Shift Left on Non-Functionals: Continuous Validation with Azure

Non-functional requirements like performance, scalability, and resiliency are often treated as an afterthought, leading to late-stage firefighting and costly rework. This session shows how to build them in from the start through continuous validation.

You’ll learn how to use Azure’s testing and monitoring ecosystem to proactively surface issues, including automated load tests, chaos experiments, telemetry-driven insights, and failure mode analysis. With practical demos and pipeline examples, you’ll see how to detect weak spots early, validate system behavior under stress, and prevent small issues from becoming production incidents.

If you want to shift from reactive fixes to engineering reliability and performance into your software every day, this talk gives you the mindset and toolkit to do it.

From Noise to Signal: Building Meaningful SLIs in Azure

Most systems today are over-instrumented and under-observed.
Discover how to build meaningful Service Level Indicators (SLIs) that reflect real user experience, not just system metrics. This session shows how to instrument SLIs with OpenTelemetry, connect them to Azure’s Health Model, and turn raw telemetry into actionable reliability signals that drive SLOs, error budgets, and deployment gates.

Designed for developers who want to own reliability from day one and move beyond noisy dashboards to observability that truly matters.

From "Trust Me" to "Verify Me"

Modern software supply chain attacks don’t start in your code, they start in your build pipeline. Even with linters, tests, and security scans in place, you can still ship or deploy compromised software if you can’t prove what was built, how it was built, and that it hasn’t been tampered with.

In this session, we’ll explore how provenance and attestation turn “trust me” into verifiable evidence. Using the SLSA framework as a foundation, you’ll see how producers can generate cryptographically signed build provenance using GitHub Actions and how consumers can verify artifacts before they are allowed into production.

Beyond tooling, we’ll look at how verification fits into real CI/CD workflows, how to enforce trust as a deployment gate, and how to make software supply chain security an actionable, enforceable practice.

Live demos will show practical steps you can apply immediately in your own pipelines.

Provenance and Attestation for Secure Build Pipelines

.NET supply chain: Protecting against hidden threats

Modern software relies heavily on third-party components like open-source libraries and NuGet packages, which can introduce security risks. If you're not carefully managing these dependencies, you could expose your application to vulnerabilities or even malicious code, just like what happened with Log4J.

In this session, we'll cover best practices for securing your .NET projects, including using tools like Trivy and NuGet’s security features to scan and monitor dependencies. We’ll also discuss supply chain observability, how to track vulnerabilities and ensure the integrity of your components.

Beyond tools, we'll touch on team policies for approving third-party libraries, setting security gates in CI/CD pipelines, and fostering a security-first mindset in your organization. Live demos will show practical steps you can implement right away to protect your applications.