WorldFestival 2022 WorldFestival 2022

Dev Innovation Summit

Wednesday, August 3, 2022

- PDT
Unravelling Cloud Security Posture Management for Public Cloud
Ankit Rao
Ankit Rao
Zscaler, Senior Software Engineer

This session will aim to introduce the audience to the basics of cloud security and the security model for Public clouds. Further, the emphasis will be mostly on Cloud Security Posture management, introduction and overview of cloud native CSPM services (like AWS Security Hub, Azure Defender ) and a short demo on how these services help automate best practice checks, aggregates alerts, and support automated remediation. 

- PDT
Rebuilding Security Culture with Security Champions: Our experience at IBM, Red Hat & NatWest Group
Siddharth Pareek
Siddharth Pareek
NatWest Group, Senior Vice President Consulting
Ann Marie Fred
Ann Marie Fred
Red Hat, Senior Principal Software Engineer

A Security Champions program is key to a modern cybersecurity strategy. Learn how to start your own.

Known vulnerabilities are a fact of life, especially with open source software. Cyber Security Intelligence tracked over 18,000 CVEs and at least 66 Zero-Day Vulnerabilities in 2021. According to the Sonatype 2020 DevSecOps Community Survey, 24% of organizations surveyed revealed a breach within one of their web applications in the prior 12 months. The average cost of a data breach was $4.24 million, according to the IBM 2021 Cost of a Data Breach Report.

The only way to keep up with the fast pace and demands of cybersecurity today is to scale up the security expertise of your technical workforce. This talk explains why setting up a Security Champions program is such an important part of an overall security strategy. Then it goes into detail on how to get your own Security Champions program running, the realistic costs of such a program, and what benefits you can expect from it. We’ll talk about grassroots programs at three companies: IBM, Red Hat, and NatWest Group.

A Security Champions program is repeatable, cost effective, and can be applied to a broad range of industries. Attendees will come away with a step by step approach that can improve cybersecurity practices at their own companies. 

- PDT
KISS - Building a Consistent Developer Experience
Ravi Lachhman
Ravi Lachhman
Shipa, Field CTO

Simplicity certainly has its virtues. The KISS Principle [keep it super simple] favors simplicity over complexity in system design and operation. As software engineers are vanguarding into innovation work to deliver features, from the outside they might seem like they thrive on complexity constantly solving unknowns. Though there is a long road between the idea and production. Even when developers are on and off-boarded to different teams, mileage might vary in the same organization due to very different paths to production.

Cognitive load and context switching can really slow feature velocity down. Also having overly complex routes to production puts a damper on Developer Experience [DX]. With what seems like a bulk share of the technology verticals shifting left since they can be provided as code/configuration e.g YAML, expertise can be lost without a proper platform engineering domain. A major goal of platform engineering is to keep the experience similar across teams.

Learn in this session about keeping goals to KISS and how that can be achieved to even create a “consistent one-line developer experience” [they say the easy button is hard to create]. Reducing toil and complexity can lower the bar of entry for software engineers to focus more on innovation. As technologies and ecosystems change, providing a consistent experience is key. Supporting faster iteration allows organizations to consume new technology and build internal expertise quicker and provide a quicker time to value. 

- PDT
Demystifying Git - Version Control From First Principles
Dwayne McDaniel
Dwayne McDaniel
GitKraken, Developer Evangelist

Git is the defacto standard version control system in use today. Every developer learns the basics of add, commit, branch, merge, pull, and push, and that is about all they learn about Git.

However, if you ask how Git actually works under the covers, most people will tell you they don't really know. Worse yet, when most developers see Git output messages like "detached HEAD state" or "CONFLICT (content): Merge conflict", they get a stress-induced panic.

This session will peel back the shroud of mystery that envelops Git, showing that there is nothing overly complex or terrifying about the inner workings of the world's most popular version control system. This talk is for everyone, from the complete Git novice to folks who have been pushing code for years but maybe have never stopped to look at how Git does its thing.

- PDT
OPEN TALK: A State of Continuous Merge: The Secret to Happier, More Productive Dev Teams
Luke Kilpatrick
Luke Kilpatrick
LinearB, Director of Developer Experience

Being an elite dev team isn't just about merging faster, it's about being able to deliver consistently. Developer happiness and retention is often based on the type of work a team is doing and the amount of frustration involved trying to get code merged. In this session, we will discover how elite teams are creating a state of continuous merge by optimizing non-coding time and customizing how Pull Requests are treated based on their unique characteristics. 

- PDT
OPEN TALK: Unit Security Testing for JavaScript and Beyond
Akira Brand
Akira Brand
Bright Security, Developer Relations

Application security is a problem in the development world, with expensive, complex, and sometimes only piecemeal solutions. But fix the problems you must, as there will come a time when someone will try to hack your app, probably (hopefully) your security team or a penetration tester. Once they find those problems, you have to then go back and fix the security bugs, 6 months to a year later, and that can be a real pain.

In this talk, you’ll learn how to turn this issue on its head, with unit security testing. Unit security testing is a tool we developed here at Bright to solve the problem of needing to rely on an external tool or team instead of being self-reliant in your approach to writing secure code. By integrating our DAST engine with unit tests, you, the developer, are empowered with the know-how of how to find vulnerabilities as early as possible in the SDLC, without the security team getting involved and having to fix problems far later on in the process.

In this session, you will learn
How to integrate unit security tests in your JavaScript applications (other language support coming soon!) using Bright, Jest & Nest.js
How to write different types of tests and which issues are important to test for
How to fix some vulnerabilities that our tests find in an example web application

An ounce of prevention is worth a pound of cure, so you will also learn how to defend against some common attacks from the get-go as you are writing code. 

- PDT
From Idea to Product in an Hour
Anand Bhaskaran
Anand Bhaskaran
Beekeeper, Tech Lead

This is a live coding talk on building a solution for a real-world problem. In this 45 min of talk, let's challenge ourselves to build a (simplified) chat application that is accessible to the entire world! To build this we will use Vue.js for frontend and a Serverless Backend with (API Gateway, Dynamo DB). 

- PDT
Why You Need Your ITOps to Be Engineering Led in Multicloud World
Samta Bansal
Samta Bansal
Hitachi Vantara, Global strategy and marketing leader

While infrastructure has evolved from on-prem to cloud, application architectures have evolved from client-server to Cloud-native and development practices have evolved from Waterfall to Lean Agile/ DevOps, operations is still siloed and stuck in the past at many organizations. In this session we will explore how to build an integrated approach to cloud workload management that is built on Site Reliability Engineering principles and a product-oriented approach to run operations. If you are already on Cloud or thinking to migrate to cloud, join us to hear how you should be thinking about designing for reliability, cost and performance while you run cloud workloads to optimize. 

- PDT
OPEN TALK: Enabling the Edge-Cloud Duality of Time Series Data
Sam Dillard
Sam Dillard
InfluxData, Senior Product Manager

In this session, Sam Dillard (Sr PM Edge at InfluxData), will discuss the needs and challenges of edge computing in the context of an edge-cloud topology. While cloud analytics is emphasized in a lot of the world, the need for edge analytics is not shrinking but rather growing. Applications have become more distributed and the data pertaining to them have become more voluminous.

Sam will discuss InfluxDB’s Edge Data Replication feature that leverages existing edge analytical capabilities of the database in order to enable edge-cloud data pipelines that fit to any business needs and constraints.

This feature automatically streams data on-write from an edge dataset to a cloud one of the user’s choosing. Adding to this automatic replication of writes, is a durability designed to withstand network outages. This feature lays the groundwork for a much larger story about how the edge and cloud can work together to produce global time series data architectures!

In this webinar, Sam will cover:
- How we define edge
- Properties of edge vs cloud
- Discuss problems faced with edge-cloud architectures
- Details of the edge replication feature and how it combined with InfluxDB solves those problems
- Demo an edge-cloud downsampling use case that retains data shape 

- PDT
OPEN TALK: You Can’t Code Career Development - A Technical Professional’s Guide to Soft Skills in the Workplace
Vanky Kataria
Vanky Kataria
Turing, Community Evangelist

Technical aptitude will take an engineer far in their career but ultimately it's the ability to navigate workplace environments through the refinement of soft skills that will determine the heights that your career can scale.

In this session, Vanky Kataria (Evangelist - Global Communities) will share how focusing on soft skills can play an instrumental role in your career development and explain how engineers benefit from thinking about their workplaces beyond their roles and responsibilities as technical professionals. 

Thursday, August 4, 2022

- PDT
Wearable Live Captions (Making Mask Wearing More Accessible for Those Who Are Hard of Hearing)
Jo Franchetti
Jo Franchetti
Ably, Developer Advocate

During the pandemic we've all been feeling pretty isolated, and we've all been doing our best and wearing masks. But what if everyone wearing masks cuts off your ability to converse?

My dear mum relies on lip reading and clear sounds to understand what people are saying. But I, of course want her to stay safe. So the thought occurred. Can I make a live captioning display fit into a mask so that she can read what I'm saying as I'm speaking?

This talk will cover how to build a wearable LED display, how to use Microsoft Azure Cognitive Services to convert speech to text, using Ably's MQTT broker to send messages to a microprocessor and some good old JavaScript and C++.

Live captioning of speech to text has so many useful applications and Cognitive Services makes it fast and easy to build captioning into your applications. Together with Ably Realtime, it is possible to make wearable devices which can display what you’re saying, in real time. Wearable Live Captions! 

- PDT
Stop Polling, Let’s Go Streaming – A More Efficient API Paradigm
Phil Wilkins
Phil Wilkins
Oracle, Cloud Developer Evangelist

For many years APIs have been implemented so that the client has to keep calling the server for the latest data. The API version of needing to refresh your browser. But this can be inefficient, and wasteful in addition to risking clients using old data.

Techniques like Webhooks and network sockets have been around for a while, but new ways to implement API streams have come along.

In this session, we’ll look at how the different common options are, how they work, and their drawbacks. By the end of this session, you will have the knowledge to make a more informed decision on whether streaming APIs are right for you and which approach may support your needs best. 

- PDT
Container Orchestration Best Practices
Siva Guruvareddiar
Siva Guruvareddiar
AWS, Solutions Architect

This session talks about container orchestration best including Kubernetes and AWS EKS 

- PDT
Web for All. The Power of Progressive Web Apps
Patricio Vargas
Patricio Vargas
OneSignal, Sr.Developer Advocate

As web performance and user experience across both mobile and desktop devices continue to increase in importance, so do progressive web apps (PWAs). PWAs are becoming more popular because they have lots of enhancements that help your application perform better and they make apps accessible even to users with limited internet connection. In this talk, you are going to learn the advantages of using PWAs and how to turn your web application into a PWA.