Tuesday, September 29, 2020
As a DevOps professional it can be daunting to select a cloud provider when you’re tasked with building out your company’s infrastructure from scratch. There may seem like some “obvious choices” out there, but this isn’t necessarily the case at a startup where you are the solo or duo DevOps team. You could encounter several challenging things along the way, including (but certainly not limited to!) orchestration in the cloud, future-proofing a fresh, rapidly growing environment, security compliance requirements from SOC2, RBAC implementations and, of course, incorporating “ease of use” into every process along the way.
At Cmd, we are able to deploy an immutable/mutable hybrid infrastructure, while at the same time controlling user access with ease! We hope our contributions at this talk help the DevOps community understand why we looked past some choices when selecting our tech stack, the ways in which we approached the challenges that come from going off the beaten path and how we resolved these challenges at Cmd to create a more efficient operation that adds value across the organization.
With increasing service traffic and services scaling, the need to ensure reliability and customer satisfaction has never been higher. How can we ensure that a service is reliable and the needs of customers are met?
Through defining and monitoring SLIs and SLOs! This talk will cover why strategically defining SLIs, SLOs and SLAs and monitoring SLIs can help improve the reliability of your service and ensure customer satisfaction in the long term. We follow this by walking through the process of defining these critical metrics, and go through some case studies and industry practices.
Over the past decade, DevOps has solidified itself as the best-in-class way for engineering teams to build, deliver, and operate software. Software companies that have started in more recent years have had the fortune of being able to bake DevOps in from the beginning, and older companies know that DevOps is the future. With this proven model, however, application security has not kept up.
The current application security model is broken. While operations and QA were “shifting left,” embracing automation and dev-first tooling, application security stayed stagnant. Many application security teams today still rely on infrequent production-only scans, outdated tooling, and internal cultural processes that prevent scaling. In this talk, StackHawk Founder & CEO, Joni Klippert, will dig into her learnings from building DevOps focused VictorOps from seed stage to its acquisition by Splunk and where the future of application security is headed.
Learn how engineering teams can take ownership of their AppSec, the role security teams can play in building infrastructure for secure application development, and how this all can be automated in the pipeline.
It can be hard to know exactly what's going on inside our serverless stack. Code within a cloud provider can feel like a 'black box' even when it's running well, and is especially worrying when something is going wrong!
I'll show how you can use open source tools and design planning to know what's really happening inside your stack. Well cover root cause analysis, cost optimization, and performance monitoring.
Wednesday, September 30, 2020
Continuous Integration, Deployment and Delivery can be a hard concept for many people coming into agile. The act of continuously pushing new code into production frequently can be scary. For some the idea is so far out-there, they think they could not possibly achieve it and never try. This workshop will focus on practicing building, testing, deploying, and managing self-served services in cloud.
Your DevOps teams need to embed security as they ramp containers and Kubernetes in production. As cloud providers release new services constantly, you not only need visibility inside containers, but also the cloud infrastructure, applications and services used by your teams. With a secure DevOps workflow, your team can spend more time developing apps and less time reacting to issues.
Running secure containers requires that security and DevOps work better together. Join us to understand how to:
- Automate scanning including for Fargate workloads within CI/CD pipelines (Jenkins, Gitlab) and registries (ECR, GCR)
- Detect runtime threats with open-source tools like Falco and continuously monitor your cloud using AWS CloudTrail
- Prevent threats at runtime using Kubernetes PodSecurityPolicies that doesn’t impact performance
- Conduct incident response and forensics, even after the container is gone
- Continuously validate compliance against PCI, NIST, CIS. etc.
There is no public data available on how developers use feature flagging and the resulting impact on delivery cycles. This lack of data prevents teams from benchmarking their feature flagging practice against the industry. In this talk, I will present data - collected across hundreds of customers - on how developers use feature flags in their daily jobs. This data will range from the time it takes teams to release a feature behind a flag to the number of times a flag has to be turned off in an emergency. Armed with data, teams can understand what to expect when they widely adopt flags as well as compare their existing state to the industry for improvement.
git is one of those things that you either get or you don't yet. Having used git almost exclusively since 2008 I will share a non accurate but very useful way of making sense of it all!
By the end of this session, you will be rebasing your git experience onto master!