Loading…
or to bookmark your favorites and sync them to your phone or calendar.
strong>DevSecOps (CloudX) [clear filter]
Wednesday, November 6
 

10:30am PST

PRO SESSION (CloudX): Which Vault? Don’t Tell Me Your Secret(s)!
Wednesday November 6, 2024 10:30am - 10:55am PST
CloudX -- Stage 1
Michel Schildmeijer, SSC-ICT, Lead Technologist

Secret management is a crucial aspect of DevOps, as it involves the protection of sensitive data that is used by applications and services. Secrets can include API keys, credentials, tokens, certificates, and passwords that grant access to various resources and systems. If these secrets are compromised, attackers can exploit them to cause damage, steal information, or disrupt operations.
One of the challenges of secret management is how to securely store, distribute, and rotate secrets in a dynamic and distributed environment. Traditional methods of hard-coding secrets in configuration files or environment variables are not secure, scalable, or reliable. Moreover, secrets need to be updated frequently to comply with security policies and regulations, and to prevent unauthorized access.
To address these challenges, several tools and frameworks have been developed to provide secret management solutions for DevOps.
These tools can help DevOps teams to implement best practices for secret management.
Speakers
avatar for Michel Schildmeijer

Michel Schildmeijer

Lead Technologist, SSC-ICT
Michel started his career as a medical officer in the Royal Dutch Airforce, with a focus on pharma. After the air force, he continued in pharma, followed by time working in clinical pharmacology. While there, he transitioned to IT by learning UNIX and MUMPS, and developed a system... Read More →
Wednesday November 6, 2024 10:30am - 10:55am PST
CloudX -- Stage 1
  CloudX: DevOps Summit, DevSecOps

11:00am PST

PRO SESSION (CloudX): How We Implemented Zero Trust Security Using Cilium
Wednesday November 6, 2024 11:00am - 11:25am PST
CloudX -- Stage 1
Lakmal Warusawithana, WSO2, Technology Evangelist

Implementing a zero trust approach is essential for security, as it involves verifying and validating every request, irrespective of its origin or location.

In the initial implementation of Choreo, our internal Developer Platform as a Service, we faced challenges in controlling all network access and enforcing authentication, authorization, and seamless network traffic encryption at scale, which is vital for the Choreo cloud service. However, by employing Cilium, K8s, and a cell-based architecture, we were able to develop a scalable platform that upholds zero trust security principles.

The combination of Cilium's eBPF-powered layer 3, 4, and 7 network policies, Hubble Observability, IPSec security, and a cell-based architecture enabled us to address all the critical elements of a zero trust platform successfully.

In this talk, I will detail all the challenges we faced and the strategies we employed to overcome them.
Speakers
avatar for Lakmal Warusawithana

Lakmal Warusawithana

Technology Evangelist, WSO2
Lakmal Warusawithana is the Senior Director - Cloud Architecture of WSO2. Lakmal has a long history of working in open source, cloud, and DevOps technologies and has been Vice President of Apache Stratos PaaS Project. Lakmal has also presented at numerous events, including ApacheCon... Read More →
Wednesday November 6, 2024 11:00am - 11:25am PST
CloudX -- Stage 1
  CloudX: Cloud Architecture & Infrastructure, Cloud Security
 
Thursday, November 7
 

9:30am PST

OPEN SESSION (CloudX): Surging Supply Chain Attacks: Risks and Defenses
Thursday November 7, 2024 9:30am - 9:55am PST
CloudX -- Main Stage
Richard Clark, JFrog, Senior Solutions Architect

As supply chain attacks continue to evolve and proliferate, there is a critical need for organizations to fortify their defenses. Especially with the ever growing usage of open source technology in today’s software landscape, open source vulnerabilities have become a prime target for attackers seeking widespread impact. In this session, Richard Clark, Senior Solutions Architect at JFrog will emphasize the importance of proactive measures, including educating developers to use reputable tools, and adopting software composition analysis to safeguard against the growing menace of supply chain vulnerabilities.

In this session, Richard will also discuss:
How software bills of materials or SBOM standards, such as CycloneDX and SPDX, enhance visibility into software dependencies;
The rapid adoption of faster release cycles in business operations and how it heightens vulnerabilities in supply chain management;
The importance of collaboration between security teams and developers.
Speakers
avatar for Richard Clark

Richard Clark

Senior Solutions Architect, JFrog
Richard is a Senior Solutions Architect with JFrog. He is also an entrepreneur/inventor, having previously run a startup in the Internet of Things space, where he holds technology patents and has been a key member of several M&A startups. In his spare time, he enjoys cooking and traveling... Read More →
Thursday November 7, 2024 9:30am - 9:55am PST
CloudX -- Main Stage
  CloudX: DevOps Summit, DevSecOps

10:30am PST

OPEN SESSION (CloudX): 5 Steps to VEX Success: Managing the End-to-End Workflow
Thursday November 7, 2024 10:30am - 10:55am PST
CloudX -- Main Stage
Cortez Frazier Jr., FOSSA, Principal Product Manager

If you work in vulnerability management or DevSecOps programs, you’re probably familiar with the painful condition known as CVE overload. Each year, tens of thousands of new vulnerabilities are reported, which causes stress and late nights for the teams tasked with remediating them.

And that’s not to mention the herculean tax of distinguishing between potential vulnerabilities and confirmed vulnerabilities. The reality that most vulnerabilities are only potentially exploitable (as determined by the deployed context of each package) also means remediation often results in a lot of wasted time and effort.

A proposed solution is VEX (Vulnerability Exploitability eXchange): a set of formats that communicates vulnerability impact status, whether a vulnerability is exploitable in its deployed context, and mitigation steps. In theory, VEX (when used alongside other prioritization inputs) makes it possible to remediate more efficiently. But as with most security frameworks, efficacy depends on proper implementation.

This talk will cover five steps to leveraging VEX throughout the vulnerability remediation lifecycle, from the time a vulnerability is disclosed to the time you publish and distribute a VEX statement. We’ll cover the tools and workflows teams need to know to effectively use VEX in their organizations.
Speakers
avatar for Cortez Frazier Jr.

Cortez Frazier Jr.

Principal Product Manager, FOSSA
Cortez Frazier Jr. is the product lead for FOSSA’s SaaS and on-premises enterprise applications. FOSSA is a developer tool (in the software composition analysis category) for managing open source license compliance and security vulnerabilities.Before joining FOSSA, Cortez served... Read More →
Thursday November 7, 2024 10:30am - 10:55am PST
CloudX -- Main Stage
  CloudX: DevOps Summit, DevSecOps

1:30pm PST

OPEN SESSION (CloudX): FinOps 2.0: Integrating GreenOps for a Sustainable Cloud Financial Future
Thursday November 7, 2024 1:30pm - 1:55pm PST
API World -- Expo Discovery Stage
Ashish Bhalgat, Thoughtworks, Cloud Practice Lead / Cloud Strategist

In the ever-evolving landscape of financial operations, a new paradigm is emerging—one that not only optimizes costs and maximizes efficiency but also champions environmental sustainability. Join us for an enlightening session as we delve into the world of 'FinOps 2.0: Integrating GreenOps for a Cloud Sustainable Financial Future.'

In this session, we will explore the crucial intersection of financial intelligence and environmental stewardship, where the principles of FinOps seamlessly integrate with the innovative practices of GreenOps. Discover how organizations can go beyond profit margins to embrace a holistic approach that aligns financial strategies with eco-friendly initiatives, paving the way for a resilient and sustainable future.

Learn actionable insights on sustainable cloud usage, carbon footprint tracking, and the balance between cost and sustainability. This session is a must-attend for those looking to drive both financial and environmental performance in their organizations
Speakers
avatar for Ashish Bhalgat

Ashish Bhalgat

Cloud Practice Lead / Cloud Strategist, Thoughtworks
Cloud Solution Architect / Enterprise Architect – Expertise in Cloud Computing, Distributed Systems, IoT Platform, Big Data, Data Engineering, Machine learning application with Computer science professional 18+ years of experience in the Software industry.Currently working as global... Read More →
Thursday November 7, 2024 1:30pm - 1:55pm PST
API World -- Expo Discovery Stage
  OPEN SESSIONS, CloudX

2:00pm PST

OPEN SESSION (CloudX): Shifting the Perspective on Security: Putting Security Back in the Design Process
Thursday November 7, 2024 2:00pm - 2:25pm PST
CloudX -- Main Stage
Celina Stewart, Neuvik Solutions, Cyber Risk Lead

Although many organizations incorporate security into the Software Development Life Cycle, it is often treated as a compliance requirement rather than a purpose-built feature. Not treating security as a feature during the design process can lead to rework, extra complexity, or investment in functionality that does not actually address risk effectively. Further, poor integration of security can have a negative impact on otherwise well-designed applications and cause friction in user experience.

This talk encourages attendees to go beyond traditional threat modeling and defense-in-depth techniques to incorporate security as a purpose-built feature in applications. Attendees will receive tactical guidance on how to incorporate security proactively in the design process. Techniques discussed will include: how to use the organization’s risk outlook to prioritize security features; how to avoid unnecessary development costs by proactively anticipating friction in user experience; how to evaluate tradeoffs and invest in the security features needed to prevent the greatest risks.
Speakers
avatar for Celina Stewart

Celina Stewart

Cyber Risk Lead, Neuvik
Celina Stewart is an expert in cyber risk management at Neuvik, a cybersecurity services company. In her current role, she leads Neuvik’s Integrated Risk Management service line, translating technical findings from Red Team Assessments to cogent, tactical strategies to buy-down... Read More →
Thursday November 7, 2024 2:00pm - 2:25pm PST
CloudX -- Main Stage
  OPEN SESSIONS, CloudX
 
Wednesday, November 13
 

12:30pm PST

[Virtual Exclusive] OPEN SESSION (CloudX): Clearing the Fog and Counting the Hidden Costs of your DevSecOps Journey
Wednesday November 13, 2024 12:30pm - 12:55pm PST
VIRTUAL API World -- Expo Discovery Stage
Darwin Sanoy, GitLab, Field CTO Office

Not having a DevSecOps Maturity Plan is like off-road racing in heavy fog.

This session lifts the fog to help you plan your way around hidden potholes, rocks, cliffs and trees.

An unplanned approach can end up adding substantial friction to the People, Process and Technology of DevSecOps.

In addition to your typical costs, the session will touch on economies of speed, value stream friction and the super-efficiency of aligning workflows with existing human habit loops.

It will also discuss the frequent anti-pattern of comparing scaling-out DevSecOps capabilities to the cost of doing nothing, when it is well known that doing nothing is not really an option.


Every DevSecOps maturity level carries costs - learn how smart choices can mean lower costs, less friction and better outcomes.
Speakers
avatar for Darwin Sanoy

Darwin Sanoy

Field CTO Office, GitLab
Darwin Sanoy has spent his career in strategy, architecture, engineering and coding for scaled provisioning and operations automation. His early career was in enterprise IT automation, mid-career was running a solo business for enterprise automation training and the last decade has... Read More →
Wednesday November 13, 2024 12:30pm - 12:55pm PST
VIRTUAL API World -- Expo Discovery Stage
  CloudX: DevOps Summit, DevSecOps
 
Thursday, November 14
 

9:30am PST

[Virtual] OPEN SESSION (CloudX): Surging Supply Chain Attacks: Risks and Defenses
Thursday November 14, 2024 9:30am - 9:55am PST
VIRTUAL CloudX -- Main Stage
Richard Clark, JFrog, Senior Solutions Architect

As supply chain attacks continue to evolve and proliferate, there is a critical need for organizations to fortify their defenses. Especially with the ever growing usage of open source technology in today’s software landscape, open source vulnerabilities have become a prime target for attackers seeking widespread impact. In this session, Richard Clark, Senior Solutions Architect at JFrog will emphasize the importance of proactive measures, including educating developers to use reputable tools, and adopting software composition analysis to safeguard against the growing menace of supply chain vulnerabilities.

In this session, Richard will also discuss:
How software bills of materials or SBOM standards, such as CycloneDX and SPDX, enhance visibility into software dependencies;
The rapid adoption of faster release cycles in business operations and how it heightens vulnerabilities in supply chain management;
The importance of collaboration between security teams and developers.
Speakers
avatar for Richard Clark

Richard Clark

Senior Solutions Architect, JFrog
Richard is a Senior Solutions Architect with JFrog. He is also an entrepreneur/inventor, having previously run a startup in the Internet of Things space, where he holds technology patents and has been a key member of several M&A startups. In his spare time, he enjoys cooking and traveling... Read More →
Thursday November 14, 2024 9:30am - 9:55am PST
VIRTUAL CloudX -- Main Stage
  CloudX: DevOps Summit, DevSecOps

1:00pm PST

[Virtual Exclusive] OPEN SESSION (CloudX): Unleashing DevSecOps Mastery: The 5 Secrets Every Cloud Innovator Must Know!
Thursday November 14, 2024 1:00pm - 1:25pm PST
VIRTUAL CloudX -- Expo Innovation Stage
Gursimar Singh, freeCodeCamp, Author

In the dynamic realm of cloud infrastructure, security remains a paramount concern. As organizations strive to fortify their digital assets against evolving threats, integrating security seamlessly into infrastructure development processes becomes imperative. DevSecOps offers a compelling framework for achieving this synergy between security and infrastructure operations.

This anticipated session at CloudX 2024 will provide actionable insights tailored to infrastructure professionals. The session will provide expert insights on establishing and sustaining a highly effective DevSecOps framework, anchored in five foundational tenets that prioritize people, tools, and processes.
Speakers
avatar for Gursimar Singh

Gursimar Singh

Author, freeCodeCamp
Gursimar is trying to empower individuals via Education, Mentorship, and Open-Source. He was invited to Paris and presented at the HAProxy Conf 2022 in November 2022. He's a moderator and CFP review committee member for ContainerDays 2023 & 2024 and Staff Member & CFP review committee... Read More →
Thursday November 14, 2024 1:00pm - 1:25pm PST
VIRTUAL CloudX -- Expo Innovation Stage
  OPEN SESSIONS, CloudX

2:00pm PST

[Virtual] OPEN SESSION (CloudX): Shifting the Perspective on Security: Putting Security Back in the Design Process
Thursday November 14, 2024 2:00pm - 2:25pm PST
VIRTUAL CloudX -- Main Stage
Celina Stewart, Neuvik Solutions, Cyber Risk Lead

Although many organizations incorporate security into the Software Development Life Cycle, it is often treated as a compliance requirement rather than a purpose-built feature. Not treating security as a feature during the design process can lead to rework, extra complexity, or investment in functionality that does not actually address risk effectively. Further, poor integration of security can have a negative impact on otherwise well-designed applications and cause friction in user experience.

This talk encourages attendees to go beyond traditional threat modeling and defense-in-depth techniques to incorporate security as a purpose-built feature in applications. Attendees will receive tactical guidance on how to incorporate security proactively in the design process. Techniques discussed will include: how to use the organization’s risk outlook to prioritize security features; how to avoid unnecessary development costs by proactively anticipating friction in user experience; how to evaluate tradeoffs and invest in the security features needed to prevent the greatest risks.
Speakers
avatar for Celina Stewart

Celina Stewart

Cyber Risk Lead, Neuvik
Celina Stewart is an expert in cyber risk management at Neuvik, a cybersecurity services company. In her current role, she leads Neuvik’s Integrated Risk Management service line, translating technical findings from Red Team Assessments to cogent, tactical strategies to buy-down... Read More →
Thursday November 14, 2024 2:00pm - 2:25pm PST
VIRTUAL CloudX -- Main Stage
  OPEN SESSIONS, CloudX

3:00pm PST

[Virtual] KEYNOTE (CLOUDX): Trend Micro -- Utilizing a New Threat Model for Software Supply Chain in Cloud-native Systems
Thursday November 14, 2024 3:00pm - 3:25pm PST
VIRTUAL CloudX -- Main Stage
Mike Milner, Trend Micro, VP Cloud Technology

As cloud native environments become more secure, attackers are shifting their focus to infiltrate the software supply chain. Securing the software supply chain starts at the beginning of the development process and continues throughout the application’s development lifecycle, but the complexity means that it is easy to miss links in this chain.

This session will construct a threat model that includes everything from the developer work stations, the code and open source libraries that make up an application, to the entire pipeline of building and deploying an app and the teams that maintain it.

Attendees of this session will:
• Understand the steps needed to manage and ensure the security of a broader software supply chain considering quickly evolving tech innovations.
• Learn how to determine the best tools for tracking the software development lifecycle in cloud-native settings.
• Discover how new generative AI tools can help automate some of the monotonous tasks such as fixing or updating older or broken code.
Speakers
avatar for Mike Milner

Mike Milner

VP Cloud Technology, Trend Micro
Mike Milner is the VP Cloud Technology at Trend Micro. Between fighting cybercrime for the Canadian government and working for security agencies overseas, Mike has developed a deep understanding of the global security landscape and how the underground economy dictates hacks and drives... Read More →
Thursday November 14, 2024 3:00pm - 3:25pm PST
VIRTUAL CloudX -- Main Stage
  5. KEYNOTES & FEATURED, CloudX
 
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Monday, November 4
Tuesday, November 5
Wednesday, November 6
Thursday, November 7
Tuesday, November 12
Wednesday, November 13
Thursday, November 14
API World -- Expo Discovery Stage
API World -- Main Stage
API World -- OPEN Workshop Stage
API World -- Workshop Stage A
API World -- Workshop Stage B
API World -- Workshop Stage C
CloudX -- Expo Innovation Stage
CloudX -- Main Stage
CloudX -- Stage 1
Dev Innovation Summit -- Main Stage
Expo Hall
Leadership Lounge
RingCentral Events
Santa Clara Convention Center
Santa Clara Convention Center - Lobby
Santa Clara Hyatt Regency Lobby
VIRTUAL API World -- Expo Discovery Stage
VIRTUAL API World -- Main Stage
VIRTUAL API World -- OPEN Workshop Stage
VIRTUAL API World -- Workshop Stage A
VIRTUAL API World -- Workshop Stage B
VIRTUAL API World -- Workshop Stage C
VIRTUAL CloudX -- Expo Innovation Stage
VIRTUAL CloudX -- Main Stage
VIRTUAL CloudX -- Stage 1
VIRTUAL Dev Innovation Summit -- Main Stage
Virtual Expo Hall
  • 1. Badge Pick-up & Registration
  • 2. Experiences & Official Events
  • 3. Expo Hours
  • 4. Hackathon
  • 5. KEYNOTES & FEATURED
  • API World: API Innovation
  • API World: API Strategy
  • API World: Lifecycle
  • API World: Microservices World
  • CloudX: Cloud Architecture & Infrastructure
  • CloudX: Cloud-Native Development
  • CloudX: Cloud Strategy Conference
  • CloudX: DevOps Summit
  • Dev Innovation Summit
  • OPEN SESSIONS
  • Talk Type
  • OPEN Session
  • PRO Session
  • PRO Workshop
  • Track or Conference
  • AI & ML (CloudX)
  • API Case Studies & Success Stories (API World)
  • API Design / Architecture (API World)
  • API Leadership Summit (API World)
  • API Ops & Scalability & Usability (DX) & Testing (API World)
  • API Program Management (API World)
  • API Security / Compliance (API World)
  • API World
  • API World: API Innovation
  • API World: API Lifecycle
  • API World: API Strategy
  • API World: Microservices World
  • API-First Development (API World)
  • APIs (Dev Innovation)
  • Automated Testing & Monitoring & Reporting (CloudX)
  • CI/CD (CloudX)
  • CI/CD / Deployment (API World)
  • Cloud Development Technologies (CloudX)
  • Cloud Development Technologies (Dev Innovation)
  • Cloud Infrastructure (CloudX)
  • Cloud Innovation (AI & Edge & etc) (CloudX)
  • Cloud Security (CloudX)
  • Cloud Talent & Skills (CloudX)
  • CloudX
  • CloudX: Cloud Architecture & Infrastructure
  • CloudX: Cloud Strategy Conference
  • CloudX: Cloud-Native Development
  • CloudX: DevOps Summit
  • Containers & Kubernetes (CloudX)
  • Deployment Strategies (CloudX)
  • Dev Innovation (CloudX)
  • Dev Innovation Summit
  • Developer Tools (Dev Innovation)
  • DevSecOps (CloudX)
  • Digital Acceleration (CloudX)
  • Edge Computing (CloudX)
  • Emerging APIs: AI & IoT & Blockchain & Web3 & XR (API World)
  • Expo Challenge
  • Future of Cloud-Native Computing (CloudX)
  • Hybrid & Multi-Cloud (CloudX)
  • Hybrid APIs & Low Code APIs (API World)
  • Industries: Open Banking & Healthcare & Retail (API World)
  • Infrastructure-as-Code (CloudX)
  • Integration Management (API World)
  • Leadership Lounge
  • Microservices Design & Architecture (API World)
  • Microservices Design (CloudX)
  • Microservices Management (CloudX)
  • Observability (CloudX)
  • OPEN Session
  • Platform Engineering (API World)
  • Programming Languages (Dev Innovation)
  • Roundtables
  • Service Mesh & Containers & Kubernetes (API World)
  • Sponsor Spotlight
  • Virtual
  • In-Person/Virtual
  • In Person
  • Virtual
  • Virtual Exclusive