API World + CloudX + Dev Innovation Summit 2024

Kevin Hunt, Cloud Storage Security, CTO

Ransomware attacks, breaches, data exfiltration, and insider disclosures are occurring every day around the world. Legacy thinking on providing data security has been focused on the application and platform or operating system. This leads to a somewhat chaotic data security landscape that is likely to have holes and missed handoffs. Modern enterprise systems use and store data using the most effective platform that delivers the convenience and performance required. This open-ended approach to data handling should be addressed through an equally open and flexible approach to securing data regardless of where it is stored or how and when it is used.
Businesses should take a holistic view of their data security to ensure that unintended gaps and inconsistencies that may open the door for threat propagation are detected and mitigated. Enacting multiple layers of data management practices ensures that both stored and inflight data is clean.
This keynote will draw on the Data Security Maturity Model (DSMM) to illustrate the challenges developers and users face in the open landscape of current application deployments. Placing a strong focus on a layered framework that provides consistent and robust security for data as it is used, this approach incorporates seamless malware scanning and detection that provides a constant watch for irregularities and threats.

Live virtual demo and Q&A with Chris Petterson, VP of Solutions.

Overwhelmed by Kubernetes support requests? Empower your developers to self-serve on Kubernetes and take control.

Accelerate project delivery, reduce errors, and cut costs by enabling developers to manage Kubernetes deployments independently.

In our live demo, discover how mogenius can help your team tackle cloud-native challenges and ensure consistent delivery with customized workflows for independent lifecycle management, all while maintaining compliance and reducing DevOps reliance.

Our team is ready to answer your questions.

Budhaditya Bhattacharya, Tyk, Developer Advocate
Supreet Nagi, Northwestern Mutual, Assistant Director Systems Software Engineering

NorthWestern Mutual is one of the largest financial services providers in the United States with 5 million+ customers and 6700+ financial advisors. APIs are a core part of our business and are supported by a highly mature API platform engineering team.
In this case study, we learn how we combined seamless API creation and centralized governance using an automated workflow-based model to drive an exceptional DevX.
We will examine a combination of tools, such as K8S, KEDA, Jaeger, and OTel, that enabled the creation of our API platform, along with changes to people and processes.
What we will cover:
1. Key challenges when balancing API creation & governance at scale
2. Implementing an automated workflow-based governance model
3. Metrics of success & outcomes achieved
4. How to execute a similar API platform strategy using the platform engineering maturity model
Ultimately, this session provides real-world examples and insights into best practices for implementing this model within your company.

Tim Erlin, Wallarm, VP of Product

Securing modern applications requires new thinking. As the prevalence of application programming interfaces (APIs) increases, and the exponential increase in API calls grows, attackers are taking notice. Attackers have shifted their primary focus from web applications to APIs and most security teams haven’t adapted. Since APIs are inherently more exposed than traditional web apps, security teams must rebalance their efforts to ensure defenses are strongest where attacks are actually occurring. The session will cover:

Introduction to API Security Requirements
Cross-referenced API Security Best Practices
A Security Maturity Model for API Security
3 Ways to Close Remaining Security Gaps
Q&A

Iddo Gino, Lunar, Advisor & Investor

With the AI craze taking over the world, a race is on to develop capable autonomous AI agents. For these agents to offer meaningful capabilities - they need to integrate with the outside world to get access to current information and be able to take actions on behalf of users. Two common approaches battle on for this - creating API integrations and using screen scraping. Each approach has advantages and risks - this session will introduce both approaches in depth, provide real world technical examples, and discuss when to choose which one!

Gagan Kapahi, Optum, Sr. Principal Engineer and Director of Engineering

With proliferation of multi cloud, hybrid cloud, digital architectures and micro services, security and reliability of APIs has become very critical and important.

Majority of the organizations today spend a lot of time and resources on chasing the problem and the root cause.

With the right blend of synthetics and enhanced observability strategy, organizations can save huge amount of time chasing the problem and instead spend more time rolling out new features and problem solving.

Let's hear more from us on how this overall synthetics and observability strategy leads to improved user experience (UX) and digital outcomes.

Sterling Chin, Postman, Senior Developer Advocate

Sterling presents a comprehensive playbook for navigating the AI API landscape, which has been rapidly evolving since the AI revolution began in late 2022. We'll explore how APIs have become the cornerstone of AI accessibility and implementation across industries.

Attendees will gain actionable insights on how to implement and maximize the potential of AI APIs in their organizations. This playbook approach will equip participants with the knowledge to make informed decisions, overcome common challenges, and stay ahead in the rapidly advancing field of AI.

Whether you're new to AI implementation or looking to optimize your current strategies, this talk will provide valuable, real-world guidance for harnessing the power of AI through APIs.

You'll Learn:
1. How to evaluate AI APIs
2. Open Source or Close Source?
3. How to create a playbook on implementing AI APIs in your products

Ishneet Dua, Amazon Web Services, Senior Generative AI Solutions Architect
Parth Girish Patel, Amazon Web Services, Sr AI/ML Architect

The rapid growth of generative AI brings promising innovation and, at the same time, raises new challenges around its security, safe, and responsible development and use. These challenges include some that were common before generative AI, such as bias and explainability, and new ones unique to generative models, including hallucinations, toxicity, and intellectual property protection. During this session, participants will gain an overview of the challenges that generative AI presents, survey the emerging science surrounding these challenges, and engage in a discussion about the hands-on, security, and Responsible AI work currently being conducted on AWS.

Matt McLarty, Boomi, CTO & VP, Boomi Innovation Group

As AI becomes more prevalent, communication between API endpoints is expanding rapidly. The current API economy is just the tip of the iceberg compared to what lies ahead in an AI-driven future. In this landscape, APIs are crucial for enabling AI integration and readiness, fundamentally transforming application development.

Discover techniques for strategic AI implementation, responsible automation, and effective API management to establish an AI-ready enterprise. Whether you’re an API developer, AI practitioner, or business stakeholder, this talk will provide insights for effective AI orchestration and turning AI readiness into a competitive advantage.

Key Takeaways:
- Practical methods to enhance AI integration with APIs
- Using AI ethically with APIs
- Insights on achieving AI readiness and avoiding pitfalls

Carl Moberg, Avassa, CTO and co-founder
Amy Simonson, Avassa, Marketing Manager

Enough manual actions. Enough slow handovers. And enough K8mplexity.

For many innovative enterprises today, the journey to the centralized cloud has shaped the way of working when it comes to container orchestration and observability. Now, developers and IT teams are increasingly also managing containers at the distributed on-site edge and in IoT environments, which risk becoming a mind-boggling task due to the resource-constrained, distant nature of IoT and edge.

In this session, we address the challenges related to deploying, monitoring, observing, and securing container applications at the edge. We also present hands-on examples of what a self-service developer experience can look like for the container applications at the distributed edge and IoT infrastructure. It's automated, it's application-centric and it's astonishingly easy.

In this demo, we’ll showcase how to secure APIs using Auth0 Fine-Grained Authorization (FGA). As modern applications require more sophisticated access control, traditional methods like role-based access control (RBAC) can fall short. Auth0 FGA provides a more flexible and scalable solution by enabling developers to define and enforce granular permissions and policies.

We’ll walk through the process of setting up Auth0 FGA to protect your APIs, demonstrate key concepts, and show how to implement dynamic, relationship-based access controls. By the end of this demo, you’ll have a clear understanding of how to secure your APIs using Auth0 FGA while delivering a seamless user experience

Booth #606

Improve API quality and remediate errors with a GenAI API Assistant
Hunter Kouchi

Vishal Motwani, Numbers Station AI, Founding Product Manager

Unlock the power of AI in data analytics with Numbers Station's bespoke platform. Join Vishal Motwani, Founding Product Manager of Numbers Station, and uncover how Large Language Models (LLMs) are revolutionizing production-level data workflows. 

Via a multi-agent architecture and embeddable API, Numbers Station is built to seamlessly integrate with your existing knowledge sources—dashboards, databases, APIs, dbt, query logs and more. Numbers Station’s AI agents actively search, query, analyze, and take it two steps further—suggesting the next best action and automating downstream tasks in real-time.

Whether you're looking to embed Generative AI into legacy systems or elevate your organization's data capabilities, this session offers a glimpse into the future of AI-powered analytics that won't disrupt your current infrastructure. Don't miss this opportunity to supercharge your data strategy!

Gaganjot Kaur Kang, Sony Interactive Entertainment, Software Engineer

This session is geared towards equipping software engineers, technical managers, and business owners with an in-depth guide to optimizing API performance. Attendees can expect the following key takeaways:

- Explore fundamental principles and top practices to grasp the importance of API performance optimization.
- Acquire knowledge of API architecture patterns through real-world examples, aiding in the development of data-intensive applications.
- Discover strategies for bolstering the speed, scalability, and reliability of APIs.

Jagrut Sharma, Adobe, Senior Software Engineer

Unlock the power of managing infrastructure through code in this dynamic session! You'll dive into the fundamentals of infrastructure as code (IaC) with a focus on AWS CloudFormation. Step-by-step, you'll learn how to write your first template to efficiently create, update, and delete cloud resources.

By the end of this hands-on workshop, you'll have added a valuable skill to your repertoire and be equipped with the knowledge to further explore the vast possibilities of infrastructure as code. Join to enhance your technical skillset and embark on a journey of continuous innovation in cloud infrastructure management.

Jannik Reinhard, BASF, Senior Solution Architect

In this session I will guide you from how to start with a CoPilot to deploy and own Azure Open AI instance to use cases which brings benefit to your company. We will also have a look how to build custom solution with the power of Azure.

- Takeaways:
- What is a copilot and how you can use it in your daily business
- How to setup Azure Open AI
- How can you build a custom solution with help of Azure.

Ken Huang, DistributedApps, CEO and Chief AI Officer

This presentation introduces a comprehensive framework for testing and validating the security of generative AI applications, particularly those built on large language models (LLMs). Developed by Ken Huang (the Speaker) and World Digital Technology Academy's AI Safety, Trust, and Responsibility (STR) working group, the framework addresses the new attack surfaces and risks introduced by generative AI.

The standard covers the entire AI application stack, including base model selection, embedding and vector databases, prompt execution/inference, agentic behaviors, fine-tuning, response handling, and runtime security. For each layer, it outlines specific testing methods and expected outcomes to ensure AI applications behave securely and as designed throughout their lifecycle.

Key areas of focus include model compliance, data usage checks, API security, prompt injection testing, output validation, and privacy protection. The framework also addresses emerging challenges like agentic behaviors, where AI agents autonomously perform tasks based on predefined objectives.

Timothy Spann, Zilliz, Principal Developer Advocate

In this talk I walk through various use cases where bringing real-time data to LLM solves some interesting problems.

In one case we use Apache NiFi to provide a live chat between a person in Slack and several LLM models all orchestrated via NiFi and Kafka. In another case NiFi ingests live travel data and feeds it to HuggingFace and OLLAMA LLM models for summarization. I also do live chatbot. We also augment LLM prompts and results with live data streams. All with ASF projects. I call this pattern FLaNK AI.

Aman Sardana, Discover Financial Services, Senior Principal Application Architect

Have you ever wondered what it takes to create resilient and highly available platform services that support mission-critical software systems? Please join me to find out how you can set the right strategy and foundational architecture for building platform services that businesses can trust for their most critical workloads.

Payment systems that support real-time transaction processing are expected to be highly available and highly responsive 24/7/365. These systems must be fault-tolerant and resilient to any failures that might happen during payment transaction processing.
Mission-critical payment systems with distributed architecture often depend on platform services like distributed caching, messaging, event streaming, databases, etc. that should be independently designed for high availability and fault tolerance.
In this talk, I’ll share the approach we took for architecting and designing platform services within the payments domain that can be applied to any domain that supports business-critical processes. This methodological approach starts with establishing a capability view for platform services and then defining the implementation and physical views. You’ll also gain an understanding of other aspects of platform services like provisioning, security, observability, testing, and automation that are important for creating a well-rounded platform strategy supporting business-critical systems.

Harsh Sharma, Shell, Associate Software Engineer

How to build API/Interfaces using Azure Integration Services like logic App, APIM, Service Bus, Function App.
 

Neel Shah, Internauts Infotech, Devops Community

In today's world, where environmental concerns are at the forefront of our minds, it's crucial to consider the impact of our actions, including those within the tech industry. Software development, while driving innovation and progress, also contributes to a significant carbon footprint. This is where Green DevOps steps in, offering a powerful solution for building software that is both efficient and environmentally friendly.

Green DevOps refers to the practice of integrating sustainable practices into your software development lifecycle. This means implementing tools, techniques, and methodologies that minimize the environmental impact of software development and delivery. By adopting Green DevOps, you can achieve significant benefits, including:

Reduced energy consumption: Green DevOps practices help optimize resource utilization, leading to lower energy consumption throughout your development process. This not only translates to cost savings but also minimizes the carbon footprint of your software.

Improved resource efficiency: Green DevOps encourages developers to utilize resources wisely, minimizing waste and maximizing efficiency. This can involve practices like code optimization, infrastructure right-sizing, and efficient testing processes.

Enhanced software quality: Green DevOps principles encourage a focus on quality from the very beginning of the development process. This leads to fewer bugs and defects, resulting in software that is more reliable and requires fewer resources to maintain.

I would cover most of this topics in my talk.

Management capabilities to Traefik OSS in seconds.

No rip and replace. No learning curve. All awesome.

Speaker: Shaun Empie, Principal Solutions Architect

Sumeet Kumar Agrawal,  Informatica, Vice President Product Management

As GenAI adoption accelerates, enterprises are increasingly turning to low-code and no-code API development to democratize access and spur innovation. However, deploying GenAI applications within large organizations poses unique challenges, including a shortage of skilled resources, navigating complex enterprise data landscapes, staying relevant with rapidly evolving GenAI models and frameworks, and the difficulty of scaling AI projects beyond proof of concept.
Join us for an insightful session where we explore overcoming these challenges with a GenAI-powered integration API solution. We will discuss strategies to democratize GenAI across various user personas, contextualize its use for future-proofing, create LLM agnostic GenAI orchestrations, and achieve enterprise-grade scalability. Learn how to leverage the right data management tools to build successful GenAI apps that are easy to use, grounded with high-quality and trusted enterprise data, and protected from bias and privacy breaches.

Brett Bush, LogicGate, Staff Software Engineer: Platform

Within API-First development, a dichotomy has formed: Code-First or Design-First. Are these approaches destined to be adopted in polarized isolation, or rather, are they equally valid phases of a healthy API development cycle? This presentation will reveal a new way to visualize the cyclical nature of Code-First and Design-First API development, discuss parallels to Test-Driven development, and explore the benefits unlocked from leveraging both methodologies in tandem. 

Michael Kwan, Broadcom, Architect

Quantum computing seems like a distant-future technology, but if you consider the pace of enterprise modernization, the quantum threat may be just around the corner - and APIs are a primary target. When is Q-day exactly? Nobody knows yet, but equally unknown is the scale of the corrective measures that will be required of your API infrastructure.

In this presentation you will learn:
- How quantum computing introduces a new security risk
- What is the API-specific exposure associated with this threat
- How and when do you need to start preparing your APIs
- What will be the costs in terms of computing resources and API retrofit projects
- What we are learning from post-quantum API security research and initial tests so far

Greg Leffler, Splunk, Director of Developer Evangelism - Observability

As organizations have moved to the cloud and increased their pace of innovation to ship software more often, it becomes harder to validate the impact of changes – both to their business and to their customers’ experience. That’s where Observability comes into play. Observability has emerged as a critical aspect of cloud native applications due to its ability to provide comprehensive insights into the complex and dynamic environments these applications operate within. By enabling real-time monitoring, tracing, and logging, observability allows users to proactively identify and resolve performance issues, improve reliability and build better digital experiences. This is crucial in helping organizations lower the cost of unplanned downtime and be more resilient.

Downtime not only results in direct financial losses, often quantified in thousands of dollars per minute for large enterprises, but also incurs indirect costs such as reduced customer satisfaction, loss of trust, and potential long-term reputational damage. To illustrate these benefits, we will demonstrate a troubleshooting scenario in a microservice environment using an advanced observability tool, showcasing how timely insights can present and resolve issues efficiently. As a result, investing in robust observability tools and practices is essential for maintaining the reliability and efficiency of cloud native applications, ultimately supporting business continuity and growth.

Gursimar Singh, freeCodeCamp, Author

In the dynamic realm of cloud infrastructure, security remains a paramount concern. As organizations strive to fortify their digital assets against evolving threats, integrating security seamlessly into infrastructure development processes becomes imperative. DevSecOps offers a compelling framework for achieving this synergy between security and infrastructure operations.

This anticipated session at CloudX 2024 will provide actionable insights tailored to infrastructure professionals. The session will provide expert insights on establishing and sustaining a highly effective DevSecOps framework, anchored in five foundational tenets that prioritize people, tools, and processes.

Parth Shah, Cruise, Staff Software Engineer
Bianca Tamayo, Cruise, Staff Software Engineer

In today's micro services world, it is far too common for an API service to explode at an unbounded rate. The journey starts off as a shiny new micro service, which was designed to contain APIs for 1 business entity, becoming so heavily utilized that over time, it evolves and turns into a massive monolith, which contains hundreds of APIs for dozens of business entities. In the early days, new features could be introduced and rolled out within a few hours. Now, a small database schema change takes a few days or weeks to roll out. In this madness, how do you effectively and efficiently decompose and modernize your monolith? This session goes over a real world case study of how a group of 5 engineers decomposed a 160+ API monolith into smaller and focused micro services with 0 outages, 0 downtime, increase in overall service availability from 99.9% to 99.999%, decrease in latencies from 15% to 95% and ability to handle 90x more traffic with a reduced resource footprint (68% reduction in compute and 55% reduction in memory).
 

Alain Chautard, Angular Training, Expert Web Consultant

We will test a web application from scratch using Cypress. Step by step, we will learn about Cypress features, implement those in our tests. We will be testing various aspects of the application (navigation, clicks, user input), and see how to debug and improve our tests, make then more readable, and even how to mock the server-side in order to test more scenarios on the front-end.

Cameron Delano, F5, Sr Strategic Architect 
Corey Ball, Moss Adams, Senior Manager - Penetration Testing

F5 secures and optimizes traffic for some of the largest AI projects in the world, and organizations are planning to spend an average of 18% of 2025 IT budgets on AI implementation.
What many are missing is that outside of a few edge cases, nearly all training, usage, attacks, and data loss against AI models come through APIs, and APIs themselves expose critical information about models such as data labels and confidence scores, facilitating model theft, transfer attacks, and other issues unique to securing LLMs.
In this session, we’ll talk about the ties between AI security, APIs, and how to structure a Defense in Depth architecture to secure your AI factory and models from the beginning, rather than after the fact.

Shashank Ashtikar, M9, Co-Founder & CTO

With the viral adoption of AI driven by commercially available LLMs newer venues of business have opened up. These new business models are driven by the likes of Co-pilots and virtual agents that bring in tremendous productivity gains across business workflows. Concepts like Generative AI and Conversational AI have already gained mainstream popularity. A new branch of AI that is gaining momentum is that of Agentic AI. This talk is geared towards identifying mechanisms that make inter-agentic communication possible and the ontology of such interactions solving for needed concepts of roles, tasks, memory, tools, context and prompts for a scalable and reliable inter-agentic business workflow.
 

Todd Little, Oracle, Chief Architect Oracle Transaction Processing Products

Microservices are currently the architecture du jour for building cloud native applications. This session will describe how microservices, each with their own database, can work together to ensure the data they maintain is consistent with the databases of other microservices.
Deciding on a pattern to guarantee data consistency is dependent upon many factors. This session will describe some of those factors and provide practical solutions to ensuring data consistency across a broad range of microservices.
At the completion of this session, attendees should understand that it's more important to determine the context and requirements for their application than just going with the current mantra. Hopefully this will lead them to consider simpler design patterns that have been discarded for no other reason than someone decided they're an anti-pattern.

Fred Koopmans, BigPanda, Chief Product Officer

Context is fundamental to well-run tech operations: With the right context, IT teams can better understand their systems, interpret real-time data quickly, and facilitate better incident management to achieve operational efficiency. But too often, gathering the necessary context is a lengthy, inconsistent, and elusive process. IT teams are forced to grapple with fragmented tools, siloed workflows, and inconsistent manual processes, which have turned context collection into a definitive pain point for the ITOps industry. Teams are losing out on precious time, money, and attention that should be directed towards digital transformation and innovation.

The tech industry has recently transformed thanks to the AI boom: ITOps is at a critical juncture where AI can enable faster, more efficient ITOps as well as deliver Full-Context Operations. Fred Koopmans, Chief Product Officer of AIOps platform BigPanda, will speak to the promise of Full-Context Operations – the process of unifying IT teams’ tools and processes with AI to provide the institutional knowledge needed to address every incident immediately. He’ll dive deep into the ways that teams can tangibly benefit from having the right context, outlining how the IT industry can leverage AI to collect comprehensive and contextual data to help operators achieve better incident resolution. Fred can share detailed proof points from developing BigPanda’s AI-powered assistant that was purpose-built for delivering full context in IT operations. With Full-Context Operations, the IT industry can finally fulfill the long-sought-after promise of AIOps, putting AI into practice to deliver unprecedented operational efficiency.

Ed Olson-Morgan, Marsh McLennan, Core API & Innovation Lead

Driving value from generative AI isn't just about large language models. Integrating them with the right data, services and supporting capabilities through APIs is just as important.

Learn how Marsh McLennan's Generative AI Services project built an API-based environment to nourish AI experimentation and underpin AI impact through production applications serving their 90,000 employees as well as a world-wide client base.

Akash Bhaskar, Cisco, Software Architect

This technical session will demonstrate software and configuration compliance use cases through CI/CD pipelines on network devices. A fully functional Jenkins pipelines will be discussed including tools and concepts like code management, artifact management, orchestration, testing.

Based on the concepts and tools mentioned in this session, network engineers can quickly build their own pipelines and take advantage of well tested approach in their network operations. The session will be tool independent where a certain concept will be introduced along with potential tool.

Brenton House, IBM, Principal Cybersecurity and AI Advisor

Generative AI has revolutionized the tech world in the past months. With its insatiable thirst for data, all eyes have turned to APIs and the security (or lack of) protecting them. Large data breaches have become so common that security researchers are overwhelmed with the terabytes of leaked data finding its way to the Dark Web. Learn both the ugly secrets behind cyber threats and the successful strategies used to stop them.
 

Naveen Achyuta, Roblox, Network Reliability Engineer

While CI/CD practices are well-established in software development, the networking field is still adapting to these methodologies. This presentation demonstrates a method for validating network configurations in a lab environment, both pre- and post-deployment, to build confidence before implementing changes in production networks. Using open-source tools, custom scripts, and containerlab, we'll walk through each step of implementing a CI/CD pipeline. This approach not only enhances confidence in network deployments but also bridges the gap between traditional networking practices and modern DevOps methodologies. 

Ramnivas Laddad, Exograph, Co-Founder

Rust has been the most loved programming language for the past eight years, as highlighted by StackOverflow's developer survey. Its acclaim is backed by adoption from tech giants like Microsoft, Google, and Meta. Rust's blend of expressiveness, performance, safety, and fearless concurrency makes it ideal for multi-core CPUs. Additionally, Rust's ability to compile into WebAssembly enables seamless execution in browsers and edge computing environments.

Mastering Rust can be challenging, especially for developers with a background in non-system languages. Adopting Rust with the right mindset and suitable projects is crucial for a smooth transition and successful implementation.

In this talk, we will explore Rust's core principles and provide practical guidance for developers experienced in Java, TypeScript, and like languages. We will highlight projects where Rust excels, offering high value with minimal risk.

Dominik Rampelt, APICHAP, CEO & Co-Founder

Artificial Intelligence is rapidly transforming every facet of our lives, including the way we approach API development. In this talk, we will explore the profound impact AI will have on developers and the necessary steps to harness its full potential. The future of API development will focus heavily on an API-Contract First approach, where developers become architects defining APIs and data flows. The implementation will then be assisted by various AI tools.

Join us to discover how tools like APICHAP enable developers to implement APIs for your services and integrate with any datasource in just a few seconds. Learn how to leverage the power of AI in your daily development work. In the future, the best API developers won't just write code—they'll design the blueprint for AI to follow.  

Amol Gote, Innova Solutions, Solutions Architect

In the evolving landscape of financial services, implementing a cash flow underwriting system aims to expand credit access and enhance risk assessment. This session will cover an approach that leverages open banking, machine learning, and dynamic underwriting rules to provide creditworthiness evaluation beyond traditional credit scoring methods. It will cover the case study of iCreditWorks - a Fintech organization where this pattern was implemented.

The system consists of four critical components:

(1) A financial data aggregator to securely link customers' bank accounts, utilizing open banking APIs and traditional integration techniques.

(2) Collaboration with a specialized partner that employs machine learning models to analyze transaction data, generating a comprehensive cash flow score and identifying verifiable income.

(3) Developing and implementing underwriting rules that integrate the cash flow score and income data to make informed lending decisions.

(4) The seamless integration of these components into a mobile application and backend infrastructure, ensuring a user-friendly experience and efficient loan application processing.

This session discusses the cash flow underwriting system's design, implementation, and strategic significance. It highlights its potential to extend credit access by surpassing traditional credit scores and opening new avenues for financial inclusion and risk assessment. It also introduces a technical implementation approach for cash flow underwriting by integrating multiple services and using open banking for bank account linking for transaction data.

Celina Stewart, Neuvik Solutions, Cyber Risk Lead

Although many organizations incorporate security into the Software Development Life Cycle, it is often treated as a compliance requirement rather than a purpose-built feature. Not treating security as a feature during the design process can lead to rework, extra complexity, or investment in functionality that does not actually address risk effectively. Further, poor integration of security can have a negative impact on otherwise well-designed applications and cause friction in user experience.

This talk encourages attendees to go beyond traditional threat modeling and defense-in-depth techniques to incorporate security as a purpose-built feature in applications. Attendees will receive tactical guidance on how to incorporate security proactively in the design process. Techniques discussed will include: how to use the organization’s risk outlook to prioritize security features; how to avoid unnecessary development costs by proactively anticipating friction in user experience; how to evaluate tradeoffs and invest in the security features needed to prevent the greatest risks.

Amit Chauhan, Yugabyte, Principal Engineer

The infrastructure of major cloud providers and private data centers spans countries and continents. This makes it possible to build multi-region microservices that serve user requests with low latency from nearly anywhere, tolerate all sorts of possible outages, and comply with data regulatory requirements.

This hands-on session introduces you to design patterns for building scalable and fault-tolerant microservices that span distant locations. You'll learn the patterns by building a sample microservices. We'll start with a traditional single-region configuration and then switch to a multi-region setting. In the end, we'll have a working prototype of an microservices that handles user traffic with low latency in North America, Europe, and Australia.

Andy Suderman, Fairwinds, CTO

It's been 10 years since Kubernetes came on the scene and became synonymous with running containers at scale. Suddenly everyone needed to run their apps in Kubernetes.

Or did they?

I'll discuss the different real-world scenarios where Kubernetes makes sense, and where it doesn't. We'll talk about how the hype of technology can get you into trouble, and how to evaluate when Kubernetes is the right call for your business. Don't walk down the dark alley....unless you need to.

Vamsi Ravula, Red Hat, Developer Advocate
Hugo Guerrero, Red Hat, Sr Principal Developer Advocate

Locationless API management is a paradigm shift in API governance and security. This innovative approach allows organizations to efficiently manage their APIs distributed across multiple clouds and clusters without exposing them publicly over the internet. Instead, it leverages a sophisticated layer seven service network, offering a secure and seamless solution for API management. By operating locationless, businesses can maintain a high degree of control and privacy over their APIs, mitigating the risks associated with public exposure while facilitating efficient communication between services across diverse deployment environments.

A Layer 7 service network provides the necessary infrastructure to establish secure connections between services, regardless of location. Through this network, APIs can be efficiently managed and accessed within a controlled environment, ensuring that sensitive data and functionalities remain protected. This locationless API management approach not only enhances security but also streamlines operations, as it minimizes the complexities of public-facing API management. As organizations continue to prioritize data privacy and security, locationless API management, powered by technologies like a Layer 7 service network, emerges as a game-changing solution that empowers businesses to securely manage and utilize their APIs without the need for public internet exposure.

Derric Gilling, Moesif, CEO

A discussion on what are healthy metrics foryour developer program and ways to improve like Time to First Hello World (TTFHW) and integration rate. What does it mean to build a good Developer Experience and some tips on where you can improve. 

Pamela Deason, Marketing Manager for Broadcom with draw a name to receive a Soarington Drone!

Mike Milner, Trend Micro, VP Cloud Technology

As cloud native environments become more secure, attackers are shifting their focus to infiltrate the software supply chain. Securing the software supply chain starts at the beginning of the development process and continues throughout the application’s development lifecycle, but the complexity means that it is easy to miss links in this chain.

This session will construct a threat model that includes everything from the developer work stations, the code and open source libraries that make up an application, to the entire pipeline of building and deploying an app and the teams that maintain it.

Attendees of this session will:
• Understand the steps needed to manage and ensure the security of a broader software supply chain considering quickly evolving tech innovations.
• Learn how to determine the best tools for tracking the software development lifecycle in cloud-native settings.
• Discover how new generative AI tools can help automate some of the monotonous tasks such as fixing or updating older or broken code.

Guatam Gupta, Intuit, Technology Leader

Discover how Generative AI can revolutionize developer productivity, enabling teams to achieve unprecedented efficiency. This talk will explore cutting-edge AI tools and techniques that automate repetitive tasks, optimize code, and streamline workflows. Attendees will learn practical strategies to integrate Generative AI into their development processes, boosting creativity and accelerating project timelines. Ideal for software developers, team leads, and tech enthusiasts looking to harness the power of AI to enhance their productivity and deliver high-quality software faster.

 Robert Krohn, ServiceNow, SVP Engineering

In this session, Robert Krohn SVP Engineering at ServiceNow will examine how software teams can become expert practitioners of DevOps at scale. Starting with a DevOps overview, the keynote will then examine best practices for engineers to develop, deploy and operate the code they build for products that reach millions of customers every day. For products that require stringent uptime, have complex architecture and multi-tenancy, the goal is to operationalize a DevOps model. 

Ayesha M. Ali, Metavisionaries, Co-Founder / Creative Director

This session will explore the transformative potential of APIs in the realm of Fusion Tech Art and interdisciplinary content creation. Emphasizing the integration of frontier technologies such as Artificial Intelligence (AI) and Machine Learning (ML), we will discuss how APIs serve as the vital connectors enabling seamless communication and collaboration across diverse creative fields. Participants will gain insights into how APIs facilitate innovative approaches that merge art, technology, fashion, and more.
Objectives:
• Introduce the Concept of Fusion Tech Art: Explain the importance and impact of Fusion Tech Art in the modern digital and creative industries.
• Highlight the Role of APIs: Discuss how APIs act as the backbone of integrating AI, ML, and various creative disciplines.
• Demonstrate Practical API Integration Techniques: Showcase new interdisciplinary approaches enabled by APIs and practical techniques that can be adopted by entrepreneurs and creatives.
• Case Study: Present a detailed case study of my project sent to space in collaboration with NASA and SpaceX, illustrating the power of API-driven integration.
• Ethical and Sustainable Practices: Address the ethical considerations and sustainability issues related to API-driven AI and tech projects, both on Earth and in space.
Session Outline:
1. Introduction to Fusion Tech Art:
• Definition and significance of Fusion Tech Art in contemporary creative practices.
• Overview of how APIs enable the integration of AI, ML, and other technologies into creative projects.
2. Current Landscape of Frontier Technologies:
• In-depth look at the latest developments in AI, ML, and their applications through APIs.
• Examples of cutting-edge tools and platforms that utilize APIs for interdisciplinary integration.
3. Seamless Interdisciplinary Techniques through APIs:
• Step-by-step guide on adopting an interdisciplinary approach using APIs.
• Demonstration of API functionalities that enable the merging of art, technology, fashion, and other fields.
4. Case Study: Art Project to Space via APIs:
• Detailed narrative of my project sent to the International Space Station (ISS) with NASA and SpaceX, focusing on the API integrations that made it possible.
• Insights into the creative process, collaboration, and execution of the project.
• Lessons learned and tips for aspiring creatives and entrepreneurs on leveraging APIs.
5. Ethics and Sustainability in API-Driven Fusion Tech Art:
• Discussion on the ethical implications of using APIs in AI and content creation.
• Sustainability discourse and its importance in tech-driven projects.
• How to ensure responsible and sustainable practices when utilizing APIs in creative projects.
Target Audience:
• API developers and technologists interested in the creative applications of their work.
• Artists and designers looking to integrate technology into their projects using APIs.
• Entrepreneurs and creatives seeking innovative interdisciplinary approaches.
• Educators and students in the fields of art, technology, and design.
Expected Outcomes:
• Increased awareness and understanding of Fusion Tech Art and the role of APIs in enabling it.
• Practical knowledge of API-driven tools and techniques for merging diverse creative disciplines.
• Inspiration from real-world examples and successful case studies.
• A framework for ethically and sustainably implementing API-driven AI and tech in creative projects.

Jeremy Snyder, FireTail.io, CEO and Founder

To start off, Jeremy will summarize key points and findings from extensive research into the API security landscape in 2024 with a look at our growing reliance on APIs and how APIs are increasingly being used as an attack surface.

Then, he’ll go over statistics on API proliferation and recap key developments from 2023, including the OWASP Top 10 Update 2023 and the impact AI is having on API security. He will pay particular attention to the massive expansion of API calling capabilities that came via recent OpenAI Updates and the overall impact of AI on API security.

Jeremy will then look at increasing regulatory oversight, the current shift toward personal accountability for CISOs and what this means for cyber security against a backdrop of increasingly sophisticated API attacks.

Jeremy will present real-world examples and show what we can learn from them, while drawing on data from a decade of data breaches, including notable cases like Points.com, moveIT, Money Lover and bugs in West Bengal and Rajasthan government websites, as well as others.

Jeremy will analyze API breaches by primary and secondary attack vectors and compare these findings to what we witnessed in 2023.

Finally, this talk will provide the actionable insights and practical advice needed to help you implement effective API security strategies across your organization. Jeremy will cover the 6 pillars of API security needed for companies to secure their APIs, as well as guidance on implementing authentication, authorization, input validation, encryption, and regular security assessments.

Overall, this talk will emphasize the importance of API security, summarize findings from the last 12 months, explore the trends we’re seeing in cyber security and make predictions for the rest of 2024, as well as providing recommendations and tips for improving cybersecurity postures.