© Mapbox, © OpenStreetMap

Speaker

Warren Parad

Warren Parad

CTO and Security Specialist @ Authress

Winterthur, Switzerland

Actions

Warren focuses on technology that helps teams automate security implementations. He has journeyed through many different locations, technologies, and industries from Health Care IT in Wisconsin to E-Commerce in Switzerland. Now, he is an AppSec specialist and CTO at Authress, building tools for seamless security, authentication, and authorization. He enjoys solving product and technical challenges, and ultimately delivering long term business impact by eliminating common obstacles.

Area of Expertise

  • Consumer Goods & Services
  • Information & Communications Technology
  • Manufacturing & Industrial Materials
  • Media & Information
  • Transports & Logistics

Topics

  • DevOps
  • Software Development
  • Cloud & DevOps
  • Web Development
  • DevOps & Automation
  • DevSecOps
  • Software Deveopment
  • Agile software development
  • Leadership development
  • DevOps Transformation
  • Development
  • DevOpsCulture
  • DevOps Skills
  • Migrating to devops
  • devops security
  • SecDevOps
  • DevOps Enterprises
  • AWS DevOps
  • DevOps Journey
  • DevOps Agile Methodology & Culture
  • Software
  • Software Architecture
  • Software Engineering
  • Open Source Software
  • Business Software
  • Enterprise Software
  • software architecure
  • Lean Software Development
  • Software Engineering Management
  • Software Practices
  • Distributed Software Systems
  • Software Craftsmanship
  • Software testing
  • Software Design
  • Backend Development
  • Architecture
  • Android Development
  • architecture patterns
  • Microservice Architecture
  • AWS Architecture
  • Data Architecture
  • Cloud Architecture
  • Agile Architecture
  • Enterprise Architecture
  • Solution Architecture
  • cloud-native software architecture
  • Cloud Security Architecture
  • Event Driven Architecture
  • information architecture
  • AWS Architect
  • Architecture of Web-Apps
  • Application Architecture
  • Security
  • Security & Compliance
  • IT Security
  • AWS Security
  • api security
  • web security
  • Data Security
  • Cloud Security
  • cyber security
  • Cloud App Security
  • Enterprise Security
  • Information Security
  • Application Security
  • Cyber Security basics
  • cybersecurity awareness
  • Authentication
  • identity & authentication
  • Authorization
  • Identity and Access Management security and Least-privilege Authorization
  • Tech Community
  • aws
  • AWS Lambda
  • AWS Serverless
  • AWS CDK
  • AWS Databases
  • AWS S3
  • AWS Lamda
  • AWS Step Functions
  • AWS IoT
  • AWS DynamoDB
  • AWS Amplify
  • Cloud
  • Cloud Computing
  • Cloud & Infrastructure
  • Cloud Computing on the Azure Platform
  • Cloud Native
  • Google Cloud
  • Cloud Technology
  • Cloud Computig
  • Cloud strategy
  • Cloud Automation
  • Cloud Native Infrastructure
  • Cloud Containers and Infrastructure
  • Google Cloud Paltform
  • Database and Cloud
  • Agile Engineering
  • microservices
  • Local Microservices
  • Monoliths
  • Monitoring & Observability
  • Monitoring
  • Monitoring and Observability
  • Application Monitoring
  • Runtime Monitoring
  • Error Monitoring
  • Measure & Monitor
  • Cloud Monitoring
  • Monitoring and Evaluation
  • Network Monitoring
  • IT Infrastructure Monitoring
  • network security
  • Rust
  • rustlang
  • Zero-Trust Security
  • zero trust
  • Rust Ecosystem
  • Rust Development
  • Rust Community
  • Rust Adoption
  • Rust Programming Language
  • Rust Training
  • switzerland
  • AWS
  • AWS Community Day
  • AWS Community Days

Meeting Impossible SLAs: How we made our uptime 99.999%

Can a service even have a 99.999% uptime guarantee? It's easy to promise, but actually delivering on that is another challenge entirely. Testing, CI/CD, reviews--strategies to achieve three nines are no longer sufficient when components become critical.

Running critical components requires a completely different mindset when the required uptime is five nines, and there are many reasons to require high uptimes--regulatory needs, critical application dependencies, or in some situations your service could offer life-saving responsibilities. In these circumstances, it becomes critical to get this right, and never let your service go down.

In this talk, I'll dive into if five nines is even possible, a full review of the challenges we encountered building our mission critical service Authress, and iterate through the key trade-offs in elevating the reliability of our services.

Key Takeaways:
* The core components of a highly reliable solution
* Lessons learned in the process
* Understanding service reliability in the business context
* Architecture strategies to increase the reliability

What the @#!? is Auth

Authentication remains a complicated yet critical aspect of application security. In this talk, I'll demystify the core concepts, diving into access tokens, refresh tokens, and browser security mechanisms like WebAuthn for hardware-based authentication. Additionally, I'll explore techniques such as session handling, revocation strategies, silent authentication for improved security UX, and the usage scopes for controlling access granularity.

Finally, I'll delve into JSON Web Tokens (JWTs), the use of EdDSA signatures for enhanced security and performance, as well as the common pitfalls that seasoned pro and newcomer alike struggle with when it comes to auth. By the conclusion, you'll be equipped with some additional knowledge to navigate the complexities of auth and build secure, user-friendly systems.

Stopping all the attacks before they start: Building a security first API

Embrace a security-first mindset in API development to proactively prevent malicious attacks. Learn how to integrate fundamental security building blocks, authenticate requests, validate access control, implement secure communication channels, identify potentially dangerous actors, and dynamically prevent attacks as they happen.

Here, I’ll walk through building resilient APIs and platforms that thwart attacks from the beginning, protecting your users and your data. Join me as I introduce how to make security an integral part of our development process.

Meeting Impossible SLAs: How we made our uptime 99.999%

Can a service even have a 99.999% uptime guarantee? It's easy to promise, but actually delivering on that is another challenge entirely. Testing, CI/CD, reviews--strategies to achieve three nines are no longer sufficient.

Running critical components requires a completely different mindset when the required uptime is five nines, and there are many reasons to require high uptimes--regulatory needs, global application operations, or in some situations your service could offer life-saving responsibilities. In these circumstances, it becomes critical to get this right, and never let your service go down.

In this talk, I'll dive into if five nines is even possible, a full review of the challenges we encountered building our mission critical service Authress, and iterate through the key trade-offs in elevating the reliability of our services.

Key Takeaways:
* The core components of a highly reliable solution
* Lessons learned in the process
* Understanding service reliability in the business context
* Architecture strategies to increase the reliability

Why You Should Check Your Secrets Into Git

In any software, platform, or application that involves more than one user, you will have to deal with authentication. And when you have more than one service or microservices, you will have to deal with credentials. If getting credentials right can be a headache, then keeping them secure during events such as–production deployments, engineer offboarding, and credentials rotation–is a nightmare.

With the goal of limiting the impact of security incidents, credentials management is a critical component of any organization’s security posture. Here, we’ll explore the different ways to manage your secrets by discussing the advantages and best practices for keeping your sensitive information, private keys, and service clients secure.

Adding security to architecture one step at a time

It’s easy to make security an all or nothing approach. Often the focus is on engineering a perfect product vision or speed of delivery. Attention to security is left to the end and by that time it is too late.

Here, I’ll review the opportunities to inject a security mindset into your team, what components to use and when to use them, as well as how to grow a security culture as your company and product evolves.

Technical talk level: Intermediate

Incontro DevOps Italia (IDI) 2025 Sessionize Event

March 2025 Bologna, Italy

CloudX 2024 Sessionize Event

November 2024 Santa Clara, California, United States

Developer Week '24 Sessionize Event

July 2024 Nürnberg, Germany

Codemotion Madrid 2023 Sessionize Event

May 2023 Madrid, Spain

Warren Parad

CTO and Security Specialist @ Authress

Winterthur, Switzerland

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top