Developers are trained to communicate to things with a goal in mind. When you're talking to something like, say a computer, you type in your code and it responds by giving you back what you want. Nine times out of ten, it works perfectly. Why, then, is it so difficult to do this same thing when talking to a client about a project, updating a superior on your progress, or pitching an investor your million-dollar idea? Because talking to people requires a special set of skills - namely, empathy and a little bit of storytelling. In an industry filled with brilliant minds, great ideas and mass disruption, so few of the best and brightest know how to tell their compelling story. The takeaways from this workshop will be learning how to value the listener and use vulnerability to improve your social connection.

It's 2:30 AM and you hear your phone buzz. You reach over and see an alert from PagerDuty. That new service your team has been working on for a few weeks has crashed and you don't know the first thing about debugging Clojure apps. After crawling out of bed and logging into your company's VPN you discover your co-workers have left you absolutely no documentation on what to do when "bad things happen". You sit there wondering if you'll be getting back to bed tonight.

Sound familiar? It doesn't have to be this way. On-call doesn't have to be a pit of lost productivity and stress. On-call can actually be a very rewarding experience that improves application stability, increases uptime, and avoids those dreaded 2:30 AM PagerDuty notifications. Let's start thinking about on-call for Humans.

Full title: Confessions of a social engineer: Why developers are my favorite target

Social engineers use a dangerous combination of technology and old fashioned con artistry to infiltrate organizations every day. In this talk we'll walk through the social engineering process including research, target selection, attack selection, and attack execution. Learn to see the world through the eyes of a social engineer and prevent yourself from being a victim.

In this talk, Sam will discuss some common and some not-so-common tools for debugging code, systems, and anything in between. He will take strace, valgrind, gdb to the next level.

All organizations face challenges in changing their culture and adopting DevOps philosophies. This is especially true in many federal government agencies. Through well-intentioned policies and procedures many agencies have created extremely silo’d environments where change is slow and difficult. Finishing the last leg of large scale software development project acquisitions can be particularly challenging and expensive. Barriers often impede getting hardware and software systems system fully tested, transitioned, and up and running in production on schedule.

Through our experience as a passionately DevOps focused software development group within Carnegie University's Software Engineering Institute, a federally funded research and development center, creating, delivering and transitioning cutting edge software solutions to government organizations, we have struggled with and overcame challenges in helping government to adopt DevOps principles. Learn how we have conquered these challenges in shifting our government stakeholders' thinking by coaching and initiating DevOps in their operational and development environments.

Several attendees give spontaneous talks...having never seen the slides and the slides have almost nothing to do with each other. A hilarious exercise in non-sequitur and impromptu absurdity. We all need a little ridiculousity in our lives!

• Jason Hand (VictorOps) - ChatOps
• Leon Frayer - What is devops NOT?
• Lewis (Delphic) - Data as a service
• Chris Corriere

How to take an app from your laptop to production utilizing the future of container orchestration. It’s difficult to say with confidence that your app will work in production without testing it, many people today have very complex scripts which out outline deployment, testing and validation, and often rely on late night pager calls and very brittle rollback scenarios. Additionally, developers struggle with developing software on different platforms and SDK versions that are hard to make consistent which results in different builds and exceptions which are hard to resolve. We can finally stop saying, 'it works on my machine' phrase since it will work the same on every machine. Other processes in the past have attempted to solve the problem but are brittle and take time to build out environments.

This talk will outline the process of how to deploy an app locally in docker-compose, then scale it out to multiple servers running Kubernetes. From there, the audience will see how to scale the app to achieve performance, manage failures, debug, and understand best practices.

Containers are a great way to package, build, run and deploy apps and Docker has make that practice very simple, however, it’s only really works well on a single host. With the learnings from Google, Kubernetes is the open source container orchestration offering which builds on Google's current infrastructure learnings that we all can use in an Open Source model.

There are many stakeholders involved when you are creating or assembling a security toolchain. How do you satisfy the different, and sometimes conflicting, needs of these stakeholders in a responsive way?

We can use some of the concepts developed in the user experience domain to create better security tooling. User personas allow us to map out different roles that must interact with security to get their work done. These personas are living and provide a fast feedback loop when paired with user interviews. Giving direction while allowing freedom is a key tenet to integrating security into different parts of your organization.

Operating Systems. Where did they come from? Did your customer ask for one? Why do you bother with them at all?

Operating systems have traditionally played an enormous part in software development and operations. Most of us would find it difficult to imagine computing without one. They are certainly a source of religious contention.

Operating systems represent a maintenance and security burden; they have long been viewed by many as a necessary evil. They often bring more bulk and complexity than the systems we are producing; particularly in the case of microservices. They complicate security, greatly increasing the attack surface, and they require a significant expense and effort to maintain. But generally, operating systems are assumed to be required and we seldom consider a service environment without them. How well do you really even know what you're deploying when an OS is involved?

Operating systems introduce variation into a development workflow that can be difficult to manage. On a dev team, each individual's computing environment tends to stray apart. This divergence is a primary cause of Works-on-my-box syndrome. Things such as VM, libraries and general configuration are a source of drift.

Unless your product is, itself, an operating system, your customer is not generally concerned about your OS. A great deal of effort and expense goes to the operating system, without any direct ROI.

We will take a look at the ways emerging technologies will help you to reduce the liability of operating systems. We will consider how the minimization, or even elimination, of the operating system impacts development workflow; for better or worse. What would a CD pipeline look like? In particular, we would like to consider ways in which containers and unikernels or anykernels complement and can be used in combination.

Is your performance monitoring using real-time analytics in a way that will produce results or noise and frustration? Real-time analytics can improve the value of performance monitoring by enabling operations teams to pinpoint problems faster and proactively manage applications, but it’s notoriously difficult to harness its value. In this presentation, we will show you how to avoid the pitfalls of partial analytics implementation, and explain the value of a comprehensive monitoring analytics platform.

Government agencies are often hesitant to use open source tools out of concerns of security and compliance issues. This hesitancy to use open source deprives many government agencies from closely collaborating with others to create software that is finely tuned and widely available to scratch its own itch. The five-year old OpenSCAP community is helping to change that and re-imagining the US Governments role in open source through its NIST-Certified SCAP 1.2 scanning software and growing body of open source licensed SCAP content. By the OpenSCAP suite scanning and configuration management tools, government agencies looking to become high velocity organizations can automate the cumbersome process certifying a server has been properly hardened for production and begin to develop community resources for hardening of other popular open source tools. The OpenSCAP community is actively developing suite of software tools to make continuous monitoring in agile environments easier, especially for developers, who often do not realize they could be scanning their systems more collaboratively with Ops. OpenSCAP is not merely a secure piece of open source software, it is software that helps demonstrate security and compliance. The SCAP-Security-Guide Project is the only source of official configuration management SCAP and hardening content for Linux that is licensed open source and also directly reviewed by official government agencies. Initially started (and still significantly funded) by Red Hat, the OpenSCAP project has recently moved it's repository from the the Fedora Project to GitHub and has seen an increase in the pace of development.