Raz Cohen
Head of Platform @ Permit.io
Tel Aviv, Israel
Actions
I'm Raz Cohen, Head of Platform at Permit.io.
I've carved a niche for myself in the world of Developer Tools, With over seven years diving deep into Kubernetes, cloud-native solutions, open-source projects, Python and Golang.
I've had the privilege of sharing my insights through tech-talks worldwide in stages like - KubeCon Paris 2024, Cloud Native London, OpenSecurity Summit, DevBcn 2023, DevelopersWeek Europe 2023, Hacksquad and more.
My professional journey kicked off in the prestigious 8200 Intelligence corps, setting the stage for my roles at industry leaders like Logz.io and Doubleverify and now at Permit.io.
Outside the tech sphere, I'm an enthusiastic wave surfer and traveler, always eager to explore new cultures and savor unique cuisines.
My curiosity knows no bounds, and I dream of one day blending my love for technology and food by opening my own restaurant - after revolutionize the tech world.
I'm all about innovation, passion, and excellence.
Area of Expertise
Topics
Unlocking Scalable Access Control with Google Zanzibar
In this session, we'll explore the power of Google Zanzibar, a globally distributed authorization system that handles permissions for Google products like Drive and YouTube. Learn how Zanzibar's relationship-based access control (ReBAC) enables flexible, scalable, and queryable access control, allowing applications to manage complex permissions models with low latency and high availability. Discover how its centralized, graph-based approach decouples authorization from application logic, offering a robust foundation for modern, distributed systems.
Policy as Code: A Game-changer for Stack Security
I am excited to propose a talk for Opensource Day on the topic of "Policy as Code: A Game-changer for Stack Security."
I will begin the talk with discussing the role of Policy-as-Code in enhancing the security of modern application stacks, and how it can be used to enforce compliance, automate security processes, and improve overall security posture.
Policy-as-Code is a powerful approach to defining and enforcing security policies and practices in an automated and consistent way. By using code to define and enforce policies, organizations can ensure that their security practices are consistently applied and maintained over time. This can help to prevent errors and mistakes that can compromise security, and can make it easier to detect and respond to potential security threats.
In this talk, I will provide an overview of Policy-as-Code and how it can be used to improve stack security, starting from the bottom of your stack - the Infrastructure layer and climbing up to the top with policy as code as part of the Application layer.
Furthermore, I will also discuss best practices for implementing policy as code, including using Open-source tools such Datree, OPA and OPAL, the best practices of using policy as code in your Kubernetes clusters, and the emergence of GitOps as the modern way of implementing “Everything-as-Code” in 2023.
Considering the evolving trends in DevOps, this topic is highly relevant, and I am confident that my experience and expertise in stack security will give the DevOpsDays Birmingham attendees crucial knowledge and useful best-practices for securing their stack.
Thank you for considering this proposal.
Sincerely,
Raz Cohen, DevOps Team Lead @ Permit.io
Git (o)ops ? Securing your pipeline with Policy as Code and Java
Moving fast and breaking things are at the core of modern software culture. This idea sounds great on paper, however it conflicts with ever-growing compliance and security demands. How could we move fast and maintain a strong foundation of security in our organization?
Git Ops has emerged as the winning framework for fast iteration. We will discuss how we can integrate security tools into our Git Ops pipelines and confidently deploy code and infrastructure changes to production hundreds of times per day.
The following topics will be discussed:
- Securing Terraform from human mistakes using policy agents and static code analysis tools
- Protecting our Kubernetes clusters from misconfiguration using admission controllers
- Building application authorization with policy-as-code
- We will demonstrate these topics using open source tools such: OPA, datree, checkov, OPAL, Zanzibar
Navigating the AI Wave in DevOps
In this talk we'll cut through the buzz to reveal the real game-changers of AI in the Devops wold: AI's role in supercharging observability for unparalleled insights, revolutionizing CI/CD pipelines for speed and precision, pioneering self-healing infrastructure for unmatched reliability, and reshaping code development for peak innovation. This session promises a brisk, engaging look at how AI isn't just changing the game in DevOps—it's creating a whole new playing field. Perfect for those ready to leap into the future of tech.
Maintainer Track + ContribFest: KubeCon + CloudNativeCon Europe 2024 Sessionize Event
WeAreDevelopers Live 2024 (Season 7) Sessionize Event
DevBcn 2023 Sessionize Event
DeveloperWeek Europe 2023 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top