By Brian Christner | May 7, 2018
DevOpsDays Zürich Recap
If you are part of the “no-KubeCon” attendee list don’t feel left out. Darragh grealish was able to attend with a lot of great people and presentations. Not to worry as all the KubeCon 2018 sessions will be online in no time. But for us left behind we were not slouching. Wow, what a whirlwind week.
First off, it was my first time attending DevOpsDays Switzerland. DevOpsDays for those that don’t know is a conference established in 2009 and has grown all around the world. If you don’t have a DevOpsDays in your city you can just start your own => https://www.devopsdays.org/organizing/
Security is Everyone’s Job
The Zurich conference had a security theme this year. The Keynote speaker Tanja Janka / SheHacksPurple presented “Security is Everyone’s Job”. She is an excellent presenter and her passion for security is very infectious. So infectious she convinced the entire room to take an oath saying:
“Security is part of quality”
Unfortunately, I was so taken by her presentation that I forgot to take some pics but here is one that I actually took. This slide indicates the cost of defects the further they get through the development cycle. Check out her blog to see what else she is working on like OWASP.
We had some cultural related talks as well. Honestly, I thought to skip out and prepare for my workshop but once they started I was again glued to the excellent presenters. Bernd Erk, CEO from Netway presented “How to make Good and Difficult decisions”. A lot of facts thrown at us and some brain teasers to show just how our brains really work.
Pick a number between
5 and 12 ?
Did you pick 7? Yeah, so did 80% of the audience. This was one of the many examples Bernd provided just how our brains work. Quite interesting and I will be sure to read up more on this.
We had another talk by Franziska Bühler from the Swiss Post office. She introduced us to Web Application Firewall, Friend of your DevOps Chains. I was again blown away by Franziska’s presenting skills and how involved she is in the topic. She introduced us to OWASP ModSecurity Core Rule Set (CRS). I was unaware of such an amazing, powerful, and Open Source plugin for NGINX or Apache web servers which protects against the OWASP Top 10 threats. Franziska confirms that these are Mods are battle tested and Swiss Post uses them in Production.
I am in the midst of reading Google’s Site Reliability Engineering (SRE) Book How Google runs Production Systems. So this was actually a perfectly timed session as all the content is fresh in my mind. Google’s Ramón Medrano Llamas is a Site Reliability Engineering Manager for Google Login. The tool you and half the world uses to login to gMail, etc.
It was an interesting talk but a lot of the points I just read in the book. However, the real-world examples Ramón provided about server racks burning down and upgrades failing miserably show that even Google expects failure but how you prepare and react to failure is more important than the failure itself. One point he mentioned was sometimes a counter-intuitive idea might be the fix like pushing an failing upgrade globally to make everything consistent.
I give DevOpsDays Switzerland a huge thumbs up. It was held in an amazing venue; Altekaserne the speakers were intriguing, everything was well organized, and most importantly everyone had a great time and learned something new. I had a lot of great coffee chats and met a lot of new people.
My key takeaways:
- We should really integrate Security sooner into our DevOps pipeline
- WAF OWASP ModSecurity, how did I not know about this sooner?
- Google fails all the time, but how you prepare for failure is the key!
- Docker Workshop — No matter if people used Docker for years or just starting. Everyone wants to learn what is new and how to do things easier.
Find out more about 56K.Cloud
We love Cloud, Containers, DevOps, and Infrastructure as Code. If you are
interested in chatting connect with us on
Twitter or drop us an email:
info@56K.Cloud or reach out below here on Medium!
We hope you found this guide helpful. If there is anything you would like to contribute and/or have questions, please let us know!