we were able to efficiently push changes to over 300 network devices and audit the configuration of our global network, taking the time to execute from days down to hours.
Removed the fear of large and complex network changes - the accuracy and efficiency with which we were able to deploy at scale, gave business and the leadership more confidence in subsequent large scale network changes and deployments.
Faster feedback on network changes - it allowed us to get reviews on network configuration changes with version control and peer review, treating infrastructure as code (IaC).
Helped with adhering to PSIRT/CSIRT challenging timeframes and security vulnerabilities.


Techniques used:
We started by simplifying daily workflows, baselining our configurations and removing snowflakes. Next, we created an inventory file which listed all network devices by type, model, location and IP address.

Metrics used:
Speed of deployment; speed of feedback on network changes; speed of adherence to PSIRT/CSIRT timeframes; confidence and buy-in from senior leadership on subsequent deployments!

- PST
PRO WORKSHOP: Application Performance Management ≄ Application Stability Management
Join on Hopin
James Smith
James Smith
Bugsnag, CEO & Co-Founder

Have you ever tried to hammer a nail with a pair of pliers? While you may succeed eventually, the process is inefficient and frustrating because you’re using the wrong tool. The same holds true for developers who try to work with application performance management (APM) solutions to monitor mobile and web applications. Because these solutions are designed for DevOps and infrastructure teams to monitor backend systems and performance, they don’t provide the insights developers need into release stability, errors, and how these are impacting the customer experience.
Then there are application stability management (ASM) solutions, which are built specifically for engineering organizations. ASM provides actionable insights into how stable the application is, where bugs exist, and how to improve the end user experience. James Smith, CEO of Bugsnag, will explain the differences between the two solutions and outlines the benefits organizations can achieve when APM and ASM are provided to the right teams.

- PST
PRO WORKSHOP (CloudWorld): How to Benchmark Your Apache Kafka
Join on Hopin
Kirill Kulikov
Kirill Kulikov
Confluent, Consulting Engineer

Apache Kafka is a complex system with multiple parameters to configure for different use cases. As a Consulting Engineer at Confluent, I can see many clients who need to benchmark their production systems and understand its capacity. Benchmark details can be used to optimize the throughput and better utilize resources. Benchmarking and measuring aren’t just for finding a bottleneck; they’re about trying to better understand the loads you’re placing on the system. This talk will focus on methods and tools of Apache Kafka performance analysis and benchmarking. It will be helpful to anyone trying to operate a large Apache Kafka cluster and achieve the throughput and latency goals.

- PST
PRO WORKSHOP (ProductWorld): Building Sticky User Experiences - Lessons Learned about What Works for Push, in-App Messages, and Email
Join on Hopin
Zack Hendlin
Zack Hendlin
OneSignal, VP of Product

Every day, OneSignal sends more than 8 billion messages. Looking at this aggregated data provides deep insights into what works and what doesn’t when it comes to keeping users coming back to your app or website.
In this session, I’ll cover what works and what doesn’t from learnings across 100 BN+ messages and show hands on how to use push notifications, in-app messages, email, track important outcomes, and use personalization to build great products that drive engagement.
I’ll also share insights learned from being a product manager at both Facebook and Linkedin about building engaging user experiences.

Thursday, February 18, 2021

- PST
OPEN TALK: What Is "Undone" Department and How to Eradicate It?
Join on Hopin
Gene Gendel
Gene Gendel
KSTS Consulting

Today, unfortunately, many agile teams are not yet able to create a true shippable increment every sprint. This is because their Definition of Done (DoD) is weak (immature).
As such, teams have a lot of UNDONE work at the end of every sprint. This work may take a lot of different forms and is usually passed on to a 'special' UNDONE department or group to be handled. In Scrum and in Large Scale Scrum UNDONE department do not exist.
It may seem that reasons for having UNDONE department are purely technical [limitations]. But this is rarely so. For the most part, they are political and have to do with traditional organizational design and sphere of control.

- PST
OPEN TALK: Search and Extract: Optimized Document Processing with iText pdf2Data and pdfOCR
Join on Hopin
Cal Reynolds
Cal Reynolds
iText, Software Engineer
Michael Demey
Michael Demey
iText Software, Research Engineer

In this talk we will demo an optimized PDF workflow using pdfOCR to recognize data in PDF documents, and pdf2Data to extract selected data from your OCR search. The beauty of using pdf2Data in this way is it can pick up exactly where pdfOCR leaves off, allowing you to both recognize and extract all kinds of data from PDF documents that would otherwise be inaccessible.

pdf2Data is our iText 7 add-on for smart data extraction from PDF documents. It’s tailored especially for extracting hard to reach data locked inside PDFs, and it fits neatly into the iText 7 ecosystem. The cherry on top? Anyone can quickly create a template for data extraction using the sleek user interface, with no need to tediously define document structures programmatically. Let the template designer assist you in creating your data extraction templates; no coding required!

If you haven’t tried it already, we’d like to give you a quick tour of its capabilities, while also demonstrating how it’s a great companion for our pdfOCR add-on.

- PST
OPEN TALK: Modern Application Development for Any Domain
Join on Hopin
Corey Pendleton
Corey Pendleton
The Qt Company, Senior Pre Sales Engineer

With the rise of the high-resolution, responsive mobile user interface has come rising user expectations of technology in every facet of life. From consumer devices to industrial control panels to scientific data analysis applications, the way the user feels when interacting with technology often determines the success or failure of a product. But shiny user experience only goes so far if the underlying application framework cannot meet the product requirements, or results in a high cost of development.

In this session, you will discover how the Qt application development framework can enable you to develop beautiful, high-performance applications that scale from microcontroller to desktop. Support all major platforms and operating systems with a single code base. Develop in C++, Python, and/or QML/JavaScript to make the best use of your expertise and integrate with any application domain.

- PST
OPEN TALK: Breaking News: DevSecOps Is Broken without RUNTIME Observability
Join on Hopin
Kiran Kamity
Kiran Kamity
DeepFactor.io, Founder & CEO
Mike Larkin
Mike Larkin
DeepFactor, Founder & CTO
Dr. Neil Daswani
Dr. Neil Daswani
Stanford Advanced Cyber Security Program, Co-Director

How confident are you that your code—including any 3rd party code your team brought in—is running in a secure and compliant manner before you deploy to production?

Imagine this - your developers check-in code for a new feature. It includes pieces of code your team wrote and pieces of code from a 3rd party. The code passes SAST & SCA and you deploy it to production. A day later, your production server is breached...and the attacker leveraged a bug in your code that caused privilege escalation and was able to become root.

In today’s microservices-containers/Kubernetes/Docker-DevOps world, a static code scanner isn't sufficient. You need RUNTIME observability into the application’s security, privacy, and compliance. Your developers need to know if their code or a 3rd party’s code can cause issues at runtime.

This panel of RUNTIME observability and security developers and experts will discuss the what, why, and how DeepFactor’s Continuous Observability platform:
- Automatically observes more than 170 parameters—across system call, library, network, web, and API behaviors in every thread of every process in every running container of your application—and detects security and compliance risks in your CI pipeline
- Detects insecure behaviors that only manifest at runtime and cannot be caught with code scanning or just looking at known CVE databases
- Reduces alert volume by prioritizing the findings of your SCA tools with runtime insights from observability tools
- Empowers Engineering leadership to accelerate productivity and decrease mean-time-to-remediate (MTTR) security and compliance risks pre-production as their teams ship secure releases on schedule

You’ll leave this session armed with the knowledge to immediately leverage continuous observability to consistently deploy apps with confidence.

- PST
OPEN TALK: Self-Destructing Kubernetes Clusters Using Terraform and GitHub Actions
Join on Hopin
Nills Franssens
Nills Franssens
Microsoft, Sr. Cloud Solution Architect

Need a Kubernetes cluster for a short amount of time, but always forget to destroy them? Worry no more, as in this session we'll show you how to create a self-destructing Kubernetes Cluster.

During this talk, we'll showcase a number of technology principles: Infrastructure as Code, CI/CD, identity in the cloud and scheduling jobs on Kubernetes. We'll use Terraform, GitHub Actions and Azure Kubernetes as demo material, but the concepts of this talk translate to any technology platform.

By attending this talk you'll get a practical understanding of Infrastructure as Code, CI/CD, identity in the cloud and scheduling jobs on Kubernetes.

- PST
OPEN TALK: Why Do I Need Runtime Security....and Why Do I Want Cookies Too?
Join on Hopin
Dan “POP” Papandrea
Dan “POP” Papandrea
Sysdig, Director of Open Source Community and Ecosystem
Scott Surovich
Scott Surovich
HSBC, Global Container Engineering Lead

Runtime security for containers, Kubernetes and cloud native isn't for the faint of heart. To confidently secure your applications, you need a recipe. And, much like the one grandma used for her consistently amazing chocolate chip cookies, the one you get from this session will guarantee your security success.

In this session, Scott Surovich and POP will share practical experience and excerpts from Scott's new book Kubernetes and Docker - An Enterprise Guide. They’ll share the key ingredients for tooling that provides an engine, ruleset, and outputs that fit real-world scenarios.

They will cover:
- An introduction to CNCF open source project Falco for runtime security of applications/ cloud native infrastructure
- Real world use cases of Falco with a short demo showing rulesets and outputs valid for your business
- A primer to how to contribute your own capabilities to Falco
- A kickass chocolate chip cookie recipe to wow your friends and family

- PST
KEYNOTE: Cloudsmith – Why Continuous Packaging Is Vital to Secure Pipelines
Join on Hopin
Dan McKinney
Dan McKinney
Cloudsmith, Developer Relations Lead

Building modern DevOps pipelines relies on using best-in-class developer tools, with a deep focus on providing real actionable developer value, and gluing them together. At Cloudsmith we believe good old package management needs a serious refresh, with a name befitting its focus on DevSecOps. We call it Continuous Packaging.

Today, building automation and security into software supply chains requires packaging source code, dependencies, and containers into logical, versioned units. Shift-Left security is not enough. Every organization needs a reliable Package Delivery Network, a single pane of glass through which you can see the flow of packages providing much-needed isolation and provenance. Two concepts we’ll outline as vital for managing secure distribution and deployments.

- PST
OPEN TALK: Context Switching Is Hurting Developer Productivity. Here Is How to Fix It
Join on Hopin
Peter Pezaris
Peter Pezaris
CodeStream, CEO and Founder

Context switching between your IDE, Github.com, JIRA, Terminal, and Slack is no way to optimize collaboration and it results in countless hours of distraction and lack of focus, hurting code quality. Team alignment and productivity depend on just the right mix of collaboration and staying in the zone. Extensible IDEs are opening the door to great innovation in developer workflow. Turning the IDE into the true Hub of the development flow is the best way to integrate the essential tools into a cohesive and streamlined process. In the future, your code host, issue tracker and messaging app will be placed where they belong: In your editor. Here we will discuss how such an integration should happen, and we will spell out the benefits that accrue to the individual developer, the team and the organization.

- PST
OPEN TALK: How to Achieve AppSec Testing Automation for Developers
Join on Hopin
Bar Hofesh
Bar Hofesh
NeuraLegion, CTO & Co-Founder


Shifting Application Security Left and into the hands of developers has been a topic of discussion, but remains just that, a discussion. Legacy solutions in the market are not built from the ground up to enable this and achieve DevSecOps. In this session we will discuss the key features that your AppSec testing tools need to enable shift left, or shift everywhere, to empower developers to detect, prioritise and remediate security issues EARLY, as part of your agile development and unit testing processes, without slowing down DevOps. The talk will include specific examples from leading organizations that have deployed these solutions, the business impact they have achieved and the steps you can take to achieve the same, across your applications and APIs

- PST
OPEN TALK: Move Faster and Break Fewer Things with Observability + AI
Join on Hopin
Richard Whitehead
Richard Whitehead
Moogsoft, Chief Evangelist

A key challenge when working with software is that it’s invisible. It does not inherently lend itself to the universal DevOps goal of “Telemetry Everywhere.” While engineers consciously code their product to emit metrics, logs and traces that allow them to observe the invisible, traditional monitoring methods fall short of generating meaningful data about incidents, leaving teams with excess toil when things break. This talk will explore the relationship between observability and SDLC practices which allow AI to lead the Ops side of DevOps, so developers and SREs can move faster, innovate more and operate less.

Attendees will learn:
- How introducing visibility and control over incidents earlier in the development cycle can reduce toil.
- How to leverage Service Level Objectives (SLOs), error budgets and the ‘wisdom of production’ to improve the Ops part of DevOps.
- Methods for using AI-driven observability to turn every incident into a learning opportunity.

Discover how AI-driven observability methods help improve practices from Site Reliability Engineering to Continuous Integration and Deployment, and supports the transition from project to product-centric ways of working.

- PST
KEYNOTE: PagerDuty – From Ticket-Time to Real-Time: Enabling Developers to Run What They Build
Join on Hopin
Damon Edwards
Damon Edwards
PagerDuty, Senior Director, Product


The DevOps movement has been undeniably pulling Developers into Operations. “Shift left” and “You build it, you run it” have become familiar rallying cries. But how do you actually enable developers to participate in Operations when so many policies, processes, and tools were designed to keep them out? This talk will look at how Real-Time Operations enables the safe (and sane) delegation of operational control, wherever it is needed.

- PST
OPEN TALK: Shift Data Security to the Left
Join on Hopin
Steve Luplow
Steve Luplow
Absio Corporation, Vice President, Software Development

Historically, data security has been an afterthought — something that others handle; the IT team will handle it after our software goes live, the client will handle it with hardware. In today’s environment of large-scale data breaches, data security as an afterthought is too little too late.

Application and data security should be part of every design and product roadmap discussion just like functionality, stability and user experience. The more mobile the data needs to be, the more agile the solution needs to be. By shifting security conversations to early in the product development lifecycle instead of after code has already been released, software organizations can save money, better differentiate their offerings and scale more effectively in the long run. This session will discuss important design considerations for application-level security and how to select tools and methods that support your software architecture instead of dictating it.

- PST
OPEN TALK: Develop Smarter, Easier, and Confidently!
Join on Hopin
Anthony Baer
Anthony Baer
Sonatype, Solutions Architect

The role of the developer continues to change as they sit on the front line of application and even cloud infrastructure security. Today, developers are focused on innovating fast and improving security, but how do high-performing teams accomplish this? They commit code frequently, release often and update dependencies regularly (608x faster than others).

In this webinar, we discuss the key traits of high-performing teams and how that impacts the role of the developer.

Key Takeaways:
Choose the best third party dependencies
Determine the lowest effort upgrades between open source versions
Solve for issues in both direct and transitive dependencies with a single-click
Block and quarantine suspicious open source components

- PST
OPEN TALK: Releases: The Last Frontier of Standardization
Join on Hopin
Ravi Lachhmaan
Ravi Lachhmaan
Harness, Evangelist

As software engineers, we strive to better our craft and leave a lasting mark on the organizations we work for. Throughout our careers, we balance two types of knowledge: the combination of business domain and technical stack is our bread and butter.

No matter if you work for a bank or an app that is revolutionizing wine delivery for pets, as an engineer you tend to get better at developing features. Design patterns and approaches learned on one project can transfer into others, while the new challenges add to your skillset. Ironically what does not transfer easily between projects is the process of deploying and releasing the software that you work so hard to build. For most organizations, deployments and releases are team-centric since applications are unique but Continuous Delivery is changing that.

Learn in this session how modern Continuous Delivery approaches are ushering in standardization in one of the last and sometimes scary frontiers for software engineers, your releases. Core to Continuous Delivery is making strides in engineering efficiency. With advancements with AI/ML in your CI/CD pipelines, even the most snowflake based deployments can benefit from standardization.

- PST
OPEN TALK: Accelerating to Escape Velocity: Migrating Applications to the Cloud with Programmable Data Infrastructure
Join on Hopin
Jason Simpson
Jason Simpson
Choice Hotels, Vice President, Engineering
Alex Hesterberg
Alex Hesterberg
Delphix, Chief Customer Officer

Building on its rich history of innovation, Choice Hotels used a cloud-first approach to accelerate innovation and battle digital-native competitors. 

To escape the gravitational pull of data and make the cloud promise a reality, Choice Hotels brought on an API-first programmable data infrastructure platform to automate data compliance and data delivery. By doing so, the organization broke down data silos, allowing software teams to significantly improve the quality and speed of application testing and development.

In this fireside chat with Jason Simpson, VP of Engineering at Choice Hotels, you’ll discover: 

  • Learnings from a migration of hundreds of applications from legacy systems to Amazon Web Services (AWS)

  • Insights on leveraging data to minimize the risk of outages and delivering a frictionless experience for customers and franchisees across platforms

  • Reaping the scalability of cloud to manage unexpected business shifts including impacts from COVID-19

  • Perspectives on how Programmable Data Infrastructure can be leveraged for Migration, CI/CD Acceleration and even Service Restoration with APM Integration

Speakers: Jason Simpson, VP of Engineering at Choice Hotels & Alex Hesterberg, Chief Customer Officer at Delphix

- PST
OPEN TALK: Creating a Culture of Code Ownership
Join on Hopin
Ivan Diaz
Ivan Diaz
Bugsnag, Sr. Solutions Engineer


Every error does not concern every engineer. Your team members don’t need to be pinged about every application error, especially when an error occurs in someone else’s part of the code. In fact, it can become a negative distraction that takes away focus from their work. Join Bugsnag's Sr. Solution Engineer to discover why eliminating noise and focusing on the bugs that you can and should fix, drive a culture of code ownership, and improves developer productivity.

- PST
OPEN TALK: Testing in Production
Join on Hopin
Talia Nassi
Talia Nassi
Split Software, Developer Advocate


How do you know your feature is working perfectly in production? If something breaks in production, how will you know? Will you wait for a user to report it to you? What do you do when your staging test results do not reflect current production behavior? In order to test proactively as opposed to reactively, try testing in production! You will have an increased accuracy of test results, your tests will run faster due to the elimination of bad data, and you will have higher confidence before releases. This can be accomplished through feature flagging, canary releases, setting up a proper CI/CD pipeline, and data cleanup. You will leave this talk with strategies to mitigate risk, to better your understanding of the steps to get there, and to shift your company’s testing culture, so you can provide the best possible experience to your users. At the end of the day, we don't care if your features work in staging, we care if they work in production.

- PST
OPEN TALK: Continuous Packaging: Securing End-to-End Delivery, from Build to Production
Join on Hopin
Andrew Speed
Andrew Speed
Cloudsmith, Senior Engineer


In this session, we’ll explore how to secure your delivery pipelines, from development to deployment with key learnings including:

- Combining continuous packaging with integration & delivery.
- Applying holistic security principles across the whole value stream.
- Using infrastructure-as-code techniques to build, stage, and deploy.

- PST
OPEN TALK: Your Code, Your Responsibility
Join on Hopin
Martin Knobloch
Martin Knobloch
Micro Focus, Global AppSec Strategist

With the business increased the pressure and demand of flexibility of the development team, the agile movement was pushed to the limits. CI/CD was born to reduce manual step to reduce human errors and increase speed to go-live! Last not least, with DevOps the teams took application responsibilities, from cradle to grave. Nevertheless, software security is still missing in many full-stack developers resume and application security responsibilities are pushed off to the security department still. Petty, because the exactly agile, CI/CD and DevOps are security enabling practices.
This session is explaining Shift-left, early security enablement in the development Lifecycle. As the application development becomes more developer centric, the developer’s toolset must match the new challenges to have responsibilities matching capabilities. Learn from rugged software to supply chain cleanliness. Learn to avoid the common pitfalls and benefits of modern application development strategies. Hear why security champions programmes tend to fail, compliance driven security trainings are a waste of time and money. Take back the best practices, proven solutions and Shift Left beyond the development.

- PST
OPEN TALK: Observability for Software Teams
Join on Hopin
Shelby Spees
Shelby Spees
Honeycomb.io, Developer Advocate


Observability, instrumentation, telemetry--what does it all mean? This introduction to observability is for software practitioners who want to better understand the health of their production systems. Learn how to generate better data and gain new insights. You'll walk away ready to use observability to level up everyone on your team!

- PST
OPEN TALK: On-Call Best Practices
Join on Hopin
Julie Gunderson
Julie Gunderson
PagerDuty, DevOps Advocate
Mandi Walls
Mandi Walls
PagerDuty, DevOps Advocate

The always-on, always-available expectations of digital services have increased the requirements of technical teams to provide response and readiness around the clock. For teams new to this concept, introducing on-call can be challenging. There are technical and cultural considerations to keep in mind when adding on-call responsibilities to new teams. In this talk, we’ll look at some of those challenges and provide recommendations for folks who are dreading their new duties.

- PST
OPEN TALK: The Unseen Costs of Observability: The Need for Continuous Code Improvement
Join on Hopin
Cory Virok
Cory Virok
Rollbar, CTO, Co-founder

We’re quickly becoming better at building software. The increased adoption of microservices architectures and the move to open source are evidence of this. But, we’re not really that much better at fixing it. Finding and remediating bugs is a drain on developers’ time and productivity. We’re reliant on tools that tell us about the stability of our infrastructures. But with more lines of code being written today than the day before, it’s not enough. Teams are getting too much noise and false signals, creating alert fatigue. Developers spend too long investigating issues, struggle to prioritize what needs fixing, and become less productive.

How we build, test, deploy, and release has become more complex, so finding the root cause of errors has become harder. More contextual information is needed to quickly pinpoint where it’s occurring and better error signals can help reduce the noise by grouping together similar root causes which, in turn, alleviates alert fatigue. Plus, bugs should get resolved before users complain, which is still the top way companies find out about bugs despite all the tools they have in place.

And all of this is happening as companies embrace faster deployment models like CI/CD. It’s why the shift left movement is happening, to move testing earlier in the process to catch issues earlier. But what if you could shorten testing cycles and still catch errors before users do?

In this session, you’ll learn:

* Why developers need to be focused on continuously improving code, and not just observability
* How to boost developer productivity by spending less time debugging
* How to catch errors before users report them

- PST
KEYNOTE: Microsoft – Are We There Yet?
Join on Hopin
Emily Freeman
Emily Freeman
Microsoft, Principal Cloud Advocate


When DevOps surfaced as a concept 10 years ago, the economy was struggling, the cloud was a toddler, servers lived in office closets, and deploys were a monthly — or quarterly — Saturday exercise. DevOps was a novel concept, focused on breaking down silos and reducing conflict between developers and operations folks. It was simple, yet difficult to understand and implement. A decade on, I find myself like a kid in the backseat asking, “Are we there yet?” And even if we were, how would we know? This talk explores the state of DevOps, cloud expansion, and what’s next for modern engineering organizations.

- PST
OPEN TALK: Fine-Grained Authorization for Cloud Native System
Join on Hopin
Ash Narkar
Ash Narkar
Styra, Software Engineer

Every organization has security requirements influenced by the technologies in use, legal regulations, internal conventions, and so on. Policy enforcement is difficult because it often affects the entire stack, requires state from multiple locations, and must evolve over time as business needs change.

Organizations have relied on wikis and tribal knowledge to document and enforce important rules that govern how their systems behave, but today, many organizations pursue "policy as code" for greater control and visibility over their stacks.

In this talk, Ash will introduce the Open Policy Agent (OPA), an open source, general-purpose policy engine used by companies like Netflix, Intuit, and CapitalOne to enforce policies across a breadth of domains such as custom applications, container-management, i.e. Kubernetes, public clouds, server management etc.

This talk will highlight how fine-grained authorization can be achieved by organizations consisting of multiple teams, massive container deployments, diverse security requirements and how all of this can be made possible without significant changes to the existing infrastructure.

Friday, February 19, 2021

- PST
OPEN TALK: Agentless AI-Powered Cloud Threat Detection and Response
Join on Hopin
Arun Raman
Arun Raman
Blue Hexagon, VP of Cloud
James Wenzel
James Wenzel
AWS, Sr Solutions Architect
Saumitra Das
Saumitra Das
Blue Hexagon, CTO


In this session, Blue Hexagon and AWS present AI-powered cloud-native security for near real-time threat detection and response, deep visibility into cloud configuration and workloads, and achieving compliance with industry-standards. Delivered agentless and managed as code, this technology greatly reduces the burden of deployment and management of an effective security posture against adversaries, even as DevOps teams build and deploy business workloads at an agile pace.

- PST
OPEN TALK: Get Your Apps in Front of 800,000k Developers
Join on Hopin
Walt Ribeiro
Walt Ribeiro
Linode, Developer Advocate

Manage Databases with MySQL
Create, Deploy, and Manage Containers with Docker
Build and Manage Websites with Plesk

Over the past 17 years, the Linode community has grown to serve millions of developers and small businesses around the world. Tap into a diverse and growing community to accelerate your app's awareness and adoption.

Simplify your sales cycle, discover new customers and leverage co-marketing support from the Linode Partner Team. We're here to guide you through listing on the Linode Marketplace, and see what opportunities come next.

Once your listing is created, developers, teams, and companies can discover your solution in our library and quickly deploy it from our Cloud Manager, API, or CLI.

- PST
OPEN TALK: The Secret to Achieving Tech Giant Innovation Velocity
Join on Hopin
Dan Graves
Dan Graves
Delphix, Chief Technology Officer

Tech giants like Amazon, Google, and Microsoft have set a north star for companies around the world to stay competitive. They engineer away every impediment to fast, reliable software releases.

To achieve Internet and cloud speed and scale, everything, including data, has to be programmable and API-driven.

Over the last two decades, storage, compute, and code have all been automated, but data remains heavy, complex, and filled with security and compliance risks.

Join this session to learn how to solve your most daunting data challenges the modern way— with programmable data infrastructure.

- PST
OPEN TALK: Real-World Insights on Container Security and Usage
Join on Hopin
Knox Anderson
Knox Anderson
Sysdig, VP of Product
Aaron Newcomb
Aaron Newcomb
Sysdig, Director of Product Marketing

Cloud and Kubernetes adoption led to greater container usage in 2020. Staying up-to-date with the latest trends in security and monitoring for Kubernetes and container environments is more important than ever.

In this session, you’ll hear real-world examples of nearly one billion unique containers deployed in today’s modern global enterprises. You’ll walk away with new knowledge about:
- How organizations are dealing with container security concerns
- Interesting shifts in runtime and registry usage
- Usage trends that impact container security
- Practices others are using to to run containers with greater confidence
- Trends in lifespan and density as container usage matures

- PST
OPEN TALK (CloudWorld): Why Developers Struggle with AppSec (and How to Make It Better)
Join on Hopin
Scott Gerlach
Scott Gerlach
StackHawk, Co-Founder & CSO

We’ve all heard the buzz around pushing application security into the hands of developers, but if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone - putting the culture, processes, and tooling into place to make this happen is tough. Join StackHawk CSO Scott Gerlach as he shares his triumphs and failures while building DevSecOps practices and tools at companies such as GoDaddy, SendGrid, and Twilio. Dig into specific reasons why developers struggle with AppSec and what you can do to make it work better. Whether you’re a seasoned DevSecOps pro or just starting out, this will be an entertaining (and judgement-free!) talk you won’t want to miss!

- PST
OPEN TALK (CloudWorld): The Good, the Bad and the Ugly: Keeping Your Service Reliable with SLIs and SLOs
Join on Hopin
Prathyusha Charagondla
Prathyusha Charagondla
Adobe, Site Reliability Engineer, Cloud Technology

With increasing service traffic and services scaling, the need to ensure reliability and customer satisfaction has never been higher. How can we ensure that a service is reliable and the needs of customers are met?

Through defining and monitoring SLIs and SLOs! This talk will cover why strategically defining SLIs, SLOs and SLAs and monitoring SLIs can help improve the reliability of your service and ensure customer satisfaction in the long term. We follow this by walking through the process of defining these critical metrics, and go through some case studies and industry practices.

- PST
OPEN TALK: Building a Data Plane with K8ssandra, Apache Cassandra on Kubernetes
Join on Hopin
Chris Bradford
Chris Bradford
DataStax, Product Manager


K8ssandra has made it effortless to deploy Apache Cassandra on Kubernetes. Long a simple means of deploying stateless applications, modern tooling and APIs has facilitated the move of databases to this pervasive platform. Join Chris Bradford in deploying the K8ssandra stack to Kubernetes. Learn how it packages a production Cassandra deployment with supporting tooling alongside Stargate, a next generation data gateway. We will explore everything from the management interfaces leveraged by DevOps teams to performant, highly available, REST, Graph, and Document APIs for developers.

- PST
OPEN TALK (CloudWorld): Recipe for Doing Devops within Your Enterprise with Kubernetes
Join on Hopin
Mayank Kumar
Mayank Kumar
Salesforce, Architect

You have successfully stepped on the Kubernetes bandwagon and joined the multitude of companies who think Kubernetes will solve all their problems. But no one told you how. What kind of DevOps processes need to be build on top of Kubernetes to reap the benefits of all that was promised ? How do you do CI/CD, monitoring, On calls, upgrades, maintenance and more. More, so how do you do all this when your Enterprise runs on bare metal and machines go down and never come up for weeks ? You will leave this talk with a recipe for doing DevOps within your Enterprise using Kubernetes. You will become more confident of the exact steps you need to follow to deliver a good experience for your internal developers while still maintaining their trust and zero downtime for their applications. You will also learn about delivering software using staged manner across your data centers. All of this will be shared from a real experience of running Kubernetes clusters at Salesforce.

- PST
OPEN TALK: Groove with Ambiguity: The Robust, the Reliable, and the Resilient
Join on Hopin
Matt Davis
Matt Davis
Blameless, Senior Infrastructure Engineer

The networked software systems we build are increasing in complexity every moment. From the abstractions of cloud hosting and inherited libraries to container scheduling and third-party vendors, the turtles go all the way around!

Today the most successful builders and operators are embracing complexity through CI/CD, Chaos Engineering, and innovation in Incident Response. They realize that the adaptive world around us is advancing at such a breakneck speed, it is leaving our capacity to understand it in the dust. That humans and technology must race a gauntlet of automation surprises and collaboration challenges as a team, learning and improving along the way.

This session showcases methods of deploying, running, and navigating complexity. It offers a practical view of how software systems can scale and remain robust to failure (like fallbacks or high-availability), achieve highly reliable socio-technical operations (via runbooks and game-days), and adapt to surprise through techniques of resilience engineering (graceful extensibility and building for adaptation).

- PST
OPEN TALK: Building a Progressive Web App from Scratch
Join on Hopin
Rui Barbosa
Rui Barbosa
OutSystems, Developer Advocate and Evangelist

Are you ready to say goodbye to your application backlog, and hello to developing apps at lightning speed? Look no further than progressive web apps. 

Progressive web apps (PWAs) are web apps that provide end-users with a frictionless experience while still offering the features of the native-like applications they know and love. Some of the key benefits of PWAs include cross-platform, independent distribution, no installation, and offline capabilities. 

In this session, Rui Barbosa, Developer Advocate at OutSystems, will demonstrate how to quickly build a mobile application from scratch and immediately distribute it using PWA technology. See how the OutSystems platform can empower you to become a world-class problem solver!

- PST
OPEN TALK: Testing Security of Micro-Services, APIs and Cloud-Native Apps in Your CI/CD Pipeline
Join on Hopin
Asma Zubair
Asma Zubair
Synopsys, Product Management Manager

Are you struggling with security testing of your APIs, web-services or cloud-native applications? Are you looking for new ways to test security without impacting velocity? Would you like to get visibility into sensitive data that your application handles? If answer to any of these questions is yes, allow us to introduce you to new and unique ways to perform security testing. In this session, we will give you an overview of developer friendly security test tools from Synopsys for unparalleled accuracy and visibility into application vulnerabilities with remediation guidance and just-in-time contextual training to help your developers with remediation effort to improve your application security posture.

- PST
OPEN TALK (CloudWorld): How to Get Quick-Started into AWS CloudFormation
Join on Hopin
Roland Heusser
Roland Heusser
SRI International, Software Engineer

Provisioning AWS resources one by hand is tedious and cumbersome, especially in an environment where you have multiple similar set ups. Learn how you can use AWS CloudFormation to simplify setting your virtual machine up and how it can be used to even install and configure your software for you.

- PST
OPEN TALK: Road to Observability: Centric or Agnostic - That Is the Question
Join on Hopin
Chris Engelbert
Chris Engelbert
Instana an IBM Company, Senior Developer Advocate

As distributed systems grow bigger they have become more complex and harder to manage. The amount of data coming out of these microservices based applications is more than any human, or even group of humans, can process on their own. Because of this, AIOps is essential for proper management of all the Observability data points.

With a look into the AIOps space, there are many different options to choose from. And, those choices are not just limited to products and companies. A bigger challenge is to understand the different routes to implement data gathering. Domain-Centric or Domain-Agnostic are the two main approaches.

In this presentation I’ll walk down the road of issues, how they can be solved, and take a quick tour into the differences of Domain-Centric and Domain-Agnostic approaches, as well as their pros or cons.

- PST
OPEN TALK: Why Your APIs Should Fly First Class
Join on Hopin
Robert Ross
Robert Ross
FireHydrant, CEO and Co-Founder

Picture yourself flying First Class. You board the plane first, you get champagne, and you feel as though you’re the most important. Why not treat your APIs the same way? Join FireHydrant’s CEO and Co-Founder, Robert Ross, for this session where he’ll share why putting your APIs first can be a game-changer for your business.

In this session we’ll discuss:
- The benefits of building your API first and how it can pay dividends in the long haul
- The different types of APIs and which choice is the right choice
- The importance of hosting API documentation