08:30 AM - 09:30 AM IST

🥞 Breakfast Sponsored by Coralogix & Reuniting with Friends in the Hallway Track

DEVOPSDAYS TEL AVIV

DEVOPSDAYS TEL AVIV - MAIN STAGE

09:30 AM - 09:50 AM IST

Greetings & Welcome: Julia Shub, Master of Ceremonies
Opening Words Sponsored by Cider Security

09:50 AM - 10:30 AM IST
Mark Burgess
Keynote | Semantic spacetime and virtual motion - how the internet looks like quantum mechanics // Mark Burgess, PhD
Technologist, Scientist & Author - Specializing in the Physics of Information Systems

Abstract:

At the heart of all processes in the world is a basic causality that we capture through rules and laws, in physics, biology, chemistry--in all the sciences. It's common to imagine that the virtual world of simulating processes on computers belongs to a different world altogether, but research into computer networks over the past 30 years reveals that we've been looking too narrowly at these different realms. Physics and network computing have a lot in common, and it's not just for quantum computers--the Internet itself behaves very much like quantum mechanics when we look at it in a certain way and on a certain scale. Mark Burgess has pioneered this research and has explained it in several books. His keynote is part computing, part physics, he'll talk about what this all means for the future of computing, and how this helps us to understand problems from cloud to machine learning.

Bio:

Physicist, technologist, advisor to public and private organizations globally---author, founder and original architect of CFEngine, founder of ChiTek-i, and Aljabr. International technology advisor, and public speaker. Contributor to the science and technology of distributed computer systems in today's Internet Infrastructure, especially through semantics of Configuration and Promise Theory. Popularizer of science, and advocate for science's cultural importance in modern education, as well as part time composer.</p>

Previously Professor of Networks and Systems at Oslo (Metropolitan) University, teaching in Physics, Mathematics, Operating Systems, Network and System Administration, Networking Technologies, laboratory skills, Programming Languages, Computer Security and many seminar series on scientific methods for PhD students. I abandoned this position to work in the field. I assist in the editing of a number of scientific journals.

10:30 AM - 10:40 AM IST

ABOUT OPEN SPACES - AVISHAI ISH-SHALOM

Learn more about the open spaces concept here.

10:30 AM - 13:00 IST

Hashicorp Hashicorp

Dead men tell no tales: zero-trust with Hashicorp for experienced pirates
  • Intro - Ahoy, Me Hearties! - 20 mins
  • Section 1 - Shiver me timbers!
    Terraform - 40 minutes
  • Section 2 - Three Sheets to the Wind
    Vault - 30 mins
  • Section 3 - Walk the plank
    Boundary and Consul - 30 mins
  • Summary - Savvy?
    Overview of what was done and next steps - 10 minutes
10:40 AM - 11:00 AM IST

COFFEE BREAK SPONSORED BY KALTURA!

11:00 AM - 13:00 PM IST

SPLIT TO TRACKS

TRACK 1

11:00 AM - 11:20 AM IST

Avi Kostantini - Wix
How replace a flat tire on your car while it's on fire // Avi Konstantini
    Research & Development Manager, Wix
We handled a lot of large-scale, highly complex changes in the past 2 years. HTTPS, Moving to Kubernetes, Bazel. They may each have their own implementation details, but the principle of how to manage these changes in a live system are all the same. We will use examples from our previous projects to demonstrate these principles, and hopefully, our audience will manage their own changes better next time.

BIO: 38 years old, proud father for 2, moved from Tel Aviv to live on a farm with 15,000 square meters. Been working for Wix.com for almost 11 years, since the early Flash days.

11:20 AM - 11:40 AM IST

Ariel Pisetzky
When the firefighters come knocking // Ariel Pisetzky
    VP Information Technology & Cyber, Taboola

So, the firefighters are in your data center, this is not a drill. There is no electricity, and the pager is more like a DDoS attack on your phone. You look at your watch, multiple thoughts running through your head. Why me? Why now? How do you pull the team out and through this catastrophe?

In this session we will look at managing a crisis of significant magnitude, where all the organization is impacted and there is no clear path through to resolution. We will review the following: - The culture of a learning organization going into the crisis. - Crisis management “in action” - Running a blameless post mortem - Creating tools for high engagement to support the crisis manager. During the presentation we will share real life events, such as a data center going dark with real firefighters coming to the rescue, and production services in the cloud that stop responding.

BIO: Ariel joined Taboola as Vice President of Information Technology in February 2014. With over 20 years of experience in Information Security and IT systems, Ariel leads a team of IT professionals that work to implement state-of-the-art solutions, from Open Source to home grown to traditional enterprise software, across the company’s global infrastructure. Ariel has held multiple positions as CISO and CIO for web-facing companies from startups to publicly traded firms including programmatic ad solution provider myThings and casino, poker and gaming provider 888 Holdings.

11:40 AM - 12:20 PM IST

Ori Keren - LinearB
How to Optimize Non-Coding Time // Ori Keren
    CEO, LinearB

Github Copilot and tools that help us code better are cool. But I’m lucky if I spend 90 minutes a day writing code. We really need to optimize the hours we spend reviewing code, updating tickets and tracing where our code is deployed. Learn how I save an hour a day streamlining non-coding tasks.

This talk is unique because 99% of developer productivity tools and hacks are about coding faster, better, smarter. And yet the vast majority of our time is spent doing all of this other stuff. After I started focusing on optimizing the 10 hours I spend every day on non-coding tasks, I found I my productivity went up and my frustration at annoying stuff went way down. I cover how to save time by reducing cognitive load and by cutting menial, non-coding tasks that we have to perform 10-50 times every day. For example:

  • Bug or hotfix comes through and you want to start working on it right away so you create a branch and start fixing. What you don’t do is create a Jira ticket but then later your boss/PM/CSM yells at your due to lack of visibility. I share how I automated ticket creation in Slack by correlating Github to Jira.
  • You have 20 minutes until your next meeting and you open a pull request and start a review. But you get pulled away half way through and when you come back the next day you forgot everything and have to start over. Huge waste of time. I share an ML job I wrote that tells me how long the review will take so I can pick PRs that fit the amount of time I have.
  • You build. You ship it. You own it. Great. But after I merge my code I never know where it actually is. Did the CI job fail? Is it release under feature flag? Did it just go GA to everyone? I share a bot I wrote that personally tells me where my code is in the pipeline after it leaves my hands so I can actually take full ownership without spending tons of time figuring out what code is in what release.

BIO: Hello! I’m Ori Keren, CEO and Co-founder at LinearB. I got my first coding job in 1999 and eventually became VP of Engineering for multiple start-ups before starting my own company. Before all that, my first experience programming was in Basic. In 1987 I was in 5th grade. My parents bought me a Sinclair Spectrum ZX with 48k RAM. I vividly remember the day I got that machine. A fire lit inside me and it never went away :-) That’s why I do this job.

12:20 PM - 13:00 PM IST

Eynav Mass - Oribi
One-size doesn't fit all - Effectively (re)evaluate a data solution for your system // Eynav Mass
    VP Engineering, Oribi

When it comes to data solutions, one-size doesn’t fit all. Choosing the right best-matching database, or data tools, can be a game changer for your system. How can you take such decision effectively? The system, the company, the product, and probably your team - all are evolving, and the best solution for today may not fit tomorrow’s needs. In order to pick a data solution for longer term, you should evaluate the optional data tools according to several factors. These factors will reflect the requirements looking forward.

At this session, we will share such use case, of evaluating data solution, when we redesigned one of Oribi features from scratch. Our goal was to avoid a data explosion crisis, while the system kept scaling up. Having so many solutions out there - we needed to make sure that we are choosing the one that will support the increasing load farthest.

Eventually we picked up ten criteria factors, which we used to compare and choose the best solution effectively. Join the session to hear what were these factors, and get prepared for choosing the next data solution for your system.

BIO: Eynav is a fan of the combination of technology and people - bringing technical visions into implementation. For the past 2 years she has been leading the R&D group at Oribi, a big-data based product, that handles billions of events a day, while scaling both the system and the engineering group. Her main focus is to create processes that support high scale & high standards; striving to maintain scalable R&D groups and infrastructure environments, while investing in personal growth and deployments quality.

TRACK 2

11:00 AM - 11:20 AM IST

Daniel Maher - DataDog
Principles of Observability // Daniel Maher
    Developer Advocate, DataDog

The word observable entered the English language roughly 400 years ago, but the concepts of what it means to see, comprehend, and understand something have been debated since time immemorial. Starting in the 19th century, a series of postulates and criteria coalesced into control theory, and it is from this body of knowledge that we gained the word “observability”. Today, with the advent of complex, interconnected computer systems, that word has taken on new meanings and connotations—some useful, some detrimental, and some just plain confusing.

In this talk, we’ll mix a little history, a touch of philosophy, and a healthy dose of reality, to demystify what observability means to us as professional computer people. We’ll tear through the marketing material and unearth foundational principles that will help us to build better infrastructure, write better software, and promote healthier business practices. Finally, we’ll explore some potential new avenues for discussion and understanding.

BIO: Dan is a veteran of the dotcom bubble, and has been variously a system administrator, university lecturer, start-up founder, and day labourer. As a member of the Devopsdays Core team, he has had the privilege of speaking and keynoting at events around the world. Today, he is a Developer Evangelist at Datadog, a role that mixes two of his great passions: measuring things, and talking about measuring things.

11:20 AM - 11:40 AM IST

Mark Burgess
Something Super Cool is Coming Here! // Someone Awesome
    AN AMAZING COMPANY

BIO:

11:40 PM - 12:00 PM IST

Anton Drukh
How to scale your oncall operation, and survive to tell // Anton Drukh
    Engineering Mentor

“Being oncall sucks. But it doesn’t have to!” We all heard this one before. Why is it though, that oncall still remains the biggest scar for many? What can a modern Engineering org do to rein the oncall dragons, and actually help people grow as professionals as they go oncall?

In this talk, I will present the main reasons why oncall is difficult in modern orgs, and describe ways to mitigate these hardships. The idea is that oncall is often the ‘backroom’ of an org, where all the technical and organizational debt take their toll. Be it unwieldy systems or broken processes between teams, oncall checks all the ‘weak boxes’. Therefore, the only way to win at oncall is to sort out your debts, starting with the organizational ones.

I will dive into the detail of the oncall rotation at Snyk as the org scaled from 1 to 150 people, what worked well about it, and what was less than perfect. I will discuss the decisions made to turn oncall into a building block of the org, and show a path to rein oncall in your organization as well.

BIO: I’m the ex-VP of Engineering at Snyk, where I scaled the team from 1 to 150 across 5 years. Nowadays, I’m mentoring Engineering Leaders who are scaling their orgs, and want to carve out their own path!

12:00 PM - 12:20 PM IST

Dotan Horovits - Logz.io
The State of OpenTelemetry // Dotan Horovits
    Developer Advocate, Logz.io

Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent and collectors.

In this talk I will present OpenTelemetry, an ambitious open source project with the promise of a unified framework for collecting observability data. With OpenTelemetry you could instrument your application in a vendor-agnostic way, and then analyze the telemetry data in your backend tool of choice, whether Prometheus, Jaeger, Zipkin, or others.

I will cover the current state of the various projects of OpenTelemetry (across programming languages, exporters, receivers, protocols), some of which not even GA yet, and provide useful guidance on how to get started with it.

BIO: Dotan lives at the intersection of technology, product and innovation. With over 20 years in the hi-tech industry as a software developer, a solutions architect and a product manager, he brings a wealth of knowledge in cloud computing, big data solutions, DevOps practices and more. Dotan is an avid advocate of open source and communities. Dotan co-organizes the local chapter of the CNCF in Tel Aviv, and runs the OpenObservability Talks podcast, among others. Currently working as a developer advocate at Logz.io, Dotan evangelizes on Observability in IT systems using popular open source projects such as ELK stack, Prometheus, Grafana, Jaeger and OpenTelemetry.

12:20 PM - 12:40 PM IST

Yonatan Goldschmidt - Granulate
Optimizing Performance Using Continuous Production Profiling // Yonatan Goldschmidt
    Principal Engineer, Granulate

Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent and collectors.

With the increasing complexity of modern applications, continuous profiling methods and tools are gaining popularity among the Developer and Engineering communities. In this session, we cover what continuous profiling entails and why you should implement a profiler into your tech stack (if you haven’t done so already). We’ll then bring theory to practice and demonstrate a real-life scenario using gProfiler, a free open-source continuous profiling tool, covering Linux servers on multiple architectures (such as Graviton).

BIO: Yonatan Goldschmidt is a Team Lead at Granulate, overseeing the development and deployment of their real-time continuous optimization solution as an expert in low-level programming. Before joining Granulate, Yonatan served for nearly six years in the Israel Defense Forces as a Team Lead and R&D Specialist.

12:40 PM - 13:00 PM IST

Feu Mourek - Gitlab
Flying blind - Accessibility in Monitoring // Feu Mourek
    Development Advocate, Icinga

Do you know what it feels like to navigate as someone who can’t distinguish between green and red - looking at those badges that tell you whether something is broken or a-okay? I’ll give you a quick look into what it feels like with some examples from the monitoring tool Icinga Web 2.

We all tend to forget, that not everyone sees the world like we do. In this talk I’ll be walking you through different views in Icinga Web 2 with side-by-side comparisons for the default views and how different kinds of vision impairments affect those. The talks also features a few suggestions on how to improve colour schemes and making websites and webapps better to navigate with screen readers!

BIO: Feu has been working in tech for a few years now - Specialised in Web Development and Design, and a passion for data visualisation they spent a lot of time working on Icinga Web 2. On top of that they travel around a bit talking about Icinga and GitLab in the form of talks and trainings. In private they spend a lot of time out and about with their horsey companion and in the fantastic worlds of pen and paper role play games.

13:00 - 14:00 IST

LUNCH SPONSORED BY REPLICATED!

14:00 - 16:30 IST

Ermetic

Ermetic WORKSHOP: How to Manage Identities & Access Risk in AWS and Azure
    LIOR ZATLAVI, Senior Cloud Security Architect, Ermetic

If your enterprise is part of the growing trend, you already have or are planning for a multicloud environment. Not surprisingly, management of identities and permissions is different from one public cloud to the next, adding more complexity to the fray. In any case, managing cloud identities well needs to be a priority: Gartner predicts that, by 2023, 75% of cloud security failures will be attributable to inadequate management of identities, access and privileges.

We’ve put some time into understanding how AWS and Azure handle access management, and where they align and differ, and would like to share that knowledge with you. Join this one-hour workshop to learn essential basics for how to manage access risk in AWS and Azure. We will cover:

  • Structuring cloud resources correctly
  • Assigning least privilege policies and controlling identities
  • Protecting sensitive resources with policy controls
  • Using cloud provider access governance tools
  • Achieving least privilege with automated analysis

BIO: Lior Zatlavi has over 15 years of experience in cyber security, having spent most of that time working as a security architect, product manager and developer for the Israeli government. Lior served in an elite cyber security unit of the IDF (retired Major) after which he worked in a cyber security division of Israel's Prime Minister's Office. After leaving the public sector, Lior worked as an independent consultant specializing in Cloud security and identity management. Lior holds a B.Sc in Applied Mathematics from Bar Ilan university (Cum Laude) and an M.Sc in Electrical Engineering from Tel Aviv university.

14:00 - 16:30 IST

BACK TO THE MAIN STAGE

14:00 PM - 14:30 PM IST
J. WOLFGANG GOERLICH
SPOTLIGHT TALK | Nudge and Sludge: Driving Security with Design // J. WOLFGANG GOERLICH
    Adivsory CISO, DUO Security

Security people say users are the weakest link. But are they? When complying with security becomes too burdensome, users take shortcuts, find workarounds, and end up jeopardizing security. Blaming users is lazy and easy. Making security usable is time consuming and challenging. How does design research help us understand our customers? What patterns and principles drive secure behavior? How can we build empathy with customers and make the right thing to do the easiest thing to do? This session explores these questions, and provides examples of how design thinking and research can help us be more secure. We will walk through our creation of core user personas, design principles, and how these inform and direct our design choices and intent. Don’t blame your users anymore. Come learn how to be part of a future where usability leads security.

BIO: J. Wolfgang Goerlich is an Advisory CISO for Duo Security. He has been responsible for IT and IT security in the healthcare and financial services verticals. Wolfgang has led advisory and assessment practices in cybersecurity consulting firms.

14:30 PM - 15:00 PM IST
Boris Cherkasy - Riskified
STATSCRAFT HIGHLIGHT TALK | The (ir)rational incident response: How psychological biases affect incident response // Boris Cherkasky
    Backend Software Engineer, Riskified

Have you ever felt you took every wrong turn possible in the process of mitigating a production incident? Did you go through a 3-hour hell during incident response and felt the incident wasn’t complex enough to justify the horrors you’ve experienced? Did it cause you to question your engineering or problem-solving skills?

Well, it’s only partially you. Our brain is wired to make decision-making simpler. In doing so, it exposes itself to biases, heuristics, and other quirks that may seem like “bad decisions” in hindsight.

In this talk, through real-life outages, we’ll project those psychological principles onto the world of production monitor, and incident management. As a responder, you’ll learn why those behavioral patterns emerge during production incidents and what can be done to limit their effect, and as a manager, you’ll learn how to enable and encourage a healthy environment to better support those patterns.

BIO: A software engineer with passion (some say obsession) to observability, charts, and dashboards. In the last ten years, did anything from low-level safety-critical control logic to high availability cloud applications, and currently enabling e-commerce as an engineer and production advocate at Riskified. Amature tech blogger, mediocre cook with a slight Scuba diving addiction.

15:00 PM - 15:30 PM IST
Christina Babitski - Develeap
CULTURE HIGHLIGHT TALK | Solving the DevOps crisis, one person at a time // Christina Babitski
    DevOps Professional, Develeap

We all know how hard it is to find DevOps engineers, and creating a diverse team despite gender and ethnicity bias? Nearly impossible. At this talk we will show our tools and methods implemented in the Develeap hiring process that overcome this inherited bias.

Well, it’s only partially you. Our brain is wired to make decision-making simpler. In doing so, it exposes itself to biases, heuristics, and other quirks that may seem like “bad decisions” in hindsight.

About 2 years ago we faced a crisis in our DevOps consulting company - the market demand was higher than we could supply. The traditional recruiting process depending on CV and artificial credentials was not working. So we came up with an alternative solution, and since then - we are growing exponentially and diversely. In this talk we will show the practical tools we deployed in order to increase our capacity, and we will show how these tools overcome the inherited bias in the process.

BIO: Chris, a DevOps professional in Develeap who is in charge of our training process. Currently, more than half of the company’s DevOps consultants were trained by me. In my free time I enjoy crochet, hiking, and playing with my 1-year-old toddler. I believe in people and the great things that we can accomplish when charging in together.

15:30 PM - 16:15 PM IST
IGNITES
ServerlessLess - Yaani with a Server - Michael Zion, MeteorOps

Yaani is hebrew slang for “meaning”
Serverless have gotten out of hand. For those of us in dire need of metal machinery to run our applications, serverless is the worst thing that have ever happened. Stop focusing on your business logic, and join me on a journey to revive the metal servers.
ServerlessLess is a revolutionary approach that leverages serverless tools in order to deploy your infrastructure directly on physical servers. Join us if you want to go back to the future with us.
BIO: My name is Michael, I’m the founder and CEO of a company called MeteorOps, and a tech enthusiast in general. My favorite member of One Direction is Gilgamesh (not many people know this, but OneDirection is also the name of an ancient Assyrian Harp Quartet).

What's burning through your cloud bill - Gil Bahat, Cider Security

Recent years have exposed startups to a major plague - cloud overspend. No vaccine appears to exist, plethora of tools and consultants fail to stop the bleeding. And yet, some companies manage to stay safe. What makes them different? Is it the tools? Is it the mindset? Is it developer training?
In this session we will examine the cultural factors involved in sound and responsible financial management in the cloud. We will also look at relevant system design elements and product design elements which enable us to spend wisely while our business runs smoothly.
Following this session, you should be better versed in cost-aware system design and some of the cultural and structural requirements to keeping your cloud bill low.
BIO: A Gil, of all trades.
I love a varied DevOps experience - from MLOps to FinOps to DevOps, from multimedia to healthcare to security. From source control to production monitoring. From large team interwork to a one-person show.

Did Anyone Say SemVer? - Philipp Krenn, Elastic

Semantic Versioning seems to be THE solution every time you talk about releasing software. At least in theory. Because practice is often a lot more complex. Let’s cover the basics and complexities in five minutes!

  • What is and isn’t covered by SemVer?
  • What’s the asymmetry in it?
  • What does the versioning schema of popular products like Kubernetes or MongoDB actually look like?
BIO: Philipp lives to demo interesting technology. Having worked as a web, infrastructure, and database engineer for more than ten years, Philipp is now working as a developer advocate at Elastic — the company behind the open source Elastic Stack consisting of Elasticsearch, Kibana, Beats, and Logstash. Based in Vienna, Austria, he is constantly traveling Europe and beyond to speak and discuss about open source software, search, databases, infrastructure, and security.

SPOTLIGHT IGNITE (10 Minutes): Meirav Feiler, Github

ABSTRACT LOADING...


OpsSchool   A Word About OpsSchool

16:15 TILL YOU WANT TO STICK AROUND

🍻 HAPPY HOUR SPONSORED BY SPOT - A NETAPP COMPANY!

16:15 TILL YOU WANT TO STICK AROUND

💡 OPEN SPACES

08:30 AM - 09:30 AM IST

🥞 Breakfast Sponsored by Coralogix & Reuniting with Friends in the Hallway Track

DEVOPSDAYS TEL AVIV

DEVOPSDAYS TEL AVIV - MAIN STAGE

09:30 AM - 09:50 AM IST

Greetings & Welcome: Erik Zaadi, Master of Ceremonies
Opening Words Sponsored by Daily.Dev

09:50 AM - 10:30 AM IST
Ellen Chisa
Keynote | What's coming in the next 10 years of DevOps? // Ellen Chisa
Founder in Residence, Boldstart Ventures

ABSTRACT:

Fifteen years ago, we'd barely started to use S3, and ten years ago DevOps was the new thing. Today, we can add a new tool, technology, or trick every week, and more and more work is shifted into the application developer's workflow. If security, resiliency, and incident response become part of product teams, where will we be ten years from now, and what should we do today to get ready?

BIO:

Ellen is Founder in Residence at boldstart Ventures. She joined the boldstart team in January 2021, after having worked with the team as a founder at Dark. Her role allows her to do exactly what she loves – some investing and hands-on support for founders building pre-product, dev-focused, enterprise companies.

Prior to boldstart and founding Dark, she worked at Blade as an EIR, seeding the work for what became Lola. She also worked on backer-facing projects at Kickstarter and on the first versions of Office for non-Microsoft phone platforms. The common thread is building tools that help people to do creative work.

Ellen has an a M.B.A from Harvard Business School, and a B.S in Electrical and Computer Engineering from Franklin W. Olin College of Engineering. She grew up in Rochester Hills, MI, but now lives in Somerville, MA with her husband and her cat, Gutenberg.

10:30 AM - 10:40 AM IST

ABOUT OPEN SPACES - AVISHAI ISH-SHALOM

Learn more about the open spaces concept here.

10:30 AM - 13:00 IST

LEAP



ENGINEERING LEADERSHIP WORKSHOP Adi Shacham-ShavitAdi Shacham-Shavit

Workshop: Stay on-top of your technical backlog and live to tell
Audience: VP R&D, VP Engineering and CTOs, Head of DevOps

Many senior technical leaders are struggling with how to make sure that their infrastructure, code and architecture can support the business needs. The challenge is not WHAT should be done, but how to promote these tasks, how to create a unified backlog that everyone agrees on, and how to keep the right communication level with the company’s CEO, VP Product and other non-technical managers. These aspects of the system, includes security, scaling, supportability, debuggability, it's up time and more.

As a senior engineering manager, your role is to manage and prioritize these required changes as a backlog that must be tightly aligned with the company’s business needs.

In this workshop, we will understand how to manage all the technical items that can enable your business growth, what the preferred method to create the right balance for your own company is, and how to make everyone in your organization follow the same decision-making process. By gaining these techniques, you will be able to not only provide a clear technical roadmap to your system, but also communicate it well to the business people, to keep everyone on the same page for your team’s plans for next year.

BIO:Adi has 20 years of experience in senior engineering management roles in companies such as Lemonade, AppsFlyer and LivePerson. Today she is working with senior engineering managers and startups to scale their technology to comply with the business growth. She’s an expert in the hyperscale of distributed systems, handling traffic of billions of events a day.

10:40 AM - 11:00 AM IST

COFFEE BREAK SPONSORED BY KALTURA!

11:00 AM - 13:00 PM IST

SPLIT TO TRACKS

TRACK 1

11:00 AM - 11:20 AM IST

Daniel Krivelevich - Cider
The three disciplines of CI/CD security // Daniel Krivelevich
    CTO, Cider Security

CI/CD pipelines are quickly becoming the path of least resistance for would-be attackers into sensitive internal systems, gaining access to critical data, with minimal effort.

In the InfoSec world when we talk about CI/CD security often times this focuses on specific aspects of securing your pipeline - scanning the code, protecting secrets, securely managing code deployments, or even authentication and authorization mechanisms, but we rarely talk about all of these together.

After years of being in the trenches and realizing that the attack surface is growing and the threat landscape becoming more and more complex, it has become increasingly apparent that security teams need to adapt and modify strategies to keep up with the new reality of CI/CD protection, without compromising developer velocity.

In this talk I would like to propose a new way of thinking about CI/CD security - that encompasses the three disciplines that comprise CI/CD security - security in the pipeline, of the pipeline, and around the pipeline. Partial coverage of any or all of these disciplines simply will not cut it with the continuously evolving risk landscape. Security engineers need to address each of these aspects in their entirety to provide the full scope of coverage that modern organizations need, and I will take a deep dive on the challenges each introduce, and the approaches and techniques for mitigating them based on adversarial sec research.

BIO:

Cyber Security expert and problem solver, 15+ years of enterprise security experience with a proven track record working with 100+ enterprises across multiple industries, with a strong orientation to Application & Cloud Security. Held several positions in 8200 (retired as Lieutenant), after which proceeded to a career in the Civilian Cyber Security industry, spanning across 3 primary disciplines:

  • Offensive Security (EY HASC)
  • Enterprise Application Security, SDLC (LivePerson)
  • Incident Response, Cloud Security, Enterprise Posture (Sygnia)

After having led Application Security and Cloud Security with Sygnia for nearly four years, Co-Founded Cider Security as the company’s CTO. Cider is an early stage, post seed, startup, focused on securing CI/CD pipelines, flows, and systems. Now 45 people strong and rapidly growing, Cider is building a security umbrella that allows identifying, prioritizing and mitigating risks pertaining to the pipeline and the code/configuration flowing through it.

11:20 AM - 11:40 AM IST

Eran Bibi - Firefly
Don't Panic: Getting Your Infrastructure Drift Under Control // Eran Bibi
    CPO & Co-Founder, Firefly

In your ever-changing Infrastructure, some changes are intentional while others are not.

Drift is what happens whenever the real-world state of your infrastructure differs from the state defined in your configuration. This can happen for many reasons, sometimes it happens when adding or removing resources, other times when changing resource definitions upon resource termination or failure, and even when changes have been made manually or via other automation tools.

While Terraform itself can detect drifts, in most cases, you will be informed about it too late: just before you are about to deploy new changes to your infrastructure. What’s interesting about Terraform though, is that you can apply changes in two separate and distinct steps of “Planning” and “Applying”. This means that you have full visibility of what Terraform is planning on doing beforehand, and if you are satisfied with the changes, you can choose to apply them.

So how does this work? When something is changed intentionally, it will appear in the source code, and the Terraform plan will not do anything. However, if any part of the infrastructure has been changed manually, Terraform’s plan will identify this, and alert you to the change. In other words, if your IaC drifted from its expected state, then Terraform’s plan will, in fact, detect it.

Applying this simple solution can empower DevOps and developer velocity, with the reassurance and context for unexpected changes in your IaC, in near real-time. This talk will showcase real-world examples, and practical ways to apply this in your production environments while doing so safely and at the pace of your engineering cycles.

BIO:

Eran Bibi is Co-Founder & Chief Product Officer at Firefly. With years of experience in anything DevOps/SRE and security, he has earned a reputation as a CI/CD and SRE expert and an avid admin of Cloud Platforms and containerized environments.

Prior to Firefly, Eran was Head of DevOps & Cloud Platform at Aqua Security and DevOps Group Lead at Finastra. Eran is a frequent speaker at Cloud Native meetups, AWS community meetups, and other cloud workshops and conferences.

11:40 AM - 12:20 PM IST

Alon Nativ - Tomorrow.io
SLO Driven Development // Alon Nativ
    Architect, Tomorrow.io

In every development process there is the question, do we invest enough on quality? Do we need to invest more? Every team knows about the dilemma of how many tests is the right amount of tests we should write. Is 80% test coverage is good enough? Maybe 90%? 100%? Should we invest more time in unit testing? Are we wasting too much time on unit-testing? Should we invest time on a faster rollback mechanism?

WIIFM
“Without data, you’re just another person with an opinion” - W. Edwards Deming

SLO Driven Development is a framework that helps the developers focus on impact and balance of every aspect of the dev process. When working currently with SLI, SLA, SLO and error budget you can learn where to invest in the development process.

Let’s talk about the importance of good SLOs and how they can help us improve our day2day

BIO:

Alon is a developer at heart and a monitoring freak, for the last 15 years he has been building systems as developers, managing large teams and hacking systems. He's passionate about building large scale systems, and the process of making an impact, always looking for a way to improve the development process and optimize the system. Also doing:

  • Public speaker (pre-covid)
  • Talking about development in Reversim podcast (for ~8 years)
  • Mentoring

And most important Father of 3 kids and husband of an amazing wife :)

12:20 PM - 12:40 PM IST

Hila Fox - Augury
Onboarding in Lockdown // Hila Fox
    Squad Leader, Augury

In this talk, I will share do's and don'ts on how to onboard successfully in a remote or hybrid setup including moving to a leadership role.

In this talk, I will share my journey onboarding remotely in the midst of a global pandemic. I will talk about the tips that worked for me, how I was able to be productive, impactful, and make a good impression on others. The key issues as an “onbordee” that I will talk about are how to create relationships, make yourself visible in the company, time management, and more.

Since I started working in Augury over 100 new employees have joined the company. Each month I give a session that is part of their general onboarding process. This became a crucial step due to the fact that we are now a hybrid company and a lot of people are onboarding remotely or in a hybrid setup for the first time in their lives.

I joined the company as a backend developer and a few months into my role, the squad leader position in my squad was up for grabs and I was fortunate enough to grab it :) This is my first official leadership role, which I also needed to onboard into in a hybrid setup. I will share the process that I built for myself on “How to lead”. Also, a word or two on the process we built as a squad on how we work in a hybrid setup, what are we optimizing for when we do meet and how to include new members of the team.

BIO:

Hila has written in Java Spring, Ruby RoR, Go and more. Using mainly Mongodb, MySql, and has worked in high scale async environment using RabbitMQ, Kafka, NSQ and Google pubsub (Buzzwords = event sourced, CQRS, DDD).

She will take any opportunity to participate in a philosophical conversation about coding and architecture.

Hila loves leading big complex projects from deconstructing models/behaviours to microservices, to enhancing new product capabilities.

She also believes that we should test for confidence, optimize for productivity, decide with data and be nice to each other.

12:40 PM - 13:00 PM IST

Moshe Ben Shoham - Next Insurance
Building a DR Plan for Your Cloud Infrastructure From the Ground Up // Moshe Ben Shoham
    DevOps & Infrastructure Group Manager, Next Insurance

This is a story about taking the cloud infrastructure of a successful company, that is still managed as infrastructure of a startup company, and rebuilding it to support the growing business requirements, especially around disaster recovery and business continuity. In the session I will share Next Insurance’s journey - where we started, where we are now and what we learned on the way so far. I will talk about how we managed to build our proven DR plans, and actually execute them in our DR drills. I will also talk about why we decided that the only way to prove your DR plan works is to continue running your business in the DR account and make it your production account, and go on to build your next DR account. If you are a part of a company that is about to embark on a similar journey, this session might equip you with some very useful insights on how to think about such a challenge, and some very useful and practical tips on how to execute it.

BIO:

Experienced Developer, System, Cloud and Infrastructure Architect with a demonstrated history of working in the information technology and services industry. Strong engineering professional skilled in enterprise software, agile methodologies, DevOps, SaaS and cloud services. Always eager to learn and experience new technologies, methodologies and tools, and always looking to be in the place where my impact is optimized. Proudly managing a unique and strong group of DevOps engineers at Next Insurance.

TRACK 2

11:00 AM - 11:20 AM IST

Shahar Mintz
Configuration Management in the Cloud Native Era // Shahar Mintz
    CTO, Eggpack

Configuration Management is at the core of Ops. It’s the biggest enabler of any compute operation, small and big. In the past decade, we have switched from thinking about the machines we are configuring, to think about the software and services we are controlling. With that change of mindset, so did the tools we are using. Traditional tools like Puppet, chef, salt and Ansible are slowly declining while new tools such as Terraform, Pulumi, Helm and Kustomize are on the rise. In this talk I will try to describe the pain-points and the opportunities of this transformation as well as suggesting a future direction based on tools developed at the big-tech companies (Mainly facebook and google)

BIO:

In the past few years, I’ve been on a quest to build a better configuration management tool, trying to learn how different companies implementing their configuration strategies. I am evaluating how configuration is being described, composed, delivered and consumed while developing protoconf. I’ve started protoconf because I missed the configuration tool I used while at facebook (configerator). I feel like more people need to know about how big-tech companies approach configuration.

11:20 AM - 11:40 AM IST

Rona Hirsch - Komodor
How DevOps Can Empower Developers to Troubleshoot Kubernetes Independently // Rona Hirsch
    DevOps Engineer, Komodor

In the world of microservices today, how can DevOps teams empower developers to troubleshoot K8s issues independently? We’ll discuss the current gaps/challenges today in the process, and 6 best practices DevOps need to ensure in order to enable developers to troubleshoot K8s issues efficiently.

In this talk we will discuss the 5 main best practices DevOps need to ensure to enable developers to troubleshoot K8s issues easily. This will be a technical talk elaborating the 5 best practices, including: 1. YAML best practices 2. Stateful vs stateless apps 3. Separated environment best practices 4. Logging best practices 5. Monitoring best practices 6. Training & enablement best practices

BIO:

Rona is a DevOps Engineer who’s passionate about automation, innovation, and creative problem-solving. She enjoys challenging herself and experimenting with new technologies and methodologies. Currently, Rona is working on developing the next-gen K8s troubleshooting platform at Komodor.

11:40 AM - 12:00 PM IST

Liran Tal - Snyk
I can hack your container faster than you can build it // Liran Tal
    Director of Developer Advocacy, Snyk

Learning about container security by breaking in to a live running container!

So you built your Next.js or other Node.js apps and containerized them, great job! But what does it take to secure a container? Are you sure you’re following all the best practices to build container images correctly? What are the threats you are not mitigating in a running container? There’s no better way to understand container security than seeing some live hacking! Join me to learn and adopt best practices of running secure containerized applications in production.

BIO:

Liran Tal is a software developer, and a GitHub Star, world-recognized for his activism in open source communities and advancing web and Node.js security. He engages in security research through his work in the OpenJS Foundation and the Node.js ecosystem security working group, and further promotes open source supply chain security as an OWASP project lead. Liran is also a published author of Essential Node.js Security and O’Reilly’s Serverless Security. At Snyk, he is leading the developer advocacy team and on a mission to empower developers with better dev-first security.

12:00 PM - 12:20 PM IST

Eyar Zilberman - Datree
Your open source project is like a startup, treat it like one! // Eyar Zilberman
    CPO & Co-Founder, Datree

From idea to execution, the challenges of publishing an open source project are very similar to initializing a startup when it comes to creating a successful product that people will love and use.

Most open source projects are not “taking-off”, although they are really good! This is because developers (which are usually the creators of open source projects) think that writing the code is the hard part and “neglect” the other parts of publishing a good open source project.

In this talk, I will use my experience as a contributor to open source and product head of a startup, to go beyond writing the code itself and cover the other central aspects of creating an open source project, like MVP, product/market fit, marketing and more.

BIO:

Eyar started his professional life as a lawyer for OSS licenses but fell in love with the technology itself. He taught himself development and worked as a full stack developer. After ~4 years he decided he needed to step out of his comfort zone, and today he's an entrepreneur and Chief Product Officer @ Datree (https://datree.io) .

12:20 PM - 12:40 PM IST

Natalie Pistunovich - Aerospike
You Need Cars, Not Faster Horses. Or: How to Prepare Your Architecture to a Very Large Scale // Natalie Pistunovich
    Lead Developer Advocate, Aerospike

“Congratulations, the product got super popular and now everyone is using it!” You hear the news, and you quickly spin up more instances! But a horse can only go this much faster, Moore’s law has an end, and your current architecture can scale up to a specific limit.

Once you go beyond a certain threshold - you will have to reevaluate your entire architecture. Sure, you might have designed everything with scale in mind, but there’s a good chance you built it quick and dirty. So what do we reevaluate? Everything!

  • Programming language - you built the prototype using your favorite one. But is it fast enough now that msec matter? Would migrating the codebase to a new language be worth the effort?
  • Architecture - maybe you started with a monolith, maybe with microservices. Maybe it’s time to do some shape shifting, maybe not. Definitely evaluate alternatives.
  • Database - a common one is a great quick start, but is it fast enough now? Is it still affordable?
  • Infrastructure - Speaking of affordable, cloud is an awesome way to go live. How much longer can you rely on it? Sure, it can get very expensive, but maybe it’s worth the headache it saves?
  • Security - As you grow you get more attention, so there’s a better chance to be a target for hackers. Do your current security practices scale?

There is no one right answer, but approaching a milestone of very large scale is a great time to stop and ask many questions. The audience’s takeaway will be a list of questions to ask and moving parts to poke, based on the architectures of companies at a very large scale.

BIO:

Natalie is an avid learner and question asker, a Google Developer Expert for Go, an OpenAI ambassador, a public speaker and a sailor. When she’s not working on robust systems at Aerospike, she is organizing tech conferences (Security, SRE, AI and Go), and the Berlin chapters of the Go and Women Techmakers user groups. Previously, she was an Engineering Manager, Software and Hardware Engineer, and a Co-Founder of a mobile start-up. In her free time, she is wondering if there is life on Mars.

12:40 PM - 13:00 PM IST

Natalie Pistunovich - Aerospike
Microservices above the Cloud - Designing the International Space Station for Reliability // Robert Barron
    AIOps, ChatOps and SRE, IBM Technology, Assets & Architecture

“The International Space Station has been orbiting the Earth for over 20 years. It was not launched fully formed, as a monolith in space. Instead, it is built out of dozens of individual modules, each with a dedicated role - life support, engineering, science, commercial applications and more. Each module (or container) functions as a microservice, adding additional capabilities to the whole. Not only do the modules need to function together, delivering both functional and non-functional capabilities, they were designed, developed and built by different countries on Earth and once launched into space (deployed in multiple different ways), had to work together - perfectly.

Despite the many (minor) reliability issues which have occurred over the decades, the ISS remains a highly reliable platform for cutting edge scientific and engineering research.

In this session I will describe the way the space station was developed and the lessons Site Reliability and DevOps Engineers can learn from it.

BIO:

Robert works for IBM, helping clients improve their IT Operations. He is an SRE and AIOps evangelist who enjoys helping others solve problems even more than he enjoys solving them himself. Robert has over 20 years of experience in IT development & operations and is happiest when learning something new.

He lives in Israel with his wonderful wife and two children. His hobbies include history, space exploration, and bird photography.

13:00 - 14:00 IST

LUNCH SPONSORED BY REPLICATED!

14:00 - 16:30 IST

Cider Security

WORKSHOP BY CIDER SECURITY

DESCRIPTION COMING SOON

14:00 - 16:30 IST

BACK TO THE MAIN STAGE

14:00 PM - 14:30 PM IST
Jonathan Kingsley - Orbit
SPOTLIGHT TALK | Cracks in the Façade // JONATHAN KINGSLEY
Lead, Infrastructure and Security, Orbit Labs

In this bleak, depressing talk we will discuss some of the ways computer science and computer security has fallen flat on its face, and how you can avoid making the same mistakes, with just a soupçon of humor for good measure.

We will break these problems down and hopefully learn some important lessons, such as not allowing your door locks to call system(), how to properly secure your corner of the Internet Of Things, a crash course in processor architectures and how they lie to you, and how the inevitable heat-death of the universe is a result of RSA.

Hopefully, you’ll emerge feeling smarter, discussing new topics, and slightly terrified.

BIO:

By day, Jonathan Kingsley is a Senior SRE, security consultant and occasional pyrotechnician. While he generally focuses on building awesome software, his real passion lies in the weird and wonderful corners of technology. In his downtime, he likes to lead climb, fence epee and write screenplays.

14:30 PM - 15:00 PM IST
Tomer Gabel
CLOUD NATIVE HIGHLIGHT TALK | The Pleasures of On-Prem // Tomer Gabel
    Software Consulting & Training

The last two decades have been all about SaaS, with advantages that cannot be overstated. Except SaaS isn’t always an option, nor is it always the right choice: businesses in tightly regulated industries, or where information security is paramount, for example, will not - often can not - consider any software that isn’t under their control. For many software enterprises, this leads to the dreaded inevitability of on-premise deployment.

Fortunately, the situation today is dramatically different to a scant few years ago, let alone a decade or two: the same technologies that enable SaaS have also radically transformed on-prem deployment. Modern tools like Docker, Consul, ELK and Kubernetes - to name a few - can be leveraged to completely transform the experience for both customers and vendors. In this talk we’ll contrast the challenges and advantages of SaaS and on-prem, see how things have evolved in recent history, and see how modern on-prem deployment can be, if not pleasurable, at least relatively painless.

BIO:

A programming junkie and computer history aficionado, Tomer’s been an avid software professional for almost two decades, during which he’s built any number of (predominantly back-end) systems, cofounded two major Israeli user groups (Java.IL and Underscore), organized an annual Scala conference (Scalapeño) and is a recurring speaker at software conferences. Plying his trade as a gun-for-hire at Substrate, he secretly still hopes to realize his childhood dream of becoming a lion tamer.

15:00 PM - 15:30 PM IST
Dean Pleban - Dagshub
YET ANOTHER OPS HIGHLIGHT TALK | Solving MLOps from first principles // Dean Pleban
    CEO & Co-Founder, DAGSHub

One of the hardest challenges data teams face today is selecting which tools to use in their workflow. Marketing messages are vague, and you continuously hear of new buzzwords you “just have to have in your stack”. There is a constant stream of new tools, open-source and proprietary that make buyer’s remorse especially bad. I call it “MLOps Fatigue”.

This talk will not discuss a specific MLOps tool, but instead present guidelines and mental models for how to think about the problems you and your team are facing, and how to select the best tools for the task. We will review a few example problems, analyze them, and suggest Open Source solutions for them. We will provide a mental framework that will help tackle future problems you might face and extract the concrete value each tool provides.

What you’ll learn

You’ll learn what signals to watch for to notice you might have MLOps fatigue. How to define the challenge you’re facing and which questions to ask in order to build a “decision tree” for selecting the best-suited tools for the task. A few examples for using this framework in practice on challenges involving data management and automating training/pipeline tasks

About 2 years ago we faced a crisis in our DevOps consulting company - the market demand was higher than we could supply. The traditional recruiting process depending on CV and artificial credentials was not working. So we came up with an alternative solution, and since then - we are growing exponentially and diversely. In this talk we will show the practical tools we deployed in order to increase our capacity, and we will show how these tools overcome the inherited bias in the process.

BIO:

Always learning and a builder at heart. Dean has worked on quantum optics and communication, computer vision, software development, and design – taking a multi-disciplinary approach and applying it to build products for data scientists and machine learning engineers. Dean is the CEO & Co-Founder of DagsHub, a platform for data scientists and machine learning engineers, combining popular open-source tools and formats, to version their data, models, experiments, and code.

Dean received a bachelor’s degree in computer science and physics from the Hebrew University. He is now focused on taking best practices and workflows from the world of software development and adapting them to the requirements of data scientists.

15:30 PM - 16:15 PM IST
IGNITES
Take a Hike: Preventing Battery Corrosion - Leah Vogel, Chegg

This is for you, you rockstar, ninja coffee drinking workaholic who doesn’t know what a vacation day looks like. Even though you love your job and are dedicated and are super important, you need a break too.
We tend to think that working all the time is an effective practice while the truth is that finding the time for self care and recharging your batteries is beneficial for both you and your company. Additionally, if you’re a leader, you’re responsible for the wellbeing of your team. In this talk I’ll discuss the importance of taking time off of work and creating a positive culture surrounding vacation time.
BIO: Leah joined the ranks of iOS developers in 2013 after years of teaching and project management at a non-profit organization. She currently works at Chegg Israel as a Mobile Engineering Manager. Outside of work she’s an avid reader of anything she can get her hands on.

GraphQL to the RES(T)cue - Ella Sharkanski, Salto

If you have never used GraphQL before, you probably think that it is just another buzzword that will be forgotten in a few years. You might think: “Why do I need to learn a new way to write APIs when REST already answers all my needs?”. Or, you are excited to learn something new but don’t believe GraphQL is mature enough for production.
In this talk, I will remind you of some of the pain points you have probably experienced when using REST. I will then explain what GraphQL is and demonstrate how it solves these pain points. Next, I will discuss the disadvantages of GraphQL. Finally, I will provide some guidelines for choosing between REST and GraphQL. By the end of this talk, you will understand what GraphQL is and when to use it.
BIO: Ella is an experienced software development engineer with an advanced academic background in mathematics and computer science. She is currently working in a startup called Salto. Before that, she has led a software development team at the Israel Defence Forces. Ella is passionate about software development, software architecture, entrepreneurship, and leadership. She loves solving problems, and mostly, she is eager to make products that users love.

history is a wheel. tech is a spiral

Presenting the concept of spiral history in computer technology, with very little examples. spiral history is a metaphor for how we do the same stuff every few years but they work out a little bit different.
“Those who cannot remember the past are condemned to repeat it” or so it is said, in technology and even more specifically in computer science it still holds true, however in computer science it is not exactly repeating and sometimes in our very young field forgetting the past actually helps since what haven’t worked before might work today. 5 minutes for 2 examples of spiral history and i hope you will accept this theory. BIO: From a young age I know i’m going to be in tech. And i was right. i should have believed i am going to be rich without working instead. I have worked in big companies (checkpoint software, AVG israel) and in small startups (Rumble news, Cloud of things) and Dev centers for Enterprises (BNY Mellon, and Alibaba) usually improving things, and helping the process of development to be going in the right direction. Also i am a 3d printing enthusiast but very bad at it (ruined another hotend x2)

SPOTLIGHT IGNITE (15 Minutes - TRIPLE RAINBOW): Yaron Amir, The Digital Nomad

ABSTRACT LOADING...


OpsSchool
A Word About LGBTech

Sivan Kaniel, CEO

16:15 TILL YOU WANT TO STICK AROUND

🍻 HAPPY HOUR SPONSORED BY LINEARB!

16:15 TILL YOU WANT TO STICK AROUND

💡 OPEN SPACES

EVENT LOCATION

Smolarz Auditorium, Tel Aviv University

Dr George Wise St, Tel Aviv-Yafo (link)

MORE USEFUL LOCATION INFO

Transportation

Smolarz Auditorium is located inside Tel Aviv University and offers easy transport options and accessibility.
If you are coming by public transportation, have a look at the Moovit app or website, that can provide the best information for bus, train or other public transport options.
If you are coming by train, get off at the Tel Aviv University station. From there, exit to the Tel Aviv University side of the station, from there you will have many bus lines that will take you directly to Tel Aviv University. The relevant stop is the Haim Levanon/Dr. George Wise stop. In Tel Aviv there are many other options for public transportation including Bubble (a ride-sharing service), bicycles and scooters for rent (Birds & Winds), and much more. If you have any questions regarding getting to the venue, please make sure to contact us.

Parking

For particpants coming by car, there are multiple parking lots around the Tel Aviv University grounds. We are checking on the possibility for parking discounts.

Accommodation

Tel Aviv is home to Israel's most prestigious beachfront hotels. The main stretch of hotels is right across from the Tel Aviv Marina. You can find more information about the location of the various hotels here.

Leisure

Tel Aviv is one of the most culturally diverse cities you will ever see. There is a multitude of sights, tours, and museums that visitors can enjoy during their stay in Israel.

For more information on things to do in Tel Aviv, see here.





Join us for a single-track DevOpsDays with a dedicated track for Cloud Native & OSS Day and Statscraft each day.

   

ADD TO CALENDAR

  EVENT ORGANIZER  


  COMMUNITY PILLARS  

                      

  FOOD, GOODIES & SWAG SPONSORS  

       

  COMMUNITY SUPPORT  

     


  MEDIA PARTNERS  


And Many More Who Make Our Amazing Community Possible