Bringing together Israel’s DevOps community, Yalla! DevOps is the must-attend event for developers, engineers, and business leaders from top companies. With a variety of hands-on tech sessions, you will find solutions to real-world complex software problems, with industry experts sharing bold and inspiring new ways to consider DevOps, Security, and Distribution. Learn from the failures and triumphs of your peers as we prepare you for a whole new caliber of innovation.
Founder, CEO & Editor-In-Chief of MediaOps
Yalla DevOps is a one-of-a-kind event, happening for the first time
on September 24th, in Herzliya, Israel @ the Daniel Hotel.
Jessica is a Cloud Developer Advocate for Microsoft focusing on Azure, infrastructure, containers, Linux and open source. Prior to joining Microsoft, she spent over a decade as an IT Consultant / Systems Administrator for various corporate and enterprise environments, catering to end users and IT professionals in the San Francisco Bay Area. Jessica holds three Microsoft Certifications (MCP, MSTS, Azure Infrastructure), 3 CompTIA certifications (A+, Network+, and Security+), 4 Apple Certifications, and is a former 4-year Microsoft Most Valuable Professional for Windows and Devices for IT. In 2013, she also achieved her FEMA certification from the U.S Department of Homeland Security, which recognizes her leadership and influence abilities during times of crisis and emergency.
When she’s not doing something geeky, you can find her doing something active, most likely running out of breath at her local CrossFit gym or hiking. She also enjoys biking (motorcycles and/or bicycles), shooting, eating, reading, and hanging with her 5-year-old rescue pup.
Rona is a founding partner of TLV Partners. She currently focuses on Cloud Computing, AI and Cyber Security.
Rona is a member of the board of Varonis (NASDAQ: “VRNS”), Aqua Security, Oribi, AiDoc, Datree.io, Rookout, run.ai, Quantum-Machines, Packboard and Datagen.
Previously Rona invested and partnered with the founders of Varonis (Went Public on Nasdaq in February 2014, VRNS), Skycure (acquired by Symantec), Puresec (Acquired by Palo Alto Networks), Traiana (acquired by ICAP), Worklight (acquired by IBM), Actona (acquired by CISCO), ItemField (Aquired by Informatica) , Identify (acquired by BMC), Aduva (acquired by SUN) , Fring (acquired by GenBend), SalesPredict (acquired by eBay) and Totango.
Previously, she was a General Partner at Pitango and Evergreen, and was head of the enterprise software sector at both funds. Rona herself was a successful entrepreneur in the computer gaming industry.
Sebastian Scheele is the CEO and co-founder of Loodse. With Loodse, he wants to empower IT teams to focus on their core expertise: writing groundbreaking applications. Sebastian is passionate about the potential of container and cloud native technologies and has published several articles on Kubernetes in leading tech media including The New Stack.
The tectonic plates in DevOps are moving. Industry-shaping technology companies are making strategic decisions amidst sea changes in how connectivity and networking are being approached. Shlomi Ben Haim, CEO of JFrog, will demystify the marketplace, using real data from public sources and usage statistics from over 5,000 unique companies. What will you see? You’ll see DevOps clearly in 2020 – where Continuous Updates will transform the way software is delivered to a nearly-limitless marketplace.
Shlomi is CEO and co-founder of JFrog, creators of the universal DevOps platform. He brings over 20 years of experience in building profitable, high-growth information technology companies. Prior to JFrog, Shlomi was the CEO of AlphaCSP (acquired in 2005 by MalamTeam) and was a Major in the Israeli Air Force. Shlomi holds an MS from Clark University (Massachusetts) and a BA from Ben-Gurion University (Israel).
DevOps is now officially 10 years old. What have we learned? Although prescriptive practices like Lean, Agile, SAFE and even DevOps may be necessary for IT acceleration they are in most cases not sufficient for long-term systemic improvement. In other words, you can’t Lean, Agile, SAFE or DevOps your way around institutionalized organizational habits. Therefore, the key to long-term improvement lies in an understanding where human capital interconnects with technology.
The following is a list of the “Seven Deadly Diseases”:
These seven diseases of organizational behavior must be uncovered with the absence of prescriptive practice through a process of organizational fact-finding. In this presentation, we will look at the “Seven Deadly Diseases” of IT organization work and show examples of how to uncover these diseases through a process of organizational forensics (i.e., fact-finding).
ohn Willis is Vice President of DevOps and Digital Practices at SJ Technologies. Prior to SJ Technologies he was the Director of Ecosystem Development for Docker, which he joined after the company he co-founded (SocketPlane, which focused on SDN for containers) was acquired by Docker in March 2015. Previous to founding SocketPlane in Fall 2014, John was the Chief DevOps Evangelist at Dell, which he joined following the Enstratius acquisition in May 2013. He has also held past executive roles at Opscode/Chef and Canonical/Ubuntu. John is the author of 7 IBM Redbooks and is co-author of the “DevOps Handbook” and the upcoming Beyond the Phoenix Project. The best way to reach John is through his twitter handle @botchagalupe.
Learning from my past experience with a big data breach, I’ve made it my goal is to help protect data on the Internet by identifying data leaks and following responsible disclosure policies.
As a Cyber Threat Intelligence Director and journalist at SecurityDiscovery.com consultancy, my mission is to make the cyber world safer by educating businesses and communities worldwide. Many of my data security analytics discoveries can be found in major news and technology media.
To discover data breaches, leakages, and vulnerabilities on the Internet, I use the Shodan search engine (similarly – BinaryEdge, Zoomeye) and simple dorks. No special software or active scanning, just ‘bare hands’ and some luck. If I can find your data, then anybody in the world can do it.
In this talk, you’ll learn some fast and secure tips to securing your corporate and personal data, avoiding reputational and financial damages. We’ll focus on some mind-boggling recent data breaches and unsecured noSQL databases, to keep your data safe.
According to researches, open source software components constitute between 60% and 80% of the organization’s codebase. This is hardly surprising given how open source has been evidenced to accelerate software development, facilitating quicker than ever delivery of new and updated functionality to consumers.
That said, open source component usage also calls for special considerations that might challenge an organization’s ability to fully accommodate security goals while maintaining agility objectives, potentially introducing conflicts among development, DevOps and Security teams. The rising number of reported open source security vulnerabilities represents an unprecedented challenge for development teams, often resulting in a need to prioritize vulnerabilities rather than address all of them.
Effective prioritization is unfortunately not a trivial task, given the traditional lack of objective metrics that could help the organization determine the effective risk posed by a vulnerability to related development projects. Vulnerability effectiveness represents a novel approach to deal with open source vulnerability management, enabling organizations to leverage an objective method to prioritize vulnerability handling.
In this session, we will present how vulnerability effectiveness facilitates prioritization of open source security vulnerabilities, by reviewing challenges and practices noted by organizations, and by reviewing how analysis technology can leverage vulnerability effectiveness to address the challenges organizations are facing.
At SAP we have many business services that need to be developed, maintained, and delivered to our customers. But each customer has its own requirement and set of services he needs. You may require the services to be available on one cloud provider the other one on another provider. In addition, you may need your own private cloud others would like to manage their own public cloud. So, in order to support our customers, we must have a robust way to develop and deliver our services. In this session, I will share our experience on what tools we used and how we went about doing it:
One of the key DevSecOps principles is that security is no longer a downstream activity but is in fact everyone’s responsibility. Shifting security further left requires developers and operators upskill their security knowledge as part of their T-shaping journey. This session will explore the concept of the T-shaped professional with specific focus on why (and which) DevSecOps skills are needed by everyone in IT.
Something good is happening today with the “rise” of containers. Although this is good news, we now have new challenges managing our CI/CD pipelines. In this session, we will address them by introducing the “Bloody Jenkins” project with best practices around k8s and infrastructure as a code.
Over 13 years of full-stack software engineering experience tackling everything from devops and backend challenges to the latest frontend frameworks.
Farfetch’s mission is to be the global technology platform for luxury fashion. We sell products from over 1000 boutiques and brands from around the world, ship to customers in 190 countries with the help of 3000 employees in 13 different offices. Our platform runs on an active-active geo-distributed infrastructure consisting of thousands of servers and petabyte scale storage, spanning multiple data centres and connected over redundant SD-WAN networks. The nature of this global setup and scale brings unique challenges and opportunities. One of those challenges is how we manage this Infrastructure. We have been going through a transformation of our Infrastructure at Farfetch lately. Why? We simply grew out of our current methods, which weren’t rudimentary to begin with.
At the heart of this transformation is a system that we built that offers an interface to define all the Infrastructure requirements for each service or application in one place. This interface acts as a blueprint, which captures all the aspects of the services that interact with Infrastructure in a well-defined, source-controlled, always up-to-date framework.
For more details refer to this blog:
We will discuss and tackle the issues of security in the world of sprints, how to automate menial tasks and the important role of AppSec, focusing on:
Many companies and organizations have adopted CI/CD processes in order to help deliver applications running on Kubernetes quickly, transparently, and with automated tests. While this is a desirable goal, it gets more complex when developing a management layer on top of k8s, especially when both images and Helm charts are involved.
In developing IBM Cloud Private, we have implemented a CI/CD process that automates promotion through a series of quality gates where we 1) Ensure that all charts (43) and images (135) are in sync across three supported architectures, 2) Deploy instances of ICP clusters with different topologies, management services, and infrastructure, and 3) Run automated and manual functional and security regression tests against those clusters. Since implementation, we have been able to iterate more quickly by discovering issues earlier in the development process.
As an infrastructure team it is very hard to monitor your users’ usage especially in a big, complex, distributed and hybrid system like we have in Outbrain.
In this session I will describe how we solved this problem and present the self service dashboard that we implemented. Now each team has better understanding regarding its infrastructure usage from the number of machines through to computing power to cloud usage.
Outbrain, Director of Data Engineering – 2016-now
PetUp, Co-Founder & CTO – 2015-2016
WeFi, Director of Backend & IT – 2008-2016
Microsoft, Senior Software Developer – 2006-2008
Whale Communication, R&D Team Leader –
Cyota, R&D Team Leader – 1999-2002
Technion, BSC in Computer Sicence 1995-1999
In this talk, we will take a step by step approach to harden a vanilla installation of a regular run of the mill VM based on Ubuntu. We will start with a VM hosting a simple application – a web service, go through the steps of determining what should be hardened, and why. The threat analysis will focus us and allow us to prioritize the hardening tasks. Note – while this is not a container focused talk, we will use them and harden them somewhat along the way. Hardening containers is a topic for a different talk :-)
In this session, I will share my journey of building Docker images from scratch that started by trying to figure out the who, the what, and eventually, the how as part of a huge project for the Israeli Stock Exchange. I established the Docker Image first, adding layer by layer to get application functionality working for each service while handling the application logs on the way. I will show how I decoupled the configuration with the Developers, going with the base image online to get the dependencies first, and ended after thousands of retries and plenty of working hours to get one container running with the application working. This served as the foundation of getting things into containers.
2147483647 = Integer.MAX_VALUE. We almost reached this number of entities in our Database. and found it a few days before it overflowed. It could have been the Outbrain Y2K bug, but it wasn’t. In this talk, I will describe the problem we encountered, the actions we took, and finally the results and our conclusions.
Doing software starting from the happy days of Atari XL. After a few pivots working for large enterprises, I have joined Outbrain. As VP of Engineering, I focus on building new technologies, in high quality at scale.
This lecture is about CI tools (a short comparison of the current major tools out there) and an introduction to TCI which is a Jenkins-based CI solution coming from the experience of Tikal Knowledge DevOps experts.
Sometimes when trying to be a developer and operations engineer (the coveted DevOps) you find out that bad code is the best code.
DevOps have proven its efficiency for web application and software company. The implementation of DevOps and agile approach to large enterprise with multiple system gets harder when systems with different business data model have to communicate.
Part of the problem can be addressed by using machine learning to automate data mapping and to integrate in the DevOps business centric test across teams and vendors. We’ll demonstrate a beta version.
Baruch Sadogursky (a.k.a JBaruch) is the Head of Developer Relations and a Developer Advocate at JFrog. His passion is speaking about technology. Well, speaking in general, but doing it about technology makes him look smart, and 17 years of hi-tech experience sure helps. When he’s not on stage (or on a plane to get there), he learns about technology, people and how they work, or more precisely, don’t work together.
He is a CNCF ambassador, Developer Champion, and a professional conference speaker on DevOps, DevSecOps and Development topics, and is a regular at the industry’s most prestigious events including DockerCon, Devoxx, DevOps Days, OSCON, Qcon, JavaOne and many others. You can see some of his talks at jfrog.com/shownotes