The main conference day offers 18 sessions, subdivided into three parallel tracks, focussing on topics like Modern Cloud & Container Infrastructure, DevSecOps and DevOps Transformation. And not only that – various surprises await you throughout the day. So it’s worth booking June 29-30 in your calendar, so you won’t miss anything exciting!
Whether you’re working from home or in the office, you decide from where you would like to take part. Save on travel and hotel costs, as well as what matters most: your time!
Our seasoned and trusted DevOps Con speakers are highly experienced with the learning opportunities of online conferences and workshops.
On the main conference day, you can choose from 3 parallel sessions and switch between them at any time.
On the workshop days you can expect live coding and practical exercises on selected topics that cover state of the art technologies.
You will follow the speaker’s presentation via video stream and will be guided through the learning content.
All sessions on the main conference day will be recorded and made available to you after the conference is over. Online workshop participants will also be provided with a recording so they can follow up on the content.
Interaction is a key focus of our online workshops!
With special Q&A sessions, a chat function, and the possibility for audio/video communication, individual questions can be taken into account and the pace of the workshop can be adjusted accordingly.
Virtual Get-Together – an online meeting with our experts in three virtual rooms on predefined topics.
Operators are extensions to Kubernetes that simplify application install and management by leveraging on manage applications Custom Resources.
The Kubernetes Operator pattern tries the emulate the role of an human operator, who uses their deep knowledge of the application to install, operate and debug it. The Kubernetes Operators search to automate these tasks and facilitate the whole application life-cycle.
In this talk, we will explain how do we use Kubernetes Operators at OVHcloud, and how the help us to operate our Managed Kubernetes service at scale.
We will illustrate the talks with three concrete examples: Harbor Operator, LoadBalancing Operator and our incoming NodePool operator.
Spaniard lost in Brittany, coder, speaker, dreamer and all-around geek.
After some years as Warp 10 frontend leader as Cityzen Data (now SenX, Horacio currently works as
developer advocate at OVHcloud. He is the co-founder and leader of the @FinistDevs.
Horacio is a Google Developer Expert (GDE) in Web Technologies and Flutter. He loves web development
in general and everything around Web Components and standards web in particular.
Denis is working at D2iQ as a Sales Engineer covering the EMEA region. He is a passionate technologist working on innovative projects leveraging various technologies (Mesos, Kubernetes, Kafka, Spark, …). He enjoys building demos to demonstrate the capabilities of the D2iQ solutions in the container and big data areas.
Agile is often presented as something that only works when the entire team is in the same room at the same time. I’m here to shatter that misconception by sharing success stories, along with the tools and processes that make remote agile teams work well.
Audience & Requirements
In this talk I share my experience over the past 20 years as I have worked with large number of companies, both in person and remote. Today I run a remote-first company that successfully implements agile practices.
Michael is the CEO of Andromeda, Product Architect for FlexePark, CTO for Catipult.AI, an International Speaker, a Google Developer Expert in Firebase, and a Microsoft MVP in Developer Technologies. For more than 20 years he has been writing code and geeking out over technology. He is passionate about keeping things simple and focusing on what provides real value to the end user. Michael enjoys speaking at conferences and user groups, and mentoring other developers and entrepreneurs. He is the author of Programming Languages ABC++, Approachable Accessibility, and Architecting CSS.
Before IT organizations can reap the benefits Kubernetes provides for application delivery and orchestration, they must select, install and integrate the required components in the existing IT stack, ensure compliance with the security standards and implement tools and processes for the reliable operations of the container platform. This talk will discuss five pillars of production-grade Kubernetes and demonstrate, how an open-source solution like Rancher can accelerate the initial implementation of Kubernetes significantly and provide operations teams with a single, consistent tool to manage Kubernetes on any infrastructure.
How are you integrating security into the development process? Are you able to test for security without slowing down your developers? We’d like to share our new initiatives in addressing this familiar challenge. Veracode recently announced our new Static Analysis product family, which combines our existing static scan types with a new Pipeline scan. Veracode Static Analysis now incorporates the IDE Scan, which helps developers learn as they code and prevent new flaws, the Pipeline Scan, which provides feedback quickly so that production isn’t halted and the Policy Scan for reporting that satisfies security and auditor requirements. Please join us for this insightful session– we want to hear your challenges, answer your questions, and show you our latest technology and how it can address your application security problems. In this session, you’ll get:
An in-depth look at the industry’s first Pipeline Scan
Information on how Veracode Static Analysis can help you secure your code across the pipeline
Discussion about the value of fast security feedback in the IDE as developers code
Details on how Veracode Static Analysis can help you satisfy policy and reporting requirements
Julian Totzek-Hallhuber ist Solution Architect bei Veracode. Als Spezialist für Anwendungssicherheit mit mehr als 15 Jahren Erfahrung im IT-Sicherheitsumfeld, verfügt er über Expertise in den Bereichen Anwendungsentwicklung, Penetrationstests sowie Sicherheit von Webanwendungen. Zudem ist er Autor zahlreicher Artikel, regelmäßig als Sprecher auf Messen anzutreffen und hat bei Projekten von www.webappsec.org mitgewirkt.
Deep learning achieves the best performance for many computer vision, natural language processing, and recommendation tasks and thus it’s becoming increasingly more popular. However, it’s quite difficult to use deep learning in production as it requires a lot of effort to develop proper infrastructure for serving deep learning models.Platforms for serverless computing, such as AWS Lambda, provide a good alternative: they take care of scaling up and down and offer attractive pricing based only on actual usage. These platforms, unfortunately, have other limitations that make it problematic. In this talk, we show how to come around these limitations and be able to use AWS lambda and TensorFlow to serve deep learning models. We also discuss important maintenance aspects such as cost optimization, monitoring, deploying, and release management. Finally, we cover the limitations of AWS lambda, compare it with “serverful” solutions, and suggest workloads for which serverless is not the best option.
Alexey is an experienced Software Engineer with a focus on Machine Learning. Currently, he works at OLX Group as a Senior Data Scientist where he mostly deals with content moderation and image processing models. He has been doing software engineering for more than 10 years, 6 of which he spent working with Machine Learning.
Alexey is a book author (Mastering Java for Data Science), technical reviewer, Kaggle master and machine learning competition winner.
Der Markt verlangt von Unternehmen immer schnellere Reaktionen auf wechselndes Kundenverhalten und etabliert somit eine On-Demand-Kultur. DevOps-Methoden haben sich bewährt, um diesen neuen Anforderungen gerecht zu werden. Dabei ist es unabdingbar, die CI/CD-Pipeline, Container und Webanwendungen sicher zu betreiben.Im Webinar zeigen wir, wie Sie:
Sicherheitsprobleme in Ihrer DevOps-Umgebung frühzeitig erkennen;
Schwachstellen, Malware sowie sensible Daten, wie API-Schlüssel und Passwörter, in Ihren Docker-Container-Images zeitnah aufspüren;
Richtlinien durchsetzen und ausschließlich richtlinienkonforme Container betreiben;
in nur zwei Minuten codebasierte Sicherheit in Anwendungen integrieren können, ohne dass zusätzliche Codeänderungen oder Regeln erforderlich sind.
Thomas Fecke ist seit 2019 als Sales Engineer bei Trend Micro tätig. Mit seiner technischen Expertise unterstützt er Kunden, Partner und Vertrieb. Sein besonderes Interesse gilt dabei dem Thema DevSecOps.
Der Fachinformatiker für Anwendungsentwicklung kann auf mehrjährige Erfahrung im Bereich IT-Sicherheit bei Herstellern und Distribution zurückblicken. Zuvor war er als IT-Administrator bei verschiedenen Unternehmen beschäftigt.
Julian Klodzinski is a Sales Engineer at Digital.ai and has many years of experience in agile project management, process optimization and full stack development. Since February 2019, Julian Klodzinski guides and supports XebiaLabs now Digital.ai customers in setting up and optimizing their release processes using XL Release and automating deployments from classic applications to microservices in the cloud with XL Deploy.
SSH connections reach the most sensitive systems in your infrastructure. Many organizations treat them with less login scrutiny than expense report applications. SSH should be integrated with SSO and other layers of security and logging without bogging down DevOps teams.
Organisations are speeding up their digitalisation and cloud adoption process. To achieve business agility in the competitive global market, protect the brand reputation, many businesses are turning to DevSecOps.
But it's not as simple as it might look to roll out a successful DevSecOps program. In this talk Ema will share what are the other industry related drivers to increase secure coding hygiene, what are the challenges, how business roll out secure coding program. Ema will also cover the most frequently seen vulnerabilities across all languages that are specific to DACH region, how they related to OWASP Top 10 and SANS Top 25 and link those vulnerabilities to major cyber incidents.
Ema Rimeike is delivering innovative cyber technologies to customers in DACH for the past 10 years. She holds Masters in Cyber Security and is currently a candidate for PhD in Cyber Security and Software Security. Ema's passion is in Software Security, AI, ML, Incident Response, Threat Intelligence space. She is involved in Quantum Computing research that focused on which cyber security skills will be of highest demand in Quantum Computing world and how cyber security will be acted upon in the world of machines.
In diesem 45-minütigen Webinar erstellen wir gemeinsam mit unserem Kubernetes-Experten einen Kubernetes Cluster und deployen eine erste Applikation. Dabei bringen wir Ihnen die Grundlagen von Kubernetes näher und gehen unter anderem auf folgende Themen ein:
Simon Pearce is a System Architect at SysEleven in Berlin Germany since 2013. He has over 15 years of experience in the web hosting industry. With a focus on building distributed systems on public and private clouds. He is responsible for the kubernetes service team at SysEleven. Working on improving the experience of running multiple kubernetes clusters on a openstack cloud with a quobyte storage cluster.
Modern software demands velocity, and traditional “outside in” scanning and firewalling are creating bottlenecks and slowing things down. In this talk, Jeff will approach application security from the “inside out”. We will show you how to create simple agents that get inside a running application (like a profiler or debugger) and give you access to everything you need for fantastic security observability. We’ll demonstrate real agents that identify vulnerabilities without changing any code, scanning, or extra steps. We’ll identify vulnerabilities, analyze access control, and even prevent RCE attacks. Unlike scanning and firewalling, this approach establishes a safe and powerful way for development, security, and operations teams to collaborate. We’ll discuss how software security instrumentation works, how it’s being used in many organizations, and the implications for the practice of application security.
Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.
Containers are all the rage these days. They’re fast, they make deployment easy, they handle dependencies, they slice, they dice, they make julienne fries! But… what are they? What exactly is a container and how does it work? Just how does a container differ from the “old” silver bullet, virtual machines?
Here’s a hint: It has nothing to do with boats, or whales, or shipping. That’s all marketing fluff.
Containers are simply a shorthand name for leveraging newer features of operating system kernels that let the OS lie to programs about how they’re running. In fact, all of modern software is built on lies. That’s what’s useful about it!
To understand how that works, why it’s so useful, and where it’s not, let’s dive into how software actually works on a modern Linux system to see how those kernel features fit into the big picture, building up to “containers” along the way. Pull back the veil of lies and see how your computer really works.
Larry Garfield has been building websites since he was a sophomore in high school, which is longer ago than he'd like to admit. Larry was an active Drupal contributor and consultant for over a decade, and led the Drupal 8 Web Services initiative that helped transform Drupal into a modern PHP platform.
Larry is Director of Developer Experience at Platform.sh, a leading continuous deployment cloud hosting company. He is also a member of the PHP-FIG Core Committee.
Larry holds a Master’s degree in Computer Science from DePaul University. He blogs at both https://platform.sh/ and https://www.garfieldtech.com/.
Some DevOps transformations flourish, but many others are stalling. Why is that? This talk will make the case that Operations is the most predictable differentiator.
So much of the energy in DevOps has been about activities that start in Dev and move towards Ops — continuous delivery, deployment pipelines, automated testing, and of course, the unofficial mantra of “deploy, deploy, deploy.“ However, when it comes to Operations, too many DevOps transformations maintain the status quo and leave questionable Operations practices in place.
This talk will first examine the trouble with the various siloed, ticket-driven, low trust, and centralized practices that have been accepted in Operations for far too long. Then we will look at the specific techniques used by high-performing Operations organizations who are fundamentally transforming how they operate.
Damon Edwards is a Co-Founder of Rundeck Inc., the makers of Rundeck, the popular open source runbook automation. Damon has spent the past 19 years working with both the technology and business ends of IT Operations and is noted for being a leader in porting cutting-edge DevOps techniques to large-scale enterprise organizations. Damon is a frequent conference speaker and writer who focuses on DevOps, SRE, and Operations improvement topics.
Sebastian Meyen is Chief Content Officer at S&S Media. He has been actively involved with the IT industry for more than ten years. As a journalist, he is constantly in touch with thought leaders in software development and architecture. He is editor in chief of the German speaking Java Magazin and program chair of the JAX conferences since 2001. Prior to joining S&S Media, he studied philosophy and anthropology in Frankfurt, Germany.
By embracing DevOps methodology we are living in a different era: one in which the speed of new releases of software products is necessarily much higher than in the past: "Users in the business are happy with that, but security people have a lot of trouble with it". Part of the solution is the integration of automated security testing in the DevOps toolchain. This is crucial to be able to intervene quickly and on time. Every time a new version of application or process is introduced, you know that security is fact-based. This approach is also known as Evidence Based Security Testing. Topics covered are:
How companies can integrate automated security testing into the DevOps toolchain
Example from practice
Evidence Based Security Testing
Presentation is about the following kind: Security Testing, DevOps, Agile Test Automation, Test Tooling, FitNesse, Zap Top 10 OWASP, CI/CD.
Rachid Kherrazi is Unit Manager Testing at Akka Technologies in the Netherlands, a ICT service provider in the High Tech Industry. During his career Rachid obtained experience in quality departments within several companies, but mainly High-tech Industry. Rachid developed strong skills in test automation, test process improvement and project management. Currently he is working on several Testing projects within the Dutch high-tech sector and he is involved in several academic research initiatives focused on Model Based Testing within Europe. Rachid Kherrazi obtained his Master on electrical engineering from the Technical University of Errachidia (Morocco), is a Six Sigma Certified Black Belt and recently obtained his license as an iSQI Certified Model Based Trainer.
Digital transformation requires transformational talent. As more organizations move forward with DevOps, the principle of "shifting left" is opening up opportunities for developers, operational staff, security and others to supplement their core competencies with a broad set of general skills so as to migrate from an I-shaped specialist to multi-dimensional T-shaped professional. T-shaped practitioners are in the highest demand in the talent market today. For most IT professionals, it’s easy to identify the depth of knowledge that forms the stem of the T (e.g., developer). Grooming the right skills for the right role at the top of the T (e.g., testing) can be more challenging. In this session, Jayne Groll will explore emerging trends in DevOps skills modernization by presenting the benchmarks, and insights from the first Upskilling: 2019 Enterprise DevOps Skills Report. The fact-based report was fielded by the DevOps Institute and is based on a detailed global DevOps open community survey as well as interviews with several enterprises, industry and hiring leaders. Groll will also help attendees understand the characteristics of the T-shaped model and provide guidance for getting started in building personal and organizational learning paths.
Jayne Groll is co-founder and CEO of the DevOps Institute (DOI). Her IT management career spans over 25 years of senior IT management roles across a wide range of industries. Her expertise spans multiple domains including DevOps, Agile, ITIL and Leadership.
Jayne is a recognized and respected IT thought leader and influencer. In addition to authoring the Agile Service Management Guide, Jayne has co-authored several IT position papers including “Modernizing IT Operations in the Age of DevOps” that was published in 2018 by IT Revolution.
Jayne is very active in the global DevOps, ITSM and Agile communities and is a frequent presenter at local, national and virtual events.
Docker multi-stage builds were announced 2 years ago, but sadly not all developers are using them.
Using multi-stage builds can result in a much more secure and smaller Docker image. In some cases, you can take a Docker image from 700MB to 20MB, which makes a big difference in the context of CI/CD. In this talk, we will see how to use multi-stage Docker builds and the best practices around them.
Guy Salton is a Solution Architect specializing in the fields of DevOps, Cloud Computing, Kubernetes, Containers, CI/CD and Infrastructure.
Guy shares his technical knowledge by speaking at conferences and Meetups around the world in addition to publishing DevOps-focused blog posts and delivering online webinars.
Heutzutage läuft eine Software nicht für sich allein, sondern agiert mit anderen. Die Kommunikation erfolgt meist über verschiedene Protokolle, sprich: über verschiedene Infrastrukturkomponenten. Gerade beim Testen stellt sich die Frage, wie der Entwickler Tests so schreiben kann, dass sie von einem bestimmten Infrastruktur-Set-up unabhängig sind. Meistens gelingt es nicht und dann wird dieser Teil der Software erst spät bei den End-2-End-Tests geprüft. Doch gerade mit Microservices und dem Paradigma "Wenn etwas schiefläuft, dann so schnell wie möglich" möchte der Entwickler schon zu einem früheren Testzeitpunkt, z. B. bei Entwicklertests, erfahren, wenn in diesem Teil der Software etwas nicht stimmt. Zudem macht die Infrastruktur nicht beim Anwendungscode halt. Mittlerweile wird Infrastruktur immer mehr mit Hilfe von Code (Provisionierungsskripte, Dockerfiles, (Shell-)Skripte etc.) beschrieben und automatisiert. Auch bei diesem Code möchte der Entwickler sicher gehen können, dass er so funktioniert wie erwartet. Dieser Vortrag zeigt anhand einer Java-Anwendung, wie man mithilfe von 3rd-Party Libraries die Infrastruktur in den Tests der Anwendung einbinden kann, ohne sich gleich von einer bestimmten Infrastruktur abhängig zu machen. Darüber hinaus, wird darauf eingegangen, wie die Qualität des Infrastrukturcodes gesichert werden kann, angefangen bei klassischen Provisionierungswerkzeugen bis hin zu Containern.
Sandra Parsick ist freiberufliche Softwareentwicklerin im Java-Umfeld. Seit 2008 beschäftigt sie sich mit agiler Softwareentwicklung in verschiedenen Rollen. Ihre Schwerpunkte liegen im Bereich der Java Enterprise Anwendungen, agilen Methoden, Software Craftsmanship und in der Automatisierung von Softwareentwicklungsprozessen. Darüber schreibt sie gerne Artikel und spricht gerne auf Konferenzen.
In ihrer Freizeit engagiert sie sich in der Softwerkskammer Ruhrgebiet, einer Regionalgruppe der Software Craftmanship Community im deutschsprachigen Raum. Außerdem ist sie Java Champion und Mitglied im Oracle Groundbreaker Ambassador Programm.
What does it mean for our software and systems to be resilient during a global pandemic? What does Resilience mean when there's not only technical impact, but it affects the talented engineers tasked with keeping it all running? What does it mean to be Resilient as we all adjust to the "new normal" we're confronted with? We'll discuss the questions and some potential answers, through the lens of how the Netflix Critical Operations & Reliability Engineering (CORE) team grappled with the situation and what we're thinking for the future.
J. Paul Reed began his career in the trenches as a build/release and operations engineer. After launching a successful consulting firm, he now spends his days as a Senior Applied Resilience Engineer on Netflix's Critical Operations & Reliability Engineering (CORE) team, focusing on incident analysis, systemic risk identification and mitigation, applied Resilience Engineering, and human factors expressed in the streaming leader's various sociotechnical systems.
Easy-to-understand monoliths are giving way to distributed systems: microservices, serverless, meshes, and proxies in every possible combination. These systems offer developers the freedom to build new features and technology faster, as they are no longer beholden to the elaborate release processes associated with monolithic architecture.
But, like all good things, there is a price: distributed systems are inherently difficult to operate and maintain. When something breaks—which it invariably will—how can you quickly comb through the myriad dependencies? How can you separate good hypotheses from bad ones?
Learn how observability helps developers understand multi-layered architectures: what’s slow, what’s broken, and what needs to be done to improve performance.
Yoann Lechevallier works at Lightstep as a Solution Engineer based in London. Prior to Lightstep, Yoann worked as a Professional Service consultant at Splunk, IBM. While at ATOS, he was a benchmark engineer working on the development of a NUMA server. Yoann worked also for several startups such as BlueData and Seanodes as Solution Engineer and consultant.
Applications built over the years carry historical design assumptions, such as that a few hours of downtime for maintenance upgrades every six months is acceptable. Today, embracing continuous delivery practices means more frequent releases, which means more downtime.This is the problem Poppulo faced and successfully overcame, going from monthly deployments with a couple of hours of downtime to zero-downtime deployments on demand. Pierre Vincent will show that by mapping out a deployment process, it becomes possible to progressively reduce its impact on users. He will also give practical advice on how to avoid downtime, such as online database migrations or progressive application rollouts. Finally, he will go through the operational improvements required to have consistent, repeatable, and observable deployments so that you can have the confidence to run them with live traffic.Zero-downtime deployments don’t mean that everything stays up, or that everything is immediately running the latest version; they simply mean users don’t notice a thing while all this is happening.
Originally from a software development background, the rise of DevOps drove Pierre Vincent to become more involved in how systems actually run in the real world and how he could make a difference helping others care about the applications they release to production.
Pierre is currently Head of SRE at Glofox, where he’s responsible for the continuous delivery platform and the operations of the cloud infrastructure.
Pierre is also a certified OSCP penetration tester and loves a good challenge on HackTheBox!
DevOpsCon Berlin 2020 Online Edition will be performed with the video platform bigmarker.com. You can easily take part with your internet browser, with no need to install any additional software.
Teilnehmen und Gewinnen!
Ausgefeilte Ingenieurskunst und modernste Technik vereint in einer Drohne: Mit der Mavic-2-Pro und ihrer ikonischen Hasselblad-Bildqualität, entdeckt ihr die Welt der Luftbildfotografie in herausragender Detailgenauigkeit völlig neu.
Meldet euch jetzt für die Online Edition an und gewinnt mit etwas Glück eine Mavic-2-Pro-Drohne im Wert von 1499 €!
Main conference day for free for all registered attendee of any DevOpsCon Edition 2020! Attendees will also receive a 25 % discount for the workshop day. The invitation will be send to the email address used for the conference registration.