0.21 devopsdays-philadelphia-2025 2025-09-30 2025-10-01 2 00:05 https://talks.devopsdays.org America/New_York Room 1 Talk 2025-09-30T09:05:00-04:00 09:05 00:30 Cybersecurity and AI are colliding in ways that DevOps teams cannot ignore. This talk examines how AI expands attack surfaces with threats like model poisoning and prompt injection, while enabling defenses via predictive threat intelligence and automated incident response. We address the critical skills gap between cybersecurity and AI engineering by providing a practical upskilling roadmap covering LLM architectures, adversarial ML, and secure AI CI/CD pipelines. Attendees will gain a structured view of emerging hybrid roles at the intersection of DevOps, security, and AI, and actionable steps to future-proof their careers in this dynamic landscape. devopsdays-philadelphia-2025-5474-cybersecurity-meets-ai-roadmap-for-next-gen-skills Brian M. Green en false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/KDGRFH/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/KDGRFH/feedback/ Room 1 Talk 2025-09-30T09:35:00-04:00 09:35 00:30 Not every team needs a full-blown internal developer platform—but every team needs something to reduce friction. In this talk, we’ll walk through three levels of self-service maturity: the IaC factory (where platform teams write most of the infrastructure), the template/module model (where platform teams publish reusable components), and the full IDP model (where app teams provision resources through UI or CLI with guardrails). We’ll also break down what actually goes into a platform—including foundational infrastructure, shared services, workloads, and developer experience—and how to right-size your approach without overbuilding. Whether you’re just starting out or trying to improve adoption, this talk will help you map where you are and where you should (or shouldn’t) go next. devopsdays-philadelphia-2025-4908-from-iac-to-idp-a-practical-guide-to-self-service-maturity Josh Kodroff en This talk gives a practical framework for thinking about self-service maturity and platform architecture. I’ll describe three common models of self-service: 1. “IaC factory” where the platform team implements all infra, 2. "templates and modules" model where app teams consume reusable code 3. A fully realized internal developer platform (IDP) where dev teams provision via low-code/no-code UI or CLI. I’ll help attendees assess which model fits their org based on team maturity, scope, and culture. The second half of the talk will break down the key layers that commonly make up a modern platform: foundational infrastructure (e.g. account vending), shared services (e.g. VPCs, clusters), workload enablement, and developer experience. I’ll also touch on how these layers map back to the three maturity model - and how platform teams can avoid building features no one will use by setting realistic expectations and measuring adoption early. false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/7VCBVN/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/7VCBVN/feedback/ Room 1 Talk 2025-09-30T10:05:00-04:00 10:05 00:30 Security boils down to trust. Trusting that the code will do what is expected and is free from vulnerabilities. Trusting that the entities interacting with our data and resources have the right to access those resources. Our current approach to both human and non-human access uses the same basic flawed pattern: long-lived credentials. This approach to trusted access does not take into account who or what is requesting that resource. These secrets, which quite often leak, are an attacker's best friend and are how attackers think about getting into and moving throughout your system. What if instead of simply asking for a security key or credential to gain access, our applications, workloads, and resources asked "Who are you and how can you prove that?" Humans can move towards leveraging our non-changing characteristics, like biometrics. But what about machines? Especially in the world where pods and workloads last for only hours or days? Attend this session to: - Better communicate about why we must do things differently and soon - Learn how the open-source software community has looked at addressing the identity problem - Understand what commercial options are available - Map a path away from the world of long-lived credentials The future of identity and access management is the future of security, IT, and, ultimately, business resiliency. devopsdays-philadelphia-2025-4693-i-m-a-machine-and-you-should-trust-me-the-future-of-non-human-identity Dwayne McDaniel en false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/BU73EQ/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/BU73EQ/feedback/ Room 1 Talk 2025-09-30T10:45:00-04:00 10:45 00:30 1. Why Git Clone performance is critical 1. The default is very heavy 2. Yet, many things do not require the default full history 3. It affects the cost of the entire chain right back to centralized remote Git services 1. End point sizing 2. Network sizing 3. Git cloning requires programmatic response from the server level \- so large workload requests drive the performance hard. 4. Garbage collection and maintenance on Git clients and servers 2. When is Git Clone performance critical (things that are on the rise) 1. special uses cases such as scaled CI, 2. remote dev environments 3. scaled monorepos, polyrepos 4. Binaries in repos 5. GitOps "lightweight" manifest / config retrievals 3. Why is Automated Benchmarking Especially helpful? 1. Works in many buried environments 2. Allows testing of optimizations to see if build or other processes are compatible devopsdays-philadelphia-2025-5473-supercharge-your-git-workflows Darwin Sanoy en false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/EJERTJ/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/EJERTJ/feedback/ Room 1 Talk 2025-09-30T11:15:00-04:00 11:15 00:30 Earlier this year I led TCG's technical team for a competitive real-time development challenge vying for a $40 million contract with the Department of Treasury. What began as a seemingly simple "one-day code challenge" rapidly devolved into a month-long race to prepare the Release One build needed to just begin the challenge day. Our final solution featured a full DevOps pipeline, Terraform deployment, multi-region failover Kubernetes infrastructure, and a comprehensive web application with AI image processing. This was all delivered under immense pressure within a one month schedule and limited customer access. This isn't theoretical; it's a raw, honest look at real-world challenges. We'll delve into the critical, sometimes painful, lessons learned about DevOps principles and Agile anti-patterns that surfaced under fire. I believe these in-person live coding and technical assessments will become increasingly common in contract competitions, especially as AI blurs the lines of expertise when presented via written proposals. devopsdays-philadelphia-2025-5187-surviving-a-high-stakes-40m-federal-live-code-challenge Al Crowley en Join us for immediate, practical steps your teams can implement, drawn directly from our experience competing in a real-time development challenge vying for a $40 million contract with the Department of Treasury. This isn't theoretical; it's a raw, honest look at real-world challenges. We'll delve into the critical, sometimes painful, lessons learned about DevOps principles and Agile anti-patterns that surfaced under fire: • Why Continuous Integration from Day One isn't just best practice—it's a survival mechanism. We'll share our practice run panic and how targeting the "perfect CI pipeline" nearly derailed us. • How to establish an effective customer surrogate when direct stakeholder collaboration is impossible, and why their early feedback is non-negotiable, even in a challenge scenario. • The unexpected payoff of a production-ready mindset in a demo environment, and how small efforts can save your project during a live presentation. • Navigating the tricky balance of tooling choice and team familiarity: When powerful tools become bottlenecks, and why a gelled team outperforms a collection of individual experts. • The often-overlooked secret weapon: realistic team availability. Discover how managing after-hours expectations impacts velocity and team morale. This talk offers concrete, actionable takeaways for anyone navigating complex software development on a laughably short timeframe, whether you're competing for a new contract or launching your startup MVP. We’ll share the "aha!" moments and the pitfalls, providing practical pro-tips to help you succeed in your next race to release 1.0. false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/N33CVD/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/N33CVD/feedback/ Room 1 Talk 2025-09-30T11:45:00-04:00 11:45 00:30 An alert came in, waking you from a dream. What to do? Is it a vulnerability that needs immediate attention? Or just a flaky script? Alerts come in all sorts of frustrating shapes and sizes, but sadly not enough of them are worthy of your attention. There’s many ways to solve this: how much AI do you want here? Lots! Great, we’ll do that. Let’s explore ways to make alerting more helpful, more useful and more deserving of your precious time and attention. devopsdays-philadelphia-2025-5211-finding-what-s-important-actionable-automated-and-accurate-alerting Max SaltonstallKennedy Toomey en As more teams move to microservices and managed systems, the number of ephemeral systems and resources explodes. With those new systems come new monitors, new alerts, and new middle-of-the-night pages. And that means wasted time and attention. Join us as we walk through ways to improve the automation of parsing and filtering alerts, and create intelligent systems that can suggest, or even take, action for you when alerts come in. Finally, we will all have more time to relax and enjoy the fruits of our labors. false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/KSCGYQ/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/KSCGYQ/feedback/ Room 1 Ignite 2025-09-30T13:30:00-04:00 13:30 00:15 Ablative Resilience devopsdays-philadelphia-2025-5498-ablative-resilience Damion Waltermeyer en false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/DQLKAT/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/DQLKAT/feedback/ Room 1 Ignite 2025-09-30T13:45:00-04:00 13:45 00:15 Numerous developers swiftly write and launch code in an agile environment, postponing secret management for later. A developer might opt to temporarily hard-code the secrets, and, upon merging the final version with the main branch, eliminate the secrets and transition to more secure alternatives, such as retrieving the secret from them. Regrettably, individuals err, and frequently those secrets are overlooked, hidden within the code, and missed during code review, ultimately ending up merging code into the main brach. The most obvious place to start scanning for secrets is in code. Securing the code and automating the scan could be the right solution to avoid any human error. devopsdays-philadelphia-2025-5132-secure-coding-automate-secret-management-and-security-scanning Ankur BansalEHFAJ KHAN en In this session we will cover: - How to automate the scanning of secrets and sensitive phrases in the code. - Solution to manage the secrets securely. false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/EXKQMY/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/EXKQMY/feedback/ Room 1 Ignite 2025-09-30T14:00:00-04:00 14:00 00:15 In the race to deliver software, bigger often feels better—but it comes at a cost. This talk champions Small Batch Delivery, a practice that streamlines development by shrinking the size of changes we ship. You’ll discover how small pull requests reduce risk, improve code quality, and keep teams in a state of flow. We'll dive into the ripple effects of bloated PRs, the psychology behind fast reviews, and why this isn't just a dev tactic—it's a cultural mindset shift. If you're ready to ship faster with less stress, it's time to think small. devopsdays-philadelphia-2025-5200-small-batch-delivery-why-tiny-changes-make-a-big-difference Scott Howard en In the fast-moving world of software delivery, it’s tempting to pack as much as possible into every release. But here’s the truth: smaller is safer, faster, and smarter. This Ignite talk makes the case for Small Batch Delivery—a practice that reduces risk, accelerates feedback loops, and makes pull request reviews a breeze. We’ll explore how small, focused changes keep your team in flow, why bloated PRs are a silent productivity killer, and how reviewing quickly reinforces the very habit of shipping small. You'll also learn what happens when we don’t keep batch sizes small (spoiler: it’s not great). If you've ever stared down a massive pull request with dread or wished your changes shipped faster, this talk is for you. Small batches aren't just a technical strategy—they’re a cultural shift. And they just might be your team’s superpower. false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/CEMMCM/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/CEMMCM/feedback/ Room 1 Ignite 2025-09-30T14:15:00-04:00 14:15 00:15 DevOps has a notoriously steep learning curve. Getting started in the field can feel like being dropped in a foreign country without the ability to understand *anything* about the language. A language is more than just the syntax and semantic rules of the words themselves. It also encompasses the shared culture of the speakers. With the proliferation of programming languages as well as the deeply held cultural beliefs of the community, it's easy to see that learning DevOps is like trying to learn a foreign language. I will review five foundational hypotheses from the field of Second Language Acquisition and relate these hypotheses back to the world of DevOps. DevOps practitioners, trainers, tool builders, and learners should all come away with useful insights to apply to their practice. devopsdays-philadelphia-2025-5179-devops-is-a-foreign-language-or-why-there-are-no-junior-sres Josh Lee en false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/V3QTQR/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/V3QTQR/feedback/ Room 1 Talk 2025-10-01T09:05:00-04:00 09:05 00:30 What are the forward-looking career paths in DevOps, and how do we successfully navigate them? If you and your organization aren’t gearing up in these critical areas, you need to start planning now. In this talk, we’ll take a look at three critical areas in DevOps, the emerging trends in each, and a way for you and your team to stay meaningfully engaged as they develop. Eric Snyder is a Senior IT Manager at the University of Pennsylvania. His 30-year tech career spans the gamut from programming to broadband network installation to leading teams and projects building CI/CD pipelines for on-prem, cloud-based and serverless execute environments. He currently manages the team supporting communication and collaboration services at Penn, including video production, streaming video services and enterprise-scale SaaS solutions -- which now include OpenAI ChatGPT and Microsoft Copilot Chat. devopsdays-philadelphia-2025-5489-strategic-directions-in-devops-ai-devsecops-and-gitops Eric Snyder en false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/ABEQSF/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/ABEQSF/feedback/ Room 1 Ignite 2025-10-01T09:35:00-04:00 09:35 00:15 Writing SQL slows everyone down. Non-technical users can’t, data teams won’t, and leadership waits. While commercial AI-powered tools promise a solution, most are pricey, opaque, and allergic to your reporting requirements. This Ignite talk presents an open-source Text-to-SQL chatbot that prioritizes transparency and user control. It combines advanced prompt engineering & guardrails to reduce hallucinations and ensure generation of reliable SQL queries. It uses an evaluation framework to assess performance by checking syntax accuracy, schema awareness and robustness to ambiguous user inputs. You’ll walk away knowing what works, what breaks, and why building your own AI assistant might just be your smartest move. Query load is not a career path. Offload it to the bot. devopsdays-philadelphia-2025-4988-talk-sql-to-me-building-a-smarter-query-assistant Gamini Singh en Off-the-shelf AI tools are capable of automating text-to-SQL conversion, but many of these solutions are "black boxes" with serious practical limitations like hallucinations, expensive licensing, lack of customizations to company requirements and limited explainability. By sharing a fully open, explainable approach to Text-to-SQL, this talk is about keeping AI innovation open, collaborative, and community-driven. This session will: > Empower users to build their own AI-powered analytics tools instead of relying on expensive, proprietary software. > Encourage open-source contributions by showcasing how tools like DsPy, LangChain, PostgreSQL, and SQLParse can be combined to create a transparent, community-driven solution. > Foster AI accessibility so that researchers, engineers, and organizations of any size can leverage Generative AI for structured data without compromising on control, security, or cost. This talk is uniquely relevant to DevOpsDays because it blends: > Self-service analytics (freeing up engineers & data teams from query tickets) > Developer experience (turning LLMs into productive teammates, not flaky oracles) > Open tooling (LangChain, SQLParse, DsPy, Streamlit) to create a transparent system you can fork, debug, and improve without vendor lock-in. false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/CFDW38/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/CFDW38/feedback/ Room 1 Ignite 2025-10-01T09:50:00-04:00 09:50 00:15 We all know investing in developer experience is a good call...but how do you really know if those investments are working? Traditional DevOps metrics? Sure, they help. But now AI is everywhere, promising to save the day. So how do you measure if AI is actually doing anything besides producing the internet's finest sh*tposts? In this light-hearted talk, I’ll break down real ways to measure AI’s impact—beyond the memes. We’ll look at metrics for individual contributors, teams, and departments, exploring whether AI is a true game-changer or just another shiny buzzword. devopsdays-philadelphia-2025-5081-is-your-investment-in-ai-paying-off-or-just-generating-more-sh-tposts Michael A Stahnke en false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/CCDLLM/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/CCDLLM/feedback/ Room 1 Ignite 2025-10-01T10:05:00-04:00 10:05 00:15 YouTube Search is about understanding intent across billions of queries while managing complex metadata at scale and delivering real-time analytics. This session bridges my experience as a broadcast engineer at YouTube Space LA to the developer and open source community. We'll explore practical lessons from YouTube's search infrastructure and show how to maximize these challenges - from ambiguous queries to recommendation systems. You'll learn: 1) Observability at Scale: What YouTube’s metadata means for your AIOps and observability stack 2) Platform Engineering for Search: Building developer-friendly search infrastructure that your teams will actually want to use 3) Real-time Analytics: Building pipelines that power recommendation engines that power both dashboards and ML-driven insights As developer advocates, we know that effective discovery isn't just about finding content - it's about connecting developers with the knowledge they need to grow so that the next generation can build on what we've learned. devopsdays-philadelphia-2025-5469-from-youtube-analytics-to-search-patterns-that-scale Walt Ribeiro en false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/U9WUSE/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/U9WUSE/feedback/ Room 1 Talk 2025-10-01T11:05:00-04:00 11:05 00:30 Focus on intent: what people are trying to do with the system. While product analytics might give a broad sense of “what happened,” making sense of telemetry pointing to “what went wrong” is key to improving the system. For users, the specific issue doesn’t matter, because the software doesn’t work! devopsdays-philadelphia-2025-5054-the-case-for-user-focused-observability David Rifkin en As software has become more complex, observability into its processes has been key. But the reason for this observability might have been lost. Observability hasn’t focused on intention: what people are trying to do with the system. While product analytics might give a broad sense of “what happened,” making sense of telemetry pointing to “what went wrong” is key to improving the system. For users, the specific issue doesn’t matter, because the software doesn’t work! If a user can’t log in to their web portal for medical records due to a failing backend service, or because the modules are too old to load on contemporary browsers, or one of any other technical factors, the engineering team has failed in their relationship to the user. It might appear as an error or crash or failure to load, but to someone who intends to check on their blood tests, it’s simple frustration. In the world of browsers and mobile devices, technical issues prevent the success of the system. This success should be the goal for the entire engineering team: after all, if an API delivers a payload that the client can’t use, it has failed the user. An examination of the system that points to the user, with telemetry from all technical parts of that system, is the only way forward. That is user-focused observability. false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/WKVGCP/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/WKVGCP/feedback/ Room 1 Workshop 2025-10-01T13:00:00-04:00 13:00 01:00 AI agents are transforming the way we manage cloud infrastructure — bringing automation, context awareness, and natural language control to everyday DevOps and SRE tasks. In this hands-on workshop, we’ll build an intelligent AI agent to interact with AWS services. Attendees will learn how to use Agent Framework Strands using Python, fundamentals of MCP, and leverage AWS service AgentCore to improve authentication, scaling and observability. Requirement: Familiarity with Python and basic AWS services. AWS account with Bedrock access or any LLM API key. Target Audience: Cloud engineers, AI/ML practitioners, early-career tech professionals. devopsdays-philadelphia-2025-4562-workshop-building-ai-agents-for-aws-infrastructure-automation Anuj Tyagi en false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/TCKB8U/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/TCKB8U/feedback/ Room 1 Ignite 2025-10-01T14:00:00-04:00 14:00 00:15 Back in 1976, the Makefile made it easy to compile C programs. In 2025, it’s used for automating just about everything, from shell scripts to build workflows to CI/CD pipelines. Over 49 years, a lot has obviously changed about the way we design and build software. However, the fundamentals (esp. design patterns, algorithms, and architectures) have stayed more or less the same. We can learn a lot from the Makefile, from its design to how it has remained relevant in such a quickly evolving space. In this ignite, Benjie will talk about what patterns made the Makefile a mainstay in software development and deployment. He’ll also cover why good software is timeless. devopsdays-philadelphia-2025-5090-what-the-makefile-got-right-49-years-later Benjie De Groot en false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/BL88PN/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/BL88PN/feedback/ Room 1 Ignite 2025-10-01T14:15:00-04:00 14:15 00:15 Scaling GitOps for large-scale deployments can be challenging with a single repository or controller. This talk explores sharding as a strategy to optimize performance, improve reliability, and manage complexity in GitOps workflows for multi-environment or multi-tenant setups. devopsdays-philadelphia-2025-4561-breaking-gitops-bottlenecks-the-power-of-sharding /media/devopsdays-philadelphia-2025/submissions/FQWY3M/final_gitops_1_lxnmZLG.png Anuj Tyagi en false https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/FQWY3M/ https://talks.devopsdays.org/devopsdays-philadelphia-2025/talk/FQWY3M/feedback/