Melissa McKay
Head of Developer Relations, JFrog
Actions
Melissa is passionate about Java, DevOps and Continuous Delivery. She is currently Head of Developer Relations for JFrog, the CNCF Governing Board, the Technical Steering Committee of OPEA, and is a Co-Chair of the Interoperability SIG of the Continuous Delivery Foundation. She loves sharing her knowledge with the community as a developer, speaker, and author. Melissa has been recognized as a Java Champion and Docker Captain, is an international speaker at numerous events including KubeCon and DockerCon, and is co-author of the O'Reilly title, DevOps Tools for Java Developers.
Links
A Gentle Introduction to AI & ML For Developers
Artificial Intelligence and Machine Learning is not all that new. But it might be new to you! And the explosion of tools and resources around AI/ML that have flooded the ecosystem might be overwhelming.
Many developer conferences have introduced an AI/ML track, and without a basic foundation, it might be difficult to absorb a lot of this type of content. Given the rapid developments over the past few years, even if AI/ML development isn’t part of your “day” job, you may be surprised at how much you already use it — and how much you could benefit if you knew how to harness it.
This session is intended to encourage those late to the game to finally see what all the fuss is about. You will get an introduction to the main concepts, get caught up on the lingo, and will leave empowered to tinker on your own with publicly available models and data sets.
Navigating a Mined World: Repositories, Registries and Artifact Storages
As binary and package managers continue to gain popularity, the need for secure code repositories that can be trusted is becoming increasingly important. With the ever-growing threat of cyber attacks, malicious packages in these repositories are becoming a significant concern. This security research-backed presentation aims to showcase the current state of binary and package manager repositories, including an overview of the most commonly used ones. We will examine the risk level associated with using these repos, including potential risks associated with user authentication, malicious packages, and software supply chain attacks. We will also explore how vulnerabilities can be mitigated, such as by implementing secure coding practices, proper authentication and authorization strategies, and standard security protocols. In the end, you'll gain a better understanding of the importance of securing code repositories, and how you can prevent vulnerabilities known to target your supply chain.
Hackers Know What You Have Running In Production. Do You?
Over 80 percent of code used in enterprise applications comes from open source dependencies, but how much attention goes towards the provenance and security of those packages? And in the pursuit of accelerated software development, developers are leveraging more and more libraries, so how do you prevent defects or malicious payloads from compromising the security of your production applications?
Securing the software supply chain is a huge undertaking for the entire tech industry. As an example of how to address production security issues, we'll explore a practical use case of applying blue/green deployments to mitigate a security issue.
How Do I Build Thee? Let Me Count The Ways!
Docker, Podman/Buildah, Kaniko, Buildpacks, Maven and Gradle plugins, and of course, manually. What are the pros and cons of these tools and how do they actually work? Leave this session with a better understanding of container image building and the expertise to confidently choose a build method for your environment.
Building cloud native applications generally implies the development of container images for portability, scalability, and ease of use in Kubernetes and other orchestration environments. Understanding the mechanics of your build is essential to protecting against inefficiency and unexpected behavior from your application running in production. Build tools are meant to ease your workload, and learning how to use them appropriately in your CI/CD process is arguably even more important than your tool choice. This session will walk through the different methods and tools available for building your container images and how to integrate them successfully into your software development pipeline.
End-to-End DevOps for Containerized Applications with JFrog and Docker
Are you struggling with how to setup your development and deployment pipelines? Are you following best practices in managing your containerized applications and all of the artifacts that compose your software releases?
Join Melissa McKay w/ JFrog and Peter McKee w/ Docker to learn how to manage and secure software releases and build CI/CD pipelines with the JFrog DevOps Platform and Docker. Utilize DevOps best practices to manage your containerized apps through your development, testing, and production environments. Learn how to automate and orchestrate with JFrog Pipelines and Docker Compose and how to distribute immutable releases across the globe from code to edge. During this session, Melissa and Peter will demonstrate DevOps methods and tools that will ease your software’s traversal through your entire development lifecycle and highlight solutions for common pain points.
Don’t Expect Developers to be Security Experts!
Developers are not security experts! Why not? And should they be?
When it comes to "shift-left" security, there is only a subset of prevention and mitigation strategies that make sense to put on a developer’s plate. Even then, assuming all devs are already equipped and educated to handle this additional workload is unreasonable.
During this session, Melissa will define common security related terms and lingo; share typical places to shore up applications when it comes to resolving dependencies, packaging, and deploying your cloud-native applications; and share insights on how to evaluate the plethora of scanning tools available today. Learn about existing programs and education offered through the Linux Foundation and the OpenSSF. And finally, leave this session knowing how to integrate a measure of security that makes sense in your existing development processes without exhausting your developers.
30 min duration
General, Developer Security Intro
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are Trying to Solve?
The Software Delivery Lifecycle can be complicated. Depending on your architecture and your particular deployment environment, your team may find themselves cobbling together numerous different tools and frameworks. Each tool comes with its own history and is intended to solve a subset of issues. Sometimes teams find creative ways to use tools outside of their original purpose. The end goal is to ease the process, secure, deliver, monitor, reflect, make changes, and repeat. It’s a cycle of continuous improvement. This session will discuss some of the common problems that teams face during the development and delivery process, and how organizations come together to address them. You will leave empowered and with a call to action to become part of the solution.
30 - 45 mins
General, DevOps
Taming the Wild World of Open Source
Are you consuming open source responsibly?
Knowing the benefits AND risks associated with open source are crucial to its responsible use and successful integration. Many developers are happy to consume open source libraries because they fit a need at the time and most of us do not wish to reinvent the wheel. Instead, we want to spend our efforts on innovation and the creation of NEW software! But when deciding to utilize open source, there are essential things for developers to know -- first and foremost: not all open source is created equal!
In this session, Melissa will dive into the details of how the sausage is made so that you can better evaluate projects you choose to consume. You will be able to assess licensing concerns, security concerns, as well as maintainability. If you are interested in contributing to open source, you will learn contributor's first steps and what is behind the founding and maintenance of open source projects. Melissa will also share what she has learned as a member of the Continuous Delivery Foundation (CDF) Technical Oversight Committee (TOC) about the valuable role that foundations take in ensuring the wellbeing of open source projects. She will give you the background and insight you need to discern a healthy versus unhealthy project culture.
Leave this session empowered with the information you need to make an argument for (or against!) utilizing open source libraries in your current development project.
DevOps for Java Shops
DevOps is great, if you have the people, processes and tools to support it. In this session I’ll highlight the easiest ways for Java developers to work with their IT organizations and partners to deliver their code to the cloud, including the best ways to reliably make updates and maintain production cloud code.
The focus is on real-world examples using Linux command line tools, open source tools including Jenkins, and other free SDKs and tools available on GitHub.
Dear Developers, Zero CVEs != Secure Software
Mindlessly playing whack-a-mole using CVE databases is an inefficient use of a developer's time. And even if you manage to proudly proclaim zero vulnerabilities, it is still possible that your software isn't as secure as you want it to be. The security of your software goes beyond simple compliance.
During this session, Melissa will explain and provide real-world examples of the various types of security issues outside of CVEs that developers must be aware of and must consider when developing and deploying cloud-native apps.
She will share insights on how to evaluate the plethora of scanning tools available today, and about existing programs and education offered through the Linux Foundation, the OpenSSF, and OWASP. Most importantly, leave this session knowing how to make the most out of "shift-left" security and how to shore up your applications when it comes to resolving dependencies, packaging, and deploying your cloud-native applications.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top