calendar

June 4-5, 2024

DevOpsDays: 
Let’s Talk Security

DevOpsDays Ukraine is a part of the global DevOpsDays community. This June, we will have two evenings of online talks from speakers, іgnites from community and Open Space Discussions.

What is DevOpsDays?

The term ‘DevOps’ was popularized thanks to a series of ‘DevOpsDays’ conferences.
The first edition of this Conference was held in Belgium in 2009. Since then, DevOpsDays conferences have spread across the globe.
3 digits we are inspired by
6
events
behind
5000
People in community
€110,000

raised for Ukrainian
foundations

stars
Presentations
Meet the best DevOps experts from all over the world to talk about DevOps culture.
Do you have a story to share? Call for Papers
stars
Ignites talks
Valuable portion of knowledge, lasting for 5-10 minutes about DevOps.
Do you have a story to share? Call for Papers
stars
Open Space
Vote on interesting topics and create discussion groups on the most important.
Do you have a story to share? Call for Papers
The term ‘DevOps’ was popularized thanks to a series of ‘DevOpsDays’ conferences.
The first edition of this Conference was held in Belgium in 2009. Since then, DevOpsDays conferences have spread across the globe.
3 digits we are inspired by
6
events behind
5000
participants
€110,000

raised for Ukrainian
foundations

stars
Presentations
Meet the best DevOps experts from all over the world to talk about DevOps culture.
Do you have a story to share? Call for Papers
stars
Ignites talks

Valuable portion of knowledge, lasting for 5-10 minutes about DevOps.

Do you have a story to share? Call for Papers
stars
Open Space
Vote on interesting topics and create discussion groups on the most important.
Do you have a story to share? Call for Papers
2
nights
12+
speakers 
discussions
1,500
attendees

Organizing committee

Marzhan
Mykola Marzhan
Director of Engineering
The organizer of OSDN Conference centered on free and open-source software
Mykolaichenko
Oleg Mykolaichenko
Head of DevOps
logo
The author of Telegram channel about technologies, solutions and architectural issues
Rochniak
Yurii Rochniak
Lead Site Reliability Engineer
logo
The founder of one of the largest Telegram channels about #DevOps
Marzhan
Mykola Marzhan
Director of Engineering
The organizer of OSDN Conference centered on free and open-source software
Mykolaichenko
Oleg Mykolaichenko
Head of DevOps
logo
The author of Telegram channel about technologies, solutions and architectural issues
Rochniak
Yurii Rochniak
Lead Site Reliability Engineer
logo
The founder of one of the largest Telegram channels about #DevOps

Speakers

Voitova
Anastasiia Voitova

Head of Security

Engineering

Anastasiia is a cybersecurity engineer and manager with a wide technological background spanning software development to security engineering. Her focus is data security, cryptography and applied security.

 

She shares a lot about “boring cryptography”, encryption, data security, zero knowledge and zero trust systems, software security architecture.

 

She speaks at international conferences, contributes to OWASP guidelines, conducts workshops and training for developers, and co-organizes cybersec events.

Tymoshyk
Nazar Tymoshyk
CERT UA State Communications Engineer

Nazar Tymoshyk is a Ph.D. and a seasoned cybersecurity professional with over 22 years of experience in enterprise security. He specializes in cyber defense, particularly in incident response and post-breach recovery, as well as modern security architecture, blue and purple teaming.

 

As CERT UA member, he specialized in incident response, intrusion research, and threat hunting, tracking adversary behaviors and intrusions by various APTs.

 

Previously, he founded a successful startup – UnderDefense, where he built a new generation MDR/SOC as a service platform to automate incident response, thereby minimizing Mean Time to Recovery (MTTR).

Brygidyn
Michał Brygidyn

Chief Cloud Security

Architect

Michal, Chief Cloud Security Architect, AWS Ambassador, and White Hat Security Researcher, brings a wealth of knowledge and experience to the table. As a seasoned conference speaker, Michal has a knack for transforming complex security concepts into engaging and informative sessions. With a career dedicated to cloud security and ethical hacking, Michal offers unique insights into the world of cybersecurity, making his presentations not only informative but also immensely relevant in today’s digital landscape.
DeogunD
Daniel Deogun
Cybersecurity Consultant, Chief Academy Officer
Daniel Deogun is author of the book Secure by Design and has been in the industry for 20+ years. He strongly believes security is a quality aspect and is passionate about how to drive security in software using craftsmanship. Throughout his career, Daniel has worked in a wide range of domains – from patient critical software in medtech to enterprise applications in the cloud to high performance software in compute intensive environments. Combining this with his passion for tech has made him a frequent speaker at conferences all over the world. Daniel is currently Chief Academy Officer at Omegapoint.
Rotem Refael
Director of Engineering and open-source

Rotem is Director of Engineering and open-source at ARMO, where she contributes ans manages the Kubescape open source project, as a staunch and passionate supporter of making open source security better and more accessible for everyone. Rotem is an engineering veteran, with experience as a software developer, architect, product manager, with a focus on the security discipline. She has many years of experience in all aspects of Kubernetes engineering from deployment across various environments, through monitoring — with specific expertise in working with Prometheus and its open source suite — as well as bringing deep know-how in all aspects of IaC, driving best practices and methods wherever she goes.

Petro Vavulin
Head of Cloud Products & Services Department NBS
Petro is a team lead of the Cloud Products and Services Department at Kyivstar with more than 10 years of experience in the IT industry and 5+ years as a trainer for Microsoft cloud infrastructure and security solutions. He has a technical and scientific background as a postgraduate at NTUU KPI in Computer-Integrated Technological Processes and Production, after which he moved on to various corporate services such as artificial intelligence, IT infrastructure, information security, and others. He usually speaks about enterprise architecture, cloud services, information security, cutting-edge technologies like AI/ML/IoT, and possible ways to apply them in real-world scenarios.
Brian Tarbox
Principal Solutions Architect
Brian has been working with AWS for eleven years, holds multiple certifications and is an AWS Hero. He has 10 US Patents and is a frequent speaker. He has worked on projects ranging from aerospace, baggage handling, medical and financial services. Lately he has been focused on giving-back via programs such as AWS New Voices which give speaker training to junior developers.
Volodymyr Vasylenko
Senior Cloud Security Engineer
Volodymyr is a Senior Cloud Security Engineer for TEMABIT. He graduated from the Kyiv State University of Telecommunication in 2017 with a Ph.D. He has 10 years of experience in the Tech field. Security is his passion. He’s excited about taking part in the improvement of security for any project. He has also been teaching at the university for 10 years.
Andriy Bilous

CEO

 

Andriy is founder of Uitware, social responsible DevOps consulting company. He has over 15 years of experience working in different IT companies as Developer, DevOps, TeamLead and now CEO. He believes that DevOps culture, Leadership, Motivation and Responsibilities could boost organization. Knowledge sharing and Public speaking are few of his favourite hobbies.
Hila Fish

DevOps Tech Lead

 

Hila Fish is a DevOps Tech Lead, with over 15 years of experience in the tech industry.
AWS Community Builder, Hashicorp Ambassador, and an International public speaker who believes the DevOps culture is what drives a company to perform at its best and talks about that and other DevOps/Infrastructure topics at conferences.
She carries the vision to enhance and drive business success by taking care of its infrastructure.

 

In her spare time, Hila is a lead singer of a cover band, giving back to the community by co-organizing DevOps-related conferences (Inc. “DevOpsDays TLV” & “StatsCraft” monitoring-focused event), providing mentorship and managing programs in “Baot” (The largest technical women’s community in Israel), and enjoys sharing her passion and knowledge wherever she can, including across diverse technology communities, initiatives and social media.

Simon Shkilevich

DevOps Team Leader

 

Simon Shkilevich is a DevOps Team Leader at Codebashing, a leading security training platform. Passionate about cloud technologies and security, he focuses on implementing cutting-edge DevOps solutions and the latest technologies. Simon is also a frequent speaker at global industry events, including DevOps Days TLV and many more.
Tanya Janca
Head of Education and Community

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the Head of Education and Community at Semgrep, sharing content and training that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty-five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an award-winning public speaker & active blogger, and has delivered hundreds of talks on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.

 

Advisor: Nord VPN, Katilyst

 

Faculty: IANs Research

 

Founder: We Hack Purple, OWASP DevSlop, #CyberMentoringMonday, WoSEC

Daniel Maher

Developer Relations

 

Den is a veteran of the original dotcom bubble and has since worked in a variety of environments from start-ups to global corporations, including stints as a founder, university lecturer, and a day labourer.

 

Today, Dan is a co-chair of the DevOpsDays conference series, and Head of Developer Relations at Scaleway.

Agenda

GMT+3
Time
#Talk
Speaker
Topic

6pm

#Talk
DANIEL MAHER
Welcome speech
Even a seemingly innocent piece of code can contain several vulnerabilities that might take down an entire system. We all know how to deal with SQL-injection and cross-site scripting, but why is this not enough? On the latest OWASP Top 10 list, insecure design has emerged – a strong indication we need a new approach. In this session, I will explore several vulnerabilities, mitigate them, and show how to achive defence in depth using interlocking patterns of Secure by Design.

6:10pm

#Talk
Daniel Deogun
Achieving Defence in Depth using Secure by Design
Even a seemingly innocent piece of code can contain several vulnerabilities that might take down an entire system. We all know how to deal with SQL-injection and cross-site scripting, but why is this not enough? On the latest OWASP Top 10 list, insecure design has emerged – a strong indication we need a new approach. In this session, I will explore several vulnerabilities, mitigate them, and show how to achive defence in depth using interlocking patterns of Secure by Design.

6:50pm

#Talk
Nazar Tymoshyk
Sun Tzu, DevOps, and the complexities of cyber warfare in Ukrainian realities

How, what, and why? Russian hackers vs Ukrainian IT companies.

 

During the presentation, Nazar will share optimal strategies and tactics for preparing to defend against cyberattacks. After this talk, you will understand step-by-step how to act and how to protect yourself from cyberattacks.

7:30pm

#Ignite
Hila Fish
Extension Unlocked: Granular Secret (Service) Dist. with HashiCorp Vault
HashiCorp Vault offers a robust solution for secrets segregation through App roles. But what happens when a centralized agent (like Airflow) handles requests for multiple clients? Should it retain all the App roles? Should this logic even reside on the client side? Enter Secret-Service—a Python service that embodies centralized logic for seamless Vault secrets management. Clients approach with an ownership tag, and Secret Service takes care of the rest. Join us to explore the logic defined within the Secret-Service and discover how you can leverage it for a streamlined, centralized approach to distributing & segregating Vault secrets.

7:40pm

#Ignite

Petro Vavulin

Information Security in the Cloud: What Should Be Done Now?
We will take a closer look at common mistakes related to information security across the enterprise IT infrastructure. We will briefly discuss common architectural approaches and what can be used as “low-hanging” fruit in cloud and hybrid infrastructure security.

7:50pm

#Ignite
Brian Tarbox
The Strongest Defense against S3 Ransomware
How bad would it be if a Bad Actor got hold of all your data? Would you pay a ransom? Would you update your resume? How about considering an absolutely unbreakable option? Object Lock can be that option but it has some sharp edges. Come learn how to protect your data without endangering your wallet..
8:10pm
#Talk
Rotem Refael
Context-Based Security: What Your Cloud Native Apps Really Need

We’re all way past understanding why security is a critical piece in our product stacks – from the code, APIs, to the workloads, and runtime. The next step was choosing the scanners and tooling, to ensure a guarded fortress, however all of these come with their own chaos of CVEs, compounding cognitive load. This is where context matters in cloud native security.We’ll dive into how you even get started with what matters, from prioritization, daring to remediate – without breaking prod, how to apply better component security, anomaly detection & how eBPF is simplifying this on all the layers.Come armed with tough questions and come away with good practices for ensuring your security choices are always in context.


Security is becoming de facto in cloud native stacks, however the output of the common tooling requires a lot of context for these complex stacks, and can lead to production breakage and other issues if not properly handled. These security experts will take a look at a different perspective when it comes to security, unpack the still challenging parts, and provide real tips to help you overcome the hard parts and achieve greater security and guardrails for your organization.

Time
#Talk
Speaker
Topic

6pm

#Talk
DANIEL MAHER
Welcome speech
Even a seemingly innocent piece of code can contain several vulnerabilities that might take down an entire system. We all know how to deal with SQL-injection and cross-site scripting, but why is this not enough? On the latest OWASP Top 10 list, insecure design has emerged – a strong indication we need a new approach. In this session, I will explore several vulnerabilities, mitigate them, and show how to achive defence in depth using interlocking patterns of Secure by Design.

6:10pm

#Talk
Michał Brygidyn

Cloud Hacking Scenarios

You’ve been hearing a lot about security best practices, but you’re not convinced they can really make a difference? Do you think your resources are safe only because nobody would notice your random IP address?

 

In this presentation, I will share real-life attack scenarios to convince you that misconfigurations can have dire consequences.

 

Attendees will gain a comprehensive understanding of real-world examples, complete with screenshots.

I will discuss multiple different attack vectors to demonstrate the diverse range of threats organizations face in today’s digital landscape.

 

As an AWS Ambassador, I will focus on AWS-specific scenarios, but it’s crucial to note that similar risks apply to all major public clouds. Don’t miss this talk on cloud security and how to protect your organization’s valuable assets.

6:50pm

#Talk
Simon Shkilevich
Exploring key OWASP Web Application security Risks and effective ways to minimize them
In his talk, Simon will be discussing the OWASP Top Web Application Security Risks, a comprehensive guide that highlights the most critical security threats to web applications. He will provide insights into each risk, offer recommendations for mitigation, and emphasize the importance of proactive security measures in protecting web applications from potential vulnerabilities.

7:30pm

#Ignite
Andriy Bilous
Generative AI. Why do we need to care about Security

As generative AI technologies become increasingly integrated into our daily lives and business operations, understanding and mitigating their security risks is very important.

 

In this talk we will observe vulnerabilities introduced by AI systems, potential data privacy breaches, prompt injections, data poisoning, deep fakes, and others.


We will take a look into proactive security measures and the role of regulatory frameworks in maintaining safety in the age of generative AI

7:50pm

#Ignite

Volodymyr Vasylenko
Implementing Organizational-Level Vulnerability Management with AWS Services
He’ll show you how you can implement and automate processing vulnerabilities and notifications in AWS Organization, based on AWS services

8:10pm

#Talk
Anastasiia Vixentael
TBA
He’ll show you how you can implement and automate processing vulnerabilities and notifications in AWS Organization, based on AWS services

How it was: 2023

While we’re working on the new event let’s see how it was in September 2023.
Devopsdays: Disaster Recovery
Patrick
Patrick
Debois
CharityMajors
CHARITY
MAJORS
Alex
Oleksiy
Zayets
Privat
Ivanova
Valeriia
Ivanova
Molochko
IAROSLAV
MOLOCHKO
Squad
Villela
ADRIANA
VILLELA
Lightstep
Pais
MANUEL
PAIS
Parman
Chintan
Parmar
King
Fox
Joshua
Fox
Seberjakova
Natalie
Serebryakova
Nebesov
Yevgen
Nebesov
db-logo
Medina
ANA MARGARITA
MEDINA
Lightstep
Vlasov
Maksym
Vlasov
Bilous
Andriy
Bilous
NewfireGP
Poliakov
Vsevolod
Poliakov
Mahel
DANIEL
MAHER
Scaleway
moderator

Speakers

If you have interesting experience around the topics of software development, IT infrastructure operations, and the intersection between them, we look forward to receiving your application.

Charity

Fundraising for surgical aspirators purchasing
Alongside our friends from the UA Responders Foundation, we raise funds for a surgical aspirator for Dnipro University Hospital.
A surgical aspirator is a crucial medical device which removes fluids, mucus, and other substances from the surgical field ensuring proper visibility for surgeons during operations, and reduces the risk of infection and other complications.
Our aim is 1 aspirator which is $1000 or 40,000 UAH
*We’ll provide all reports on DevOpsDays Ukraine social media channels. Let’s unite!

0

/1000€

raised

Sponsors

Dimond Sponsor
You have a chance to grab new knowledge and even give donations to support UkraineYou have a chance to grab new knowledge and even give donations to support Ukraine
Platinum Sponsor
You have a chance to grab new knowledge and even give donations to support UkraineYou have a chance to grab new knowledge and even give donations to support Ukraine
Platinum Sponsor
You have a chance to grab new knowledge and even give donations to support UkraineYou have a chance to grab new knowledge and even give donations to support Ukraine

Gold Sponsor

SQUAD is one of the biggest research and delivery centers in Ukraine working on the latest smart home security and IoT products.

 

We are gathering more than 850 top-notch minds in domains such as Research, Embedded, Hardware, Mobile, QA, Infrastructure, Delivery, Product and Design, and Analytics to collaborate on impactful technology.

 

Our modern labs feature test devices and leading optical equipment, creating a unique opportunity to work and innovate on real R&D in Ukraine.

Gold Sponsor

TemaBit Fozzy Group is a national company driving technological solutions forward. We’re committed to continually bringing Ukrainians fresh and high-quality products.

 

TemaBit is a part of Fozzy Group, one of Ukraine’s largest trade industrial groups. Every day, millions of guests of the stores ‘Silpo,’ ‘Fora,’ Fozzy, and Thrash! benefit from the innovations developed by our team.

Fuelled by a passion for experiments, constant development, and innovation, our team is driven to forge ahead to ensure the best shopping experience for Ukrainians.


TemaBit Fozzy Group stands strong and is committed to ensuring Ukrainians have access to quality, fresh products no matter what challenges come our way!

Silver Sponsor

Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders.

 

We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies including Siemens, Airbus, SalesForce, Stellantis, Adidas, Wal-Mart and Sanofi.

Silver Sponsor
Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies including Siemens, Airbus, SalesForce, Stellantis, Adidas, Wal-Mart and Sanofi.

Registration

registration