Stephan Kraft
Make the complex easy
Vienna, Austria
Actions
Stephan has joined Red Hat 2019 as a Business Development Professional in Austria. He started his professional career as a Software Developer and later moved into Technical Sales, Solution Sales and Management. He was working for several companies in and around IT, particularly IBM and SWIFT. After a personal time-out, he has spent 3 years at universities as a program director of a Master and MBA program around Digital Transformation. This has lead him smoothly to Red Hat where he enjoys engaging with customers and partners around technical and cultural transformations.
Badges
Area of Expertise
Topics
Running VMs on K8s - sounds strange, but it works! en
Containers are the presence and the future. But Virtual Machines (VM) are still everywhere and will remain around most probably for some decade(s). Kube-virt is a open-source project that allows to run and manage VMs on K8s, KVM is the proven hypervisor to base VMs on. In this workshop you gain hands-on experience how to create, run and manage VMs, migrate them from vSphere and deal with common networking and storage requirements.
Become your CISOs best friend and still write great code en
What can you do in 5 minutes? Brush your teeth, listen to your favourite song? Or bootstrapping a Quarkus application, securing it with RBAC and Multi-factor authentication and deploying it in a container to a Kubernetes cluster. In this session, I'll prove this in a live demo.
Software Supply Chain Security - for the rest of us! en
In IT, we are passionate about creating great applications that serves a purpose. The more value, the better.
But there is a little dirty truth: The world is not Disneyland. There are individuals, teams, countries that want to infiltrate your software supply chain. And they are smart, so smart to find the weakest link.
This talk is about concepts like Software Bill of Material (SBOM), attestations, keyless signing of artifacts, enterprise policies and how to seamlessly add them to your build and delivery pipeline. In order to let you great appications - securely.
Git Signing, keyless - what else? en
There is almost no debate that source code signing is an important best practice for securing the software supply chain. But managing keys is cumbersome, associating keys with actual human or workload identities is cumbersome, rotating and revoking keys is just annoying. Sigstore - an open-source project under the Open Source Security Foundation (OpenSSF) provides a robust solution to these problems.
In this talk, we explore the history of git signing, the challenges and demo a viable solution based on Open Source technology.
For Java Developer who don't believe in Santa Claus and 100% reliable services en
Santa Claus does not exist. Nor do 100% reliable services. Both facts are hard to accept, but just a matter of reality. The good news: There are fault tolerance frameworks that can soften the bad consequences of delayed response time, unavailability and other temporary issues. And the even better news: They are relatively easy to apply to existing applications - if you know what you are doing.
In this session, we will demonstrate how Java applications can be amended to be fault tolerant - in classical environments, with Kubernetes and with Istio Service Mesh.
Experience Open Culture & DevOps at first hand en
"DevOps requires a cultural change." In a nutshell: Being more open, more collaborative, more customer-driven. But what does this mean in practice? What can organizations concretely do to trigger and progress this "cultural change"?
In fact, there is no secret sauce, no on-off-switch to push. It's many little steps and practices that do the trick. This workshop provides an overview about the cornerstones of these cultural shift and let participants experience some of the key practices i that are fitting nicely into DevOps development project.
Become your CISOs best friend and still write great code en
As a software developer you want 3 things: you want to code, you want to develop great software... and finally, you want to code great software. Of course, you do understand that security is important as neither the world, nor the internet is a safe place. But if you follow all the guidelines of your CISO, you are handcuffed. The good news: There is a way to write great code AND become your CISOs almost best friend.
Enter OpenID Connect, oAuth, API Management and Keycloak.
In this live demo, we will show how an entirely unprotected web application can be secured against internal and external threats. The live demo consists of a role play of the bad (hacker) guy and the good guy who comes to the rescue of the developer. An epic battle. And a spoiler: The good will win.
Open Culture & DevOps de
DevOps bedingt einen kulturellen Wandel. Also mehr Offenheit, mehr Kollaboration, mehr Kundenzentriertheit. Aber wie lässt sich das in der Praxis umsetzen?
Keine Schlüssel, kein Chaos: Keyless Signaturen mit Sigstore im DevSecOps Flow de
Keyless signing mit Sigstore ermöglicht friktionsfreie Security in bestehende DevSecOps Flows einzubinden.
Securing Quarkus Apps with OIDC and Keycloak en
As a software developer you want 3 things: you want to code, you want to develop great software... and finally, you want to code great software. Of course, you do understand that security is important as neither the world, nor the internet is a safe place. But if you follow all the guidelines of your CISO, you are handcuffed. The good news: There is a way to write great code AND become your CISOs almost best friend. Enter OpenID Connect, oAuth, API Management and Keycloak. In this live demo, we will show how an entirely unprotected web application can be secured against internal and external threats.
Keyless, identity-based signing of Software Artifacts w/ sigstore and Keycloak en
There is almost no debate that digital signing is an important best practice for securing the software supply chain, e.g container images, git commits and any software artifact that is involved in the SDLC. But managing keys is cumbersome, associating keys with actual human or workload identities is cumbersome, rotating and revoking keys is just annoying. Sigstore - an open-source project under the Open Source Security Foundation (OpenSSF) provides a robust solution to these problems. And it works nicely with keycloak as an OIDC provider. In this talk, we explore the history of digital signing, the challenges and demo a viable solution based on Open Source technology.
Secure Software Supply Chain – für NIS 2 und weil es Sinn macht de
Die Software Supply Chain ist ein beliebtes Angriffsziel für Hacker - weil sie oftmals von Firmen vernachlässigt wird. Regulatorien wie DORA, NIS-2 und CRA rücken dieses Thema aber mehr und mehr in den Fokus.
In diesem Talk stelle ich Konzepte und Technologien vor, die fast non-inversiv in bestehende CI/CD Prozesse inkludiert werden können - und damit die Sicherheit massiv erhöhen.
Der motivierte IT-Mitarbeiter und seine natürlichen Feinde de
In dem Talk werden ethnologische Entwicklungen bis hin zur heutigen IT und der Digitalisierung gezogen.
Der digitalisierte Homo sampiens und seine neuen, natürlichen Freunde de
Welche Charakteristika aus unserer ethnologischen Vergangenheit beeinflussen uns heute im digitalen Zeitalter oder stehen uns sogar im Weg? In diesem Vortrag werfen wir einen unterhaltsamen Blick zurück und entwerfen Strategien, wie der moderne Homo sapiens auch im digitalen Zeitalter "funktionieren" kann.
WeAreDevelopers World Congress 2023 Sessionize Event
WeAreDevelopers World Congress 2022 Sessionize Event
Red Hat Forum
My session was "Patterns and Anti-Patterns for the Digital Age". It is about the evolution of humanity and how this brought us to the digital age.
Conference for eDemocracy and Open Government (CeDEM)
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top