AI-Driven Productivity in the Development Lifecycle en

In today's software development landscape, staying current is essential, and that means using Artificial Intelligence (AI), particularly Code-Generative AI.

AI is changing the way developers work, delivering unprecedented productivity improvements across the entire development lifecycle.

I will go into the practical applications of AI-powered tools and methodologies for software development, showing how they can help developers to:
+ Understand complex tasks: Quickly understand project requirements and break down tasks into manageable steps.
+ Accelerate code creation: Generate high-quality code snippets and even entire codebases. Increase code quality and security:
+ Verify the quality and security of introduced code as well as suggest changes to conform to best practices.
+ Streamline cloud deployment: Automate the creation of cloud deployment artifacts.
+ Create effective tests: Generate contextually relevant and meaningful tests, leading to better code coverage and robustness.
+ Improving code review: Identify and fix bugs more efficiently, ensuring code quality and reliability, and providing knowledge so reviewers can be more productive.

Using AI's power, we as developers can focus on higher-level tasks, innovate and experiment, and problem-solving, ultimately delivering better, higher-quality, and more secure software.

This talk will showcase practical tools and strategies for integrating AI into development workflows, increasing productivity and efficiency.

Slides: https://bit.ly/vilojona-ai-dev-productivity
Video: https://youtube.com/watch?v=gpLhsMbt2gI&t=4156s

Don't Trust anyone.... Secure your Microservices with ZeroTrust approach. en

Edge trusting is dead, long live Zero Trust.

We were used to deal with `edge security` , direct integration with IDPs using different libraries, also dealing with certificates, SSL, securing the point of entrance to our system, and after that.... well, if you are in the system is because you are allowed to ...... or not ?

Nowadays CVEs, massive attacks, are common .... for sure you remember some recent cases ....don't you ?

So, the idea of protecting only the most external layer of our system , based on the idea that nobody can be in the system if that gate has not been successfully passed, is no longer valid.

In this session I will share my knowledge on protecting K8s and VMs clusters following the ZeroTrust approach, covering concepts like : Zero Trust security, SSL transport, Observability, Authz and Authn , and everything without touching a single line of our Java ( Quarkus ) microservices and how to change that configuration without telling a word to the app developer.

Slides: https://bit.ly/vilojona-zerotrust
Video: https://www.youtube.com/watch?v=wfBsTbfuU28

Dare to test your Prod on CI. Hold my drink , and check Testcontainers en

We all know about the importance of testing, we do our unit tests, we continue with our integration tests….. but in each case we are always testing isolated features and we use mocks for those things not important in those tests….. So what about testing everything with real layers and all together ? And, even better, having that big test encapsulated in our project test suits and runnable locally and from our CI… Here is where Testcontainers appear.
In this talk I will explain what was my experience introducing Testcontainers in our project that includes 8 external components , and how we test the whole application including network, product versions, and taking into account particular configurations on each layer involved.

Slides: https://bit.ly/testcontainers
Video: https://www.youtube.com/watch?v=YPVYWkRxytc

Conferences and Communities and How to Take the most out the Them en

We go to different community meetups and conferences during the year. Places to learn, to share and more importantly to meet people and discuss a common topic.

It's clear the benefit that we can take from them ( or not? ), but are we taking the most out of them? Can those events boost our developer careers or even change us?

Do we know what's involved in organizing these events and how to be involved?

In this talk, I will share my own experiences being part of one Java User Group organization for more than 10 years and as a conference founder & organizer for more than 8, and also as a Speaker for more than 3 years.

I will give my own hints to take the most out of those events, putting my perspective of being a “consumer” of them, going through the role of being a speaker and also to the organizer role with all their pains and benefits.

Slides: https://bit.ly/vilojona-comandconf-lt
Video: https://www.youtube.com/watch?v=LXZSkNohVyI

Java LTS Versions 11 to 21 walkthrough en

Nowadays most production environments are still in old versions of Java, according to a few surveys. It's important to have a summary of the features and bug fixes if those systems are not upgraded.

In this talk, you will see the main production-ready features in the different LTS Java versions since version 11, along with an important definition of what's an LTS and the different vendors that you can use.

Finally, we will see a brief demo of some of the nice features of Java 21.

Slides: https://bit.ly/vilojona-java11to21
Video: https://www.wearedevelopers.com/en/videos/658/beam-me-up-java-unraveling-the-warp-speed-evolution-a-journey-through-java-lts-versions-11-to-21

Kubernetes Operators ? in Java ? ... Hold my mouse and look en

Do you want YOUR app easily deployable in Kubernetes or Openshift ? Do you want to control how it scale, deploy and update in an automated way ? Do you want to have your app in a cloud market ? » Then Kubernetes Operators are for YOU.

In this session I will show you What’s a K8s Operator, How to create it with Java, Quarkus and native compilation, and how to deploy it on OperatorHub, from my own experience creating this production ready Operator for a FOSS application, including the testing GitHub action.

Slides: https://bit.ly/jv-k8s-op
Video: https://www.youtube.com/watch?v=kPaHacgM-As&;

Migrate Spring Boot app to Quarkus. Stage unlocked en

Have you heard about Quarkus ? for sure you have, a new super fast, super light framework to develop cloud native and GraalVM compatible apps. But, is that easy to go the Quarkus way ? is it hard to migrate an existing app ? For sure in a hello world demo this will look fantastic ( they all look that way don’t they ? ) but, in a real app, is that nice ? is that easy ? is that fun ? In this session I will show my experience from scratch migrating an app to Quarkus, using different technologies as Hibernate, Prometheus, Rest, … and also how you can check your current app and see how easy is to migrate using a foss app to analyse it.

Prepare for a journey of reality, failures, and experiences on the universe of Quarkus , at a ludicrous speed.

Slides: https://bit.ly/sb2qks
Video: https://www.youtube.com/watch?v=ROY2LNwyHDk

Code Quality in the AI era, needed more than ever. en

As developers, we participate every day in our software life cycle adding new logic, adapting the existing one, and integrating with services or platforms.

But, do we put the same effort into making software robust, maintainable, consistent, secure, clear, and tested?

Moreover, when developers are adding code generated by an AI code generator, can we rely on that code?

In this session, I will show the need for good practices to have a great Code Quality along with the issues of not using it, using free and open-source tools.

Code Quality goes beyond the produced software and its programming language. Is a fundamental part of a developer's role growth, something that represents us no matter the language and the company where we work. Do not lose the thread.

Slides: https://bit.ly/vilojona-cleancode-ai-worth
Video: https://www.youtube.com/watch?v=elCwcpxa0xY

Top Security Flaws Hiding in Your Code Right Now – and How to Fix Them en

Security vulnerabilities aren’t just hypothetical—they’re real, from the MongoDB attack to the Log4Shell disaster, and they’re hiding in your code right now. In this session, we’ll explore the most common and dangerous flaws: SQL Injection, Deserialization Injection, and Logging Injection.

We’ll explain how these vulnerabilities work, why they’re so risky, and how to fix them through examples.

You'll leave with practical tips for safeguarding your applications, including best practices for SQL query parameterization, secure deserialization techniques, the importance of sanitizing logs, and how to use tooling to prevent these flaws more easily.

Audience Takeaways:

Deep understanding of SQL Injection, Deserialization Injection, and Logging Injection.
Practical code examples and fixes to secure your applications.
Insights into real-world case studies of major security breaches.
Tooling that will help us to commit safe code.

Slides: https://bit.ly/vilojona-top-security-issues

Infrastructure as Code Done Right: Discovering and Fixing Common Missteps en

Infrastructure as Code (IaC) brings tremendous benefits to modern cloud management. From Docker to Terraform, AWS CloudFormation, Kubernetes, or Azure, several SKDs and file formats allow our applications to be built, deployed, and run in complex Cloud systems.

But it’s easy to introduce errors with misconfigurations and security lapses if you’re not careful.

In this talk, we’ll tackle some of the most common pitfalls in IaC and show you how to steer clear of them. We’ll look at typical issues like insecure settings, hardcoded credentials, and inefficient resource use—and dive into practical fixes for each. Using real-world examples, we’ll break down why these mistakes happen and how you can correct them with straightforward best practices.

We’ll also cover some handy tools that can secure and improve your IaC process, from automated code quality checks to security scans that fit right into your CI/CD pipeline. By the end, you’ll have a solid grasp of how to make your infrastructure code more reliable and secure, along with the tools to keep it that way.

This session is perfect for developers and DevOps professionals looking to improve their skills. It will help you refine your IaC approach and avoid common traps.

Slides: https://bit.ly/vilojona-iac-done-right

AI Code Gen Reality: LLMs Help But Can Hurt Quality and Security en es

Eyyy Code GenAI is here to stay and it's increasing its adoption and perfomance dramatically !!!!

But, are LLMs as good as they seem ? Specially if we are thinking on serious production projects.....

In this talk I will show data about the real state of projects in terms of quality and security, and how 5 different main LLMs perform in code generation in terms of accuracy, quality and complexity.

Finally I will present some good practices that can help your assistants to be "potentially" better in their responses.

Join me in a motivational talk based on reality and facts and not on trends.

Production wise usage of Code GenAI is not a trivial thing. It's important to know the real and whole context about LLMs and how we can help them to help us.

Seven Habits of Highly Effective AI Java Coding en

🤖 AI code assistants are everywhere in Java development! They promise speed, but let's be honest, blindly accepting suggestions or falling into "vibe coding" often leads straight to confusing code and technical debt. 🤔 Sound familiar?

Want to actually master these tools? Ready to unlock truly productive AI collaboration and boost your speed without sacrificing quality? ✨ This talk reveals the 7 key habits and critical mindset shifts that separate frustrating AI interactions from game-changing results.

We'll skip the hype and focus on the practical secrets for working with your AI assistant smartly in your Java workflow.

The Golden Rule? Simple: whether you wrote the line or the AI did, you own the code. (git blame doesn't point to 'code assistant'! ❗) That's habit #1 – come to the talk to discover the other 6!

Knowing these habits is crucial, because shipping AI-assisted code with confidence requires more than just hitting 'accept'. Solid checks and a clear view of code quality are non-negotiable.

Join this session to learn the habits that will transform how you build Java code with AI. Walk away ready to make these tools work for you, faster and safer! ✅🚀

Realidad del Codigo por IA: los LLMs Ayudan Pero Pueden Dañar La Calidad y Seguridad en es

¡Code GenAI llegó para quedarse y su adopción y rendimiento están aumentando drásticamente!

Pero, ¿son los LLM tan buenos como parecen? Sobre todo si pensamos en proyectos de producción serios...

En esta charla, mostraré datos sobre el estado real de los proyectos en términos de calidad y seguridad, y el rendimiento de 5 LLM principales en la generación de código en cuanto a precisión, calidad y complejidad.

Finalmente, presentaré algunas buenas prácticas que pueden ayudar a tus asistentes a ser potencialmente mejores en sus respuestas.

Acompáñame en una charla motivadora basada en la realidad y los hechos, no en las tendencias.

El uso de Code GenAI en producción no es trivial. Es importante conocer el contexto real y completo de los LLM y cómo podemos ayudarles a que nos ayuden.

Agents With Seatbelts: Practical Ways to Keep AI Code Gen Under Control en

In this session I will share **best practices** for using MCP setups and AI **Agents** in real development workflows 🤖. The goal is to improve both **quality** and **security**, since even with all the excitement around these tools, it’s still very easy to create confusing interactions, accidental data exposure, or Agents that trigger actions we never intended.

I will also present **reports comparing how different LLM models generate code**, showing clear differences in stability, output consistency, and the amount of guidance each model needs to avoid mistakes. Along with that, I’ll bring recent **figures showing the surprisingly low productivity gains** many teams report when adopting AI tools—often just small improvements instead of the big jumps everyone expects. We will look at why this happens: unclear prompts, weak tool design, loose permissions, and wrong assumptions about what the models can really handle.

The talk focuses on practical habits that developers can apply right away: tightening tool access, simplifying and focusing context, adding lightweight validation steps, and using safety patterns that prevent the common failures. My goal is to help teams build **more reliable, productive, and secure AI workflows**, making AI code generation a real benefit rather than a risky experiment 😅.

A fast-paced look at how to boost **quality**, **security**, and real productivity when using AI Agents and MCP. I’ll show where code-gen models fail, why gains stay low, and the simple practices that keep AI powerful but under control 🤖.