All Day DevOps preview: Don't miss these 10 sessions

This year, All Day DevOps 2017, a free, 24-hour online conference starting at 3 am Eastern on Oct. 24, will offer attendees over 100 presentations.

Here are 10 you shouldn't miss.

[ Special Coverage: All in on All Day DevOps ]

1. Keynote: Everything is Quantum

As the race for quantum computing systems continues to evolve rapidly, the threat to modern cryptography is becoming more pressing. New strategies and clear options are needed to ensure data protection for the near- and long-term, says Jaya Baloo, chief information security officer (CISO) of Netherlands-based KPN Telecom, and recipient of the 2015 Cyber Security Executive of the Year Award.

In her keynote presentation, Baloo will discuss current developments and projects in quantum computing, set against the background of ever-increasing persistent government surveillance. "Specifically, Jaya will talk about relating quantum physics and quantum mechanics to how we do software development,” said All Day Dev Ops Co-Founder Mark Miller, senior storyteller and DevOps Community Advocate at Sonatype. “She knows that quantum mechanics is something that isn’t everyday language, so she tries to bring it to the audience as something that’s understandable and [talk about] how it’s going to influence the future of productivity and software development.”

2. A better approach to innovation

David Robertson, a senior lecturer at the MIT Sloan School of Management and author of The Power of Little Ideas: A Low-Risk, High-Reward Approach to Innovation, will speak about how companies can improve their innovation initiatives.

The idea behind the book is that "you start with a core concept—find out where your core product is—and then you build ancillary services around that core product," Miller said. It "absolutely is critical for the DevOps community to understand because it allows you to focus on what is important and then to supplement that core with services that are going to make it stronger."

World Quality Report 2017-18: The state of QA and testing

3. Contributing methodologies driving DevOps evolution

Over time, DevOps has evolved into something much broader than a way to help IT development and operations teams work better together. In the session "DevSecOps and the DevOps Superpattern," Helen Beal, DevOpsologist for Ranger4, will discuss how many systems of thinking, such as agile, lean, and ITSM, are coming together to produce a set of best practices. The idea is to help DevOps practitioners deliver better outcomes to customers, faster and more safely.

"Safety culture is a critical converging strand,"  Beal said. It ensures "the right levels of governance are in place to mitigate risk around failure, including cyber security," Beal said.

"DevSecOps is particularly interested in safety culture and the relationships between failure, innovation, experimentation, and learning," she added. "Here we’ll look at the principles around shifting left and building security in."

4. Move at the speed of culture

In her session, "Lessons from Our Journey to Infrastructure as a Code," Paula Thrasher, director of digital services at CSRA, will talk about her company’s DevOps tiger team. It implemented full infrastructure automation using the cloud, software-defined networks, and infrastructure as code for both internal IT and its customers at federal agencies.

Thrasher will share the lessons her company learned and the techniques it used, to help attendees make their own transformations to this new model in their organizations.

"I’m going to talk about our infrastructure-as-code migration, which is something that’s been almost a three-year journey," Thrasher said. "With our internal transformation and the ones we've experienced with our customers, the technology isn't really the hard part. A lot of it is changing the processes and making sure you don’t get your automation ahead of your culture."

5. How venture capitalists value products

Are you trying to land venture capital funding for a new product? Ann Winblad, co-founder and a managing director of Hummer Winblad Venture Partners, will tell you "What Venture Capitalists Are Looking For" in a pitch. 

"Ann is a venture capitalist for technology startups," Miller said. She will talk about what a venture capitalist wants to hear and "how they evaluate the value of a product." 

6. Set up an application security pipeline

In "Creating an AppSec Pipeline with Containers in a Week: How We Failed and Succeeded," Jeroen Willemsen, principal security architect at Xebia, will explain how to easily create an application security pipeline and the pitfalls associated with automated testing. Willemsen will talk about how he created an app sec pipeline using a set of Docker images that would provide feedback both to the security/risk team and to the developers.

"I will share my experience regarding setting up an application security pipeline and what you can get done in a week," he said. "I will explain the basics of what you can/should automate and how you can move forward."

7. Measure the right things

In his session, "Measuring DevOps: The Key Metrics that Matter," Anders Wallgren, chief technology officer at Electric Cloud, will offer practical advice on several metrics as the keys to high-performing organizations. He'll discuss release frequency, failure rate, mean time to recovery, cycle times, and lead time. He'll also outline some of the more qualitative indicators, such as employee culture and its effect on productivity, retention, and more.

"I'll then share some success stories from organizations that have chosen to focus on some of these KPIs, and how the lessons they've learned apply to our own journey," he said. "To track all these metrics, we'll also look at automation, and how it can simplify your metrics collection and enable visibility and insight throughout your pipeline."

8. How to design and build secure apps

Organizations must adopt an approach that incorporates security awareness throughout the entire development process. In the seminar "Securing Modern Applications," Mike Douglas, solution consultant for Deliveron, will discuss why every role should be responsible for ensuring that applications are built to properly handle identity and access, ensure that transport meets secure code requirements, and secure the data behind the application.

Topics Douglas will cover include the importance of addressing security throughout the entire development process, how to architect an application—including the OWASP Top Ten and open-source components—to detect and prevent vulnerabilities, and how to verify that code is secure during development by running automated penetration tests as part of the continuous integration/continuous deployment process.

9. Do microservices with an event-driven approach

Without communication, the power of microservices falls apart, according to László-Róbert Albert, chief software architect at Jive Software. But communication can also become a bottleneck if not handled properly. One answer is REST, which only works up to a certain point. In his presentation, "Event-Driven Microservices," Albert will show attendees an alternative way of doing microservices.

"One of the fastest things out there is Apache Kafka, so we will show you some advantages of using it as your central event bus," Albert said.

10. How to detect vulnerabilities in Docker images

Although Docker is a great technology that helps developers build and deploy the infrastructure of an application in one source code image, security is one of its biggest challenges. In his talk, "Testing Docker Images Security," Jose Manuel Ortega, a software engineer, web developer, and public speaker in Spain, will discuss the best practices and lessons learned from security reviews on Docker images deployments.

Ortega will present an overview of a typical Docker deployment process, explain the attack surface and threats with Docker images, and discuss how to detect vulnerabilities in source images with code analysis techniques. He will end the session with best practices for remediating these vulnerabilities.

For more on those presentations and nearly 100 others, register for the All Day DevOps 2017 online conference. The event is free, and recordings will be available on YouTube after the event concludes.

World Quality Report 2017-18: The state of QA and testing
Topics: DevOps