Presentation One: Becoming an SRE
Presenter: Kim Schlesigner
Abstract: There aren’t many entry-level SRE job postings, but being able to take junior engineers and turn them into kick-ass engineers is a competitive advantage for any company. Hiring juniors, though, means you have to spend time and energy supporting their professional development.
This talk is the story of a Web Developer turned SRE. By the end of this talk, you will have a road map for how to train up junior SREs, and will cover:
• How to setup a learning plan and recommend learning resources
• Different ways of setting up mentor/mentee relationships
• How to use professional exams (like AWS certifications) to speed up development
• Tips for what to look for while interviewing junior candidates
Kim Schlesinger is the cofounder of hirediversity.us and an SRE at ReactiveOps.
* * *
Presentation Two: Don't Fear the Four Horsemen of the DevSecOpalypse
Presenter: DJ Schleen
Abstract: SAST, DAST, OSSM, and CVA - Static Analysis and Security Testing, Dynamic Analysis and Security Testing, Open Source Software Management, and Container Vulnerability Analysis. These “Four Horsemen” of DevSecOps have traditionally introduced security drag into DevOps pipelines and fear into the hearts of Developers, Operations, and Business Analysts. It’s not surprising that teams have been skeptical about integrating these security controls because oftentimes they are improperly integrated and introduce major delays in the SDLC.
Join DJ as he does a deep dive into Static Analysis and Security Testing, Dynamic Analysis and Security Testing, Open Source Software Management, and Container Vulnerability Analysis and explains the purpose of each control, why each is important, and how proper implementation and automation can create ‘secure software sooner’. Learn about the appropriate places to integrate these controls, what KPIs to track, and how these KPIs can help identify security drag .
When these four security controls are automated and properly configured, security vulnerabilities shift left faster and are remediated quicker which results in higher code quality, less security related technical debt, and a pervasive culture of security.