CI/CD Pipeline Security

Recently I was tasked with building a CI/CD pipeline for a new project from scratch. This was great fun of course, but there were a huge amount of security concerns that I had to deal with along the way.

In this session, we'll cover the essential steps in building secure pipelines - from making sure that keys and other secrets aren't leaked in plain text in logs, ensuring nobody tampers with your Docker images, to evergreen dependency management. There's a surprising depth to this! You may be familiar with terms such as "principle of least privilege" - we'll go into how we can apply this when building, testing and deploying code through our delivery pipeline.

You will come out of this session with a better understanding of DevSecOps, gaining practical tips that you can use when building out your delivery pipelines back at work.

In Retrospect

Many of us are used to working in Agile teams. But as time goes on, do you feel like retrospectives have become boring, uninspiring and less effective? Does it seem like the team are just going through the motions, but the process is failing you? Let's start from the ground up and fix this for good.

This interactive session will take a look into the surprising cross-disciplinary history behind retrospectives, leaving you with a deep understanding of why we perform them and how feedback is the "engine" of Agile development. You'll learn how to engage your team in fun retrospectives and you'll leave with a renewed sense of focus to make Agile work for your team.

Testing that the code does what the code does

When unit testing goes wrong, what can we do to make it right?

So many tests, doing so little. Every time you want to make a change, even just to refactor the code, there's loads of test failures! You hear yourself cry out "these tests are taking too long to fix". You're wading through treacle. Why is a test failing because a variable was renamed?!

Let's go back to basics. We'll discuss what unit tests are meant to achieve and develop Object-Oriented Design techniques to get out of this hole. We'll use these techniques to learn how to build maintainable tests that empower rather than hinder change. We'll focus on observable outcomes. We'll blur the lines with integration testing as we learn what a 'unit' is. Mocks, stubs, spies, fakes, doubles - we'll learn where they should and shouldn't be used.

You will take away from this thought-provoking session new perspectives on testing and design principles, learning how the two go hand-in-hand, rather than competing against each other.

This is both a testing and OOP-design-heavy talk.

Originally developed for and delivered at NE-RPC. See this in action at https://samhogy.co.uk/talks/testing-that-the-code-does-what-the-code-does.html