Solving trust issues at scale - Omer Levi Hevroni

The last two decades have been all about SaaS, with advantages that cannot be overstated. Except SaaS isn’t always an option, nor is it always the right choice: businesses in tightly regulated industries, or where information security is paramount, for example, will not - often can not - consider any software that isn’t under their control. For many software enterprises, this leads to the dreaded inevitability of on-premise deployment. Fortunately, the situation today is dramatically different to a scant few years ago, let alone a decade or two: the same technologies that enable SaaS have also radically transformed on-prem deployment. Modern tools like Docker, Consul, ELK and Kubernetes - to name a few - can be leveraged to completely transform the experience for both customers and vendors. In this talk we’ll contrast the challenges and advantages of SaaS and on-prem, see how things have evolved in recent history, and see how modern on-prem deployment can be, if not pleasurable, at least relatively painless.

Object-oriented design for infrastructure-as-a-code - Anna Bankirer

Infrastructure code can really benefit from some proven object oriented design principles like SOLID and others. Instead of just thinking about automation, we need to design and build infrastructure software systems that are easy to understand, test and maintain Everyone talks about the fact that infrastructure should be programmatic and treated as a code, but often what this means is just writing a bunch of scripts to automate our deployments. By doing so, aspects like proper documentation, separation to modules , abstraction, even version control that are standard for "regular" software projects are omitted from infrastructure systems. This leads to cumbersome, monolith system - the very thing we are trying to resolve in the software design. I would like to discuss the basic software design principles like SOLID and DRY and how to apply them when automating our deployments, writing docker containers or writing our application stack.

Managing Data in Microservices

From a talk at the SF CTO Summit 2017 (https://www.ctoconnection.com/summits/sf2017), these slides cover the speaker's experience at Stitch Fix with managing data in a microservices environment. Areas include: * Breaking up a monolithic database into services * Using events as a first-class part of your architecture * Sharing data among microservices * Handling "joins" among microservices * Simulating "transactions" among microservices using the Saga pattern

Customer-centric Metrics

Mark McBride

Traffic Control with Envoy Proxy

Mark McBride

Building occasionally connected applications using event sourcing

Dennis Doomen

I've recently got the opportunity to work on a large enterprise-class system that needs to be deployed on multiple occasionally connected oil platforms and boats. Already the system's architecture was based on the Command Query Separation principles, this gave us a completely new challenge. After several months of looking at alternatives, we decided to go the Event Sourcing direction. In this in-depth session, I'd like you to learn the many alternatives we observed, the pros and cons, and the technical details of our final solution in which we use EventStore 3.0 and elements of NCQRS and Lokad.CQRS to synchronize systems over unreliable connections in a very efficient way.

More Than Just URL Mappers - Proxies for Observation and Control

Mark McBride

When it comes to data solutions, one-size doesn’t fit all. Choosing the right best-matching database, or data tools, can be a game changer for your system. How can you take such decision effectively? The system, the company, the product, and probably your team - all are evolving, and the best solution for today may not fit tomorrow’s needs. In order to pick a data solution for longer term, you should evaluate the optional data tools according to several factors. These factors will reflect the requirements looking forward. At this session, we will share such use case, of evaluating data solution, when we redesigned one of Oribi features from scratch. Our goal was to avoid a data explosion crisis, while the system kept scaling up. Having so many solutions out there - we needed to make sure that we are choosing the one that will support the increasing load farthest. Eventually we picked up ten criteria factors, which we used to compare and choose the best solution effectively. Join the session to hear what were these factors, and get prepared for choosing the next data solution for your system.

Altitude San Francisco 2018: HTTP/2 Tales: Discovery and Woe

Fastly

Introduction to the Typesafe Reactive Platform

BoldRadius Solutions

In this webinar, Michael Nash of BoldRadius explores the Typesafe Reactive Platform. The Typesafe Reactive Platform is a suite of technologies and tools that support the creation of reactive applications, that is, applications that handle the kind of responsiveness requirements, data volume, and user load that was out of practical reach only a few years ago. From analysis of the human genome to wearable technology to communications at a massive scale, BoldRadius has the premier team of experts with decades of collective experience in designing and building these types of applications, and in helping teams adopt these tools.

Jeffrey Snover - Empowering DevOps with Azure Stack

WinOps Conf

Azure Stack is the first product in a new category – the hybrid cloud platform. It is a radical new product that you can think of as delivering the cloud equivalent of a SAN. Delivering a set of IaaS/PaaS Services, APIs, PowerShell and tooling experiences that are consistent with Azure allows it to run solutions from the Azure Marketplace. This allows companies to focus their dev and ops teams on the things that move their business forward, building applications which drive customer value. This session focuses on what Azure Stack is and is not. It articulates the key values it delivers and use cases it enables.

Automated Integrated Testing with MongoDBMongoDB

The art of decomposing monoliths - Kfir Bloch - Codemotion Amsterdam 2016

Codemotion

Microservices are the new black. You've heard about them, you've read about them, you may have even implemented a few, but sooner or later you'll run into the age-old conundrum: How do I break my monolith apart? Where do I draw service boundaries? In this talk you will learn several widely-applicable strategies for decomposing your monolithic application, along with their respective risks and the appropriate mitigation strategies. These techniques are widely used at Wix, took us a long time to develop and have proven consistently effective; hopefully they will help you avoid the same battle

Custom coded projects

Marko Heijnen

AWS Meetup - Nordstrom Data Lab and the AWS Cloud

NordstromDataLab

The Nordstrom Data Lab is building out an API that powers product recommendations for our customer online and beyond. Recommendo, our flagship product, was built from the ground up using Node.js and AWS in a little over three months. Since launch in November 2013 we've served up over three billion recommendations and survived Black Friday and Cyber Monday without breaking a sweat. We'll be sharing our learnings for building and operating a high traffic API on the AWS platform as a service focusing on Node.js, Elastic Beanstalk, and DynamoDB. Additionally we'll discuss some of the cultural challenges and opportunities presented when adopting the public cloud at a large corporate IT organization. In short, we believe there are tremendous advantages to be had for enterprises willing to make the leap to the cloud.

How to practice TDD without shooting yourself in the foot

Dennis Doomen

It's 2016, so practices like Test Driven Development (TDD) have long found their way into organizations. However, the practices and principles to keep those unit tests maintainable haven't really changed. Still, I regularly talk to developers that somehow ended up with an incomprehensible unmaintainable set of unit tests that they once believed in, but are now holding them back. So in this session I like to provide a refresh of those fundamental ideas and talk about why you should practice TDD, revealing intentions, naming conventions, state versus interaction based testing, and how to stay out of the debugger hell with proper mocking and assertion frameworks. And even if you believe you are well versed in the testing realm, join me anyway. Maybe we can learn some tips & tricks from the audience as well. Looking forward to it!

Service Architectures at Scale

How do effective large-scale service ecosystems work? Keynote Presentation at Istanbul Tech Talks 2018 How to Design Services * Systems of record * Interface specification * Interface backward / forward compatibility Service Ecosystems * Layered services * "Standardization" through encouragement * Vendor-customer relationships between teams Operating and Deploying Services * Data Migration * Automated Pipelines * Incremental Deployment * Feature Flags

Why Enterprises Are Embracing the Cloud

After being deeply involved in public cloud for the last several years, as both a provider and a consumer, I have been very pleasantly surprised at the rate at which large enterprises are rapidly moving to the cloud. For all the right reasons, even the most regulated and risk-averse of industries -- banking, for example -- are rapidly moving workloads out of their own owned data centers. Public cloud is not just for the "unicorns", but for the "horses" as well. This short vignette, presented at the GOTO Aarhus 2014 conference, tries to explain why this trend will continue and accelerate, and why we should be excited about it.

Scaling Your Architecture for the Long Term

All the reasons for choosing react js that you didn't know about - Avi Marcus...

Codemotion Tel Aviv

How to adopt React for moving fast startup

Sira Sujjinanont

Sustainable software development / Jätkusuutlik tarkvaraarendus

GreteStrandberg

Monoliths, Migrations, and Microservices

Evolving Architecture and Organization - Lessons from Google and eBay

Keynote at DevOpsDays Cuba Successful Internet companies are built on a foundation of excellent culture, efficient organization, and solid technology. As a company needs to scale, all of these parts of the foundation need to grow and scale with it. This session covers modern best practices at innovative companies in Silicon Valley for scaling culture, organization, and technology. Driven primarily by the presenter's experience ranging from small Valley startups to Google and eBay, it discusses: * Organizing small, fast-moving engineering teams * Building a scalable system out of smaller microservices * Maintaining a culture of ownership and collaboration * Developing effective engineering processes of continuous integration and continuous delivery

Creating Hyper Performant Web Apps with React

Jp DeVries

From Rails legacy to DDD - Pivorak, Lviv

Andrzej Krzywda

Rails is optimised for the first weeks of development. At the later phases it's no longer the speed of adding new views and data that matters. It's often more about the different (and changing!) ways of using the data. The business logic gets more complicated. DDD has answers to those problems. Detecting the bounded contexts is the crucial skill. Choose which parts of the app leave as CRUD and which could go into more of the tactical DDD.

Serverless testing-serverless-sydney-20181018

Rowan Udell

Solving trust issues at scale - AppSec California

Soluto

Microservices are social constructs: they can’t function without talking with other services. This also raises an interesting question: do we trust all of our microservices? Not all microservices are the same: some are more sensitive - for example, services that handle personal user data or payment information. Others are user-facing and therefore riskier. We shouldn’t treat all services as equal. A robust mechanism that describes who can talk with who is required. We have been dealing with this challenge for a while at Soluto. In this talk, I’ll share the journey we went through until we found a solution we’re happy with: a simple and declarative system that allows services to define who can access them. Any dev can request access to any service, and the service owner can review it. I’ll share how we build this solution (including all the technical details and live demos!), using open source tools like Open Policy Agent, so you can easily build something similar.

Automic Support Tips and Tricks

CA | Automic Software

What's hot

ONE-SIZE DOESN'T FIT ALL - EFFECTIVELY (RE)EVALUATE A DATA SOLUTION FOR YOUR ...

Altitude San Francisco 2018: HTTP/2 Tales: Discovery and Woe

Fastly

Introduction to the Typesafe Reactive Platform

BoldRadius Solutions

Jeffrey Snover - Empowering DevOps with Azure Stack

WinOps Conf

Automated Integrated Testing with MongoDBMongoDB

The art of decomposing monoliths - Kfir Bloch - Codemotion Amsterdam 2016

Codemotion

Custom coded projects

Marko Heijnen

AWS Meetup - Nordstrom Data Lab and the AWS Cloud

NordstromDataLab

How to practice TDD without shooting yourself in the foot

Dennis Doomen

Service Architectures at Scale

Why Enterprises Are Embracing the Cloud

Scaling Your Architecture for the Long Term

All the reasons for choosing react js that you didn't know about - Avi Marcus...

Codemotion Tel Aviv

How to adopt React for moving fast startup

Sira Sujjinanont

Sustainable software development / Jätkusuutlik tarkvaraarendus

GreteStrandberg

Monoliths, Migrations, and Microservices

Evolving Architecture and Organization - Lessons from Google and eBay

Creating Hyper Performant Web Apps with React

Jp DeVries

From Rails legacy to DDD - Pivorak, Lviv

Andrzej Krzywda

Serverless testing-serverless-sydney-20181018

Rowan Udell

What's hot (20)

ONE-SIZE DOESN'T FIT ALL - EFFECTIVELY (RE)EVALUATE A DATA SOLUTION FOR YOUR ...

Altitude San Francisco 2018: HTTP/2 Tales: Discovery and Woe

Introduction to the Typesafe Reactive Platform

Jeffrey Snover - Empowering DevOps with Azure Stack

Automated Integrated Testing with MongoDB

The art of decomposing monoliths - Kfir Bloch - Codemotion Amsterdam 2016

Custom coded projects

AWS Meetup - Nordstrom Data Lab and the AWS Cloud

How to practice TDD without shooting yourself in the foot

Service Architectures at Scale

Why Enterprises Are Embracing the Cloud

Scaling Your Architecture for the Long Term

All the reasons for choosing react js that you didn't know about - Avi Marcus...

How to adopt React for moving fast startup

Sustainable software development / Jätkusuutlik tarkvaraarendus

Monoliths, Migrations, and Microservices

Evolving Architecture and Organization - Lessons from Google and eBay

Creating Hyper Performant Web Apps with React

From Rails legacy to DDD - Pivorak, Lviv

Serverless testing-serverless-sydney-20181018

Similar to Solving trust issues at scale - Omer Levi Hevroni

Solving trust issues at scale - AppSec California

Soluto

Automic Support Tips and Tricks

CA | Automic Software

Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...

Amazon Web Services

By turning the data center into an API, AWS has enabled Sumo Logic to build a very large scale IT operational analytics platform as a service at unprecedented scale and velocity. Based around Amazon EC2 and Amazon S3, the Sumo Logic system is ingesting many terabytes of unstructured log data a day while at the same time delivering real-time dashboards and supporting hundreds of thousands of queries against the collected data. When co-founder and CTO Christian Beedgen started Sumo Logic, it was obvious that the service would have to scale quickly and elastically, and AWS has been providing the perfect infrastructure for this endeavor from the start. In this talk, Christian dives into the core Sumo Logic architecture and explains which AWS services are making Sumo Logic possible. Based around an in-house developed automation and continuous deployment system, Sumo Logic is leveraging Amazon S3 in particular for large-scale data management and Amazon DynamoDB for cluster configuration management. By relying on automation, Sumo Logic is also able to perform sophisticated staging of new code for rapid deployment. Using the log-based instrumentation of the Sumo Logic codebase, Christian will dive into the performance characteristics achieved by the system today and share war stories about lessons learned along the way.

UpdateConf 2018: Top 18 Azure security fails and how to avoid them

How to Leverage Log Data for Effective Threat Detection

AlienVault

Event logs provide valuable information to troubleshoot operational errors, and investigate potential security exposures. They are literally the bread crumbs of the IT world. As a result, a commonly-used approach is to collect logs from everything connected to the network "just in case" without thinking about what data is actually useful. But, as you're likely aware, the "collect everything" approach can actually make threat detection and incident response more difficult as you wade through massive amounts of irrelevant data. Join us for this session to learn practical strategies for defining what you actually need to collect (and why) to help you improve threat detection and incident response, and satisfy compliance requirements. In this session, you'll learn : *What log data you always need to collect and why *Best practices for network, perimeter and host monitoring *Key capabilities to ensure easy, reliable access to logs for incident response efforts *How to use event correlation to detect threats and add valuable context to your logs

IT Camp 19: Top Azure security fails and how to avoid them

Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2

DianaGray10

Observability - Stockholm Splunk UG Jan 19 2023.pptx

Magnus Johansson

8 cloud design patterns you ought to know - Update Conference 2018

Taswar Bhatti

Leandro Melendez - Switching Performance Left & Right

Neotys_Partner

Since its beginning, the Performance Advisory Council aims to promote engagement between various experts from around the world, to create relevant, value-added content sharing between members. For Neotys, to strengthen our position as a thought leader in load & performance testing. During this event, 12 participants convened in Chamonix (France) exploring several topics on the minds of today’s performance tester such as DevOps, Shift Left/Right, Test Automation, Blockchain and Artificial Intelligence.

When Security Tools Fail You

Michael Gough

DevSum - Top Azure security fails and how to avoid them

Top Azure security fails and how to avoid them

Can you process 10 trillion logs per day software architecture conference 2015

Sumo Logic

Built on AWS, Sumo Logic’s multitenant machine data analytics service has scaled to query over 10 trillion logs per day. Christian Beedgen, Sumo Logic’s cofounder and CTO, will walk you through the planning and execution of a massive SaaS architecture and key insights he had along the way. Topics include: - a short history of scale how we have needed to scale incrementally by several orders of magnitude since 2010 - how to recover from being an enterprise software engineer the realization that arguing with customers about Solaris vs Linux, and RAID 6 vs RAID 10 when selling them software is a waste of time; nobody wants to know how to run your system, users want to actually use your system; how building services is a way out of the enterprise software conundrum of having to manage increasingly complex systems is dragging users down; how the cloud turns every programmer into a datacenter architect - herding microservices a look at Sumo Logic’s microservices architecture; why we went this way; what we had to build to manage the herd 4 years ago; what we could today take off the shelf; how any real system service architecture diagram looks like spaghetti; how we deal with this at scale in operations - factoring and refactoring on a new level, or how everything old is new again maybe our OO skills are still useful; programmable infrastructure is still a program; any program benefits from factoring; any program benefits from refactoring; any system should be highly cohesive and loosely coupled; guess what, this still applies, but at a +1 higher layer of abstraction - when not to scale scaling out is great; scaling out in light of state is a bad idea; data and locality fragmentation; fractal horizontal scaling using partitioning and affinity; how to manage this operationally at runtime; musings on copy and paste scaling Cloud architects – if you’re looking to improve scalability and performance, this session will share successes (and failures!) applicable to your own infrastructure.

The What, Why, and How of DevSecOps

Cprime

DevSecOps is a recent offshoot of the DevOps movement, which doubles down on the importance of security. As security continues to be downplayed or ignored even as the threat landscape explodes, DevSecOps promotes a set of well-developed design principles and engineering patterns which involve security owners and product designers much earlier. DevSecOps lays out a robust and practical blueprint for building security features into the design process, leveraging new engineering tools and patterns and creating a secure, defensible software right from the start. Join Chris Knotts, Innovation Product Director at Cprime, to: - Learn how the concept of "shifting left" applies to application security and how to prioritize security requirements earlier in the design process - Get an introduction to a few of the most effective engineering tools for implementing DevSecOps, including popular code scanners, dependency checkers, and free open-source products - Understand how progress with DevSecOps depends on roles and stakeholders outside of just security staff

Security at Greenhouse

Michael O'Neil

How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...

Amazon Web Services

Sumo Logic offers a powerful cloud-native analytics solution that supports all types of machine data. Our platform integrates easily with your AWS infrastructure supporting fast, accurate and secure analysis and monitoring of enormous amounts of data—giving you clear and direct visibility into its operations. In this webinar, you’ll learn how organizations such as Greenhouse Software harness cloud-native machine data analytics to optimize the internal and external process lifecycles, monitor the health of all AWS application and services and deliver a WOW application to their end users.

SpiceWorks Webinar: Whose logs, what logs, why logs

AlienVault

Securing your environment requires an understanding of the current and evolving threat landscape as well as knowledge of network technology and system design. This session will combine lecture, demo and interactive Q/A that will highlight how to build out a security plan to defend against today’s threats. Join AlienVault for this webinar to learn: • What network, system and host data you should be collecting for the quickest path to security visibility • Best practices for network, perimeter and host monitoring • Security advantages of new AlienVault Threat Alerts coming soon to SpiceWorks

Cloud Design Patterns - Hong Kong Codeaholics

Taswar Bhatti

From Zero to Serverless (CoderCruise 2018)

Chad Green

So many times our customers need a simple routine that can be executed on a routine basis but the solution doesn’t need to be an elaborate solution without going the trouble of setting servers and other infrastructure. Serverless computer is the abstraction of servers, infrastructure, and operating systems and make getting solutions to your customer’s needs much quicker and cheaper. During this session we will look at how Azure Functions will enable you to run code on-demand without having to explicitly provision or manage infrastructure.

Similar to Solving trust issues at scale - Omer Levi Hevroni (20)

Solving trust issues at scale - AppSec California

Automic Support Tips and Tricks

Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...

UpdateConf 2018: Top 18 Azure security fails and how to avoid them

How to Leverage Log Data for Effective Threat Detection

IT Camp 19: Top Azure security fails and how to avoid them

Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2

Observability - Stockholm Splunk UG Jan 19 2023.pptx

8 cloud design patterns you ought to know - Update Conference 2018

Leandro Melendez - Switching Performance Left & Right

When Security Tools Fail You

DevSum - Top Azure security fails and how to avoid them

Top Azure security fails and how to avoid them

Can you process 10 trillion logs per day software architecture conference 2015

The What, Why, and How of DevSecOps

Security at Greenhouse

How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...

SpiceWorks Webinar: Whose logs, what logs, why logs

Cloud Design Patterns - Hong Kong Codeaholics

From Zero to Serverless (CoderCruise 2018)

More from DevOpsDays Tel Aviv

YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...

From idea to execution, the challenges of publishing an open source project are very similar to initializing a startup when it comes to creating a successful product that people will love and use. Most open source projects are not “taking-off”, although they are really good! This is because developers (which are usually the creators of open source projects) think that writing the code is the hard part and “neglect” the other parts of publishing a good open source project. In this talk, I will use my experience as a contributor to open source and product head of a startup, to go beyond writing the code itself and cover the other central aspects of creating an open source project, like MVP, product/market fit, marketing and more.

GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto

If you have never used GraphQL before, you probably think that it is just another buzzword that will be forgotten in a few years. You might think: “Why do I need to learn a new way to write APIs when REST already answers all my needs?”. Or, you are excited to learn something new but don’t believe GraphQL is mature enough for production. In this talk, I will remind you of some of the pain points you have probably experienced when using REST. I will then explain what GraphQL is and demonstrate how it solves these pain points. Next, I will discuss the disadvantages of GraphQL. Finally, I will provide some guidelines for choosing between REST and GraphQL. By the end of this talk, you will understand what GraphQL is and when to use it.

MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...

“The International Space Station has been orbiting the Earth for over 20 years. It was not launched fully formed, as a monolith in space. Instead, it is built out of dozens of individual modules, each with a dedicated role - life support, engineering, science, commercial applications and more. Each module (or container) functions as a microservice, adding additional capabilities to the whole. Not only do the modules need to function together, delivering both functional and non-functional capabilities, they were designed, developed and built by different countries on Earth and once launched into space (deployed in multiple different ways), had to work together - perfectly. Despite the many (minor) reliability issues which have occurred over the decades, the ISS remains a highly reliable platform for cutting edge scientific and engineering research. In this session I will describe the way the space station was developed and the lessons Site Reliability and DevOps Engineers can learn from it.

THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...

Have you ever felt you took every wrong turn possible in the process of mitigating a production incident? Did you go through a 3-hour hell during incident response and felt the incident wasn’t complex enough to justify the horrors you’ve experienced? Did it cause you to question your engineering or problem-solving skills? Well, it’s only partially you. Our brain is wired to make decision-making simpler. In doing so, it exposes itself to biases, heuristics, and other quirks that may seem like “bad decisions” in hindsight. In this talk, through real-life outages, we’ll project those psychological principles onto the world of production monitor, and incident management. As a responder, you’ll learn why those behavioral patterns emerge during production incidents and what can be done to limit their effect, and as a manager, you’ll learn how to enable and encourage a healthy environment to better support those patterns.

PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog

The word observable entered the English language roughly 400 years ago, but the concepts of what it means to see, comprehend, and understand something have been debated since time immemorial. Starting in the 19th century, a series of postulates and criteria coalesced into control theory, and it is from this body of knowledge that we gained the word “observability”. Today, with the advent of complex, interconnected computer systems, that word has taken on new meanings and connotations—some useful, some detrimental, and some just plain confusing. In this talk, we’ll mix a little history, a touch of philosophy, and a healthy dose of reality, to demystify what observability means to us as professional computer people. We’ll tear through the marketing material and unearth foundational principles that will help us to build better infrastructure, write better software, and promote healthier business practices. Finally, we’ll explore some potential new avenues for discussion and understanding.

NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...

Security people say users are the weakest link. But are they? When complying with security becomes too burdensome, users take shortcuts, find workarounds, and end up jeopardizing security. Blaming users is lazy and easy. Making security usable is time consuming and challenging. How does design research help us understand our customers? What patterns and principles drive secure behavior? How can we build empathy with customers and make the right thing to do the easiest thing to do? This session explores these questions, and provides examples of how design thinking and research can help us be more secure. We will walk through our creation of core user personas, design principles, and how these inform and direct our design choices and intent. Don’t blame your users anymore. Come learn how to be part of a future where usability leads security.

(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG

This is for you, you rockstar, ninja coffee drinking workaholic who doesn’t know what a vacation day looks like. Even though you love your job and are dedicated and are super important, you need a break too. We tend to think that working all the time is an effective practice while the truth is that finding the time for self care and recharging your batteries is beneficial for both you and your company. Additionally, if you’re a leader, you’re responsible for the wellbeing of your team. In this talk I’ll discuss the importance of taking time off of work and creating a positive culture surrounding vacation time.

BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...

This is a story about taking the cloud infrastructure of a successful company, that is still managed as infrastructure of a startup company, and rebuilding it to support the growing business requirements, especially around disaster recovery and business continuity. In the session I will share Next Insurance’s journey - where we started, where we are now and what we learned on the way so far. I will talk about how we managed to build our proven DR plans, and actually execute them in our DR drills. I will also talk about why we decided that the only way to prove your DR plan works is to continue running your business in the DR account and make it your production account, and go on to build your next DR account. If you are a part of a company that is about to embark on a similar journey, this session might equip you with some very useful insights on how to think about such a challenge, and some very useful and practical tips on how to execute it.

THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security

CI/CD pipelines are quickly becoming the path of least resistance for would-be attackers into sensitive internal systems, gaining access to critical data, with minimal effort. In the InfoSec world when we talk about CI/CD security often times this focuses on specific aspects of securing your pipeline - scanning the code, protecting secrets, securely managing code deployments, or even authentication and authorization mechanisms, but we rarely talk about all of these together. After years of being in the trenches and realizing that the attack surface is growing and the threat landscape becoming more and more complex, it has become increasingly apparent that security teams need to adapt and modify strategies to keep up with the new reality of CI/CD protection, without compromising developer velocity. In this talk I would like to propose a new way of thinking about CI/CD security - that encompasses the three disciplines that comprise CI/CD security - security in the pipeline, of the pipeline, and around the pipeline. Partial coverage of any or all of these disciplines simply will not cut it with the continuously evolving risk landscape. Security engineers need to address each of these aspects in their entirety to provide the full scope of coverage that modern organizations need, and I will take a deep dive on the challenges each introduce, and the approaches and techniques for mitigating them based on adversarial sec research.

CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack

Configuration Management is at the core of Ops. It’s the biggest enabler of any compute operation, small and big. In the past decade, we have switched from thinking about the machines we are configuring, to think about the software and services we are controlling. With that change of mindset, so did the tools we are using. Traditional tools like Puppet, chef, salt and Ansible are slowly declining while new tools such as Terraform, Pulumi, Helm and Kustomize are on the rise. In this talk I will try to describe the pain-points and the opportunities of this transformation as well as suggesting a future direction based on tools developed at the big-tech companies (Mainly facebook and google).

SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap

We all know how hard it is to find DevOps engineers, and creating a diverse team despite gender and ethnicity bias? Nearly impossible. At this talk we will show our tools and methods implemented in the Develeap hiring process that overcome this inherited bias. About 2 years ago we faced a crisis in our DevOps consulting company - the market demand was higher than we could supply. The traditional recruiting process depending on CV and artificial credentials was not working. So we came up with an alternative solution, and since then - we are growing exponentially and diversely. In this talk we will show the practical tools we deployed in order to increase our capacity, and we will show how these tools overcome the inherited bias in the process.

OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...

Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent and collectors. With the increasing complexity of modern applications, continuous profiling methods and tools are gaining popularity among the Developer and Engineering communities. In this session, we cover what continuous profiling entails and why you should implement a profiler into your tech stack (if you haven’t done so already). We’ll then bring theory to practice and demonstrate a real-life scenario using gProfiler, a free open-source continuous profiling tool, covering Linux servers on multiple architectures (such as Graviton).

HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH

“Being oncall sucks. But it doesn’t have to!” We all heard this one before. Why is it though, that oncall still remains the biggest scar for many? What can a modern Engineering org do to rein the oncall dragons, and actually help people grow as professionals as they go oncall? In this talk, I will present the main reasons why oncall is difficult in modern orgs, and describe ways to mitigate these hardships. The idea is that oncall is often the ‘backroom’ of an org, where all the technical and organizational debt take their toll. Be it unwieldy systems or broken processes between teams, oncall checks all the ‘weak boxes’. Therefore, the only way to win at oncall is to sort out your debts, starting with the organizational ones. I will dive into the detail of the oncall rotation at Snyk as the org scaled from 1 to 220 people, what worked well about it, and what was less than perfect. I will discuss the decisions made to turn oncall into a building block of the org, and show a path to rein oncall in your organization as well.

HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB

Github Copilot and tools that help us code better are cool. But I’m lucky if I spend 90 minutes a day writing code. We really need to optimize the hours we spend reviewing code, updating tickets and tracing where our code is deployed. Learn how I save an hour a day streamlining non-coding tasks. This talk is unique because 99% of developer productivity tools and hacks are about coding faster, better, smarter. And yet the vast majority of our time is spent doing all of this other stuff. After I started focusing on optimizing the 10 hours I spend every day on non-coding tasks, I found I my productivity went up and my frustration at annoying stuff went way down. I cover how to save time by reducing cognitive load and by cutting menial, non-coding tasks that we have to perform 10-50 times every day. For example: Bug or hotfix comes through and you want to start working on it right away so you create a branch and start fixing. What you don’t do is create a Jira ticket but then later your boss/PM/CSM yells at your due to lack of visibility. I share how I automated ticket creation in Slack by correlating Github to Jira. You have 20 minutes until your next meeting and you open a pull request and start a review. But you get pulled away half way through and when you come back the next day you forgot everything and have to start over. Huge waste of time. I share an ML job I wrote that tells me how long the review will take so I can pick PRs that fit the amount of time I have. You build. You ship it. You own it. Great. But after I merge my code I never know where it actually is. Did the CI job fail? Is it release under feature flag? Did it just go GA to everyone? I share a bot I wrote that personally tells me where my code is in the pipeline after it leaves my hands so I can actually take full ownership without spending tons of time figuring out what code is in what release.

FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga

Do you know what it feels like to navigate as someone who can’t distinguish between green and red - looking at those badges that tell you whether something is broken or a-okay? I’ll give you a quick look into what it feels like with some examples from the monitoring tool Icinga Web 2. We all tend to forget, that not everyone sees the world like we do. In this talk I’ll be walking you through different views in Icinga Web 2 with side-by-side comparisons for the default views and how different kinds of vision impairments affect those. The talks also features a few suggestions on how to improve colour schemes and making websites and webapps better to navigate with screen readers!

(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY

Recent years have exposed startups to a major plague - cloud overspend. No vaccine appears to exist, plethora of tools and consultants fail to stop the bleeding. And yet, some companies manage to stay safe. What makes them different? Is it the tools? Is it the mindset? Is it developer training? In this session we will examine the cultural factors involved in sound and responsible financial management in the cloud. We will also look at relevant system design elements and product design elements which enable us to spend wisely while our business runs smoothly. Following this session, you should be better versed in cost-aware system design and some of the cultural and structural requirements to keeping your cloud bill low.

SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io

In every development process there is the question, do we invest enough on quality? Do we need to invest more? Every team knows about the dilemma of how many tests is the right amount of tests we should write. Is 80% test coverage is good enough? Maybe 90%? 100%? Should we invest more time in unit testing? Are we wasting too much time on unit-testing? Should we invest time on a faster rollback mechanism? WIIFM “Without data, you’re just another person with an opinion” - W. Edwards Deming SLO Driven Development is a framework that helps the developers focus on impact and balance of every aspect of the dev process. When working currently with SLI, SLA, SLO and error budget you can learn where to invest in the development process. Let’s talk about the importance of good SLOs and how they can help us improve our day2day

ONBOARDING IN LOCKDOWN, HILA FOX, Augury

In this talk, I will share do's and don'ts on how to onboard successfully in a remote or hybrid setup including moving to a leadership role, speaking from my own journey onboarding remotely in the midst of a global pandemic. I will share the tips that worked for me for successful onboarding, how I was able to be productive, impactful, and make a good impression on others. The key issues as an “onbordee” that I will talk about are how to create relationships, make yourself visible in the company, time management, and more. Since I started working in Augury over 100 new employees have joined the company. Each month I give a session that is part of their general onboarding process. This became a crucial step due to the fact that we are now a hybrid company and a lot of people are onboarding remotely or in a hybrid setup for the first time in their lives. I joined the company as a backend developer and a few months into my role, the squad leader position in my squad was up for grabs and I was fortunate enough to grab it :) This is my first official leadership role, which I also needed to onboard into in a hybrid setup. I will share the process that I built for myself on “How to lead”. Also, a word or two on the process we built as a squad on how we work in a hybrid setup, what are we optimizing for when we do meet and how to include new members of the team.

DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

In your ever-changing Infrastructure, some changes are intentional while others are not. Drift is what happens whenever the real-world state of your infrastructure differs from the state defined in your configuration. This can happen for many reasons, sometimes it happens when adding or removing resources, other times when changing resource definitions upon resource termination or failure, and even when changes have been made manually or via other automation tools. While Terraform itself can detect drifts, in most cases, you will be informed about it too late: just before you are about to deploy new changes to your infrastructure. What’s interesting about Terraform though, is that you can apply changes in two separate and distinct steps of “Planning” and “Applying”. This means that you have full visibility of what Terraform is planning on doing beforehand, and if you are satisfied with the changes, you can choose to apply them. So how does this work? When something is changed intentionally, it will appear in the source code, and the Terraform plan will not do anything. However, if any part of the infrastructure has been changed manually, Terraform’s plan will identify this, and alert you to the change. In other words, if your IaC drifted from its expected state, then Terraform’s plan will, in fact, detect it. Applying this simple solution can empower DevOps and developer velocity, with the reassurance and context for unexpected changes in your IaC, in near real-time. This talk will showcase real-world examples, and practical ways to apply this in your production environments while doing so safely and at the pace of your engineering cycles.

KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, bolds...