PurePerformance

Michiel de Lepper, a seasoned Security and Compliance expert with experience at McAfee and Dynatrace, shares his insights on compliance's vital role in IT security. He redefines compliance from being boring to a dynamic necessity, integrated into modern tech practices. Michiel emphasizes using data to enhance security and discusses the collaboration between SecOps and DevOps for better outcomes. With a humorous nod to nostalgia, he reveals how compliance can be both exciting and essential, debunking myths surrounding mandatory training and audits.

Ben Rometsch, Co-founder of Flagsmith and a leading voice in feature flagging, shares his insights on the evolution and future of this essential development practice. He dives into the concept of Feature Flag-Driven Development and the significance of accurate record-keeping for compliance. The conversation highlights the role of the CNCF project OpenFeature in shaping best practices and discusses how AI could revolutionize feature flag management. Ben also touches on the challenges faced by smaller teams and the necessity of effective implementation.

Bernd Greifeneder, Founder and CTO of Dynatrace, has been a trailblazer in observability for over 20 years. He shares insights on the shift from reactive to preventive operations in observability, stressing the key role of AI. Greifeneder discusses the vital convergence of observability and security, especially with new regulations like DORA. He also highlights the importance of automation for sustainability and the evolving landscape of AIOps, aiming to help organizations maximize efficiency while addressing environmental concerns.

Vishnu Acharya, Head of Network Infrastructure EMEA and Platform Engineering at Uber, shares his remarkable journey from eBay and Yahoo to a decade at Uber. He discusses scaling the company to 4,000 engineers and the crucial role of Service Level Objectives (SLOs) in ensuring platform reliability. Insights on navigating complex partnerships, optimizing cloud provider relationships, and the importance of understanding end-user journeys are highlighted. Discover how observability enhances innovation and capacity in Uber's fast-paced tech landscape.

For the past 10 years Anton has been working at Booking.com - one of the leading digital travel companies based out of Amsterdam. The journey that started as System Administrator has led Anton to be an Engineering Manager for Site Reliability where over the past 3 years he led the rollout and adoption of OpenTelemetry as the standard for getting observability into new cloud native deployments.Tune in and learn how Anton saw R&D grow from 300 to 2000, why they replaced their home-grown Perl-based Observability Framework with OpenTelemetry, how they tackle adoption challenges and how they extend and contribute back to the open source communityLinks we discussed:Anton's LinkedIn Profile: https://www.linkedin.com/in/antontimofieiev/Observability & SRE Summit: https://www.iqpc.com/events-observability-sre-summit/speakers/anton-timofieievOpenTelemetry: https://opentelemetry.io/

Most services are moving to SaaS - whether it’s email, collaboration, customer relations, or finance. But not everyone can go to SaaS - or at least that’s the initial reaction when navigating certain industries’ rules and regulations.Milan Steskal - who worked in healthcare for many years - is now helping organizations ask the right questions and find the best solutions as they evaluate their options to move their observability data to SaaS. Tune in and learn about the questions to ask vendors and your internal security, privacy, and compliance teams. Milan also walks us through the capabilities SaaS vendors such as Dynatrace have put in place to protect data sent to the cloud so that it stays safe and only accessible to those needing access.Links discussed today:Milans LinkedIn Page: https://www.linkedin.com/in/milansteskal/Dynatrace Trust Center: https://www.dynatrace.com/company/trust-center/ Blogs on Trust: https://www.dynatrace.com/news/tag/trust-center/

Andreas Taranetz is a software engineer and lecturer at the University of Vienna. He creates a lot of educational content around Web Performance Optimization. For the past seven years, he has also operated Wahlkabine, Austria's top website, for matching one's political views with the parties that are up for election.This episode was an amazing flashback - reminding us about the time when Steve Souders - the "godfather" of Web Performance Optimization - educated web developers about optimizing CSS, JavaScript, and server-side roundtrips.Tune in and learn why Web Performance is still such an important topic, how it relates to sustainability, why you should cache on every layer, and what the Static Site Paradox really is! Links we discussed in the episode:Andreas on LinkedIn: https://www.linkedin.com/in/andreas-taranetz/Personal Website: https://andreas.taranetz.com/We Are Developers Talk: https://www.youtube.com/live/KRemC82gsBkWahlkabine: https://wahlkabine.at/Steve Souders: https://stevesouders.com/

Authentication (validating who you claim to be) and Authorization (enforcing what you are allowed to do) are critical in modern software development. While authentication seems to be a solved problem, modern software development faces many challenges with secure, fast, and resilient authorization mechanisms. To learn more about those challenges, we invited Alex Olivier, Co-Founder and CPO at Cerbos, an Open Source Scalable Authorization Solution. Alex shared insights on attribute-based vs. role-based access Control, the difference between stateful and stateless authorization implementations, why Broken Access Control is in the OWASP Top 10 Security Vulnerabilities, and how to observe the authorization solution for performance, security, and auditing purposes.Links we discussed during the episode:Alex's LinkedIn: https://www.linkedin.com/in/alexolivier/Cerbos on GitHub: https://github.com/cerbos/cerbosOWASP Broken Access Control: https://owasp.org/www-community/Broken_Access_Control

Open Source is the Best Thing that happened to IT"! Powerful words from Marcio Lena who has been using and contributing back to open source for the past 20+ years. Besides being a vivid advocate for open source, Marcio also knows the concerns of large enterprises when picking open source projects.Tune in and follow our discussion about how to identify a healthy open-source project, how to balance between vendor and community lock-in, the power of open standards such as OpenTelemetry, open source business models as well as that contributing to open source is not limited to code but includes documentation, education and advocacy as well!Links we discussed:Marcio's LinkedIn Page: https://www.linkedin.com/in/marcio-lena/CNCF DevStats: https://devstats.cncf.io/Linux Foundation Events: https://events.linuxfoundation.org/CNCF Ambassadors: https://www.cncf.io/people/ambassadors/

DORA - the EU's Digital Operational Resiliency Act - will take effect in January of 2025 and is currently top of mind for IT Leaders across all financial service institutions that operate in the European Union. But what is DORA really? Why is this important? How can institutions meet the DORA requirements? What is the role of observability, automation and AI in all of this?To answer all those and more questions we invited Kay Young, Sr Principal Product Manager at Dynatrace, who has been working with organizations around the globe that have been tasked to implement regulations such as DORA, GDPR, FedRAMP or others.In our conversation we also touch base on the third-party risk management as well as resiliency testing and incident reporting.Resources we discussed:Kay's LinkedIn Profile: https://www.linkedin.com/in/karlien-young-4a156730/What is DORA blog: https://www.dynatrace.com/news/blog/what-is-dora/Taming DORA compliance: https://www.dynatrace.com/news/blog/taming-dora-compliance-with-ai-observability-and-security/Blog on Dynatrace's DORA compliance journey: https://www.dynatrace.com/news/blog/the-dynatrace-journey-toward-dora-compliance/Beyond DORA compliance: https://www.dynatrace.com/news/blog/dora-how-dynatrace-helps-the-financial-sector-stay-resilient/