Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Alanna Burke
2023-04-19
tldr - powered by Generative AI
The importance of good documentation in improving productivity, retaining customers, and managing changes in a company.
- Good documentation is easy to understand, gets to the point, and has been vetted for accuracy
- It includes the author and date, and addresses the right audience
- Visual elements such as headings, callouts, and tables make documentation more engaging
- Documentation tools such as Markdown, Read the Docs, and Confluence can help standardize and streamline the process
- Empowering contributors and creating a positive feedback loop can encourage more people to write documentation
- Managing documentation should be an official part of everyone's job description
Conference: Global AppSec Dublin 2023
Authors: Chris Romeo
2023-02-15
tldr - powered by Generative AI
The presentation discusses common failures in DevOps security and provides solutions to address them.
- Failure to prioritize security in DevOps
- Lack of collaboration between security and development teams
- Inadequate training and education on application security
- Inefficient use of tools and technology
- Lack of integration of threat modeling in DevOps process
- Vulnerable code in the wild
Conference: Global AppSec San Francisco 2022
Authors: Joshua Bregler, Corbin Moyer
2022-11-18
Make no mistake, secure development relies on automation. In a DevSecOps culture, having scalable, reliable tools and processes are the only way to make DevSecOps a reality. Creativity and technical chops are lauded for their ability to bring magic from the machines. However, is anyone in charge of making sure that your organization is automating the right things? How much attention is being paid towards supporting that automation across an Enterprise? The security is baked in, right? It may just be possible to focus so heavily on automation and tools that disparate teams lose sight of the bigger picture.This talk discusses the pitfall that many organizations trip into all too readily. By focusing forcefully or narrowly on automation, an organization can find itself creating technical debt, waste, and classically unsupportable support systems. We utilize two real-world case studies to clearly demonstrate classic automation problems and propose functional solutions. Audiences will come away with data-driven DevSecOps security management techniques as well as how to recognize and accept the trade-offs in a secure DevSecOps culture. This includes how to avoid creating new, unintended, invisible stove-pipe problems, drawing from our 25+ years of experience in the military and commercial spaces. Finally, we explore methods to find these opportunities, track meaningful metrics, and recognize when you’ve fallen over the edge.
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Alvin Estrada
2022-10-28
tldr - powered by Generative AI
The speaker shares his experience of bringing DevOps to a Software Factory Company in Central America amidst challenges such as limited budget, resistance to change, and lack of English proficiency. The company's digital transformation journey involved implementing automation, cloud adoption, and agile methodologies, which led to a significant reduction in development and testing time. The speaker emphasizes the importance of team transformation and investment in training to cope with methodology adoption. He also highlights the need for documentation and an elite team to help with technology adoption. The speaker concludes by stressing the importance of doing things the right way and the absence of a silver bullet in digital transformation.
- Central American companies face challenges such as limited budget, resistance to change, and lack of English proficiency in implementing digital transformation
- DevOps culture involves implementing automation, cloud adoption, and agile methodologies
- DevOps implementation led to a significant reduction in development and testing time
- Team transformation and investment in training are crucial for methodology adoption
- Documentation and an elite team are necessary for technology adoption
- Doing things the right way is important in digital transformation
- There is no silver bullet in digital transformation
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Leigh Capili
2022-10-27
tldr - powered by Generative AI
The presentation discusses the basics of Kubernetes Role-Based Access Control (RBAC) and how it can be used to create a flexible system that allows teams to work together in deploying cloud-native apps.
- Kubernetes is an operating system that turns servers or cloud data centers into one big computer
- RBAC is the authorization part of the API that lets teams share and block off parts of the computer to run the system
- RBAC is composed of RBAC basics, identity details, common misunderstandings, RBAC's limitations, auditing, and useful patterns for real-world implementations
- RBAC's subjects are users and groups, and apps
- The presentation includes a performance art piece and live demos to illustrate the points discussed
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Divya Mohan, Bill Mulligan
2022-10-26
“How can I get started?” is a common refrain heard from newcomers wanting to enter open source. This talk is the exact opposite - where you shouldn't invest your efforts while getting started. Being a new contributor to open source can be intimidating because you don’t know exactly what is helpful and what could hurt the community and frustrated maintainers. While a part of this gap can be attributed to the choose-your-own-adventure nature inherent to open source, there's already tons of material on how to get started technically. What nobody actually shines light on is the cultural dynamics. With this talk, the speakers aim to retell their experience and list common pitfalls almost everyone (including the speakers!) have made. This isn’t just about the right way to make a PR. The hardest, and most rewarding part, of any community is the people. The audience will learn how to engage in open source to ensure that the community they join will continue to be happy and healthy.