

Stephan Kraft
Make the complex easy
Vienna, Austria
Actions
Stephan has joined Red Hat 2019 as a Business Development Professional in Austria. He started his professional career as a Software Developer and later moved into Technical Sales, Solution Sales and Management. He was working for several companies in and around IT, particularly IBM and SWIFT. After a personal time-out, he has spent 3 years at universities as a program director of a Master and MBA program around Digital Transformation. This has lead him smoothly to Red Hat where he enjoys engaging with customers and partners around technical and cultural transformations.
Area of Expertise
Topics
Software Supply Chain Security - for the rest of us!
In IT, we are passionate about creating great applications that serves a purpose. The more value, the better.
But there is a little dirty truth: The world is not Disneyland. There are individuals, teams, countries that want to infiltrate your software supply chain. And they are smart, so smart to find the weakest link.
This talk is about concepts like Software Bill of Material (SBOM), attestations, keyless signing of artifacts, enterprise policies and how to seamlessly add them to your build and delivery pipeline. In order to let you great appications - securely.
Git Signing, keyless - what else?
There is almost no debate that source code signing is an important best practice for securing the software supply chain. But managing keys is cumbersome, associating keys with actual human or workload identities is cumbersome, rotating and revoking keys is just annoying. Sigstore - an open-source project under the Open Source Security Foundation (OpenSSF) provides a robust solution to these problems.
In this talk, we explore the history of git signing, the challenges and demo a viable solution based on Open Source technology.
For Java Developer who don't believe in Santa Claus and 100% reliable services
Santa Claus does not exist. Nor do 100% reliable services. Both facts are hard to accept, but just a matter of reality. The good news: There are fault tolerance frameworks that can soften the bad consequences of delayed response time, unavailability and other temporary issues. And the even better news: They are relatively easy to apply to existing applications - if you know what you are doing.
In this session, we will demonstrate how Java applications can be amended to be fault tolerant - in classical environments, with Kubernetes and with Istio Service Mesh.
Experience Open Culture & DevOps at first hand
"DevOps requires a cultural change." In a nutshell: Being more open, more collaborative, more customer-driven. But what does this mean in practice? What can organizations concretely do to trigger and progress this "cultural change"?
In fact, there is no secret sauce, no on-off-switch to push. It's many little steps and practices that do the trick. This workshop provides an overview about the cornerstones of these cultural shift and let participants experience some of the key practices i that are fitting nicely into DevOps development project.
Become your CISOs best friend and still write great code
As a software developer you want 3 things: you want to code, you want to develop great software... and finally, you want to code great software. Of course, you do understand that security is important as neither the world, nor the internet is a safe place. But if you follow all the guidelines of your CISO, you are handcuffed. The good news: There is a way to write great code AND become your CISOs almost best friend.
Enter OpenID Connect, oAuth, API Management and Keycloak.
In this live demo, we will show how an entirely unprotected web application can be secured against internal and external threats. The live demo consists of a role play of the bad (hacker) guy and the good guy who comes to the rescue of the developer. An epic battle. And a spoiler: The good will win.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top