Brian Demers

Brian Demers

Okta Developer Advocate

Brian Demers is a Developer Advocate at Okta and a PMC member for the Apache Shiro project. He spends much of his day contributing to OSS projects in the form of writing code, tutorials, blogs, and answering questions. Along with typical software development, Brian also has a passion for fast builds and automation.

Away from the keyboard, Brian is a beekeeper and can likely be found playing board games. You can find him on Twitter at

Current sessions

Simple Java Security with Apache Shiro

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.

This talk will provide a basic overview of how to secure an application using Apache Shiro and discuss the more common touch points such as: configuration, protecting paths/routes in web applications, using permissions vs roles, and integrating with a custom authentication source.

Testing is Confidence - A Developer's Perspective

We all know testing is important, but many of us still struggle with the difference between unit tests and integration tests and build cycles that take too long.

This talk will discuss, why we write tests, the different types of tests, and some best practices. Everything discussed will be language agnostic and discuss some common problems and solutions I’ve seen different shops, big and small.

The audience should walk away with a new appreciation for fast and clean builds.

Generate code that doesn't suck

We all hate generated code, but sometimes the need for it outweighs the pains. This talk takes a look at how you can generate code using a Swagger/OpenAPI spec that looks like something you would want to use. I’ll discuss some of the common pitfalls of why we hate generated code and how to avoid those issues.

How to report a vulnerability: Responsible Disclosure for Developers

Ever seen a security-related issue that you felt should be reported? Unsure of how reporting security issue is different than a regular bug? Developers of any level should know how to report a vulnerability. In this talk, we will talk about what CVEs are, some general vulnerability classifications, look at a few common ways you can report security issues, as well as look at a few common mistakes. This talk is geared toward non-security professionals.

Apache Maven 102: Best Practices

Know enough about Maven to get by, but not enough to thrive? Then this talk is for you. We will review the basics and then dive into the best practices for both Maven single and multi-module projects. You will also walk away with enough knowledge to troubleshoot your builds.

Apache Maven is still the defacto build tool in the Java world.