In an increasingly interconnected world, effective communication of cybersecurity risks to stakeholders has become paramount. However, the language and terminology often used in this field can be confusing or inaccessible to those outside the domain. This talk explores the challenges of conveying cybersecurity risks to diverse audiences and presents a novel approach to risk communication that transcends technical jargon and incorporates reputational impact.
Modern HTTP APIs run the contemporary tech world. As a result, every organization is now required to produce and consume APIs in some way. The need for your organization to productively design, build, deploy and operate RESTful APIs is higher than it has ever been for you to stay competitive. Developing the processes and tools to design and deliver hundreds of APIs within your organization is fraught with manual checkpoints and inconsistencies. This friction makes standard API Governance slow, uncollaborative, and non-iterative. To succeed in building modern APIs in the enterprise, you will need both an effective and productive API Governance strategy to support your API Design First processes.
In this talk, we will dive into the principal areas of the API Design lifecycle as we discuss how to succeed with API Governance using non-traditional approaches including collaboration, stewardship, and automation. Real-world examples from SPS Commerce, off-the-shelf tooling, and custom solutions will drive our journey through API Standards, Design, Development, and Publishing to demonstrate highly productive API Design First capabilities to rally your teams around.
OK, not *really* from my bathroom, but come to this session where I'll show you how GitHub CodeSpaces works and how it empowers developers to code wherever they want to!
First you need identity, then you need authenticity, you probably want your messages delivered as written and in order. Maybe you’d prefer only you and your recipient can read or derive information from the communiqué, and neither of you can (easily) override this privacy. Perhaps you’d like parties to be unable to track or profile you based on interaction. Let’s explore identity, authenticity, privacy and security in messaging. After all; “On the internet nobody knows you’re a dog”
By now we've all heard all the new buzzwords in the AI world: ChatGPT, OpenAI, Dall-E, Codex, etc. But what do they actually mean for you as a developer or for your organization? In this session I will try to demystify the tech behind buzzwords and explain what each of them mean and how to use them.
In this interactive session, we'll look at the differences in improvements that can be made by those on a team, and the environment in which those people have to work! You'll be moving around in this interactive & participatory activity as we expose the impacts & start a conversation!
Systems Thinking requires us to look holistically to understand the linkages and interactions between the elements and components that make up a defined system. The Ball Point Game is an interactive & participatory activity, which will expose the impacts & start the conversation! If you've heard the terms "common cause", "special cause", "theory of constraints", "local optimization", or "system optimization", but always wondered exactly what those are, and how they impact your work, this is the session for you! Once we start looking at ways to deliver value to our customers through the Systems Thinking lens, an entirely new world of possibilities will be exposed, giving us the opportunity to make a meaningful impact in what we deliver, and more importantly, how we deliver!
Does your boss keep telling you to contribute to the team by presenting on a topic? Have you thought about public speaking but you’re a bit nervous and not sure where to start? Come join Frode in this session where he talks about all the things he’s learned about speaking over the past 15 years.
Still designing in the dark ages with interface design docs and outdated documentation. Come see how SwaggerHub and API Management can enable you to utilize API First Design to create live documentation that allows the designers and stakeholders to design software together for those intended to use it. Lastly, we will look at the code generation features of APIM/Azure Functions and Swagger Hub which will aid with the API First methodology.
If you're a web app developer, you've hopefully heard of the OWASP Top 10: the consensus of the most critical risks facing web applications every year. Did you know there's a whole standard written by the same organization? The ASVS can be an incredible tool for identifying weak points not just in the web interface itself, but also in the procedures and practices that surround the product.
This session will help you determine why and how you can apply the standard, point out how the results get used to improve broader security posture, and deep dive on a few controls that seem to constantly trip users up.
Are you ready for the AI revolution? This presentation will explore the current state of Artificial Intelligence (AI) and whether it’s truly ready for the mainstream. We’ll cover everything from the basics of AI to its potential impact on industries, job roles, and society as a whole. Whether you’re an AI skeptic or enthusiast, this is your chance to join the conversation and share your thoughts on the future of AI in the world. Come ready to learn and have some fun!
GraphQL is an exciting technology which challenges the dominance of REST for building APIs. It shifts the work of selecting fields and applying filters from the back end to the front end.
In this talk we'll look at Hasura: a server which makes building GraphQL APIs super simple. We'll also look at how we can integrate .NET code with Hasura both using .NET to query Hasura and using .NET to run complex workflows which Hasura isn't designed for.
Azure Integration Services is a cloud offering of services for mission-critical integrations. It provides a serverless compute experience that drives consistency and efficiency when connecting applications, data, and processes across your enterprise. Azure Integration Services brings together several Azure services, such as Logic Apps, API Management, Service Bus, Event Grid, and Azure Functions. These services enable you to build integrated solutions that can run anywhere, connect to hundreds of services, expose your APIs securely, and handle complex event-driven scenarios.
By the end of this session, you will have a better understanding of how to use Azure Integration Services to build modern and scalable integration solutions. You will also learn how to take advantage of the latest features and updates in Azure Integration Services to improve your productivity and operational performance.
For years we have been sold the benefits of microservices and in some circles monolith has become a dirty word. Like anything in software development, it depends. At small to medium scales, you can reap the benefits of monolith and microservice architectures while avoiding their drawbacks by building a modular monolith. Refactoring an existing monolith to a modular monolith involves employing principles of both continuous architecture and evolutionary architecture. This talk will provide an overview of those principles and how they were applied to an existing monolith (including code samples) to support splitting some functionality into a separate sidekick application.
The development world is changing and there is an increased focus on low code. How does a traditional pro code developer fit into this world? This talk explores how to leverage the knowledge, skills, and patterns of a pro code developer in the low code environment of Azure Logic Apps.
Within this talk we will explore the following areas:
We will have discussions and demos that show parallels between source code that pro code developers would write and how that translates into a low code environment. Some specific examples are
Have you ever looked at the Web Content Accessibility Guidelines (WCAG)? Like most standards documents, they’re dry and not very clear, so let’s make them more accessible! I’ll strip the WCAG docs down to their basics and introduce various tools you can use to check the accessibility of your website or app. Whether it’s an audit tool such as aXe or WAVE, a colour contrast tool built into your browser, or a colour-blindness simulator, you’ll learn how to use these tools, interpret the results, and create an accessibility checklist and a plan for fixing common issues.
Attackers don't play by the rules. Attackers will do whatever they can to disrupt, steal, or manipulate applications and their data. The STRIDE framework is a key tool in analyzing our applications, understanding the threats these attackers pose, and building countermeasures commensurate with risk. Combine that with an operationalized Secure SDLC approach and your organization can implement the security controls needed to keep your data safe. The path to Secure Design is there, but you need to take the steps. Join me in this talk to spread awareness about effectively integrating threat modelling into your application design process.
This talk will demonstrate how to use Pulumi, an IaC platform, to provision Azure infrastructure and deploy applications into a Kubernetes cluster.
Introducing agile to a business or team can be a challenging task, whether you are a manager or a team member advocating for it. It's crucial to understand the benefits that agile can bring to your organization or team, and the concerns and needs of those who are new to agile. This talk aims to provide attendees with valuable insights such as what is at the foundation of agile, the potential points of resistance and fears that team members may have when transitioning to agile, how to adapt to the new agile context and the importance of creating an environment that encourages learning, experimentation, and iteration. By covering these key points, this talk aims to provide a comprehensive overview of introducing and embracing agile practices successfully.
In today's competitive landscape, cost optimization is crucial for software systems. But how do you incorporate cost considerations into your architectural decisions? Join our technical talk on using cost as an architectural fitness function and discover practical guidelines and best practices for building cost-effective software systems. From understanding different types of costs to conducting cost-benefit analysis, this talk will equip you with the knowledge and tools to optimize costs at every stage of the software development lifecycle. Don’t miss this chance to learn how to build software that is not only functional but also cost-efficient, and drive efficiency by design in your projects!
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then generates and executes tests that exercise the service through its REST API. Let’s discover what this tool can do for you in your AppSec and DevSecOps programs.
Neo had to take the red pill to hack the Matrix. But as solution architects, you don't need any pills to hack IT governance! In this presentation, we'll explore how you can drive change in IT governance as a solution architect, even without direct authority. We'll show you how to leverage your ninja solution architecture skills to build consensus, foster collaboration, and achieve meaningful change across the organization. So, put down the pills, and join us for a fun and informative session!
With web authentication (WebAuthn) we move away from sharing a secret with the service (aka password), and instead use public key cryptography to prove we hold a (private) key without ever disclosing that key to the other party. There are several ways to enjoy this new feature, and it’s a huge step. As we wait for services to move to the new paradigm, using a password manager that generates large, random, complex passwords, for each account, at least means the damage of a shared secret leak is limited to one service. But, how do you secure your password manager?
In the ever-evolving landscape of Agile methodologies, Scrum is often compared to Kanban and there’s a misconception that Scrum and Kanban are competitors. Instead of pitting these methodologies against each other, the session advocates for a different approach, highlighting their shared Agile values. Attendees will learn how Scrum and Kanban can coexist.
This presentation delves into the top 10 criticisms of Scrum, unraveling misconceptions and offering insightful perspectives. From concerns about role rigidity and rigid time boxes to the perceived burden of the Sprint Backlog, this session will examine these critiques and provide an alternative perspective.
There are about a million ways for Code Reviews to become a waste of time or, worse, a toxic pit. It doesn’t take much to keep them on the rails, but this presentation walks through small changes that have a huge impact on code reviews. Whether this is ad-hoc asking for help, reviewing a pull request, or a formal code review, this presentation provides mechanisms to keep the meetings productive and people happy.
Many applications were not designed for the cloud. They were not designed for the scale that cloud workloads encounter. And many of the developers and architects on our teams have no experience with cloud deployments or cloud-scale workloads. In this talk, we'll discuss why event-sourcing and CQRS are the patterns that you should add to your toolbox when building applications that need to be resilient, reliable, and performant. We'll have a sample application demonstrating this in C#/.NET Core.
Unlock the real power of Cypress E2E testing by setting up automated runs with your pipeline. In this session we'll take a look at how to create a new Azure Pipeline and have it execute the Cypress tests in your project. We will start with nothing more than a basic Angular application with Cypress installed and end up with a pipeline very similar to what we have in our current environment.
During the talk we'll quickly explore how to separate configuration for different environments, how to publish test results to DevOps that your testers won't hate, capturing screenshots/videos and attaching them to test runs (including some gotcha's), and we'll touch on running tests in parallel and automated scheduling.
GitHub needs no introduction as the world's premier source code repository. However, over the past several years GitHub has transformed well beyond a great tool for managing source code. It now provides a compelling one-stop-shop of capabilities as part of its platform that enables you to cut loose your disparate jungle of other tooling. Being aware of and learning how to effectively use this Swiss Army Knife of GitHub capabilities can substantially reduce your overall development costs while also reducing your team's cognitive overhead.
In this session, we will explore the GitHub toolchain that will enhance your developer productivity and enable your teams to rally around a central engineering platform. We will cover effective pull request lifecycles paired with protected branch configurations including new GitHub beta features for merge queues and rulesets, security vulnerability detection with Dependabot, code scanning with GitHub Advanced Security, and AI-assisted coding with GitHub Copilot. Awareness of these features in this growing ecosystem is only the first half of the battle.
Join me, as we journey to understand how to effectively implement and adopt these features in the organization and avoid inconsistency, churn, and toil!
Dive into the world of confidential computing as we explore this cutting-edge technology that’s revolutionizing secure data processing in the cloud. Learn how confidential computing isolates sensitive data within hardware-protected enclaves, ensuring privacy even from cloud providers and administrators. Understand the key concepts, such as Trusted Execution Environments (TEEs) and their role in safeguarding data during processing. Discover real-world applications and benefits that confidential computing offers across various industries. Join us as we unlock the potential of confidential computing and redefine the future of data privacy and security in the cloud.
Azure Logic Apps is a powerful platform for building automated workflows that can run anywhere. It offers a low code experience that enables you to create complex integrations using a graphical designer and a rich set of connectors. But what if you need to extend your workflows with custom logic that is not available out of the box? How can you leverage your existing .NET Framework skills and investments to enhance your Logic Apps solutions?
In this session, you will learn about the new .NET Framework custom code feature for Azure Logic Apps (Standard), which allows you to call compiled .NET Framework code from a built-in action in your workflow. You will see how this feature provides a no-cliffs extensibility capability that gives you the flexibility and control to solve the toughest integration problems.
By the end of this session, you will have a better understanding of how to use low code and pro code together to create powerful and scalable integration solutions using Azure Logic Apps. You will also learn how to take advantage of the latest features and updates in Logic Apps (Standard) to improve your productivity and performance.
Be honest: how many times have you needed to have a talk with someone, but have avoided it because you know it will be awful. Or what about those times when a discussion takes a sharp left turn and suddenly everyone’s shouting at each other, and then someone storms out and now nothing is going to get decided. Conversations don’t have to be this way! There are skills that all of us can learn to have more meaningful, more productive, more harmonious conversations, at work and at home.
We interact with others on a regular basis, and help each other all the time. We rarely take time to analyze how we're interacting with others. In this session We'll go through an activity to see how we interact with others, and become aware of some of our own approaches. This activity allows us to become more aware of how we interact with others, and expose us to other ways we might want to consider incorporating in our approach. And while it's titled "how do you lead", it's not just for leaders, or people in management positions; this is for anyone that interacts with other human beings as part of their job, or as part of their personal life.
In this talk we’ll introduce Postgres as a standard SQL database and talk about its feature parity with other database solutions like SQL Server. We’ll then delve into some of the other, more advanced, things postgres can do to simply your stack. Using a messaging solution? Postgres can do that. Doing complex GIS operations? Postgres can do that. Need event storage? Postgres can do that. Full text indexing? Postgres can do that. Document database? Postgres can do that. Need your dog de-wormed? Okay, that Postgres can’t do.
Coming out of this talk you should be excited to get into Postgres as an alternative to whatever database you’re using right now.
Application lifecycle management (ALM) is a critical piece of the puzzle to delivery enterprise solutions. How do we implement ALM with Azure Logic Apps? This talk explores how the planning, development, manual testing, regression testing, code reviews, security, deployment and maintenance of Azure Logic Apps.
Within this talk, we will explore the following areas:
We'll delve into the critical aspects of integrating security practices into the development and operations lifecycle. With the growing complexity and frequency of cyber threats, organizations must adopt a proactive approach to application security. This talk highlights six key practices that can significantly enhance the security posture of applications within a DevSecOps environment. From implementing automated vulnerability scanning to fostering a culture of security awareness, attendees will gain actionable insights to mitigate risks, fortify defenses, and ensure the resilience of their applications in an ever-evolving threat landscape.
In this demo filled session, you will discover how to make the most of CosmosDB. We'll use a fictional coffee shop chain as an example to demonstrate how you can use CosmosDB's various features and integrations to create a central hub for all your data. We'll show you how to ingest data using Azure Functions, utilize the Change Feed, enable searching with Azure Search, and perform near real-time analytics with Azure Synapse and Power BI. All of this is achievable with just a few lines of code, regardless of your experience as a database administrator.
Before Oct 6th
After Oct 6th
Below are answers to the most commonly asked questions about attending the conference. If you have a question not covered, please send us an email by clicking the "Email a Question" button below!
We're on the second floor of the Delta in their conference area. If you enter through the front doors on the main floor, take the escalator to the second floor and take a left - you can't miss us (we'll have signage up).
We'll have the session schedule available the first week of October.
We take a "Vote with your feet" approach to the sessions. Attend whatever sessions you like, no pre-registration is required. Finding a session isn't what you thought it was? No problem, feel free to go to a different session!
Prairie Dev Con is meant to be a live, in person event. As such we don't record sessions for later viewing, but check with our speakers to see if their talks have been recorded elsewhere.
Yes! Both days will feature hot breakfast & lunch buffets and two coffee breaks.
Please ensure that you've filled out our supplemental registration form found here where you can specify any food requirements. We'll ensure there are acceptable food options for you at the conference.
Please ensure that you've filled out our supplemental registration form found here where you can specify any accessibility needs. We'll ensure to accomodate as best as possible.
The venue has informed us that parking in the parkade connected to the Delta is free again this year!
There is no set dress code for the conference, wear what you're comfortable in keeping in mind our Code of Conduct.
The conference organizer, D'Arcy Lussier, will be available throughout the conference. His contact information while at the conference will be provided on Day 1 and you're free to contact him regarding any concern you have.
All conference participants (attendees, speakers, sponsors and volunteers) at our conference are required to agree with the following code of conduct. Organizers will enforce this code throughout the event. We expect cooperation from all participants to help ensure a safe environment for everybody.
Prairie Dev Con is dedicated to providing a harassment-free conference experience for everyone, regardless of gender, gender identity and expression, age, sexual orientation, disability, physical appearance, body size, race, ethnicity, religion (or lack thereof), or technology choices. We do not tolerate harassment of conference participants in any form.
Additionally sexual language and imagery is not appropriate for any conference venue, including talks, workshops, vendor areas, social events, and social media/online ineractions.
Conference participants violating these rules may be sanctioned or expelled from the conference without a refund at the discretion of the conference organizers.