Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

DevSecOps [clear filter]
Tuesday, September 18


DevSecOps – Security at the DevOps Pace
 Modern development is all about speed and agility, responding to market needs quickly and succeeding (or failing) fast with innovative new ideas. We understand more bugs will make it to production and are willing to pay that price to get a fast-adapting product. Unless, of course, the price is a data breach. 

If security failures are not acceptable, how can we stay secure while moving at such a high pace? How do you "move fast and break things," but don't get broken into? This talk will discuss how to apply security in a DevOps environment (a.k.a DevSecOps), sharing a model and offering practical tips and examples. 

avatar for Geva Solomonovich

Geva Solomonovich

COO, Synk
Geva Solomonovich (@gevasolo) is COO at snyk.io, focusing on making open source secure. He is the founder of the security consulting firm Snowy Peak Security. Geva was previously CTO/co-founder at Openbucks, working on innovation in the online payments space. Before that, Geva held... Read More →

Tuesday September 18, 2018 11:15am - 12:00pm
Foothill C


Mission Possible: Eliminating DevOps Security Roadblocks
Hear how leading DevOps pioneers secure their complex continuous integration/continuous delivery pipelines in scalable, automation-friendly ways that keep developers, operations, audit and compliance teams happy. Gain practical insights into addressing the security challenges with secrets, access keys and credentials, as well as how to reduce over-privilege and eliminate secret duplication. In this session, you'll get practical insights from a DevOps industry pioneer who has deep experience with Jenkins and other leading DevOps tools on how to leverage integrated secrets management solutions to give the CISO security while giving developers agility and velocity.

avatar for Jason Vanderhoof

Jason Vanderhoof

Jason has 10+ years of experience building dynamic, scalable systems, automating infrastructure and deployments, and helping teams operate more efficiently. He believes security, operations and development really can co-exist harmoniously and learn from each other. At CyberArk, Jason... Read More →

Tuesday September 18, 2018 2:30pm - 3:15pm
Foothill C


Introduction to Elastic Container Services on AWS: ECS, EKS, and Fargate
AWS supports a number of different strategies for running your containerized applications in the cloud. In this talk, we provide an introduction to Amazon Elastic Container Service (ECS), Amazon Elastic Container Service for Kubernetes (EKS), and AWS Fargate, Amazon’s compute engine for ECS and EKS that allows you to run containers without managing server or cluster infrastructure.

avatar for Tony Pujals

Tony Pujals

Tony is a senior developer advocate for elastic container services (ECS/ECR/EKS/Fargate) at AWS, a Docker Certified Associate, and Docker Captain. He is fanatical about container technology, microservices, serverless, service mesh, cloud computing, and observability. Feel free to... Read More →

Tuesday September 18, 2018 3:45pm - 4:30pm
Foothill C


DevSecOps at Scale: Using Jenkins Shared Libraries to Accelerate CI/CD Adoption
DevSecOps means incorporating security into the culture, principles and processes created to streamline software release cycles. When working with federal clients on digital transformations, the concept of separation of duties often arises as a challenge in regard to continuous deployment. Learn how to leverage Jenkins shared libraries and the template method design pattern to use a common pipeline across entire agencies, regardless of technology stack. We will go through how to centralize the business logic of an organization's software development lifecycle to incorporate required security testing, while being flexible enough to support any team in order to build a secure supply chain to production.

avatar for Steven Terrana

Steven Terrana

Lead Technologist, Booz Allen Hamilton
Steven is a lead technologist at Booz Allen Hamilton, leading the implementation of CI/CD pipelines across multiple government agencies. A Certified Kubernetes Administrator, Steven leverages Jenkins to incorporate automated testing and security into every step of the software development... Read More →

Tuesday September 18, 2018 4:45pm - 5:30pm
Foothill C


Jenkins X: Continuous Delivery for Kubernetes
The last 5 years have seen a huge change in how we build, package, run and manage software with the rise of Kubernetes, Cloud Native, Microservices and Continuous Delivery. As a result, we all need to get better at delivering business value to our customers faster and continuously with a cloud native strategy - but how?
This talk will introduce you to a new open source project, Jenkins X which is an open source CI / CD platform for Kubernetes based on Jenkins.
After a couple of slides we'll spend most of the talk demonstrating how to get stuff done with Jenkins X:
  • easily setup your own Jenkins based CI / CD system on your cloud of choice
  • quickly get started developing new microservices with automated CI / CD
  • import existing projects with automated CI / CD
  • use Pull Requests to trigger CI, Preview Environments, human approval then a full CD release
  • use automated provisioning to testing, staging, ephemeral and production environments via helm charts and GitOps
After this talk you should be able to develop at full speed with CI / CD in a cloud native way in any language on any cloud or kubernetes cluster! Lets all go faster!


Tuesday September 18, 2018 4:45pm - 5:30pm
Salon 9
Wednesday, September 19


Secure GitOps Pipelines For Kubernetes In JenkinsX
The fundamental principle of GitOps is managing your entire stack through declarative, configuration files, managed in source-control. Changes to infrastructure and application code are managed the same way - pull requests and code review.

This session will focus on using Jenkins X and Grafeas to secure your Kubernetes CD pipeline and supply chain. Through examples, we will show how to extend the default Jenkins X build pipelines with steps to manage container image security, CVE detection and source provenance. Similar to Kelsey Hightower's "Kubernetes The Hard Way", this session will focus on setting up a secure pipeline from scratch, explaining each step in detail along the way.

The goal of this talk is for DevOps engineers to understand how all of these pieces (Kubernetes CRDs, Jenkins X, Grafeas can be combined into a secure system driven by pull requests (GitOps) that meets any organizational culture and processes.

avatar for Dan Lorenc

Dan Lorenc

Dan Lorenc is a Staff Software Engineer at Google, where he's been working in the PAAS-space for 6 years. He currently manages a team focused on building open source tools to improve the container/Kubernetes developer experience. Previously he founded projects such as Minikube, Skaffold... Read More →

Wednesday September 19, 2018 1:30pm - 2:15pm
Golden Gate Ballroom B


Effortlessly Deploy, Scale, and Manage Your App Development on AWS
Come learn how you can use Jenkins with AWS Elastic Beanstalk and AWS CodeBuild to easily implement a fully-managed build, test, and runtime environment that allows you to go from code to running application in a matter of minutes.

avatar for Bob O’Dell

Bob O’Dell

Bob O’Dell is a Principal Product Manager for AWS Elastic Beanstalk, which is an easy-to-use service for deploying and managing web applications on AWS. In his role Bob spends his days (and occasional nights) helping customers best leverage AWS services to build highly available... Read More →

Wednesday September 19, 2018 2:30pm - 3:15pm
Foothill C