Dev Innovation Summit Main Stage
Wednesday, August 18, 2021
Traditionally the development process of a product or feature is being passed around between people with different roles - Scrum masters, Architects, developers, QA, DevOps, etc.
By empowering developers to do most or all of these responsibilities we allow for a streamlined process.
You can rightfully argue that a QA professional, for example, will be much better on average than a developer in finding bugs but in some cases, the cost to the process and the lack of flexibility is greater than the benefit.
After working this way for a few years I want to share how we managed to get this approach working for us and where we are still trying to improve.
I'll also share what this approach does to the culture of an R&D organization and what can we benefit from it in terms of growth opportunities and retention for developers.
OPEN TALK: Innovation Beyond Technology: Creating a Groundbreaking Tech Solution with Freelance Talent
When Alexander Weekes, a Toptal freelance project manager, began working with client ArthroLense, the small start-up consisted of two orthopedic surgeons and an idea. As the project manager, Alex and a team of freelance developers helped transform their idea to use augmented reality in surgeries into a salable product with a multi-million dollar valuation.
In this interactive session, Alex will tell the story of ArthroLense, the pioneering innovator of image-guided surgical assist technologies.
He will discuss:
- How, as a project manager contracted by Toptal, he created the processes, selected the tools, and bridged the gap between technical, medical, design, and financial perspectives.
- Working with cutting-edge augmented reality hologram technology.
- Why the future of high-caliber, innovative projects is freelance contractors.
Site Reliability Engineering and the DevOps movement share a similar set of challenges but addresses each in a different way. SRE got its start at Google in 2003 and according to Ben Treynor, VP of 24/7 Operations: ”SRE is what happens when you ask a software engineer to design an operations team”. In 2016, Google published a book about Site Reliability Engineering principles, practices and organizational constructs.
The practice of Site Reliability Engineering at Google encompasses more than just managing production systems and responding to emergencies. Applying software engineering in a principled way to operations allows SRE to holistically address the reliability of software applications across the product lifecycle.
Implementing SRE in an organization requires a commitment to supporting some core principles and a fundamental culture shift -SRE needs Service Level Objectives, with consequences.
-SREs have time to make tomorrow better than today.
-SRE teams have the ability to regulate their workload.
-SREs and the organization’s leaders remove the word ‘blame’ from their vocabulary.
This talk will highlight key SRE principles and how they map to recognized DevOps focus areas. We’ll also discuss how any organization can adopt SRE, and how our recent experience of working with our customers on implementing SRE practices has shown these principles will work across a range of organizations of different types and sizes.
While the business keeps increasing the pressure and demand of flexibility of the development team, the agile movement was pushed to the limits. CI/CD was born to reduce manual step to reduce human errors and increase speed to go-live! Last not least, with DevOps the teams took application responsibilities, from cradle to grave. Nevertheless, software security is still missing in many full-stack developers resume and application security responsibilities are pushed off to the security department still. Petty, because the exactly agile, CI/CD and DevOps are security enabling practices.
This session is explaining Shift-left, early security enablement in the development Lifecycle. As the application development becomes more developer centric, the developer’s toolset must match the new challenges to have responsibilities matching capabilities. Learn from rugged software to supply chain cleanliness. Learn to avoid the common pitfalls and benefits of modern application development strategies. Hear why security champions programs tend to fail, compliance driven security trainings are a waste of time and money. Take back the best practices, proven solutions and Shift Left beyond the development.
Did you know that the way you type is unique?
Join this session to find out how typing biometrics evolved, its current use-cases in CyberSecurity, and get a glimpse into its future applications for Personal Productivity and beyond.
Organizations are thriving for productivity and agility. And the billion dollar question of the technology industry today is, how do we get there? The answer mostly lies in the hands of developers. If developers can produce quality software, at pace, and keep sustaining it forever, we can build dynamic and agile organizations successfully. However, the technology landscape of today’s industry is overwhelming. Developers are burdened with so much complexity, it creates a lot of confusion and sucks out their energy in solving meta problems instead of focusing on the business need.
This talk is about introducing the concepts of Cloud Native Engineering and teaching how it can help organizations build dynamic teams capable of delivering quality software at scale.
The cloud is a fortress. Public cloud infrastructure is owned by a handful of companies with hardly any oversight. They get to decide who to welcome, who to block and they can slow transmissions. Not that they will, but they can. Once organizations select a cloud provider, they essentially have no choice but to trust a monopoly that could also become a competitor. But it does not need to be. Thanks to Kubernetes, Cloud Neutrality is now only possible, it is easy.
In a few minutes, we will deploy a cloud neutral Kubernetes cluster that spans across any number of cloud providers and will show how your workloads are free to roam between clouds, automatically switching for cost optimization, scale, performance or simply for resilience to a cloud failure.
How can you make time for real innovation and improvement?
How do you know what to automate next?
How do you escape process prison?
How can you get everyone aligned to make a difference?
How do you get from where you are to your next performance target?
Flow Engineering builds on the lean practice of value stream mapping with a full framework of collaborative mapping techniques. You can use it right now to reveal your biggest opportunities, eliminate hours of friction every week, and invest in what's next.
I'll introduce 4 powerful maps: Outcome, Value Stream, Dependency, and Capability, that you can co-create with your teams to uncover hidden insights and opportunities. I'll show you how to take those insights and create a powerful roadmap of actions and experiments to dramatically improve flow and deliver continuous value.
Use it to improve your:
- Development process
- Planning and shaping
- Delivery/Data/Testing/Analytics/Logging Pipeline
- Employee/Customer Onboarding
- Support/Failure Recovery/Incident Management
- Workflow of choice
…and start spending more time on what's next
In this talk, I will share the story of how LinkedIn designed our software engineering system, Multiproduct, and what we’ve learned from implementing, operating and evolving over the last ten years. I will share examples of design and implementation decisions we’ve made and how those decisions impacted our ability to develop and deploy software. I will describe tools and automation we’ve built and the organizational structures that have emerged to support our software development system. You will learn about LinkedIn’s multi-repo code setup and how we leverage semantic versioning and dependency management to share code across our product ecosystem. The lessons we learned will help you with your decisions when designing a software engineering system for your company.
Few software-driven organizations have the resources to interview and achieve aggressive hiring targets, while at the same time building innovative products that drive revenue. During this session, Mo can discuss how the way organizations hire today is driving down company performance, productivity, and morale - and how we can fix it
Thursday, August 19, 2021
Observability is about more than building a reactionary response to latency and outages. Whether or not you focus on it today, at the core of your team is an “Engineering Flywheel”. Keeping talented engineers engaged, maintaining a cadence of feature releases, measuring the impact of new tech - these improve when you tighten the feedback loop on the one thing they all focus on, the service itself.
In this session, we'll cover the new challenges microservices architectures have presented us all with and explain how to create an effective Observability strategy that can accelerate your Engineering Flywheel.
Managing dozens or hundreds of distributed services and microservices on a scale can be very challenging. As developers, we are often blind to how our application behaves in production and the areas we need to check to find and prevent issues early on in the development process, before deploying new versions.
In this talk, we’ll show you how to leverage the open-source OpenTelemetry to collect and analyze the relevant data from production, and how to use it pre-production, during development and testing phases, to improve your code quality and overall success in preventing issues before deployment.
By relying on production behavior, we can automatically generate more efficient tests, catch dependencies that are about to break in real life, and have our developers more productive & product-oriented.
As real-time distribution mechanisms like Pub/Sub become commodified parts of application architectures, developers are discovering a need for more sophisticated functionality than just simple message delivery. Traditionally, developers and software architects have struggled with the complexities of creating event-driven, real-time web, mobile, and IoT applications. This is because they are not data “wrangling” experts. Data wrangling comprises mapping raw data into another format suitable for another purpose and is critical to event-driven application development. However, without the right tools, data wrangling can be a laborious task, as it typically involves restructuring of large amounts of data.
This talk explores the growing value of data-wrangling at the network edge, and how pragmatic, app-focused platforms like GraphQL mark the future of real-time data architectures.”
In this session, Vlad will explore why monday.com changed the technology its API had traditionally run on as the platform matured, and challenges the team overcame as it adjusted to working with GraphQL. Vlad will share monday.com’s journey into building the API and discuss how users across industries are using monday.com's API for custom workflow apps.
Each time we talk to our customers, the same story repeats. Hundreds of APIs are being built by agile development teams, released several times per week, with limited consideration for how secure they will be. AppSec teams play a constant game of whack-a-mole, trying to patch issues in production, issues which occur because they could not test and review the APIs as they were published. Too many changes, too little time, very few resources.
How do we break this vicious circle ?
This talk is inspired by my experience working with many large enterprises, helping them engrain security into their APIs lifecycle and changing their development culture. I will share the lessons learned as we worked together on breaking the habits that led to 1 billion of data records leaked via APIs in the last 12 months alone. We will use real data breaches to illustrate the mistakes that lead to those security issues and explain how to address them by changing the way you design and develop your APIs.
We describe a way of the established on-prem ISV re-inventing itself as a SaaS provider, incidentally breaking enterprise content management industry standards in scalability in the process, and returning to on-prem customers in a hybrid scenario, thus completing a full circle. We will share the tools we built and used, DOs and DON'Ts and postulate a trend: it is still users that matter the most at the end.
Web applications are high-priority targets for hackers. The inherent complexity of their source code, which increases the likelihood of unattended vulnerabilities and malicious code manipulation, allow cyber criminals to easily automate and launch an attack against thousands, or even tens or hundreds of thousands of targets at a time. And best of all, they may result in a plethora of rewards - sensitive private data and damaged customer relationships. In this session, Imperva CTO Kunal Anand will review best practices in web application security. He will explain how their vulnerabilities are often exploited to either manipulate source code or gain unauthorized access and the various attack vectors used. Finally, he will outline the processes that should be part of any web application security checklist. He will also speak to the more challenging questions around who bears the risk in such a connected IT environment.
Do you want to get started using APIs and automation? APIs can add great value to any Automation use case and a wide range of platforms now expose REST APIs. The goal of this session is to introduce attendees to the basics of using REST APIs in an application, and to provide them with the skills to start engaging in this growing area. This session will teach participants the concepts needed to create applications that consume REST APIs. We will go through the anatomy of a REST API and some tools and examples to get you started.
APIs connect businesses, people, and things. They are everywhere nowadays, allowing developers to unlock new opportunities for innovation. This talk is on public API design and governance process. It is meant for technical people involved in creating interfaces that empower 3rd party developers. The audience will learn about the overall governance process with a focus on design, compliance with standards, relying on patterns and the OpenAPI specification.