InnoTech Austin

For the past 12 months, Q2 has been on the journey of adding application security to the charter of our DevOps team. This has presented a number of challenges from organizational, talent development and interesting technical problems to solve.

In this session, I'll discuss the lessons we learned while tackling these challenges and the outcomes we've been able to achieve as a result.

- How to break down silos internally and externally
- The necessary feedback loops between policy development and technical enforcement and governance
- How to reduce technical debt in an Agile ecosystem
- How to secure tens of thousands of production container workloads
- How we approach API security and the gaps of traditional AppSec tools
- How to use automation projects to engineer ourselves out of operational churn

For many companies, security is only done at the edges. Today, there is a movement to shift security left and requiring source code to be more secure. Where companies want to go is an extension of the platform engineering team where tools, automation and processes have security best practices baked in. This allows companies to gain confidence that that once the source code is packaged and deployed they know that everything like InfraAsCode, artifact, APIs, deployment environments are compliant and secure. In this session, we will look at how projects like SLSA, Duffel, SAST, DAST and others play a critical role to your DevOps maturity.

Automation is hard! And the more you build, the more complex it gets! Even more critically, how can we keep that complexity from exploding as we scale?

The answer is to treat your automation like code! Infrastructure as Code (IaC) is a process that uses proven approaches from hyper scale operators and development practices.

In this talk, we will cover proven IaC techniques to help you make infrastructure automation more consistent, repeatable and governable. We'll talk about advanced processes that allow you to scale DevOps automation across multiple teams, multiple sites and multiple system types. Most importantly we’ll discuss how to reuse automation that's already proven in the community so you can stop maintaining low value one-offs and custom Integrations.

In 1982 Dr. Edwards Deming published a book called "Out of the Crisis." dealing with his frustration leading up from the prior decade. He was 82 years old; he wasn't writing this as a get-rich management consulting book. Dr. Deming wrote it as a stark warning for everyone, manufacturing, healthcare, government, and education alike. Fast forward forty years, and imagine what he would say today if he were alive today. Take, for example, the Knight Capital story, a configuration mistake in a High Frequency Trading (HFT) algorithm that purchased an errant 150 different stocks in 45 minutes, at a total cost of around $7 billion. In this presentation, we will look at the Knight Capital incident through some fundamental DevOps principles with the lens of Dr. Demings System of Profound Knowledge.

Chef helps organizations detect and correct security issues before they go into production. This helps you reduce risk, increase speed, and improve efficiency

It's not about whether you're in the cloud but how you utilize the Cloud. Many established companies/businesses began their hosting journey in private or colocation datacenters. The reality of a complete cloud transformation is challenging, if not unrealistic, due to factors such as financial constraints, application modernization, and organizational readiness.

Distributed and Hybrid Cloud migrations are more realistic as cost can be controlled, compliance and governance remains centralized, and unified control planes make technology adoption and skillset transitions less painful.

Come listen to Q2's journey about public cloud transformation and how the journey to cloud through Distributed Cloud computing made this transition successful.

Chaos engineering is becoming a standard to test the resiliency and performance of cloud native applications. It allows you to validate assumptions, catch loopholes, and generally improve resiliency in your Kubernetes cluster.

This talk will focus on the specific experiments that will improve Kubernetes Clusters, application performance, and cover open source tools in the ecosystem, including Litmuschaos, Kraken, and Chaos Mesh.

At the end of the talk, the audience will understand the basics of experiments, apply them in their organizations, and describe the caveats of this new methodology!