Wednesday, November 17, 2021
KEYNOTE: Austin Tech Council -- When to Take the Leap
The discussion will revolve around knowing the right time to go into entrepreneurial endeavors.
What I Wish I Knew about Security When I Started Programming
Eighteen years into my career, I decided to pivot and move from infrastructure-related work to the world of application security. If there’s one thing I’ve learned in the three years of working in application security is that it’s a funny business. Our entire business model is based on pointing out the mistakes of other programmers. In this talk, I want to shoot myself in the foot and share some concepts that could help eliminate a lot of those mistakes, and reduce my job to snuffing out the more interesting mistakes.
Building Security Champions
With security teams being vastly outnumbered many organizations have responded to this challenge with different program scaling methods, including building security champions programs. Which leads us to questions; How does a security champions program work? How do you select your champions? And once you have them, what do you DO with them? This session will teach you;• How to attract the right people to your program • What and how to train them • How to engage them, and turn them into security advocates • What do delegate and what NOT to delegate • What to communicate, how often and to who • How to motivate them • How to build an AMAZING security champion program Recipe for success; recruit, engage, teach, recognize, reward, don’t stop.
From Zero to Monitored
This talk will cover some of the basics of how to get started with metrics and getting your simple web application to have monitoring. Not only will we cover which metrics are best for SLIs and when and what your SLOs should be, but also when to incorporate logs and tracing, as well as metrics. Participants will expect to know some observability basics and how to use the monitoring to understand system health and avoid some potential incidents.
KEYNOTE: Cobalt -- 3 Tangible Ways to Put the Sec in DevSecOps
In order to avoid being front page news for having fallen victim to a big cyberattack companies must learn to incorporate security processes directly into their development process, cue DevSecOps. Despite the growing prominence of DevSecOps, the disparity among security and engineering teams, along with a traditionally “reactive” approach to security often stifles critical DevSecOps practices. In this talk, Chief Product Officer at Cobalt, Eric Brinkman, will show the importance of adding security practices into DevOps lifecycles, and how proactive security measures like pentesting can be integrated into developers’ workflows. Additionally, Eric will give real examples of how security and engineering teams can work hand-in-hand to test faster, remediate risks smarter, and ultimately make security stronger.
Kubernetes Spending Run Amok? How to Slash Costs Without Impacting Performance
If you feel like you’re spending a pretty penny on Kubernetes-related cloud costs these days…well, at least you’re not alone. A 2021 Cloud Native Computing Foundation report—the first of its kind—recently found that 68% of organizations are spending considerably more on Kubernetes than they were a year ago. Kubernetes spending has been skyrocketing, stemming from a combination of overprovisioning coupled with low accountability and a lack of visibility into ever-higher costs.But writing increasingly bigger checks isn’t the only option. By understanding different Kubernetes cost monitoring techniques and implementing best practices for allocation and efficiency, you can drastically rein in Kubernetes costs without a ton of effort (and improve relations between finance and engineering teams in the process). This DeveloperWeek session will guide you through the various Kubernetes cost monitoring models at your disposal, such as showback and chargeback, and help frame the decision about which model is best suited for your organization (these solutions aren’t one-size-fits-all). The talk will also present best practices for implementing a Kubernetes cost monitoring strategy that’ll tick all the boxes for cost transparency, visibility, and accuracy. Attendees will come away with a clear plan of attack for how they can champion better Kubernetes cost controls within their organizations.
OPEN TALK: Introducing "Continuous Design/Continuous Integration"
Introducing Continuous Design/Continuous Integration Agile processes have become mature contributors to the evolution of developer operations for the build to deploy stage, but what about design? After all, creating the user interface typically takes up to 60% of the total development time, easily representing the most attractive opportunity since Agile itself to redefine how apps are built. Not only is it an enormous expense, but mistakes between designers & developers can impact an app well after launch. Since design is now largely digitized it seems like a no-brainer to build automated conversion tools that integrate designer/developer workflow into what we could call “Continuous Design/Continuous Integration”. So where are they? In this talk, Parabeac CEO Ivan Huerta describes the reasons why it is much harder than you might expect, and what CD/CI would need to look like to be truly functional. Ivan outlines the major challenges that have kept CD/CI from coming to fruition and the new pathways within which CD/CI tools could now be on the near horizon. He predicts how the CD/CI market may present itself over time, and what the substantial and surprising long-term impact might be. Agile gave adaptive energy to the build and deploy stages of app development. CD/CI simply extends that backward to include the design stage as well. But when CD/CI platforms become an integral part of automating developer workflows, the reduction in development costs may only be a small part of the story compared to CD/CI’s impact on the transformation of traditional developer roles. Ivan closes his talk with a discussion of the potential implications of that transformation. A more detailed outline of the talk is available on request.
OPEN TALK: Congrats, You’re Containerized! How Much Tech Debt Do You Now Have to Pay Off?
Looking into the trade-offs a lot of teams make to move into containers and Kubernetes and how they should plan to address those that keep them from the velocity they are seeking... and make sure they do so securely.
KEYNOTE: Stoplight -- Digital Transformation Through a Design-first Approach
You wouldn't build a house without a blueprint. Why build APIs without a plan? But you also can't build a house without the proper infrastructure. It'll take work to get your organization ready to shift left into a design-first API strategy. Learn how to prepare your organization to create a winning API program. -Why APIs? -What is holding organizations back? -What is design-first and why does it matter?
Thursday, November 18, 2021
BrainDB: An Abstraction of the Manager’s Brain into Databases
Managing one developer is not the same as managing several developers, and it is certainly much different than managing a dozen developers. At each step of our evolution as managers, we are required to acquire new sets of tools in order to process, store, fetch and optimize the way we handle and consume information around us. Similarly, when solving complex engineering problems, various sets of database combinations are needed in order to provide optimal solutions. In this talk I’ll show the correlation between the manager’s brain and its database-like abstraction, promoting a crossover between these worlds which may help you scale up your managerial skills.
KEYNOTE: Moogsoft -- How to Prevent Burnout and Improve Your Developer Culture
Developers, SREs and engineers are wired to be in fire fighting mode. Understandably so, as they’re constantly putting out fires and preventing new ones while keeping customers happy, innovating the product and keeping the business up and running. No pressure, right?In addition, these professionals put a lot of stress on themselves to be all-knowing and to work longer, harder and faster than others. This is especially true in the startup world, where some may clock 100 hours each week. Does this make the developer who clocked 40 hours a slacker? Not if you want to avoid burnout. There are a couple of reasons why burnout is becoming so prevalent in the developer culture: - Developers, SREs and engineers constantly feel like they need to keep up with the knowledge of their peers and the pace of changing technology. If they don’t know the answer to a question, chances are they quickly Google the answer on the side instead of asking for help. No one wants to feel vulnerable because of their lack of knowledge, but the pressure developers, SREs and engineers put on themselves can quickly feel like an all-consuming failure. In reality, someone is always going to know a little bit more than another person and not fessing up to needing help creates silos of knowledge and quashes collaboration. - For some, it’s easier to not take a vacation at all than to go on vacation and think about work the entire time, or worse, actually spend time working on vacation. This again leads to burnout as teams are constantly working with no break. What can leaders do to improve the developer culture and to ultimately prevent burnout from happening in the first place? During this session, attendees will hear from Thom Duran, director of SRE at Moogsoft, on incorporating a culture of trust, transparency and growth for developers, SREs and engineers. Takeaways include: - Build a culture of trust and learning. As mentioned above, some developers and SREs are more likely to Google an answer than admit they don’t know it. As a leader, it’s important to instill a culture of learning by asking questions that others may have. As a leader, you likely know the answer, but opening up the conversation and encouraging questions mitigates the pressure to know every answer to every question. - Develop a strong training program. On day one of a new hire orientation, give them a list the company’s tools and encourage them to pick one or two to focus their expertise. Additionally, have other team members share their tips and strategies for processes or their advice for getting ramped up. Instilling this mindset during the training process encourages learning from day one. - Adopt modern tools like observability and AIOps. Observability and AIOps is on the rise, and it can not only make systems better, it can also strengthen teams through collaboration and transparency. AIOps allows teams to automate mundane tasks in the background so they can focus on the larger, customer-facing issues and collaborate on delivering the latest and greatest technologies. With observability and AIOps working together, teams have the data and knowledge to know what’s happening, why it’s happening and who is responsible for fixing it. Because teams have eyes on everything their colleagues are working on, responsibilities flow seamlessly between them. People can finally take that much-needed vacation without checking email or feeling that they are dropping the ball. Observability and AIOps empowers teams to collaborate, learn from each other, work together to overcome challenges — and sleep better at night. With these tools and team trust in place, gone are the days of finger pointing and blaming others when a system fails. - Include remote employees. As companies announce extended work from home orders once again, it’s important that leaders implement this same cultural mindset for remote employees. For example, at Moogsoft we have a tool that randomly pairs us off with other team members for an informal coffee break. The only rule is we can’t talk about work. We also have a very active Slack channel that encourages banter...and admittedly places bets on which hat I’ll wear that day. And when we do have Zoom meetings, I never call an end to them because the end-of-call chat is just as valuable as the meeting itself. By incorporating an open and welcoming environment, leadership helps prevent burnout. People want to come to work and more importantly, enjoy it.
KEYNOTE: Rev -- From Cloud to On-Premise: An API’s Journey
Today, API software solutions are usually designed first for the cloud, and often a particular cloud services provider. This was the case for rev.ai, our speech to text API. However, many use cases still require on-premise or at least private cloud deployments - whether due to privacy, latency or cost considerations.
This session will describe how we adapted our cloud-based speech-to-text API for on-premise deployment and the challenges we faced in doing so. We will discuss maintaining consistency between cloud and on-premise APIs, maximizing code reuse, and enabling platform-agnostic scalability.
The Importance of Visuals in Teaching Code and Reducing Bias
Python can be taught line by line but not everyone is comfortable with purely text and logic based explanation of coding. The current status quo is to teach showing lines of code with inputs and outputs though a lot of visual learners aren’t going to easily grasp that. What if there was a way to communicate the code concepts with images? This talk will show how using geometry and modeling can acclimate novices to coding concepts using visual-spatial examples reinforced by coding concepts applicable anywhere.
Outline:
* Problems with how Python is currently taught
* How people use visuals to learn
* Demonstrating code with the visual medium
* Visual scripting options like Rhino Grasshopper, Revit Dynamo and others
* This editors can take code and display it diagrammatically and geometrically
* Grasshopper - https://www.rhino3d.com/6/new/grasshopper
* Dynamo - https://primer.dynamobim.org/01_Introduction/1-2_what_is_dynamo.html
* Getting people to go from visuals to text coding
* Get a different take on how to communicate coding to beginners and non-technical folks
* See the options for non-textual python coding
* How to use diagrams to communicate coding concepts
* Using Visual scripts to code 3D objects to demonstrate to learners how the code works in a fun way
Change Is A Sport: Getting Yourself, Team, and Business Out Of Deadlock
Machines are only capable of doing what they've been programmed for. Programs are only as good as the person who created them. And people are only as good as they believe themselves to be. Most people would like to achieve different results than they are today, across many areas - at work, at home, in their relationships. Achieving a change in results is a science; but getting people to believe that they are capable of change is a sport. Good leaders get people to believe in them. Great leaders get people to believe in themselves. This talk will address how to find limiting beliefs for yourself and blind spots for your team, and provide a method for changing the outcome of those blockades.
CLOSING KEYNOTE: ESO Solutions -- Data Mesh: An Emerging Paradigm for Managing Data at Scale
In 2019, Zhamak Dehghani published a thought-provoking article highlighting common failure modes of centralized data architectures and advocated instead for a decentralized, domain-oriented approach in which data is managed as a product. This paradigm is described as a Data Mesh and it builds upon prior architectural concepts such as microservices, domain bounded contexts and elastic platform infrastructure solutions that unlock scalability. In this talk, we will discuss how Data Mesh can be applied by organizations that are looking to expand their product offerings, perhaps even through growth strategies that include mergers and acquisitions. If you are struggling to derive value from your organization’s data due to overly complex and coupled ETL pipelines or monolithic big data stores, Data Mesh will likely be a refreshing new take that intuitively resonates with teams who need agility in managing, serving and composing novel insights from their product offerings. Additionally, if you are leading development teams, Data Mesh can provide the missing blueprint that allows you to escape an org chart in which data engineers are siloed from the subject matters experts who can best articulate how your organization’s data can be utilized to great effect.