Jamie Coleman's Speaker Profile @ Sessionize

Why Building Your Ship (Application) with Raw Materials is a Bad Idea!

With new legislation surrounding SBOMs surfacing, we are having to comply with regulations such as certifying that the open source parts of our applications are not full of vulnerabilities and following good programming practices. But what happens if we cannot verify the source of this code? Can we simply put it down as raw materials to bypass said certification?
In this session, I will talk about what companies are doing to circumnavigate these tricky waters and what types of applications are simply not able to use open source code. Then I will go over some best practices to make sure your applications are secure, robust and compliant to be delivered to your customers, with a great set of materials to keep your ship always floating.

To the Left, to the Left: All your Security Shifted to the Left

Secure software development is one of the highest demanded skills in 2023. Secure CI/CD pipelines. Writing secure code. Securing supply chains. Being aware of the myriad vulnerabilities within our codebase is becoming more and more important for developers to understand in our “shift-left” world. The OWASP Top 10 vulnerabilities haven’t changed in a long time, because none of us seem to get it right. In this workshop we will take a journey through the entire SDLC with a critical eye on security.
We’ll look at how to implement secure coding practices, and then move on to discuss the ins and outs of modern continuous integration. After we lock down our CI pipelines, we’ll look at how to find vulnerabilities in our dependencies. Armed with that information we’ll learn how to properly triage threats, exploits, vulnerabilities that affect our software, and how to streamline code improvements. Before we’re done, we’ll investigate modern processes for continuous deployment, including secure infrastructure as code development and how to lock down our CD pipelines.
This workshop will get hands-on with a simple, streamlined approach to deploying code to the cloud while diving deep into essential concepts related to software security.

Using Static Analysis Tools to Become a Superhero Programmer

There is always that one person who never really has any issues with their code. They follow the latest coding practices and introduce minimal bugs and vulnerabilities, all while drinking vast amounts of caffeine. Maybe it’s just all the caffeine, but why does that not work for me? We all want to be the superhero on our team who finishes a feature quickly, has it tested in our DevOps pipeline with no or minimal issues, and then puts it straight into production to make the world a better place.
This is where static analysis tools come in to save the day and give us simple mortals superpowers. In this session, I will talk about what static analysis tools are, how they came to be a thing, what superpowers they can provide developers, and how they can help make the world a more secure, maintainable and efficient place. I will also demonstrate one of these tools to show you the power and potential they hold. If you want to become the superhero of your team, this session is for you!

The Ultimate 4hr Java Workshop: Secure, High-Performance Deployment to Kubernetes and Serverless

This intensive workshop is tailored for developers and IT professionals who aim to excel in deploying Java applications in cloud environments, focusing on security and performance. Participants will engage in a comprehensive, hands-on exploration of Java application creation and deployment, emphasising secure, efficient practices using Google Cloud as the primary platform.

The secret life of Maven Central

It’s just there. Just like the stars, just like electricity, just like Java. In the Java world Maven, central is the most important single service. You can get Java SDKs and even container images from various vendors, but Java code comes from only one place: Maven central.

Recently though we’ve seen questions raised about the Java code that is hosted there. Other repositories have been experiencing unprecedented attempts to upload malware and even in the Java world, there are significant vulnerabilities that some have called to be removed.

This talk is intended to give you the background into the history of Maven central, explain why Sonatype, who are the stewards of Maven Central, provide such a critical service and what our philosophy is for dealing with problematic content. We’ll also explore how the service works under the covers, the APIs you might not be aware of and what’s coming up next.

Maven Central is not going away - but it might just get more exciting!

The Small Retailers Revolution: Redefining E-Commerce with Open-source Platforms

In the competitive world of online retail, selecting the right e-commerce technologies is crucial for success. Let’s explore the diverse landscape of open-source e-commerce platforms, highlighting the key features and benefits of popular options such as Adobe Commerce and WooComerce. We’ll discuss the importance of aligning platform capabilities with business needs, including scalability, customization, ease of use, and integration with other systems.
You will gain insights into the decision-making process for choosing e-commerce platforms, considering factors such as budget, technical expertise, and long-term business goals. We’ll also cover emerging trends in e-commerce technology, from different open-source solutions, headless commerce and AI-driven personalization, and how these are shaping the future of online retail.
Join us to learn how to navigate the digital marketplace and select the e-commerce platform that best supports your business objectives.

The History of Hacking Through the Ages

The term hacking has been around in some form or another since 1200 BC. Its meaning in the Oxford dictionary is to “cut with rough or heavy blows” or more recently to “gain unauthorized access to data in a system or computer”. In Roman times stealing information, finding out where people live, and various forms of sabotage was happening without a computer. We also know of phreaking telephone lines from the 1950s, and our current myriad exploits in our modern age.

This talk will take you through the history of hacking from the times of ancient empires to the cyber security age. We will talk about some of the biggest hacks to have ever occurred, (remember et tu brute force, anyone?) how they happened and what could have been done to prevent them.

By the end of this talk you should be able to easily identify different types of hacking and make better judgments on your systems security posture to make sure you are not a target of the next big cyber attack.

The Earths Coolest Data Centers

The world is using technology more than ever before. This means running billions of applications on computers somewhere on the planet but as someone who is concerned for the environment what does that mean? If I pick microservice architecture over monolithic on the cloud, does that save electricity? All cloud hosting companies have their own data centres but if you take cost out of the equation what cloud provider is doing the most to save energy and therefore the planet? This talk will give you a brief look into how these data centres work and the impact they have on the environment.

The Fellowship of Data: The Importance of Data Accuracy

In the epic saga of the fellowship, inaccurate data casts a dark shadow over the digital realm. Imagine, for example, if the Fellowship of the Ring had access to reliable location data to navigate their journey – how much simpler would everything have been?

Join us as we delve into why maintaining precise, reliable data is so important for companies who depend on accurate data to manage inventory, pricing and customer information. We’ll explore the consequences of data inaccuracies, and how they can lead to lost sales and damaged reputations. We’ll discuss best practices for data management, and how emerging technologies such as AI parsing can help enhance data precision.
Take a stand against the dark lord of bad data, and join the Fellowship!

The Death Star and the ultimate vulnerability

The Death Star from Star Wars was an impressive though fictional feat of engineering, but it had a fatal flaw that was exploited by the rebels. Similarly, modern applications are at risk due to the many open-source dependencies used worldwide that can contain vulnerabilities. Some are just mistakes, and others, like that iconic exhaust port, were deliberately created.

Managing these components and ensuring their security is crucial to prevent successful attacks. This session will take you to a galaxy far far away, to look at what went wrong in the Empire's supply chain to cause such a vulnerability to be introduced. By understanding the risks and using the right tools, we can avoid a catastrophe like the Death Star’s destruction and put a stop to any rebel scum.

The Earths Coolest Data Centers

The world is using technology more than ever before. This means running billions of applications on computers somewhere on the planet but as someone who is concerned for the environment what does that mean? If I pick microservice architecture over monolithic on the cloud, does that save electricity? All cloud hosting companies have their own data centres but if you take cost out of the equation what cloud provider is doing the most to save energy and therefore the planet? This talk will give you a brief look into how these data centres work and the impact they have on the environment.

The Death Star and the ultimate vulnerability

The Death Star from Star Wars was an impressive though fictional feat of engineering, but it had a fatal flaw that was exploited by the rebels. Similarly, modern applications are at risk due to the many open-source dependencies used worldwide that can contain vulnerabilities. Some are just mistakes, and others, like that iconic exhaust port, were deliberately created.

Managing these components and ensuring their security is crucial to prevent successful attacks. This session will take you to a galaxy far far away, to look at what went wrong in the Empire's supply chain to cause such a vulnerability to be introduced. By understanding the risks and using the right tools, we can avoid a catastrophe like the Death Star’s destruction and put a stop to any rebel scum.

Sustainable Coding: Tools & Practices for the Environmentally Friendly Developer

In the face of growing environmental concerns, the tech industry is increasingly recognizing the importance of sustainable practices. With carbon emissions growing at a substantial rate, and with the introduction of power-hungry AI, we need to utilise every avenue possible to reduce our industry emissions. Imagine the impact if every developer reduced the energy consumption of our applications by just a few percent!

In this talk we will start by diving into the impact our industry is having on the planet. Then we will talk about what we can do as engineers to reduce our carbon emissions, discussing green coding practices that optimize software performance while reducing energy consumption. We will also cover some of the tech tools that different industries can use to reduce their carbon emissions - and consequently costs.

By the end of this talk, you will be equipped with practical knowledge and actionable strategies to make your coding practices more eco-friendly. Armed with knowledge of the different tools available to help this mission, you can help pave the way for a more sustainable tech industry.

Supply chain security 101

In an ideal world, we would never need security as everyone is good and wouldn’t try to harm other people or in our case our precious deployments. Sadly we do not live in an ideal world and bad people will always try and take advantage of others.
Security therefore is a necessity but is still avoided by many engineers due to its perceived complexity and the effort required to implement good security. When I worked as a runtime engineer, I can shamefully say I also tried to avoid security unless necessary. Nowadays I know that to not be true. Sure, 10-15 years back, managing security was much more difficult but with the rise of automation this is much less of an issue. Most security issues are related to simple things that can be avoided with minimal effort.
This talk aims to shift the perception that good security is difficult to implement. I will talk about simple steps that you can take from development all the way to deployment that will help reduce the risk of your organisation being attacked and showcase some technologies that enable you to automate and mitigate security risks so you can be more efficient while reducing the risks that bad people take advantage of.

Revolutionizing Java Development: AI, Cybersecurity, and the Modern Software Supply Chain

Java remains a cornerstone of enterprise applications, and with AI's ascent, there's a golden opportunity to elevate your Java projects. Dive into strategies for integrating AI into your Java applications, considering both cloud-based solutions and local model training. As we delve into Java-specific tools and frameworks, we'll also address the pressing cybersecurity challenges in the AI realm, ensuring your software supply chain remains robust and secure. Through code snippets and practical insights, grasp the nuances of AI integration, while navigating the legislative and security landscapes. By session's end, you'll be equipped with a comprehensive roadmap for AI-driven Java development, balancing innovation with security and compliance. Join us to lead in the next phase of Java's evolution, where AI meets cybersecurity in the modern software supply chain.

Open Source Licence to Kill

Open source licences are crucial in software development, enabling collaboration and innovation. However, not all licences offer the same freedoms and protections. Similar to James Bond’s licence to kill, some licences provide significant flexibility, while others may unexpectedly restrict your freedoms.
This talk addresses the issue of licences changing without consumer awareness, which can potentially put your business at risk by granting library owners the power to affect your operations adversely. Unknowingly downloading a new version with a different licence and using it in a way that violates the new terms could lead to consequences and legal action.
This talk aims to simplify the complex landscape of open-source licences, providing an understanding of critical licences and highlighting the need for caution. Additionally, we will explore automated solutions that streamline licence management, freeing you to focus on your code and project objectives. Proactively addressing licence changes can shield your organisation, mitigate risks, and ensure compliance. Join this session to gain valuable insights, practical strategies, and tools for effectively navigating open-source licences, allowing you to concentrate on your coding passion while leaving licence worries behind.

Replicating production on your laptop using the magic of containers

Containers are an amazing technology that is revolutionising how we do computing in the modern age. 5 years ago, people were starting to use Docker and realising the potential that container technology could offer. Now every major cloud provider offers a container service with the addition of container orchestrator like Kubernetes that millions of developers around the world are starting to use. Now many of our applications are running in containers why not use that magical portable configuration that containers offer to replicate our production environments locally on our laptops… enter MicroShed and the Testcontainers frameworks. Testcontainers run and test with true-to-production environments in development with minimal re-writing of your test code giving you more time as a developer to write your application. This talk will give you a great overview of the technology and will demo how simple it is to create and run a MicroShed test in Maven.

Navigating the Wild West of Building and Deploying Containers

Containers are here to stay but knowing what tools and approaches to take can get rather confusing. There is so much choice for developers within the thriving open-source community that this landscape of tools can often be a little overwhelming and gaining an understanding of the pros and cons of each technology can be a real challenge. Even the different cloud providers have their own methods of building and deploying containers making decisions even more difficult. But we're here to help you navigate this wild west. We'll guide you through the wilderness of these tools, approaches, and technologies to help you make the right decision for your projects needs.

Magic of Automation and Everyday Chores

What if you had a magic wand that could help you do your everyday chores? With the rise of magical AI systems like ChatGPT is this becoming a reality? Other than creating some basic code, writing tv scripts and generally scaring society a little, what else could this magic be used for?

Developers all have similar repetitive responsibilities that realistically after a few times seem like plain sense. That could be something like creating the bare bones of an application, checking PR’s for best coding practices, finding bugs in your code, or checking your dependencies to make sure they are not vulnerable. The potential of AI systems in everyday developer life is huge!

In this session, we will talk about the current state of AI, how it is changing our lives and what tools that leverage this magic are available today that can make us more productive. Mastering the dark arts of automation and knowing what AI is capable of can allow us as developers to spend more time doing other things while making our applications more secure, performant, durable, and maintainable. While this magic is not going to replace us any time soon, it sure can make our lives much easier!

How We Became Addicted to Open Source

More than 80% of the code used in modern applications today is likely from open-source libraries. When did this happen and how did it become the norm? There are many benefits to using open source code, but what are the problems with this approach, and what can we do as developers to mitigate them?
In this session, I will talk about the origins of open source code, the benefits of using all this free “stuff,” and how we all became addicted to it. I will then unpack some of the issues associated with using this bounty of free code and how we, as developers, can do our part to make sure we responsibly use open source code.
Just because we are using code that we didn’t create doesn’t mean we can ignore the responsibilities that come with it!

How the Supply Chain Became a Hacker’s Paradise

Ah, the software supply chain. The part of developing software that most developers hope works efficiently. What is a software supply chain, some of you may ask? It's everything that touches your applications or possibly plays a role in its development. That can be thousands of moving parts, but how much attention do we as developers pay to all of them and is it our responsibility?
In this session, I will talk about what a software supply chain is, what the bad guys are doing to exploit it, and how developers can prevent bad actors and make our applications more secure. The bad guys are constantly evolving, and so must we!

How to save the world without leaving your desk!

The human race is using computers more than ever before. Billions of applications on millions of computers. Soon almost 1/5th of the global electricity supply will be used up by corporate data centres alone. What can we do to help reduce this trend? Can you as a single developer make a difference? In this talk we’ll explore the reality of mega data centres, what their owners are doing to make them greener and generally gasp at the scale of the challenges ahead. We’ll look at what runs in these environments and explore where the power goes. From there it gets a little easier to see how you can make a difference. We’ll visit the basics of making your application greener and talk about what’s happening in the Java arena to help you reduce the impact. Whether it is new thoughts about JVM directions, new frameworks or even new architectures, things are happening that can help you make a difference. Being greener can start with just one line of code.

Future-Proofing Java: The Art of Crafting Resilient APIs

Designing APIs is an art, a creative exercise. Getting it right for the present is hard; getting it right for the future is even harder.

This talk explores designing resilient Java APIs for upward compatibility, consumability, and flexibility.

We’ll discuss the practicalities of ideas like encapsulation and inheritance, look at broader elements like consistency, effective communication of intent, and cover concepts like the Open-Closed Principle, Semantic Versioning, and other elements that are essential for seamless API evolution.

We’ll review real-world examples, Java gotchas, the latest Java API capabilities, API Check tools, and data and take a look at what Maven Central tells us about the challenge we all face (and just how good we collectively are).

Amazingly, good API design not only helps with evolving for the future, it makes the API more secure and reduces maintenance overheads - all while remaining flexible and consumable.

Time to break those bad design habits before they begin

From Code to Commerce: A Backend Java Developer’s Galactic Journey into E-Commerce

In a galaxy not so far away, a Java developer advocate embarks on an epic quest into the vast universe of e-commerce. Armed with backend languages and the wisdom of microservice architectures, set out with us to learn the ways of the Force. Navigate the asteroid fields of available tools and platforms; tackle the challenge of integrating location-based technologies into open-source projects; placate the Sith Lords by enabling great customer experiences.

Follow me on this journey from humble Java coder to digital marketplace expert. Through tales of triumph and tribulation, gain valuable insights into conquering the e-commerce frontier - such as the different open-source solutions available - and learn how technology can bring balance to the business Force, large or small. May the code be with you.

From Stars to Satellites: The Evolution of Geolocation Technology

Geolocation technology has revolutionised the way we navigate and understand our world. Imagine the absolute chaos if GPS suddenly stopped working! Well, sailors used to have to deal with this every time they couldn’t see the sky!

This talk will take you on a fascinating journey through the history of geolocation, from ancient navigation techniques to the sophisticated systems we rely on today. We will begin by exploring early methods of navigation, such as the use of stars, compasses, and maps, which laid the groundwork for modern geolocation. Then we will then delve into the development of radio-based navigation systems during the early 20th century, before covering the advent of the Global Positioning System (GPS) and the modern technologies that quietly keep the world running smoothly.

Finally, we will discuss recent advancements in location technologies and the data requirements for powering these systems. Join us to gain a comprehensive understanding of the technological innovations that have literally shaped our world, and the profound impact these developments have had on our lives.

Digital Shadows: Tracing the Footprints of Modern Cybercriminals

This presentation is your passport to the shadowy realms of cybercrime, where invisible adversaries leave a trail of chaos. Through real-world case studies and analysis, we'll uncover the latest tactics employed by cybercriminals, ranging from supply chain attacks to the exploitation of emerging technologies. Stay one step ahead as we discuss the intersection of cybersecurity and artificial intelligence, the rise of cryptojacking, and the ominous evolution of phishing. Arm yourself with insights to defend against the unseen forces that threaten our digital way of life.

First steps in defending against Cyber Thuggery

Criminals (thugs) attack systems in myriad ways. The techniques are understood but there are so many threats and ways that it's no wonder something slips through the net. Social engineering, phishing, spearphishing, homoglyphs, typosquatting, deep fakes, vulnerability exploits, dependency confusion and many more!

We will take you through the techniques that bad actors use, how you can identify them and the key actions and tools that you can use to make your system more secure.

Deploy and update Jakarta EE & MicroProfile applications at light speed with Paketo

More developers are using Polyglot programming models with their application architecture and why should they not use the language that makes sense for a specific task. This is where we introduce Paketo, the open-source tool that enables a developer to automatically detect what language they are using and build a runnable container image with that application and a runtime to run said application.
In this talk we will talk about what Paketo’s goals are, the benefits it can bring and a demo of how to easily get started taking a MicroProfile and Jakarta EE application and deploy it in a container using Paketo with the Open Liberty Runtime.

Creating a Build Cocktail with Pakito

Some great applications that power our lives use polyglot programming models. Every language has its advantages and disadvantages, so why not make use of all of them? Yet, how does that affect how we build and deploy our applications, and are there any risks involved?
Loads of build tools exist, but none have all the capabilities that Paketo provides with support for so many languages. It’s an open-source tool that lets developers point to a directory of the most popular programming languages and have Pakito build that application into a container image, JVM, runtime and all.
In this talk, I will introduce this new build technology, discuss its benefits, and demonstrate how simple it is to get started by building a simple application locally and deploying it into an accessible container.

Coding our way out of the climate apocalypse

One of the biggest challenges facing this generation is our warming climate and how it will affect humanity over the next 100+ years. The choices we make now will have long impacting repercussions on future generations and as engineers, we have a responsibility to do something about it as let’s face it, if we don’t then who will?
Many of us have already done work, whether we know it or not to help save the planet. Every change you make to your applications to make it more efficient can usually be corelated with saving energy. Now imagine if every application on the planet was made 10% more efficient… That has the possibility of enormous energy savings. In this session, I will take you on a journey through time to see how things have changed in our industry, what challenges we now face with everything connected to a power source and how we can do our part to fix the impending climate apocalypse!

Breaking Down Digital Barriers: Overcoming Challenges in Online Retail

In the world of online retail, digital barriers can lead to abandoned carts, lost sales and frustrated customers. But what are the root causes of these barriers, and what are some effective strategies to overcome them?

Join us to learn how breaking down digital barriers can lead to a more efficient, customer-friendly, and profitable online retail experience. We’ll delve into the importance of responsive web design and the role of user experience (UX) in customer retention, and the integration of seamless 3rd party systems for things like payments and customer service chatbots.

You’ll leave with insights into best practices for identifying and addressing digital barriers, the latest technologies like AI that can help streamline online operations, and the future trends shaping the online retail industry.

Black Friday Brilliance: Managing a Billion Transactions with Tech, Tactics, and Teamwork

The Black Friday and Cyber Monday period is one of the busiest times in the retail calendar, both in stores and online, and our customers rely on our infrastructure to support their businesses at this crucial time. Over this period in 2023 we processed over 1 billion requests to our APIs, and we managed this with greater than 99.99% availability! We've seen our request volume increase over 100x in the last 10 years, and managing this requires the right technologies, careful planning, and a great team of people.

With insightful commentary from a cross-section of our brilliant Dev team, I’ll talk you through how we scale our infrastructure on different Clouds, the technologies and processes that are put in place and problems we have had to overcome in the past. I’ll also give some insights into how the team works together over this busy period to keep everything running smoothly.

AI Showdown: Harnessing the Power of Good to Battle Evil!

AI is all we hear about these days in the tech industry. Although AI has been around for a long time, it has only recently been made accessible to the majority of people. This is great for society in many ways but also has its implications when bad people realise it can be used for evil.

This talk will take you on a journey of how AI has become so popular recently, how its ease of use is helping more people use it for bad things and how you as an engineer can put measures in place and utilise AI to limit the impact. AI is a great tool for us developers and can enable us to do our jobs much more efficiently but it also has implications that we all need to be aware of before it is too late!

Build Better Products: The Developer-First Approach

For many tech companies, success of a product hinges on its ability to meet the needs of its users: developers. This approach requires careful planning, and can be a big change for many well-established tech companies that have been predominantly sales-led.

This talk will explore the transition to a developer-first product mindset, emphasizing the importance of prioritizing developer experience to drive innovation and efficiency. We will begin by examining the core principles of a developer-first approach, highlighting how it differs from traditional product strategies and suggesting some practical strategies for implementing a developer-first mindset within your organization. We will discuss tools and techniques for gathering developer feedback, fostering a culture of collaboration, and aligning product goals with developer needs.

By the end of this talk, you will be equipped with actionable insights and best practices to create a developer-centric product strategy . Take your first steps towards enhancing the developer experience, and driving product innovation and business success.

Jamie Coleman

Actions

Links

Area of Expertise

Topics

Jamie Coleman

Links

Actions