Daniel Drack
Senior DevOps Engineer @ FullStackS GmbH | Community & Cloud Native Days Organizer
Graz, Austria
Actions
Daniel started his IT career as an administrator for ETL and BI tools. He then worked some time in a data warehousing team before diving into all topics devops and cloud native. In his current role he is a DevOps and cloud-native consultant with FullStackS GmbH. Daniel holds a BSc in Industrial Engineering, a MA in Innovation Management and an MBA. He's a lifelong learner and teacher, lecturing at two Austrian universities of applied science.
Daniel lives in Graz with his girlfriend and his tomcat Manfred 🐈.
🌐 drackthor.me
📧 daniel@drackthor.me
Area of Expertise
Topics
cloud-native software supply chain security: the hard truth
Everybody is talking about SBOM, attestation, MFA, signatures and other security measures - but who is actually implementing them?
This session mixes things up with a hybrid approach, based on the insights from a master's thesis that looks into how people are adopting security measures in software supply chains. We'll take a journey through the bits and pieces of cloud-native software supply chains, spotlighting the security steps for each part. Expect a friendly chat about what's currently working best, the bumps we might hit along the way, and some cool tools that can help. Plus, we've got some fresh data on how these practices are catching on (or not) in the real world, straight from our survey. This talk is your ticket to understanding the now of supply chain security and seeing how much of it is actually being put to use.
Are you compliant?
This talk will describe the essential concepts of compliance frameworks and policies, specifically in the context of cloud-native infrastructure. Attendees will gain a comprehensive understanding of what compliance means, the role of various frameworks, and the importance of well-defined policies in maintaining regulatory and operational standards. The session will cover the fundamentals of compliance frameworks, provide examples of widely adopted standards, and delve into the technical controls that underpin these frameworks. Additionally, the presentation will include a live demonstration on how to evaluate compliance within cloud-native environments and highlight common challenges that organizations face in achieving and maintaining compliance.
A Brief History of Cloud-Native
This talk traces the history of virtualization and cloud-native technologies from their roots in early mainframe computing to today’s highly distributed, containerized systems. We’ll examine key technological milestones—like the rise of hypervisors, the emergence of containers, and the standardization brought by Kubernetes—and how each shifted both software architecture and business strategy.
Alongside the tech, we’ll explore changes in methodology: from ITIL and data center ops to DevOps and GitOps. We’ll connect these shifts to broader economic and industry trends, showing how infrastructure decisions have shaped the growth of cloud-first companies and platforms.
Anchored in technical insight, the talk also weaves in references from the times—like how AWS launched the same year YouTube sold to Google, or how the container revolution paralleled the rise of mobile apps and CI/CD pipelines.
If you're curious about how we got from bare metal to the cloud-native landscape we navigate today, this is your roadmap.
4 years of building k8s platforms: lessons learned
Me and my team have been building cloud native platforms for over four years now. In this talk, I'll share key insights and lessons learned from building things at dozens of customers. Drawing from both technical and non-technical experiences, I’ll dive into the challenges and successes encountered along the way. From architectural decisions and tooling choices to collaboration dynamics and organizational hurdles, this session will offer valuable (and fun) anecdotes and practical takeaways for anyone navigating the cloud-native journey. This is no hardcore tech talk, but rather an assembly of funny yet informative anecdotes from the life of a consultant.
The Essentials of Cloud Native Software Security
In this session I will give the audience an overview of state of the art software security tools and methods, focused on cloud native software. We will cover the following topics in roughly this order:
- software composition analysis (SCA)
- static application security testing (SAST)
- Container Scanning
- integrating the above into CI/CD
- container runtime security
- Iac and cloud security
I will structure the whole talk like a journey from code to running application. Each concept mentioned above will be described briefly and a small real-world example will be provided. Also I will provide a collection of tools/projects for each topic to ensure it's not a marketing session. This approach should give the audience an overview of security best practices and tools in the sector.
Security as Code: From Rules to Reality
In this talk, we will share how we build "Security as Code" using tools and policy engines like OPA, cnspec, and k8s admission controllers.
We explain and demo how to discuss, develop, implement and practice key cloud-native security pieces for true defense in depth.
Beginning by clarifying what policies and best practices actually are, and where to source them.
From there, we’ll explore how to translate high-level security requirements into concrete technical policies, including how to implement, enforce, and maintain them effectively.
This will include all levels of the stack - from infrastructure (Terraform), to platform (Kubernetes), and to application (testing/SCA/scanning).
Finally, we’ll briefly discuss the practical challenges of establishing these practices in real-world environments and sustaining them during day-to-day operations.
Linux (Pseudo)Filesystems: The Hidden Backbone of Cloud Native
Ever wondered what’s really going on under the hood of your containers or nodes?
Linux (pseudo)filesystems like procfs (/proc), sysfs (/sys), cgroupfs etc. quietly power the entire cloud-native world.
In this talk, we’ll explore what these filesystems actually do.. how overlayfs enables container layers,
how tmpfs keeps things fast, and why securityfs and efivarfs matter.
I'll give a brief intro in filesystems overall, then provide some deep dive info for selected pseudo-FS, their purpose and show how they make modern cloud systems tick.
How to Sentinel in the real world
Everybody claims to love well designed and executed Policies, until one actually needs to build them from scratch.
This talk will deliver some insights on what Hashicorp Sentinel is and what it's capable of.
I will demonstrate in a nutshell how we at FullStackS use this tool to build customer tailored policies for different systems and environments. Policies are one essential building block for a clean infrastructure and smooth self-service processes.
I will guide you through the theory and give a real world example on how to create policies efficiently with other teams or customers.
DevOps done right: RBAC
Daniel will provide insights and practical approaches to role-based access control.. as lighthearted and entertaining as such topic can be.
In today’s fast-paced IT environments, ensuring the right people have the right access to the right resources is critical. Role-Based Access Control (RBAC) is a powerful tool that helps streamline access management, reduce security risks, and maintain compliance. But how do you implement RBAC effectively across different stages and systems in your environment?
Join me for an informative and fun session where we’ll demystify RBAC and provide you with a clear understanding of its core principles. We’ll cover essential terminology, explore the key concepts, and discuss how to apply RBAC consistently across various stages of your environment. Additionally, you’ll learn about best practices to ensure your RBAC implementation is robust, scalable, and adaptable to your organization’s needs.
WeAreDevelopers World Congress 2026 - Europe Sessionize Event Upcoming
Container Days London Sessionize Event
Cloud Native Days Austria Sessionize Event
Swiss Cloud Native Day 2025 Sessionize Event
WeAreDevelopers World Congress 2025 Sessionize Event
NAVIGATE 2025 Sessionize Event
DecompileD 2025 Sessionize Event
DeveloperWeek Global 2024 Sessionize Event
HashiTalks: Secure Sessionize Event
WeAreDevelopers World Congress 2023 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top