DevOps Talks Conference Australia, Singapore and New Zealand DevOps Talks Conference Australia, Singapore and New Zealand

AGENDA DOTC 2022 IN SYDNEY

Day 1
6 September 2022
8:00 -- 8:50

Reception and Openning

8:50 -- 9:00

Welcome & Opening Remarks

9:00 -- 9:30

Jeremy Meiss - Director of DevRel and Community at Circleci

Things we've learned about better software delivery principles through a pandemic

Since early 2020, software delivery has undergone quite a shift in process and practices and how we understand “high-performing engineering teams.” With anonymous data collected from over 1M+ devs, 45K+ orgs, and 250M+ workflows, we’ve found some interesting insights into better DevOps practices. In this session, we will seek to uncover what this unique dataset can tell us about high-performing teams, and steps to get there as a business.

9:30 -- 10:00

Damon Edwards - Senior Director of Product at Pager Duty

The Role of Automation in Protecting Customer Satisfaction

When failure is inescapable, response capabilities determine our ability to protect customer satisfaction. Join us as PagerDuty’s Jonathan Rende and Damon Edwards discusses the opportunities for improving outcomes by taking a holistic approach to applying automation throughout the entire incident response lifecycle.
From detection and remediation of the underlying technology issues to enhancing customer service interactions, this talk will highlight how high-performing organizations are applying automation to improve customer satisfaction, reduce downtime, and contain the costs of incident response.

10:00 -- 10:30

Peter Lees - Head of Solutions and Innovation, Asia-Pacific at Suse

The Edge “Lots and lots of little (and not-so-little) things (managing scale & hyperscale on the edge (or all of the edges)”.

“The Edge” is both the new frontier and a concept that has been around for ages. However you look at it, it’s clear that the number, capacity & relevance of edge devices and systems is growing exponentially. With the increasing use of containerisation to dynamically push applications to these devices, how can we manage, maintain & secure both workloads & environments at the necessary scale? This session takes a look at examples of edge deployments to see what’s possible and looks at some of the tools & techniques that have been used to address our latest scalability challenge.

10:30 -- 11:00

Break

11:00 -- 11:30

Pat Shueh - VP, Solutions Engineering at Zimperium

"Where’s the Sec in Mobile DevOps?"

DevSecOps: Balancing development and security.

When companies want to produce a mobile app quickly and add in a security element, costs can escalate and the timeframe can elongate. But if organisations do not follow at least the minimum-security requirements, they can find themselves in a dire position.

Moving forward, trust and accountability must be built into the product. As part of this, security architecture must move beyond the pen test and instead be baked into the process from the very beginning.

During the session, Pat will take you through the best practices of mobile application security, including: Application hardening (obfuscation and anti-tampering), Privacy, security and compliance testing, Cryptographic key protection, Runtime threat visibility and protection.

11:30 -- 12:00

Michael Fowler - Technical Account Manager at Checkmarx

Leverage ‘Ahead of Time’ Intelligence to Tackle Supply Chain Vulnerabilities

Open-source libraries have become an essential part of almost all modern applications. Without open-source, software development would be stuck in the slow lane. Not “reinventing the wheel” each time you need certain functionality in an app saves time and effort, and as a result, open-source isn’t going away anytime soon. If anything, it’s becoming more and more widespread. But there’s a certain amount of risk that comes with using open source components, modules, and libraries. Today, it’s increasingly important to protect yourself from these risks.
In this presentation, we will discuss the importance and prevalence of open-source software as well as the ways you can protect yourself from its attendant risks and licensing issues. The goal is to catch issues or threats ahead of time before they can become fatal.

12:00 -- 12:30

Andreas Spanner - Chief Architect at Red Hat

Application Innovation at Scale

‘Shift left’ has been a DevOps paradigm for decades – but new tooling, processes and technologies have challenged this approach when building modern applications. Join Red Hat’s Chief Architect, Andreas Spanner to hear on how devs and ops teams can make the most of new approaches for securing, deploying and testing applications at scale in development and production

12:30 -- 1:30

Lunch

1:30 -- 2:00

Kasun Talwatta - Field Engineer at Solo.io

Solving multi-tenancy security concerns declaratively

The decision to use multi-tenancy on Kubernetes usually comes down to saving costs or making management easier. While multi-tenancy can seem like an appealing solution to many problems such as giving application developers their own space inside Kubernetes clusters, it comes with some tradeoffs. Apart from the obvious issues such as noisy neighbour effect and capacity optimisation, security is one of the most challenging to manage in Kubernetes. This talk focuses on how to manage these multi-tenancy security concerns by leveraging a service mesh empowering tenants to manage their services within an isolated tenancy boundary. Teams can define these boundaries declaratively as code and manage with continuous delivery.

2:00 -- 2:30

Cong Nguyen - Cloud Engineer at IBM

Multi-Cloud GitOps with Red Hat OpenShift

Multi Cloud and Hybrid cloud adoption is becoming increasingly popular as companies look to reduce production risks, vendor lock-in and take advantage of spot pricing from a wide range of vendors. Building a consistent operational model and platform can be challenging to satisfy different stakeholders’ needs from engineering to risk and compliance. The IBM Client Engineering team has developed a GitOps pattern to deploy Red Hat OpenShift clusters and applications with governance, monitoring and cross-cloud communication. This session will walk through the solution and how we went about it.

2:30 -- 3:00

Pas Apicella - Principal Solutions Engineer at Snyk

Developer and runtime Kubernetes security - code to cluster with Snyk

Containers have been a foundational technology enabler in the DevOps movement, and Kubernetes has brought scale and flexibility to the process of deploying multiple containerized workloads across every cloud. Now, for the first time, there’s a security solution that spans the full cycle of DevOps practices for container workloads. It enables developers to build safer containers to run their applications, resulting in a more secure production environment and an ongoing feedback loop for improving and fixing critical issues. Join us to find out how!

3:00 -- 3:30

Break

3:30 -- 4:00

Yulei Liu - Staff Solutions Engineer at Hashicorp

Easy application deployment across any platform with Waypoint

In today’s environment, developers have to deploy, manage, and observe their applications on different platforms & infrastructure. Join Yulei Liu, Staff Solutions Engineer at HashiCorp and learn how you can deploy your application to different platforms via a consistent abstraction layer so you can focus on improving your code.

4:00 -- 4:30

Anthony Rees - Regional Security Solutions Engineer at Lacework

Sort Your Shift (Left) Out

Navigating through the challenging nuances of the DevSecOps world can lead to confused teams, from “being agile, shifting left, delivering continuously, shifting right”, all while the backlog of features continue to grow and get lost in the dark.

The good news is, there is a path to the light. In this session we will learn from the best in the industry, and uncover their practices in deploying on-demand, restoring services in minutes and lowering their change failure rate. We will examine the techniques and technologies these organisations are using to achieve this securely and efficiently while maintaining speed and time to market.

4:30 -- 4:35

Closing Remarks

4:35 -- 7:00

Entertaiment, Networking, Discussions Cocktail Party (oysters, canapes, beverage)

Day 2
7 September 2022
8:00 -- 8:55

Reception and Openning

8:55 -- 9:00

Welcome & Opening Remarks

9:00 -- 9:30

Koray Harman - DevOps Specialist at Splunk

Monitoring to Observability - Empowering DevOps & Digital Business

As applications evolve and the criticality of user experience and digital performance grows, so too does our need for deeper and more timely data.
In this session we’ll discuss how we’ve moved from Monitoring to Observability, how Observability fits into the DevOps loop and why it’s critical to support any organisation aspiring to become a thriving digital business. We’ll also touch on some key topics such as OpenTelemetry, User-Experience, the key pillars of Observability and unlocking business insights.

9:30 -- 10:00

Mel Kaulfuss - Senior Developer Advocate at Buildkite

Applying SRE Principles to CI/CD

The automation of building & testing code with CI/CD enables us to ship code frequently with a high level of trust that bugs won’t impact end-users. Why then are our CI/CD systems still often painfully slow, unreliable & our ability to deliver frequently blocked? Site Reliability Engineering (SRE) aims to reduce the pain caused by unhealthy platforms & processes that affect the reliability & stability of production systems. Join Buildkite’s Mel Kaulfuss as she looks at CI/CD through the SRE lens. Learn how to define meaningful SLOs (service-level objectives) & SLIs (service-level indicators), and use error budgets to tune your test suites & pipelines to manage CI/CD infrastructure & processes just as you would production systems.

10:00 -- 10:30

Mark Lynch - Strategic Account Executive at Aiven

A multi-cloud platform for end to end open source data architectures.

In this talk we present a fully open source, cloud data platform for deploying and operating end to end data architectures.

Even advanced data solutions that contain eg Kafka, Postgres, Redis & Flink can be run across both single (e.g. AWS) and multiple (e.g. AWS + GCP + Azure) public cloud instances at the same time and retain full portability .

Finally we show how this platform integrates with infrastructure as code tools like Terraform and logging and monitoring services.

10:30 -- 11:00

Break

11:00 -- 11:30

Paul Yang - Senior Solution Architect at CloudBees

Loved by Developers, Trusted by Enterprises: How to Manage Jenkins at Scale

Some reports estimate that over 70% of all continuous integration pipelines run on Jenkins. It’s great at helping small teams integrate code multiple times a day. However, as projects and market pressures increase, it’s easy for some of the maintenance that comes with building and using Jenkins pipelines to grow burdensome. We will show you how to extend your existing investment into an enterprise-grade Jenkins environment that makes software development repeatable, auditable and scalable with the industry’s leading DevOps technology platform.

11:30 -- 12:00

Ram Sankaralingam - Chief Technologist at Micro Focus

Elevating DevSecOps & Software Delivery with Value Stream Management

As organisations compete in new digital arenas, it is imperative to deliver secure, high-quality applications and services rapidly. On top of that, software delivery should align strategically with business priorities and include early testing for potential security risks and vulnerabilities.
Key takeaways you can expect to learn by attending this Micro Focus presentation include:
• Why Value Stream Management (VSM) is critical for your organisation
• Optimising software delivery & aligning to strategic objectives with VSM
• Utilising VSM platform to orchestrate Continuous Security
• Shift Left Security – Benefits & best practices

12:00 -- 12:30

Michael Snowden - Pre-Sales AppSec Engineer at Micro Focus

Elevating DevSecOps & Software Delivery with Value Stream Management

As organisations compete in new digital arenas, it is imperative to deliver secure, high-quality applications and services rapidly. On top of that, software delivery should align strategically with business priorities and include early testing for potential security risks and vulnerabilities.
Key takeaways you can expect to learn by attending this Micro Focus presentation include:
• Why Value Stream Management (VSM) is critical for your organisation
• Optimising software delivery & aligning to strategic objectives with VSM
• Utilising VSM platform to orchestrate Continuous Security
• Shift Left Security – Benefits & best practices

12:30 -- 1:00

Andrew Hinde - Regional Manager at Delphix

Leading with DevOps and Compliance to Drive Transformation

Every technology leader must harness high velocity data and software delivery to enable digital transformation. Product innovation with speed and quality is mission critical for organisational survival. DevOps supports these goals, with key principles of automation and shift left.

Organisations must also ensure they are fuelling DevOps efforts with high quality and compliant data. Many organisations have proven that when managing data effectively, they can transform software delivery and meet their compliance obligations. In this session, Delphix will share how the leaders of multiple global organisations have devised strategies and best practices for achieving digital transformation via DevOps.

1:00 -- 2:00

Lunch

2:00 -- 2:30

Derek Bingham - Senior Developer Advocate at AWS

Automating CI/CD on AWS with GitHub Actions

If you are using GitHub as a source code repository, combining GitHub Actions with other CI/CD services (like AWS CodeBuild) is a simple and powerful way to deliver feature-rich CI/CD pipelines. In this session, we will develop an end-to-end CI/CD pipeline that can execute unit tests, build a container image, upload the container image to Amazon ECR and update an Amazon ECS Task Definition for every commit to the GitHub repository. You will leave with an understanding of how to use GitHub actions to deploy applications to AWS and how additional integration with AWS CodeBuild unlocks additional capabilities.

2:30 -- 3:00

Madura Eleperuma - Observability Technical Specialist at IBM

Observability in the Modern Enterprise (with Mary-Jane Goddard)

Learn how Instana discovers, maps and monitors all services, infrastructure components and their inter-dependencies, providing the actionable information with full context needed by site reliability engineering (SRE) and DevOps teams to optimize pipelines and applications.

3:00 -- 3:30

Mary-Jane Goddard - Principal Technical Sales Leader at IBM

Observability in the Modern Enterprise (with Mary-Jane Goddard)

Learn how Instana discovers, maps and monitors all services, infrastructure components and their inter-dependencies, providing the actionable information with full context needed by site reliability engineering (SRE) and DevOps teams to optimize pipelines and applications.

3:30 -- 4:00

Dave Stanke - Developer Advocate at Google Cloud

What’s new in DevOps? Updates from the DORA research program

For nearly a decade, the DevOps Research and Assessment group, or DORA, has studied engineering teams’ practices and the outcomes they achieve. Data from thousands of practitioners are rigorously analyzed to compose a predictive model of key capabilities for succeeding in today’s competitive technology context. In 2021, the research included areas of inquiry including the use of cloud computing, technical documentation, and site reliability engineering (SRE). This talk presents key findings and actionable recommendations that any team can apply, plus a preview of the forthcoming 2022 State of DevOps Report.

4:00 -- 4:30

Break

4:30 -- 5:00

Rajesh Bavanantham - Director – Product Management at Nginx

API Lifecycle & Security: How To Configure Less, But Achieve More

Scaling your APIs & Data planes should not be a cumbersome task for your Devs and Ops in day-to-day life. In today’s fast-paced digital era, time to market is crucial without compromising the security aspect of the APIs and data planes. Let’s witness how NGINX offer low touch config to on-board APIs and data planes and how it maximises the outcome – security & governance – you desire for your organization.

5:00 -- 5:30

Baruch Sadogursky - Head of DevOps Advocacy at Jfrog

DevOps for developers (or maybe against them?!)

“DevOps” is the operations people’s crafty plan to make developers do other people’s work, but we are smart enough to see right through this naive rebranding trick!
Baruch suggests you think about it: we, the developers, have written all the code. It passes all the tests; it obviously works and works well (Are we a little proud? We are!); so we are DONE.

Now, out of the blue, a bunch of “thought leaders” (all with an operations background, mind you!) are trying to tell us that we have to learn YAML, Docker, Kubernetes, and Terraform to deploy our software because suddenly it is our concern?!

5:30 -- 5:35

Closing Remarks

5:35 -- 7:50

Entertaiment, Networking, Discussions Beer, Fingerfood

WORKSHOPS
5 September 2022 1:00 PM - 5:00 PM

Get Started with Istio with Certification Option

Microservices can be complicated and difficult to manage. These complexities have given rise to a new solution called service mesh. Istio is the most dominant service mesh in production today per a CNCF survey in late 2020. This workshop explains how to get started with Istio by incrementally adopting Istio and observing the benefits that Istio service mesh brings to you. We will explore various functions and benefits that Istio provides to your organization. We cover the following topics in this workshop:

1. Install Istio
2. Secure services with Istio Ingress Gateway
3. Add Services to the Mesh
4. Secure interservices communication with Istio
5. Control Traffic

This workshop is intended for developers and operators. Anyone responsible for the delivery of microservices will find the workshop valuable. We assume you are just learning about Istio and service mesh.

*Duration is approximately 2.5 hrs but some labs may run longer.

This workshop also includes a certification option. This credential, offered by credit with Solo.io, certifies that you possess the introductory skills to install, secure services, add services to the Mesh, secure interservices communication, and control traffic. At the completion of the workshop, you will be able to take an assessment, and a score of 80% or higher earns the certification.

WORKSHOPS
8 September 2022 1:30 PM - 5:00 PM

End-to-End Observability

Get insights into your applications and infrastructure in real-time with the help of the monitoring, analytics and response tools of the Splunk Observability Cloud.

This Hands On Workshop will take you through the best-in-class observability platform for ingesting, monitoring, visualizing and analyzing metrics, traces and spans. During this technical Splunk Observability Cloud Infrastructure Monitoring and APM Workshop you will build out an environment based on a lightweight Kubernetes cluster.

The workshop also introduces you to dashboards, editing and creating charts, creating detectors to fire alerts, Monitoring as Code and the Service Bureau

By the end of these technical workshops you will have a good understanding of some of the key features and capabilities of the Splunk Observability Cloud.

WORKSHOPS
8th September 2022 8:30 AM - 12:30 AM Hotel CBD Fourth Floor, 52 King Street, Sydney

Embracing DevSecOps Workshop

It is no secret that moving fast is a requirement in the DevOps world, but trying to keep pace while retaining efficiency and security integrity proves challenging in the industry. Join this hands-on workshop to gain best practices on protecting your organisation from technical debt and exposure to risk through collaborative exercises. This workshop is designed for technical leaders and their team members to uncover best practices to gain control on continuously improving DevSecOps practices and culture within their organisation.

WORKSHOPS
5 September 2022 2:00 PM - 4:00 PM

Capture The Flag, Live Hacking competition

Audience: Developers, Security Architects, DevOps Engineers , AppSec Engineers

Problem Statement: Using hints/tips hack your way into live running applications to capture the flag

Benefit: CTFs are a way to build security skills and learn by doing

Capture the Flag (CTF) is a competition where teams and individuals compete to solve security challenges. The one that collects most flags the fastest wins the competition (and typically, prizes).

The DOTC CTF is a live competition and a great way to learn by doing and experience firsthand how hackers can exploit applications

 

Requirements:

Sign up to Snyk at app.snyk.io

Install the Snyk CLI https://docs.snyk.io/snyk-cli/install-the-snyk-cli

 

Install NPM https://docs.npmjs.com/downloading-and-installing-node-js-and-npm

 

Install Python https://www.python.org/downloads/

 

Hints / Tips

  • Clink on the various links available under hints and take down notes for anything that seems potentially useful
  • Snyk App is your friend scan what we provide you using the Snyk UI or the Snyk CLI
  • Google, it’s obvious right?

WORKSHOPS
8 September 2022 3:00 PM - 6:30 PM

CircleCI Connect Developer Workshop

Join us for CircleCI Connect Sydney; gain new CI/CD skills for building and deploying applications + drinks and networking.

Where: Tank Stream Labs, Level 7, Sydney Startup Hub, 11 York Street, Sydney 2000

Agenda

You will walk through two sessions of best practices for creating CI/CD pipelines in a knowledge-packed.

CircleCI 101: CircleCI Basics

  • What CI/CD is, why it matters
  • Basic CI Pipelines
  • Config FIle
  • Run the pipeline

CircleCI 102: Intermediate CI/CD

  • Time savings with orbs
  • Using Insights to understand builds at every level of the organisation
  • Faster builds with Parallelism

Ask Me Anything session + networking drinks and finger food

WORKSHOPS
8 September 2022 9:00 AM – 12:00 PM

DevOps Data Automation

Agenda:

Join this hands-on workshop to learn how you can speed up application delivery at scale by provisioning data to CI/CD pipelines via API. Tools, such as Jenkins, have automated much of the development pipeline, though data is the biggest bottleneck in DevOps delivery. DevOps teams need automation to manage data with the same speed and agility as code. Attend this half-day workshop to explore the benefits of a DevOps data platform for automating data delivery for CI/CD pipelines. Discover how to deliver compliant data into development environments at the same pace and level of automation as DevOps teams deploy code.

In this workshop, you will learn how to:

  • Version-control test data like code
  • Enable point-in-time secure data access within your pipelines
  • Automate your data compliance within your DevOps workflows