Listen to the latest episode of the Secure Developer podcastListen now
close

DSC Australia

Devops Melbourne July 2020

with Patrick Debois, Natalia Djohari
play_circle

Description:

We’ve partnered up with the DevOps Melborne community for this event and will be live streaming their local meet-up! Join us on slack to get to know the wider community

Session 1: Patrick Debois – How Secure Is Your Build / Server?

Session 2: Natalia Djohari – Achieving DevOps – lessons learned from a past project

 

SESSION 1: HOW SECURE IS YOUR BUILD / SERVER?

Speaker: Patrick Debois

We have learned that we need to trust others, but as our parents used to say – don’t trust strangers. So we secure our production server more than ever. Yet, there is this no-man’s land: “the build server”. We think it’s time to take a closer look at some of the good practices around securing builds & artifacts to improve our day to day level of trust.  Development has changed over the years, from doing everything yourself to a 3rd party package for every function. Operations has changed too, running your own servers is now considered an exception. To the cloud! We have learned that we need to trust others, but as our parents used to say – don’t trust strangers. So we secure our production server more than ever.  Yet, in the middle sits this no-man’s land: “the CI server”. We think it’s time to take a closer look at some of the good practices around securing builds & artifacts to improve our day to day level of trust. With Marked Sherman statement “Development is now assembly” in mind, the talk will focus more on the package/artifact/repository aspect. Less on the app security inside the code itself or at the OS/Machine level.  During this talk he will discuss in detail about:

  • How much of our work is based on gut feeling & trust using examples from metadata, binaries, and repositories

  • How to provide trust to others that build upon your software

  • How this ties into the concept of “reproducible builds” and “Software Bill of Material”

How this notion of trust applies to both people and technology  Let’s take ownership of your trust, we are already responsible when things go wrong anyway.

SESSION 2: ACHIEVING DEVOPS – LESSONS LEARNED FROM A PAST PROJECT

Speaker: Natalia Djohari

In starting a project, there are plenty of things to consider from whether a solution is suitable or what the right tech stack should be. However, the one thing that is not often told is the developer experience and how it grows. Here are the lessons learned from a recent project to highlight the problem and challenges faced before eventually achieving a DevOps culture.

Tags:

CI/CD
DevOps
DevSecOps

Patrick Debois

Pioneer of DevOps Movement

About Patrick Debois

In order to understand current IT organisations, Patrick has taken a habit of changing both his consultancy role and the domain which he works in: sometimes as a developer, manager, sysadmin, tester and even as the customer. He first presented concepts on Agile Infrastructure at Agile 2008 in Toronto, and in 2009 he organised the first devopsdays. Since then he has been promoting the notion of ‘devops’ to exchange ideas between these groups and show how they can help each other to achieve better results in business.

Natalia Djohari

Software Developer Consultant at ThoughtWorks

About Natalia Djohari

Natalia is a software developer consultant at ThoughtWorks in Sydney. Since joining as a graduate developer almost 2 years ago, she has worked as a full stack developer advocating for quality software delivery in an agile manner. She has a strong interest in microservices after adopting them in various projects with multiple teams. Natalia is passionate about problem solving and sharing knowledge in hopes to encourage and support more women in tech.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close