Jesse Sanford
Software Architect, Autodesk
New York City, New York, United States
Actions
Jesse is a lifelong software engineer focused on site reliability and Infosec. Currently architecting the juncture of platform engineering and security/compliance for Autodesk's Developer Enablement team. He regularly contributes to open source and frequently speaks about his work utilizing it at Autodesk and in the community. When not in front of a computer, he is a backpacker, sailor and continuously delivering parent of two young daughters.
Area of Expertise
Topics
Secure by Design CI/CD: Practical Insights from Adobe and Autodesk
Worried that your CI/CD pipelines and developer workflows are insecure? Lost in security buzzwords like SBOMs, provenance, attestation, SLSA, OpenSSF, and more? Seeking a clear, actionable reference architecture to secure your pipeline?
Whether you are just getting started on your Software Supply Chain Security journey, or are ready to take it to the next level navigating this diverse ecosystem is challenging.
Join Vikram and Jesse as they present a reference architecture for secure-by-default CI/CD pipelines and show you effective security controls at every step. See firsthand how these industry giants safeguarded their pipelines while maintaining agility and innovation.
This talk will showcase their work, and the work of the CNOE (Cloud Native Operational Excellence) group, which aims to build a paved path through this problem space by producing opinionated software collections or “CNOE stacks” that can be adapted to meet you where your technology is.
The Telemetry of Trust, Using Attestations to Secure Your SDLC with Open Source Tools
Let’s be honest, delivering software can be a dirty business. Especially if you are in the critical path of delivering legacy software, or software born from mergers and acquisitions. How can we secure so many differences at scale? How can we build trust into everything we do so that we can delay evaluation until we have enough trust later? In this talk, Jagadish and Jesse show you how Autodesk is thinking about solving both of these problems simultaneously. Through the use of “attestations”. Simple, cryptographically verifiable bits of telemetry that when combined, equal a whole lot more than the sum of their parts. Get enough of them and they build a story of trust. By weaving a software lifecycle tale through a series of verifiable inputs, actions and outcomes we can decide for example, when to allow a build be deployed. Or better, decide when it’s to be deployed to a secure and compliant location. Autodesk is starting to tell those software lifecycle stories using open source software weaved into our platform, making the software we build safer for all, despite our diversity.
Wizards in the Age of Self Service Platforms
Autodesk’s vision of a platform built on the Kube API and operator pattern is proving to be a compelling capability fabric. With it, platform engineers can open the door to product teams to contribute capabilities to one another in a well patterned framework. This decoupling of ownership is powerful and will lead to a robust ecosystem of platform features. The inevitable diversity is a double edged sword however, and users will need a friendlier interface than kubectl to navigate it.
Enter Backstage. A single portal for discovery and self-service resource management.
When paired with our platform, Backstage Software templates offer wizard-like interfaces to the custom resources being contributed. But who creates these Software Templates? Can we avoid asking contributors to do even more work?
In this talk, Jesse and Manabu will discuss Autodesk’s platform capability contribution model and demo a new open source tool to automatically create backstage software templates from CRDs.
Rapid IDP capability development and automated testing at Autodesk
To accelerate the development of our Platform, Autodesk along with the partner organizations of the Cloud Native Operating Excellence group has developed a tool called IDPBuilder. With this all in one binary, we can now rapidly iterate on the K8s native capabilities that make up our internal developer platforms locally. In this session you will learn how IDPBuilder can stand up a CNOE reference architecture in minutes, with nothing other than Docker as a pre-dependency. You will also see how it makes creating and maintaining platform capabilities a breeze, as we have guaranteed API compatibility with our local, testing and production environments. Speaking of testing, IDPBuilder also powers our automated test suites that run as a part of our CI tooling. No more waiting for cloud environments to spin up. No more debugging brittle scripts that lack portability. IDPBuilder is a complete internal development portal and associated Kubernetes native capability platform in a box!
How Autodesk built a Developer Portal Distro with CNOE
Are you building your company’s internal developer platform? Do you want to know what technologies other companies use to build their IDP? Then this talk is for you! In it, you will learn the story of how and why the CNOE reference implementation a.k.a our IDP "distro" was built using open source technologies and extending the Kubernetes API. You will hear learnings from Autodesk’s journey to build their IDP, the technologies we chose and how you can use the reference implementation and toolings around it to build your own internal development platform distribution. We will also explore the common capabilities associated with IDPs in use by the majority of the CNOE member orgs and how each capability can be leveraged to provide better experience for your developers by using awesome open source technologies!
KubeCon + CloudNativeCon North America 2024 Sessionize Event
Open Source Summit + AI_dev: Open Source GenAI & ML Summit Japan 2024 Sessionize Event
KubeCon + CloudNativeCon Europe 2024 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top