Baruch Sadogursky

Information & Communications Technology

DevOps & Automation Continous Delivery java groovy Software Development Software Architecture devops continuous delivery Continuous Integration software engineering

Sunnyvale, California, United States

Baruch Sadogursky

Head of DevOps Advocacy @jfrog

Baruch Sadogursky (a.k.a JBaruch) is the Head of DevOps Advocacy and a Developer Advocate at JFrog. His passion is speaking about technology. Well, speaking in general, but doing it about technology makes him look smart, and 19 years of hi-tech experience sure helps. When he’s not on stage (or on a plane to get there), he learns about technology, people and how they work, or more precisely, don’t work together.

He is a co-author of the Liquid Software book, a CNCF ambassador and a passionate conference speaker on DevOps, DevSecOps, digital transformation, containers and cloud-native, artifact management and other topics, and is a regular at the industry’s most prestigious events including KubeCon, DockerCon, Devoxx, DevOps Days, OSCON, Qcon, JavaOne and many others. You can see some of his talks at jfrog.com/shownotes

Baruch Sadogursky

Head of DevOps Advocacy @jfrog

Поскольку «религия не позволяет» заведует евангелистами, Барух — заведует DevOps advocates (нет, это не юристы) в компании JFrog. Он любит поговорить вообще, и поговорить про технологии в частности, и когда он не на сцене и не по дороге на конференцию или митап, он изучает как работают (точнее, не работают) технологии, люди, и взаимоотношения между ними.

Барух соавтор книги Liquid Software, ambassador Cloud–Native Computing Foundation iи частый спикер на крупнейших и важнейших конференциях, таких как DevOops, Joker, JPoint, Kubecon, DockerCon, Devoxx, DevOps Days, OSCON, QCon, и многих других.

Current sessions

Best Practices In Implementing Container Image Promotion Pipelines EN

Surprisingly, implementing a secure, robust and fast promotion pipelines for container images is not as easy as it might sound. Automating dependency resolution (base images), implementing multiple registries for different maturity stages and making sure that we actually run in production containers from the images we intended can be tricky. In this talk, we will compare different approaches, compile a wish-list of features and create a pipeline that checks all the boxes using free and open-source tools.


Influencing DevOps without Authority - how "DevOps engineer" can advance real DevOps EN RU

You know about DevOps, you know DevOps is right for your organization, but hey, what can you do? As an individual contributor or a team leader, your authority to transform your organization to DevOps is limited. But your influence is not!
In this talk, Baruch will show how some proven influencing and negotiating techniques can be used to convince critical stakeholders in your organization in the necessity of DevOps.
We look at the arguments, the techniques, and the small tricks, which work in particular situations with particular engineering and business leadership positions and will prepare you to deliver the message of DevOps most convincingly to each.

"Influence without Authority", "Getting to Yes", "Getting past No" and others applied to IT organizations with DevOps message.


Устраиваем DevOps без полномочий: Даже "ДевОпс инженер" может помочь EN RU

Казалось бы, доклад про устроение ДевОпса должен быть про настройку Дженкинса, но нет!

Этот доклад для тех, кто понимает, что ДевОпс это история про культуру, коллаборацию и общение, но не очень представляет как будучи скромным исполнителем или тимлидом, повлиять на целый энтерпрайз или галеру, и свдинуть организацию в соторну ДевОпса.
Барух расскажет какими методами можно воспользоваться для влияния на stake–holder-ов, что кому говорить, как мотивировать, и как работать с возражениями.
Пожалуй, за исключением парапсихологических практик и гипноза (которые не стоит раскрывать неокрепшим умам), на этом доладе будет обозрены все способы влиять, не имея полномочий на благо наступления повсеместного ДевОпса в индустрии.


When the infrastructure becomes code we welcome our BinOps overlords EN

You know it from your applicative code: in a very early stage in the build pipeline GitOps actually become BinOps – you build a binary and you promote it all the way.
How it is different for your infrastructure code? Plot twist: it is not!

In this talk, we'll walk you through a checklist the industry compiled throughout the years for taking code (any code) from development to device, and check how it applies to Terraform: What binaries do we have, and how you successfully BinOps them.


Security and DevOps. Go get an approval for this library usage. Or not? EN RU

To be good at security, you need to think like a CISO; you need to act like a CISO; you need to become a CISO... or do you? In this talk, we'll keep following Alex and their journey towards better software engineering processes.

A dive into the world of information security presents Alex with new goals, new challenges, and new headaches. Or maybe the headaches were there before and now just became more visible?

Understanding the world of CISO and their teams will help Alex (and us) to realize the security problems a modern DevOps organization faces and how they can be effectively solved without ramping up new silos and creating new barriers.


Security… Как много в этом звуке для сердца ДевОпсного слилось... EN RU

Для того, чтобы понять безопасность, надо думать как безопасник, вести себя как безопасник, надо стать безопасником (а может всё-таки не надо?)! В этом докладе Леонид и Барух продолжат рассказывать историю Васи и его приключений на мясокомбинате. Новый Chief Information Security Officer ставит Васе новые задачи, новые цели, и создаёт новые заботы и новые проблемы. Или, может быть, проблемы были и раньше, просто теперь они стали более заметны?

Понимание мира, в котором живет CISO, поможет Васе и вам вместе с ним понять какие проблемы безопасности стоят перед современной DevOps-организацией и как решить эти проблемы, не выкапывая новые колодцы и не создавая новые барьеры.


#DataDrivenDevops EN RU

"Without data, you're just another person with opinions".

In this talk, we'll talk about data-driven DevOps and how the cross-cutting metrics from dev, QA, and ops can be integrated to provide you and the teams you support with an insight into the status of your engineering organization.
As the DevOps Evangelists of your organization, you can help your teams to adopt data-driven decision making whereas it becomes more important due to cross-pillar influence and collaborated need for success. The practical aspect will cover dos and don'ts and examples of metrics that you can implement in to help your teams today.


DevOps Theory vs. Practice: A Song of Ice and Tire Fire EN RU

In many DevOps talks, you see a speaker from a renowned tech company stand up and describe a perfect utopia of an environment. You look at the perfect environment and dedicated hordes of senior engineers they describe, and you despair of ever getting to that point. Your environment looks nothing like that.

Surprise-- their environment doesn't really look like that either! In this talk, a speaker from an unnamed tech unicorn describes their amazing environment-- and then what they just said gets translated from "thought leader" into plain English for you by an official DevOps translator. Stop feeling sad-- everything is secretly terrible!


A Research Study into DevOps bottlenecks EN RU

We asked a Fortune 500 software delivery leaders what holds them back. This talk is the analysis of their insights on what bottlenecks they encountered in their DevOps journey. We share discoveries on what helped them to overcome the bottlenecks and how they plan to deliver even faster. Using this we define some unifying themes on what areas provide the greatest return on investments of time and resources.


#DataDrivenDevops EN RU

"Without data, you're just another person with opinions".

In this talk, we'll talk about data-driven DevOps and how the cross-cutting metrics from dev, QA, and ops can be integrated to provide you and the teams you support with an insight into the status of your engineering organization.
As the DevOps Evangelists of your organization, you can help your teams to adopt data-driven decision making whereas it becomes more important due to cross-pillar influence and collaborated need for success. The practical aspect will cover dos and don'ts and examples of metrics that you can implement in to help your teams today.


A Research Study into DevOps bottlenecks EN RU

We asked a Fortune 500 software delivery leaders what holds them back. This talk is the analysis of their insights on what bottlenecks they encountered in their DevOps journey. We share discoveries on what helped them to overcome the bottlenecks and how they plan to deliver even faster. Using this we define some unifying themes on what areas provide the greatest return on investments of time and resources.


DevOps Theory vs. Practice: A Song of Ice and TireFire EN RU

In many DevOps talks, you see a speaker from a renowned tech company stand up and describe a perfect utopia of an environment. You look at the perfect environment and dedicated hordes of senior engineers they describe, and you despair of ever getting to that point. Your environment looks nothing like that.

Surprise-- their environment doesn't really look like that either! In this talk, a speaker from an unnamed tech unicorn describes their amazing environment-- and then what they just said gets translated from "thought leader" into plain English for you by an official SwampUp translator. Stop feeling sad-- everything is secretly terrible!


Persistance is futule (or is it?) How to manage, version and promote Docker volumes EN

We get that a lot: Docker images are amazing for managing software, but the data and the configuration we want to reuse is on volumes. Now what?

In this talk, we'll demonstrate how can you manage and reuse Docker volumes with data and configuration. In our example, we'll show to deploy a pre-configured Jenkins server using a binary repository as a pipeline for Docker volumes management.


Go Modules: Why And How – All You Need To Know In Less Than An Hour EN

In this talk, we’ll introduce Go modules – why and how, will talk about the benefits and the downsides of using modules and the difference between modules and go-dep. We’ll review how modules work and what are the changes switching to modules require.


DevOps Patterns and Antipatterns for Continuous Software Updates EN RU

So, you want to update the software for your user, be it the nodes in your K8s cluster, a browser on user’s desktop, an app in user’s smartphone or even a user’s car. What can possibly go wrong?

In this talk, we’ll analyze real-world software update fails and how multiple DevOps patterns, that fit a variety of scenarios, could have saved the developers. Manually making sure that everything works before sending an update and expecting the user to do acceptance tests before they update is most definitely not on the list of such patterns.

Join us for some awesome and scary continuous update horror stories and some obvious (and some not so obvious) proven ideas for improvement and best practices you can start following tomorrow.

This talk is a collection of failure stories about software updates with advice on how to prevent those in your systems. As usual with epic failures talks, it’s educational and a lot of fun.

We’ll start by reviewing what are the driving forces behind software updates, how do we update, and why some update multiple times a day while others only update once a year. We’ll continue to review some of the epic fails, including Google WiFi, Knight Capital, CloudFlare, Jaguar and others. The patterns we are going to suggest are Canary Deployments, Observability, Local rollbacks, Feature Flags, and others.


Паттерны и антипаттерны непрерывных обновлений в практике DevOps EN RU

Итак, ты решил обновить софт у своих пользователей. Может быть, это 100500 микросервисов в их кластере Kubernetes, может быть, это очередной редактор на джаваскрипте у них на ноутбуке, может быть, это приложение для дипфейков в их смартфоне, а может быть, ты даже не побоялся обновить их автомобиль! Что уже может пойти не так, правда?!

В этом докладе мы проанализируем реальные фейлы, которые ежедневно и повсеместно происходят при обновлении софта. Мы посмотрим, как всевозможные DevOps-паттерны ложатся на эти сценарии и как правильное их применение смогло бы, возможно, спасти всех этих людей. И нет, хорошенько проверить всё ручками перед отправкой и попросить у пользователя еще раз хорошенько проверить всё ручками при приёмке не является одним из рекомендованых паттернов, несмотря на то, что так делает половина индустрии!

Приходите послушать полезные кошмарики про непрерывное обновление, и вы получите шанс познакомиться со множеством очевидных (и не таких уж и очевидных!) проверенных идей и практик, которые вы сможете начать применять сразу после доклада, и, может быть, ваши пользователи будут ненавидеть вас немножко меньше!


More proxies, More problems EN

Despite the popular belief, artifact/package/dependency management is not a naive and easy domain. Go team learned it the hard way trying to come up with an elegant and easy solution, first via vendoring, then go-dep and eventually with modules (where it did a great job!).

In this session, we'll talk about one nasty aspect of artifact management – the repositories (known as proxies in the Go world because naming is hard as well). Suddenly, it's a loaded domain with a lot of hard questions without simple or even obviously correct solutions.


DevOps for developers (or maybe against them?!) EN RU

"DevOps" is the operations people’s crafty plan to make developers do other people's work, but we are smart enough to see right through this naive rebranding trick!

Baruch suggests you think about it: we, the developers, have written all the code. It passes all the tests; it obviously works, and works well (Are we a little proud? We are!); so we are DONE.

Now, out of the blue, a bunch of "thought leaders" (all with an operations background, mind you!) are trying to tell us that we have to learn YAML, Docker, Kubernetes and Terraform to deploy our software because suddenly it is our concern?!

In this talk, we'll discuss why developers do or don’t need DevOps. We'll consider arguments made by DevOps visionaries and see whether they hold water. Hopefully, by the end of the talk, we'll understand whether DevOps really helps developers to deploy better code to production more often, or if it is just another scam made up by marketing and evangelists.

This is a fun and provocative talk. I am starting with claiming that developers have no incentives to do any DevOps and will work my way to explain why although there is some truth in that, it doesn't' really matter. The business must commit to DevOps and once the business committed, everyone has to be on-board.


DevOps для разработчиков (или против них?!) EN RU

DevOps — это заговор сисадминов, чтобы заставить разработчиков делать чужую работу, но мы слишком умны, чтобы попасться на эту элементарную уловку ребрендингом! Посудите сами: мы написали код, он проходит тесты. Он, очевидно, работает и работает хорошо (Мы гордимся собой? Да!). И тут мы закончили.

Но приходят эти «визионеры» (все из operations, прошу заметить!) и рассказывают нам, что теперь надо учить YAML, Docker, Kubernetes и Terraform, потому что внезапно это наша головная боль?!

В этом докладе мы поговорим о том, зачем разработчикам нужен или не нужен DevOps. Мы рассмотрим аргументы, которые приводят идеологи DevOps, и решим, состоятельны они или нет. К концу доклада, будем надеяться, нам станет понятно, действительно ли это способ, который поможет нам (разработчикам) поставлять лучший код в прод чаще, или это, как всегда, разводка маркетологов и евангелистов.