Security

Abstract Cloud native technologies are increasingly used by organizations to provide a competitive advantage. Containers and Kubernetes jumpstart developer productivity but, they could increase security teams’ workloads. Threat vectors span cloud providers, control planes, developer tooling, and applications in environment hybrid environments. Use these technologies and cultures to improve security and reduce blast radius while improving velocity. This talk will analyze human tendencies and provide tips to improve security postures in cloud native environments. ...

Microsoft has come a very long way in its fight back into the graces of all technologists. There will be some die hards that will never forgive Microsoft for what it attempted to do to open source software. Like there will be some die hards that won’t embrace PowerShell, WSL, and future Microsoft improvements. But, there is no denying that Microsoft has changed as a company in a way that is beneficial to the open source community and beyond. I’d like to share my personal Microsoft journey thus far. ...

All other DevOpsDays events should be put on notice. DevOpsDays Charlotte 2018 set the bar unattainably high for the quality of the venue and speaker line up. It’ll be insanely hard to beat the great folks who spoke in Charlotte this year. Almost every talk was a home run. The Red Ventures facility was also jaw dropping. Also, I don’t think we could have asked for a more inviting and welcoming speaker lounge either. ...

Abstract Find out about a use case that created a need for testing certificate chains, appropriate web server security settings, and the Go code used for testing. Description Talk would be based on this article: https://opensource.com/article/17/4/testing-certificate-chains-34-line-go-program If you ever need to validate certificates or certificate chains before deploying them, Go provides a near foolproof test method. A 3rd party developed a tool that was then handed off to our DevOps team to manage and maintain. Before I could do any re-engineering work, I had to resolve a critical issue—the certificates on the ELBs were about to expire and needed updating. ...

Abstract What is Go? It’s not just another programming language. Go was made with very specific goals in mind by very experienced people. Go’s ideals align quite well with DevOps principles. In this talk we explore why DevOps professionals should be learning and utilizing Go in their organizations. Description What is Go? What wasn’t good enough with other languages? Who made Go? The Go/Google Connection as it Stands Today What is Go Good At? Go is easy to use and fast to learn Very well thought out design philosophy (Russ Cox GopherCon 2017 talk) Where Go is Used Today (The obvious: Docker, Kubernetes, CloudFlare, etc.) The not so obvious (and why): Container runtimes, Etereum, Dropbox Dev Opinions (quotes from Kris Nova, Liz Fong-Jones, Carlisia Pinto, and Julia Ferraioli) How Go Bailed Me Out “Who here thinks cryptography is easy?” TLS is hard enough to implement It only gets harder when you are given a two-day deadline to rekey a convoluted application by a third party developer you don’t have a relationship with anymore I’m not a coder (AT ALL) Building a tool with Go on the fly to verify certificate chains, TLS configuration, etc. was super easy Notes I have worked in IT since 1995. Experience in the public and private sector has given me a wide range of DevOps perspectives. My lack of pedigree as a developer is one of my biggest selling points of Go. You don’t have to be a coder to write Go and more people need to know that. ...