QCon10Years
SAVE THE DATE FOR QCON SF 2018

Conference: Nov 5-7, 2018
Workshops: Nov 8–9, 2018

Presentation: You Build It, You Secure It

Track: DevOps: You Build It, You Run It

Location: Ballroom BC

Duration: 10:35am - 11:25am

Day of week: Monday

Level: Intermediate

Persona: Architect, Developer, DevOps Engineer, General Software, Technical Engineering Manager

More talks on:

Share this on:

Abstract

Early on in the "cloud" era, Werner Vogels offered his famous quote "You Build It, You Run It". With DevOps this has become a mantra for shared responsibility between developers and operations. Operations learned how to process infrastructure as code and participate early in the supply chain of a service's life cycle. Developers learned that they had responsibilities to enable and in many cases operationalize their service. Now there is a new movement to include and collaborate in a similar way with Security. This is all part of the ideal approach where we "shift everything left" in the delivery pipeline.

In this session, we will talk about how developers and operators can include security in all parts of the delivery pipeline, and implement security gates in the same way as they implement code test gates.

Speaker: John Willis

Vice President of Devops and Digital Practices @SJTechnologies

John Willis is Vice President of Devops and Digital Practices at SJ Technologies. Prior to SJT he was the Director of Ecosystem Development for Docker, which he joined after the company he co-founded (SocketPlane, which focused on SDN for containers) was acquired by Docker in March 2015. Previous to founding SocketPlane in Fall 2014, John was the Chief DevOps Evangelist at Dell, which he joined following the Enstratius acquisition in May 2013. He has also held past executive roles at Opscode/Chef and Canonical/Ubuntu. John is the author of 7 IBM Redbooks and is co-author of the “Devops Handbook” along with authors Gene Kim and Jez Humble.

Find John Willis at

Speaker page

@botchagalupe
LinkedIn

Similar Talks

Open Source Software Security AMA w/ Guy Podjarny
Co-founder @Snyk.io
Guy Podjarny
Agile to DevOps. A Better Way?
VP of Marketing @CollabNet
Thomas Hooker
Control Flow Integrity Using Hardware Counters
Chief Technology Officer @Endgame
Jamie Butler
Control Flow Integrity Using Hardware Counters
Director of Vulnerability Research @Endgame
Cody Pierce
From Threat Hunting to Crowd Defense
Chief Technology Officer, SVP Research @NSFOCUS
Richard Zhao
DevOps 2.0 - When Everyone Can Run What’s Built
CEO & Co-Founder @LaunchDarkly
Edith Harbaugh
Servlet vs Reactive: Choosing the Right Stack
Spring Framework Committer @Pivotal
Rossen Stoyanchev
The Security Challenges & Issues From SGX Practice
Chief Security Architect @Alibaba Cloud
Xiaoning Li
Towards Memory Safety in Intel SGX Enclave
Security Scientist @Baidu X-Lab
Dr. Yu Ding

.

Tracks

  • Architectures You've Always Wondered About

    Architectural practices from the world's most well-known properties, featuring startups, massive scale, evolving architectures, and software tools used by nearly all of us.

  • Going Serverless

    Learn about the state of Serverless & how to successfully leverage it! Lessons learned in the track hit on security, scalability, IoT, and offer warnings to watch out for.

  • Microservices: Patterns and Practices

    Stories of success and failure building modern Microservices, including event sourcing, reactive, decomposition, & more.

  • DevOps: You Build It, You Run It

    Pushing DevOps beyond adoption into cultural change. Hear about designing resilience, managing alerting, CI/CD lessons, & security. Features lessons from open source, Linkedin, Netflix, Financial Times, & more. 

  • The Art of Chaos Engineering

    Failure is going to happen - Are you ready? Chaos engineering is an emerging discipline - What is the state of the art?

  • The Whole Engineer

    Success as an engineer is more than writing code. Hear inward looking thoughts on inclusion, attitude, leadership, remote working, and not becoming the brilliant jerk.

  • Evolving Java

    Java continues to evolve & change. Track covers Spring 5, async, Kotlin, serverless, the 6-month cadence plans, & AI/ML use cases.

  • Security: Attacking and Defending

    Offense and defensive security evolution that application developers should know about including SGX Enclaves, effects of AI, software exploitation techniques, & crowd defense

  • The Practice & Frontiers of AI

    Learn about machine learning in practice and on the horizon. Learn about ML at Quora, Uber's Michelangelo, ML workflow with Netflix Meson and topics on Bots, Conversational interfaces, automation, and deployment practices in the space.

  • 21st Century Languages

    Compile to Native, Microservices, Machine learning... tailor-made languages solving modern challenges, featuring use cases around Go, Rust, C#, and Elm.

  • Modern CS in the Real World

    Applied trends in Computer Science that are likely to affect Software Engineers today. Topics include category theory, crypto, CRDT's, logic-based automated reasoning, and more.

  • Stream Processing In The Modern Age

    Compelling applications of stream processing using Flink, Beam, Spark, Strymon & recent advances in the field, including Custom Windowing, Stateful Streaming, SQL over Streams.  

SCHEDULE

Conference for Professional Software Developers

Follow QCon

Contact

Menu

QCons around the World

Qcon