Conference Presentations

QADevSecOps: Leading a Quality-Driven DevOps Transformation
Slideshow

Have you wondered where QA professionals fit into a DevSecOps transformation? Stacy Kirk thinks they should champion the transformation. Regardless of where your company is on its journey to DevSecOps, quality must be at the forefront for optimal effectiveness and customer value. This means promoting feedback loops that use monitoring and reporting tools effectively, and most importantly, it means creating a culture of collaborative communication and continuous improvement. The role of the QADevSecOps practitioner must evolve from ensuring the quality of software to assessing the effectiveness of the company’s security and development processes using retrospectives as the new defect tracking system. Discover how Stacy’s experiences with innovative techniques have infused quality into every aspect of an agile transformation, from development to security to operations.

Stacy Kirk
Agile DevOps West What Japanese Shinkansen Trains Can Teach Us about Agile
Slideshow

Have you ever been to Japan and noticed that their railway system is incredibly efficient? As places like Tokyo continue to expand and the cost of living rises, more and more people rely on trains that start hours away from the city to arrive on time.

Matthew Weinstock
STAREAST Security Partners or Security Police?
Slideshow

It’s often said that with great power comes great responsibility. As technology becomes more powerful, security becomes a great responsibility. 

Janna Loeffler
STAREAST Visual Regression Testing: A Critical Part of a Mobile Testing Strategy
Slideshow

There are many types of testing that companies need to perform in order to have confidence in their product: security testing, integration testing, system testing, performance testing, and more. 

Dmitry Vinnik
Agile DevOps East Serverless Security: Overcome Architectural Security Challenges
Slideshow

Serverless architectures take the idea of microservices to the extreme. To implement secure serverless architectures, you have to understand how to compartmentalize programs at the function level. You also need to factor in security practices: Serverless architectures are susceptible to traditional attacks such as SQL injection and command injection, along with a wide variety of privilege escalation and sensitive data disclosure attacks. Developers must consider what would happen if an attacker attempted to invoke each of their functions directly. What if one of those functions were to become nonresponsive? Designing, implementing, and maintaining serverless architectures dramatically increases the complexity of security. Join Eric Sheridan as he discusses how to implement distributed, secure identity management and entitlement enforcement across 250+ functions.

Eric Sheridan
Agile DevOps East DevSecOps in the Age of Containers
Slideshow

As IT shops look to move their workloads into containers and the cloud, their initial concerns often center around the security implications. Containers do force us to change how we think about securing our application, but they also offer exciting new opportunities. Curtis Yanko will explore the security concerns that come along with containers and take a deep dive into container composability and how modern tooling makes it possible to automate security and compliance concerns across the entire application stack. Curtis will share a project via GitHub that has a reference Jenkins pipeline demonstrating how to automate security and compliance at build time. You will take home ideas for minimizing attack surface, avoiding known bad libraries and frameworks, validating your configuration, and using machine learning to model application behavior.

Curtis Yanko
STARCANADA Combatting Threats to Payment Processing in the Era of Connected Ecosystems
Slideshow

In an increasingly connected world, protection from security vulnerabilities and threats is essential. Yet providing that protection can be complex to understand, especially with changes in digital technology, consumer demands, and how social media influences consumer shopping and payment...

Elizabeth Koumpan
DevOps West 2018, Agile Dev West 2018, Better Software West 2018 A Definition of Done for DevSecOps
Slideshow

[video:https://youtu.be/oQE8ysEvzaQ width:300 height:200 align:right]

Gene Gotimer
Automated Security Scanning for Your Delivery Pipeline
Slideshow

[video:https://youtu.be/CwZ-F4TUsig width:300 height:200 align:right]

Matthew Grasberger
Agile DevOps The T-Shaped Scrum Team: Get in Shape for Your Future
Slideshow

Today, agile teams are being asked to do more than ever before. The notion of a T-shaped person, created by Tim Brown (CEO of IDEO) in the 1990s, describes a new breed of worker—one who goes beyond the standard, assigned role. Mary Thorn believes that the roles of team members can stretch...

Mary Thorn

Pages

CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.