Registration, Breakfast, Sponsors
In DevOps, we interact with networks through concepts like ingress/egress, routers, subnets, and firewalls. Can we apply these same principles to build more effective professional networks? In this age of layoffs and AI, ensuring we are authentically connected to our communities is more important than ever. Let's transform what we've learned from systems networking into practical strategies for professional networking that enhance our careers and give us greater agency.
GitHub Actions is a powerful tool, but poor configuration can turn it into a critical attack vector. In this talk, we’ll explore how common mistakes allow malicious code execution, credential leaks, and privilege escalation.
What if the next frontier for DevOps isn’t tech companies, it’s manufacturing? When I joined an aerospace company, I found outdated tools, brittle processes, and a huge opportunity. This talk is about the simple DevOps practices I introduced in a company that didn’t know it needed them, and why manufacturing might be the best place for DevOps professionals to work today.
Coffee Break - Day 1
Our platform team began with similar goals as other platform teams which is to unify and streamline deployments of all the teams under our organization. Then we got hit by a curve ball as life always does. We got acquired and this began the process of cloud migration. Cloud migration with K8s made things easier but there was more sinister problem lurking around. How do we create, destroy or retire clusters without disrupting teams?
This talk tells the story of how we replaced a patchwork of terragrunt based workflows with CAPI - Cluster API a kubernetes native framework for creating, updating or even deleting clusters at scale. You will hear the ups, downs and the cultural shifts that came with migrating infrastructure typically written in terraform to yamls.
The Cybersecurity Center at MSU Denver had an issue where students wanted to write threat detection rules for our network collectors but there wasn't a good way for them to do so without breaking stuff. We built a GitOps workflow to enable student analysts to write threat detection rules. The students can then automatically and safely push the new rules to customer collectors across the State of Colorado. This session is a quick look at a student analysts workflow at The Cybersecurity Center at MSU Denver.
Why DuckDB needs to be in your tool chest for working with structured and semi-structured data. From parquet, to JSON, to CSV files and many more, DuckDB excels at enabling you to slice and dice the data via SQL.
I was a DevOps engineer for 8 years. Looking back, I didnt properly take advantage of documentation and tutorials of the tools I used. Three years ago I transitioned to a product education engineer for HashiCorp. I want to discuss the things I've learned, how content writers think, and how to take advantage of product documentation and submit feedback.
My goal is to encourage people to use documentation, how to traverse it, understand how writers write and why they do so, and how to submit feedback.
Lunch
Is your team reactive instead of proactive? Are they providing bespoke advice instead of scalable platforms? In this talk, we’ll go over when, why, and how to transition infra teams from consultants to product builders.
When something breaks, your company may kick off an incident response process and your team may need to play a role. As a leader, your sense of responsibility and maybe a little bit of panic will naturally kick in when you know something is wrong: you're the one many will look to for answers, and you want to have the details handled when that moment comes.
Your natural instinct to handle all of the things can also be your downfall, one easily avoided by leveraging and empowering your team to own their role in incident response. Whether implementing process for the first time or a seasoned pro, we'll go over all of the do's and don't's of maintaining your composure while letting your people lead when s*** hits the fan.
Topic (TBD)
Topic TBD
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Happy Hour
Registration, Breakfast, Sponsors
Ozzie the Overconfident Operator has secured their cluster! They have done it all: role-based access control, encryption at rest, TLS…and as they congratulate themself on a job well done, Nova the Nefarious Ne’er-do-well watches from around the corner, drooling with anticipation. Spoiler alert⎯Ozzie is about to get HACKED.
In this talk, the speakers play the characters of Ozzie and Nova and playfully demo cluster security as Nefarious Nova exploits each of Ozzie’s security decisions. What can Overconfident Ozzie do when Nova gets the upper hand? How can Ozzie proactively keep Nova’s threats at bay?
Take security beyond the firewall and discover cloud native security concepts such as identity management, container image scanning and signing, creating and implementing policies, runtime security, and secrets management.
Learn security basics alongside Overconfident Ozzie, who is sure the cluster is COMPLETELY secure this time. There is nothing Nova can do to break… uh-oh. Not again!
At growing companies, developers move faster than process. If your platform can’t keep up, they’ll route around it.
Guardrails aren’t stop signs, they’re lane assist. In this talk, we’ll explore how internal platforms can scale developer self-service safely using policy guardrails. We’ll cover how to design policy-driven automation that adapts to business needs, building secure, cost-aware, and flexible delivery paths that scale. We'll show how to build internal developer platforms that earn trust, reduce toil, and become the easiest path to production.
In software development, technical debt often becomes a barrier between business, product, and engineering teams. This talk will explain how storytelling can be a powerful tool to demystify technical debt, making it accessible and understandable for everyone in any team or organization. We will step through an example of how unrecognized and concerning amounts of growing tech debt was explained to align stakeholders through the power story telling. By bridging the gap between teams, we will show how we fostered a culture where everyone becomes a steward of the product, always thinking about the most impactful customer experience.
Technical debt is often misunderstood and undervalued, leading to decisions that can negatively impact the product and customer experience. By using storytelling, we can create a shared understanding and commitment to managing technical debt, ensuring that all teams are aligned and working towards the same goals.
This session will focus on the following learning outcomes:
* Learn how to explain technical debt in simple, relatable terms using storytelling techniques.
* Discover strategies to improve communication and collaboration between business, product, and engineering teams.
* Emphasize the importance of thinking in service of the customer and the services they value.
Coffee Break - Day 2
Ansible is well-known in the remote systems automation arena, but you might consider running it locally inside of thin shell script wrappers.
Ignite talk by:
Chris Maj
Open Source Solutions Advocate
Sangoma US Inc.
In this Ignite talk, we will decode cryptic cloud bills that Finance received in their inbox last month - and possibly gave someone a mild heart attack. We will explore how seemingly innocent decisions - like a single engineer forgetting to turn off a test cluster - can lead to a line item - "$4598.23-us-east-1 NAT Gateway #14". We will touch on the cultural, technical and architectural pitfalls that lead to budget blowouts and what platform teams can do to build better cost visibility and accountability. Whether you’re in engineering or finance, this talk offers a shared language and actionable insights to start bridging the gap between “move fast” and “stay on budget.”
The Model Context Protocol (MCP) provides a standardized interface for large language models (LLMs) to communicate with external systems—including Kubernetes and Docker containers. By sending structured tool-use messages, LLMs can initiate actions like scaling deployments or restarting pods using natural language instructions. This opens the door to natural language-driven automation in DevOps. However, a major challenge is reliability: LLMs can hallucinate commands, leading to incorrect or unpredictable operations.
In this Ignite talk, I’ll explain how MCP works, how it bridges LLMs with containerized systems like Kubernetes and Docker, and what failure modes arise when models generate unstructured or invalid outputs. I’ll then introduce a practical solution: constraint decoding, which enforces structure and validity in model responses to ensure safe execution.
This approach improves reliability while also enabling the use of smaller, CPU-efficient models—making LLM-based automation feasible on local machines, CI/CD runners, and edge servers. The result is a safe, efficient, and portable path to AI-driven container orchestration using open protocols.
Platform teams everywhere fall into the "build it and they will come" trap. We obsess over APIs and automation while our Internal Developer Platforms gather dust and developers keep doing workarounds.
An Apple quote of 30 years ago "You've got to start with the customer experience and work backwards to the technology. You can't start with the technology and try to figure out where you're going to try to sell it."
Through lessons learned building developer platforms at previous organizations, I'll share why we struggle to measure what matters most. While we track deployment frequency and lead times, we're missing the human signals—the surveys, conversations, and feedback loops that actually predict platform success.
You'll discover how to shift from building projects with endpoints to building products that evolve, why your best metrics come from developer happiness surveys not dashboards, and practical strategies for turning platform skeptics into advocates.
Avoid building in isolation. Start building communities.
Lunch
As healthcare moves to the cloud, security, compliance, and scalability become the pillars of innovation. Handling sensitive health data, meeting strict regulatory requirements (HIPAA, GDPR), and protecting against evolving cyber threats make cloud security in health tech a uniquely challenging problem. How can companies scale their health tech solutions while ensuring security, resilience, and AI-driven innovation?
Drawing from my experience at Amazon Pharmacy, where I helped build secure, scalable, and compliant cloud-based health tech solutions, I will share real-world challenges, key security strategies and lessons learned in designing enterprise-grade cloud architectures that protect critical/restrictive data while enabling growth and innovation.
Key topics include:
-
Cloud Security Frameworks for Health Tech: Implementing a zero-trust architecture, encryption strategies, and access controls for PHI (Protected Health Information).
-
Compliance & Regulatory Challenges in the Cloud: Lessons from ensuring HIPAA/GDPR compliance at scale while integrating third-party cloud services.
-
AI/ML Security in Health Tech: Addressing AI model risks, data privacy concerns, and bias detection when running AI-driven health applications in the cloud.
-
Managing Security in Cloud-Native DevOps: Embedding security into CI/CD pipelines, automating compliance checks, and preventing vulnerabilities before deployment.
-
Threat Detection & Incident Response: Leveraging cloud-native security monitoring, anomaly detection, and automated threat response to mitigate breaches before they happen.
-
High Availability & Disaster Recovery for Health Systems: Designing resilient cloud architectures with failover mechanisms, real-time backups, and rapid recovery strategies to ensure uninterrupted healthcare services.
This session is ideal for cloud security engineers, DevOps professionals, software architects, and health tech innovators looking to secure cloud-native healthcare applications while ensuring compliance, performance, and scalability. Attendees will gain practical strategies from my experience at Amazon Pharmacy, learning how t
As DevOps practitioners we imagine, design, & execute solutions all the time. Sometimes we think we've implemented our solution flawlessly, but in fact it's failed the users. Why? Often it's because the code works, but the interface is unfathomable. In this talk we'll explore the idea of "technical empathy" & how it enables user adoption, and even joy.
Topic (TBD)
Topic: Pay Talk
Anonymously submit your salary and title before this session. Pay talk is about bringing transparency and awareness to our industry's market salary range and giving everyone the resources to discuss and fight for pay equality.
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)
Topic (TBD)