Jump to navigation Jump to content

Speaker

Rob Bos

Rob Bos

DevOps Consultant | GitHub Trainer @ Xebia

's-Hertogenbosch, The Netherlands

Actions

Rob has a strong focus on ALM and DevOps, automating manual tasks and helping teams deliver value to the end-user faster, using DevOps techniques. This is applied on anything Rob comes across, whether it’s an application, infrastructure, serverless or training environments. Additionally, Rob focuses on the management of production environments, including dashboarding, usage statistics for product owners and stakeholders, but also as part of the feedback loop to the developers. A lot of focus goes to GitHub and GitHub Actions, improving the security of applications and DevOps pipelines.

Rob is a Trainer (Azure + GitHub), Microsoft MVP, GitHub Star and LinkedIn Learning Instructor.

Links

Awards

Area of Expertise

  • Information & Communications Technology

Topics

  • Azure
  • Azure DevOps
  • Visual Studio / .NET
  • .net core
  • Entity Framework
  • GitHub
  • GitHub Actions
  • GitHub Advanced Security

Sessions

GitHub Advanced Security boot camp – hands-on workshop

Software supply chain attacks and secrets leakages are still one of the biggest threat vectors for software companies. But supply chain security does not have to be a burden and slow down development! With GitHub Advanced Security (GHAS) you can incorporate security into your development process with a developer first mindset.

This hands-on workshop is designed for developers that want to improve their security posture by giving them practical exercises to get to know GHAS.

The workshop covers:

- Dependency graph, dependabot, and dependency review
- Secret scanning and push protection
- Code scanning and pull request integration
- Include other security tools in GHAS
- CodeQL and writing custom queries
- Rolling out GHAS in your organization

Lessons learned from enabling 1000's of GitHub Copilot users

GitHub Copilot is the worlds most widely adopted AI developer tool. After enabling thousands of users we have learned that this is not a tool you can give people a license for and expect them to be able to get the most out of it. There is a learning curve that needs to be acknowledged.

Learn from Rob the practical insights and best practices for using GitHub Copilot to your benefit, and how to share these lessons with your team(s) in an efficient way.

Hands-on workshop GitHub Code to Cloud

In this Hands-on workshop we will teach you how to use all the great features GitHub has to offer. We will start with an overview how to come from Idea to Code by using GitHub Discussions, Issues, Pages and Wiki. Next we will move the idea's to code and start using the Git features. From here we dive in to the use of Branch Protection Rules, Code Owners, Actions for CI, CD and Deployments to the Azure Cloud. We will also have a look at how GitHub can help you in your Secure Development Lifecycle with Credential scanning, Package Vulnerability Scanning and Code Scanning to expose programming mistakes that might lead to vulnerabilities in the future. After this Hands-on workshop, you know what GitHub has to offer to you and your organization to implement Secure and Compliant DevOps with ease.

Protect your code with GitHub security features

Creating modern software has a lot of moving parts. We all build on top of the shoulders of giants by leveraging closed/open source packages or containers that other people have shared. That makes securing our software a lot more complex as well!

In this session you'll learn what possible attack vectors you need to look for, how to protect yourself against them and how to leverage GitHub's features to make your life easier!

Topics:
- Signed Commits
- Dependabot updates
- Dependency scanning for known vulnerabilities
- Secret scanning (and revoking) out of the box
- Using CodeQL

How to use GitHub Actions with security in mind

When working in the real world with continuous integration / continuous deployment, you have to take care of your pipelines and the things they have access to.

- Who can push code into to an environment?
- Who could read and change the connection strings to the database?
- Who can create new resources in your cloud environment?
- Do you trust your third party extensions?
- What part of the network does your pipeline have access to?

I'll go over each of these aspects of your GitHub Actions Workflows and show you what to look for and how to improve your security stance without locking every DevOps engineer out.

Target audience: DevOps engineers on GitHub

Protect yourself against supply chain attacks

As an industry, we are using third party packages and building components for lots of things. In this supply chain, there are lots of places for vulnerabilities. They can then be used to attack your DevOps pipelines!

In this session, I will go over some common attack examples and show you a way to prevent them from happening. There are frameworks available in the industry that guide you through the process of becoming more mature in protecting not only your source code and application but also the packages you use and the pipelines you build them with. I'll demo some of GitHub's features that help preventing these types of attacks

Given at NDC Security in Oslo - April 2022

GitHub Actions: beyond CI/CD

With GitHub Actions you can do so much more then just CI/CD! I’ve validated the links on my blogposts, automated my issue management and provided easy configuration of my trainings that sets up entire environments for the attendees!

Join this session for more examples how you can use GitHub Actions to make your life easier!

Brand new session!

Collaborating effectively using GitHub

A lot of teams work on GitHub and use only a small part of the available features. In this session, Rob will show you how to use GitHub to handle team processes like on-boarding a new team member (while skipping the boring text documents or wiki pages), setting up daily scrums, and even sending out updates of team accomplishments at the end of your sprint. We'll explain how to set up an effective team environment using GitHub, with demos from open source repositories that'll help you get started right away!

Session from GitHub Universe 2023, lots of positive feedback on it, where people really learned new things.

Transitioning to DevSecOps: A Pathway for Engineers

Explore the world of DevSecOps in this session designed for engineers. We’ll discuss the basics of DevSecOps, delve into Application Security (AppSec), and explore the importance of supply chain and pipeline security. Gain practical knowledge and insights into transitioning from a focus on engineering to include DevSecOps practices and elevate the overall security of your application.

Events

Azure AI Summer Jam Sessionize Event

August 2024 Hilversum, The Netherlands

Techorama 2024 Belgium Sessionize Event

May 2024 Antwerpen, Belgium

Techorama Netherlands 2023 Sessionize Event

October 2023 Utrecht, The Netherlands

Developer Week '23 Sessionize Event

June 2023 Nürnberg, Germany

VS Live! Nashville 2023

3 sessions:

W19 GitHub Actions: Beyond CI/CD
W23 Protect Yourself against Supply Chain Attacks
TH05 Protect your Code with GitHub Security Features

May 2023 Nashville, Tennessee, United States

GOTO; Aarhus

2 sessions planned and a workshop on secure coding with GitHub and Azure

March 2023

DevTalks Romania

As an industry, we are using third party packages and building components for lots of things. In this supply chain, there are lots of places for vulnerabilities. They can then be used to attack your DevOps pipelines! In this session, I will go over some common attack examples and show you a way to prevent them from happening. There are frameworks available in the industry that guide you through the process of becoming more mature in protecting not only your source code and application but also the packages you use and the pipelines you build them with.

June 2022

Code Europe

One conference, one country, three different cities in one week!

I spoke on "Protect your code with GitHub's security features".
More info here: https://devopsjournal.io/blog/2022/05/30/Code-Europe

May 2022 Gdańsk, Poland

Techorama 2022 BE Sessionize Event

May 2022 Antwerpen, Belgium

NDC Security 2022 Sessionize Event

April 2022 Oslo, Norway

DDD 2021 Sessionize Event

November 2021 Reading, United Kingdom

VisugXL 2021 Sessionize Event

November 2021 Brussels, Belgium

GitHub Universe 2021

How to use GitHub Actions with security in mind

October 2021

Techorama 2021 Spring Edition Sessionize Event

May 2021 Antwerpen, Belgium

NDC London 2021 Sessionize Event

January 2021 London, United Kingdom

DevOps Pro Europe 2020

Workshop: Building an End-to-End CI/CD Pipeline in Azure DevOps (Full day)
Session: How to Run a Global, Cloud Scale Event for 10.000 People

March 2020 Vilnius, Lithuania

DevOps Fest 2020

Session: How to run a global, cloud scale event for 10.000 people

March 2020 Kyiv, Ukraine

Evolve Conference 2019 Sessionize Event

October 2019 Birmingham, United Kingdom

DevNetNoord - Meetup (130 attendees)

This year was the third edition of the Global DevOps Bootcamp. 92 venues, 35 countries and 1200 teams participated in this global hackathon. Since Global DevOps Bootcamp is an event out of the box, we, as global organizer, provisioned all infrastructure on both Azure and Azure DevOps, so participants could get a kickstart and focus on the real value.

Behind the scenes this means a lot of things. 1200 WebApps, 4 AKS clusters, load balanced websites for the challenges, 1500 AAD users and a Global Scoreboard. On Azure DevOps teams had their own Team Project, prepopulated with Repos, pipelines and service connections.

In this talk I will walk through all the the architecture, design choices and automation we created to run this Global Event.

September 2019 Groningen, The Netherlands

Rob Bos

DevOps Consultant | GitHub Trainer @ Xebia

's-Hertogenbosch, The Netherlands

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top