Jump to navigation Jump to content
© Mapbox, © OpenStreetMap

Speaker

Warren Parad

Warren Parad

CTO and Security Specialist @ Authress

Winterthur, Switzerland

Actions

Warren focuses on technology that helps teams automate security implementations. He has journeyed through many different locations, technologies, and industries from Health Care IT in Wisconsin to E-Commerce in Switzerland. Now, he is an AppSec specialist and CTO at Authress, building tools for seamless security, authentication, and authorization. He enjoys solving product and technical challenges, and ultimately delivering long term business impact by eliminating common obstacles.

Links

Area of Expertise

  • Consumer Goods & Services
  • Information & Communications Technology
  • Manufacturing & Industrial Materials
  • Media & Information
  • Transports & Logistics

Topics

  • DevOps
  • Software Development
  • Cloud & DevOps
  • Web Development
  • DevOps & Automation
  • DevSecOps
  • Software Deveopment
  • Agile software development
  • Leadership development
  • DevOps Transformation
  • Development
  • DevOpsCulture
  • DevOps Skills
  • Migrating to devops
  • devops security
  • SecDevOps
  • DevOps Enterprises
  • AWS DevOps
  • DevOps Journey
  • DevOps Agile Methodology & Culture
  • Software
  • Software Architecture
  • Software Engineering
  • Open Source Software
  • Business Software
  • Enterprise Software
  • software architecure
  • Lean Software Development
  • Software Engineering Management
  • Software Practices
  • Distributed Software Systems
  • Software Craftsmanship
  • Software testing
  • Software Design
  • Backend Development
  • Architecture
  • Android Development
  • architecture patterns
  • Microservice Architecture
  • AWS Architecture
  • Data Architecture
  • Cloud Architecture
  • Agile Architecture
  • Enterprise Architecture
  • Solution Architecture
  • cloud-native software architecture
  • Cloud Security Architecture
  • Event Driven Architecture
  • information architecture
  • AWS Architect
  • Architecture of Web-Apps
  • Application Architecture
  • Security
  • Security & Compliance
  • IT Security
  • AWS Security
  • api security
  • web security
  • Data Security
  • Cloud Security
  • cyber security
  • Cloud App Security
  • Enterprise Security
  • Information Security
  • Application Security
  • Cyber Security basics
  • cybersecurity awareness
  • Authentication
  • identity & authentication
  • Authorization
  • Identity and Access Management security and Least-privilege Authorization
  • Tech Community
  • Programming
  • Programming Languages
  • object oriented programming
  • Extreme Programming
  • Programming Languages & Frameworks
  • Pair Programming
  • Programming Languages and Tools
  • General Programming
  • functional programming
  • aws
  • AWS Lambda
  • AWS Serverless
  • AWS CDK
  • AWS Databases
  • AWS S3
  • AWS Data & AI
  • AWS Lamda
  • AWS Cost Optimization
  • AWS Data
  • AWS RDS
  • AWS ECS
  • AWS Step Functions
  • AWS IoT
  • AWS DynamoDB
  • AWS Amplify
  • Cloud
  • Cloud Computing
  • Cloud & Infrastructure
  • Cloud Computing on the Azure Platform
  • Cloud Native
  • Google Cloud
  • Cloud Technology
  • Cloud Computig
  • Cloud strategy
  • Cloud Automation
  • Cloud Native Infrastructure
  • Cloud Containers and Infrastructure
  • Google Cloud Paltform
  • Database and Cloud
  • Cloud ML Platforms
  • agile
  • Agile Leadership
  • Agile Coaching
  • Agile Methodologies
  • Agile Mindset
  • Agile Transformation
  • Scrum & Agile
  • Agile Management
  • agile culture
  • Agile Lean
  • Agile and Culture
  • Scaled Agile
  • Agile People
  • Agile Retrospectives
  • Lean / Agile Leadership
  • Agile Testing
  • Agile Engineering
  • Agile Games
  • microservices
  • Local Microservices
  • Monoliths
  • Monitoring & Observability
  • Monitoring
  • Monitoring and Observability
  • Application Monitoring
  • Runtime Monitoring
  • Error Monitoring
  • Measure & Monitor
  • Cloud Monitoring
  • Monitoring and Evaluation
  • Network Monitoring
  • IT Infrastructure Monitoring
  • network security
  • Azure Security
  • Kubernetes Security
  • Rust
  • rustlang
  • Zero-Trust Security
  • zero trust
  • Rust Ecosystem
  • Rust Development
  • Rust Community
  • Rust Adoption
  • Rust Programming Language
  • Rust Training
  • switzerland
  • AWS
  • AWS Community Day
  • AWS Community Days
  • User Group

Sessions

Why You Should Check Your Secrets Into Git

In any software, platform, or application that involves more than one user, you will have to deal with authentication. And when you have more than one service or microservices, you will have to deal with credentials. If getting credentials right can be a headache, then keeping them secure during events such as–production deployments, engineer offboarding, and credentials rotation–is a nightmare.

With the goal of limiting the impact of security incidents, credentials management is a critical component of any organization’s security posture. Here, we’ll explore the different ways to manage your secrets by discussing the advantages and best practices for keeping your sensitive information, private keys, and service clients secure.

Practical approaches to testing microservices

Testing was easy when we were working with monolithic services. We would check out all the code, start the required processes, and then run all the tests. However, when migrating to microservices, it might seem like a daunting task. How do we run and test even just a couple of services at the same time, let alone testing all the services simultaneously?

The usual options are not great, and they force us to build extensive tooling just to enable our traditional practices. Instead, I'll share what is rarely discussed–how to build and test effectively when building microservices. In this talk, we'll review the requirements for test methodologies and how they can be applied to microservices. The goal is to learn how to transition to effective testing practices in a microservices world.

How to design, architect, and build the perfect public REST API

What’s most important is to be able to support a service with as few resources as possible? It's optimizing for running with as few people as necessary and yet still scalable to a high number of requests. When you build the perfect REST API, it enables quick changes, feature improvements, unmatched support, as well as a service that just doesn’t go down. The more reliable, extensible, and maintainable a service is, the easier it is to own, so you can focus on providing the best product possible. Common and critical components of doing so are:
* Reliability
* Extensibility
* Maintainability

In this talk, we'll go over how we've built highly reliable services, that serve millions of requests per day. How to do this in a way that you can support it with your team without a call center and without dedicating a organization to managing your service. And most importantly, I'll include some of the lessons we learned along the way, so that hopefully no one else will fall into the same traps that we've encountered.

By attending you'll learn how to do the same for your teams' and organizations' services and products. Your API designs will solve your core service needs so that you can focus on getting the features and innovations completed rather than being stuck in maintenance and support of your services.

Adding security to architecture one step at a time

It’s easy to make security an all or nothing approach. Often the focus is on engineering a perfect product vision or speed of delivery. Attention to security is left to the end and by that time it is too late.

Here, I’ll review the opportunities to inject a security mindset into your team, what components to use and when to use them, as well as how to grow a security culture as your company and product evolves.

Technical talk level: Intermediate

Events

Codemotion Madrid 2023 Sessionize Event

May 2023 Madrid, Spain

Warren Parad

CTO and Security Specialist @ Authress

Winterthur, Switzerland

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top