Diego Rodriguez Varela

Kubernetes offers us a universe of possibilities... but also many blind spots. In this talk, we will explore how to evolve from manual observation of a cluster to a complete and unified view of its entire ecosystem. We will talk about metrics, traces, and logs, how to centralize information, detect anomalous behaviour, and respond automatically to changes in the environment. We will also look to the future: how artificial intelligence can help us understand what is happening in real time within the cluster and anticipate problems before they become incidents. And, of course, we will address the most critical aspect: security and administration. Because observing everything is useless if we do not protect what we see. A session for those looking to move from “what happened?” to “I knew it.”

As developers, we want to protect our products and avoid security issues in production: data leaks, access control errors, incorrect design, poorly implemented headers, etc. Within a Shift-Left Security strategy, the aim is to verify any of our developments as soon as possible. In other words: we want to discover the problem as soon as possible, avoiding as far as possible that it reaches production. With this goal in mind, you are probably already using static and dynamic code analysis tools in some of your pipelines, but... what if we could review our work from the moment we are developing it? Or when we make a local commit? What if we also checked it in the early stages of a pipeline? This talk proposes combining the different tools provided by GitHub Copilot and GitHub Advance Security to analyze our code from a practical point of view, always with the aim of obtaining feedback as soon as possible. Impact We showed how to use these tools in-depth with security in mind.

In this session, we will cover the key aspects of Copilot, while testing the new preview features from a practical point of view. The goal is to help people see its potential with tips on how to use it more efficiently. Key points: 1. Available models 2. Privacy considerations 3. Commands you need to know how to use /fix /explain /doc @workspace @vscode @terminal 4. Using Copilot inline, with comments and chat mode. 5. Basic code refactoring + documentation. 6. Using configurations in settings and with markdown files to establish our code guidelines, security, etc. 7. Agents 8. Conclusions Q&A Impact I helped developers and managers see the potential of GitHub Copilot for their developer teams, from zero to an advanced level.

The era of traditional passwords is coming to an end, and passwordless authentication is emerging as the next frontier in online security. In this talk, we will explore WebAuthn technology and how to implement it in applications to achieve secure and easy-to-use passwordless authentication. # Talk objectives: * History of security. * Public key cryptography. * WebAuthn registration flow. * Protocols and platform. * Quantum and post-quantum cryptography. * Demo and review. * Frequently asked questions. Impact: Using .NET and Identity Server I helped developers understand and incorporate the new authentication system called WebAuthn (aka Passkeys). The goal was to demonstrate how they can integrate WebAuthn to create more secure systems with public/private key infrastructure. Relegating password-based authentication to the background.