Speaker

Jonathan Vila

Jonathan Vila

Developer Advocate at Sonar

Barcelona, Spain

Actions

Java Champion, Organiser at BarcelonaJUG and cofounder of JBCNConf and DevBcn conferences in Barcelona.

Currently working as a Developer Advocate in Java at Sonar (SonarLint,SonarQube), focused on Clean Code & Security.

I have worked as a (paid) developer since the first release of The Secret of Monkey Island, about 30 years ago using Go on Kubernetes for a Service Mesh layer on top of Istio | Java on Kubernetes for K8s Operator, Rest API, using Quarkus, GraalVM, Apache Camel | PHP | VB | Python | Pascal | C

I am very interested in simulated reality, psychology, philosophy, and Java.

Awards

Area of Expertise

  • Health & Medical
  • Travel & Tourism
  • Information & Communications Technology

Topics

  • Java
  • Building Communities
  • Programming Languages
  • Developers
  • Developer Relations
  • Developer Skills

Don't Trust anyone.... Secure your Microservices with ZeroTrust approach.

Edge trusting is dead, long live Zero Trust.

We were used to deal with `edge security` , direct integration with IDPs using different libraries, also dealing with certificates, SSL, securing the point of entrance to our system, and after that.... well, if you are in the system is because you are allowed to ...... or not ?

Nowadays CVEs, massive attacks, are common .... for sure you remember some recent cases ....don't you ?

So, the idea of protecting only the most external layer of our system , based on the idea that nobody can be in the system if that gate has not been successfully passed, is no longer valid.

In this session I will share my knowledge on protecting K8s and VMs clusters following the ZeroTrust approach, covering concepts like : Zero Trust security, SSL transport, Observability, Authz and Authn , and everything without touching a single line of our Java ( Quarkus ) microservices and how to change that configuration without telling a word to the app developer.

Code Quality in the AI era, needed more than ever

As developers, we participate every day in our software life cycle adding new logic, adapting the existing one, and integrating with services or platforms.
But, do we put the same effort into making software robust, maintainable, consistent, secure, clear, and tested?
Moreover, when developers are adding code generated by an AI code generator, can we rely on that code?
In this session, I will show the need for good practices in Clean Code along with the issues of not using it, showing concepts like Clean As You Code (CAYC) using free and open-source tools.
Clean Code goes beyond the produced software and its programming language. Is a fundamental part of a developer's role growth, something that represents us no matter the language and the company where we work. Do not lose the thread.

Dare to test your Prod on CI. Hold my drink , and check Testcontainers

We all know about the importance of testing, we do our unit tests, we continue with our integration tests….. but in each case we are always testing isolated features and we use mocks for those things not important in those tests….. So what about testing everything with real layers and all together ? And, even better, having that big test encapsulated in our project test suits and runnable locally and from our CI… Here is where Testcontainers appear.
In this talk I will explain what was my experience introducing Testcontainers in our project that includes 8 external components , and how we test the whole application including network, product versions, and taking into account particular configurations on each layer involved.

Slides: https://bit.ly/testcontainers
Video: https://www.youtube.com/watch?v=YPVYWkRxytc

Don't Trust anyone.... Secure your Microservices with ZeroTrust approach.

Edge trusting is dead, long live Zero Trust.

We were used to deal with `edge security` , direct integration with IDPs using different libraries, also dealing with certificates, SSL, securing the point of entrance to our system, and after that.... well, if you are in the system is because you are allowed to ...... or not ?

Nowadays CVEs, massive attacks, are common .... for sure you remember some recent cases ....don't you ?

So, the idea of protecting only the most external layer of our system , based on the idea that nobody can be in the system if that gate has not been successfully passed, is no longer valid.

In this session I will share my knowledge on protecting K8s and VMs clusters following the ZeroTrust approach, covering concepts like : Zero Trust security, SSL transport, Observability, Authz and Authn , and everything without touching a single line of our Java ( Quarkus ) microservices and how to change that configuration without telling a word to the app developer.

Slides: https://bit.ly/vilojona-zerotrust
Video: https://www.youtube.com/watch?v=wfBsTbfuU28

Conferences and Communities and How to Take the most out the Them

We go to different community meetups and conferences during the year. Places to learn, to share and more importantly to meet people and discuss a common topic.

It's clear the benefit that we can take from them ( or not? ), but are we taking the most out of them? Can those events boost our developer careers or even change us?

Do we know what's involved in organizing these events and how to be involved?

In this talk, I will share my own experiences being part of one Java User Group organization for more than 10 years and as a conference founder & organizer for more than 8, and also as a Speaker for more than 3 years.

I will give my own hints to take the most out of those events, putting my perspective of being a “consumer” of them, going through the role of being a speaker and also to the organizer role with all their pains and benefits.

Slides: https://bit.ly/vilojona-comandconf-lt
Video: https://www.youtube.com/watch?v=LXZSkNohVyI

Java LTS Versions 11 to 21 walkthrough

Nowadays most production environments are still in old versions of Java, according to a few surveys. It's important to have a summary of the features and bug fixes if those systems are not upgraded.

In this talk, you will see the main production-ready features in the different LTS Java versions since version 11, along with an important definition of what's an LTS and the different vendors that you can use.

Finally, we will see a brief demo of some of the nice features of Java 21.

Slides: https://bit.ly/vilojona-java11to21
Video: https://www.wearedevelopers.com/en/videos/658/beam-me-up-java-unraveling-the-warp-speed-evolution-a-journey-through-java-lts-versions-11-to-21

Kubernetes Operators ? in Java ? ... Hold my mouse and look

Do you want YOUR app easily deployable in Kubernetes or Openshift ? Do you want to control how it scale, deploy and update in an automated way ? Do you want to have your app in a cloud market ? » Then Kubernetes Operators are for YOU.

In this session I will show you What’s a K8s Operator, How to create it with Java, Quarkus and native compilation, and how to deploy it on OperatorHub, from my own experience creating this production ready Operator for a FOSS application, including the testing GitHub action.

Slides: https://bit.ly/jv-k8s-op
Video: https://www.youtube.com/watch?v=kPaHacgM-As&;

Clean code, ¿de verdad vale la pena? Una historia de monstruos, heroes y victorias

Como developers participamos cada dia en la evolucion de software, ya sea añadiendo nuevas e interesantes funcionalidades, asi como adaptando las actuales o incluso integrando con sistemas o plataformas externos.

Pero, ponemos el mismo esfuerzo en hacer que nuestro codigo sea robusto, mantenible, consistente, seguro, claro y bien probado? Realmente vale la pena invertir tiempo en ello ?

En esta charla seguiremos la historia de nuestro heroe y su lucha contra el monstruo del bad code y veremos la importancia del "clean code" asi como las ventajas que aporta (y las penas que evita) introduciendo conceptos como el Clean As You Code y herramientas free y opensource.

Preparate para una historia de aventuras, monstruos, luchas, tecnicas y victorias al estilo de Juego de Tronos ;)

Clean Code va mas alla del software que se produce y de su lenguaje de programacion.
Es parte fundamental y de crecimiento en la figura de un developer, algo que nos representa sin importar donde o con que lenguaje trabajemos. No perdamos el hilo.

Slides: https://bit.ly/vilojona-cleancode-worth
Video: https://www.youtube.com/watch?v=TTCugqSuJn8

Migrate Spring Boot app to Quarkus. Stage unlocked

Have you heard about Quarkus ? for sure you have, a new super fast, super light framework to develop cloud native and GraalVM compatible apps. But, is that easy to go the Quarkus way ? is it hard to migrate an existing app ? For sure in a hello world demo this will look fantastic ( they all look that way don’t they ? ) but, in a real app, is that nice ? is that easy ? is that fun ? In this session I will show my experience from scratch migrating an app to Quarkus, using different technologies as Hibernate, Prometheus, Rest, … and also how you can check your current app and see how easy is to migrate using a foss app to analyse it.

Prepare for a journey of reality, failures, and experiences on the universe of Quarkus , at a ludicrous speed.

Slides: https://bit.ly/sb2qks
Video: https://www.youtube.com/watch?v=ROY2LNwyHDk

Java is Dead

Have you heard this before ? Let's explore if that's true....

Slides: https://bit.ly/vilojona-java

By the power of Java, Main of the Cloudiverse

Do we really need other languages to develop apps for the Cloud ?
Let's explore it

Slides: https://bit.ly/vilojona-javacloud
Video: https://www.youtube.com/watch?v=vjAZ4CTFBjs

Clean code, is it really worth it? A story of monsters, heroes and victories

As developers, we participate every day in our software life cycle adding new logic, adapting the existing one, and integrating with services or platforms.

But, do we put the same effort into making software robust, maintainable, consistent, secure, clear, and tested?

In this session, I will show the need for good practices in Clean Code along with the issues of not using it, showing concepts like Clean As You Code (CAYC) using free and open-source tools.

Clean Code goes beyond the produced software and its programming language. Is a fundamental part of a developer's role growth, something that represents us no matter the language and the company where we work. Do not lose the thread.

Slides: https://bit.ly/vilojona-cleancode-worth
Video: https://www.youtube.com/watch?v=DxvZqjHMGIE
Keynote: https://www.youtube.com/watch?v=JG6KQIhyfew

Calidad de Codigo, en la era de la Code GenAI, mas necesario que nunca.

Como desarrolladores, participamos todos los días en el ciclo de vida de nuestro software añadiendo nueva lógica, adaptando la existente e integrándonos con servicios o plataformas.

Pero, ¿ponemos el mismo esfuerzo en hacer que el software sea robusto, mantenible, consistente, seguro, claro y probado?

Además, cuando los desarrolladores añaden código generado por un generador de código impulsado por IA, ¿podemos confiar en ese código?

En esta sesión, mostraré la necesidad de seguir buenas prácticas en Código Limpio junto con los problemas de no utilizarlas, presentando conceptos como para implementarlo efectivamente utilizando herramientas gratuitas y de código abierto.

El Código Limpio va más allá del software producido y de su lenguaje de programación. Es una parte fundamental del crecimiento en el rol de un desarrollador, algo que nos representa sin importar el lenguaje o la empresa donde trabajemos. No pierdas el hilo.

Clean Code in the AI era. A story of monsters, heroes and victories.

As developers, we participate every day in our software life cycle adding new logic, adapting the existing one, and integrating with services or platforms.

But, do we put the same effort into making software robust, maintainable, consistent, secure, clear, and tested?

Moreover, when developers are adding code generated by an AI code generator, can we rely on that code?

In this session, I will show the need for good practices in Clean Code along with the issues of not using it, showing concepts like Clean As You Code (CAYC) using free and open-source tools.

Clean Code goes beyond the produced software and its programming language. Is a fundamental part of a developer's role growth, something that represents us no matter the language and the company where we work. Do not lose the thread.

Code Quality in the AI era, needed more than ever.

As developers, we participate every day in our software life cycle adding new logic, adapting the existing one, and integrating with services or platforms.

But, do we put the same effort into making software robust, maintainable, consistent, secure, clear, and tested?

Moreover, when developers are adding code generated by an AI code generator, can we rely on that code?

In this session, I will show the need for good practices in Clean Code along with the issues of not using it, showing concepts like Clean As You Code (CAYC) using free and open-source tools.

Clean Code goes beyond the produced software and its programming language. Is a fundamental part of a developer's role growth, something that represents us no matter the language and the company where we work. Do not lose the thread.

Top Security Flaws Hiding in Your Code Right Now – and How to Fix Them

Security vulnerabilities aren’t just hypothetical—they’re real, from the MongoDB attack to the Log4Shell disaster, and they’re hiding in your code right now. In this session, we’ll explore the most common and dangerous flaws: SQL Injection, Deserialization Injection, and Logging Injection.

We’ll explain how these vulnerabilities work, why they’re so risky, and how to fix them through examples.

You'll leave with practical tips for safeguarding your applications, including best practices for SQL query parameterization, secure deserialization techniques, the importance of sanitizing logs, and how to use tooling to prevent these flaws more easily.

Audience Takeaways:

Deep understanding of SQL Injection, Deserialization Injection, and Logging Injection.
Practical code examples and fixes to secure your applications.
Insights into real-world case studies of major security breaches.
Tooling that will help us to commit safe code.

Infrastructure as Code Done Right: Discovering and Fixing Common Missteps

Infrastructure as Code (IaC) brings tremendous benefits to modern cloud management. From Docker to Terraform, AWS CloudFormation, Kubernetes, or Azure, several SKDs and file formats allow our applications to be built, deployed, and run in complex Cloud systems.

But it’s easy to introduce errors with misconfigurations and security lapses if you’re not careful.

In this talk, we’ll tackle some of the most common pitfalls in IaC and show you how to steer clear of them. We’ll look at typical issues like insecure settings, hardcoded credentials, and inefficient resource use—and dive into practical fixes for each. Using real-world examples, we’ll break down why these mistakes happen and how you can correct them with straightforward best practices.

We’ll also cover some handy tools that can secure and improve your IaC process, from automated code quality checks to security scans that fit right into your CI/CD pipeline. By the end, you’ll have a solid grasp of how to make your infrastructure code more reliable and secure, along with the tools to keep it that way.

This session is perfect for developers and DevOps professionals looking to improve their skills. It will help you refine your IaC approach and avoid common traps.

Devnexus 2025 Sessionize Event Upcoming

March 2025 Atlanta, Georgia, United States

Developer Week '24 Sessionize Event

July 2024 Nürnberg, Germany

KCDC 2024 Sessionize Event

June 2024 Kansas City, Missouri, United States

JNation 2024 Sessionize Event

June 2024 Coimbra, Portugal

JCON EUROPE 2024 Sessionize Event

May 2024 Köln, Germany

Devnexus 2024 Sessionize Event

April 2024 Atlanta, Georgia, United States

JCON WORLD 2023 Sessionize Event

November 2023

WeAreDevelopers Live 2023 (Season 6) Sessionize Event

September 2023

Jonathan Vila

Developer Advocate at Sonar

Barcelona, Spain

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top