Home
Schedule
Conference Info
Sponsorship Information
IBM Watson AI Day
Registration
Press Registration
Speakers
Sessions
Sponsors
Exhibitors
JETRO × Six Prefectures of Japan Pavilion Exhibitors
  Media Sponsors
  Topics
  Call For Papers
  Hotel Info
  Past Events
Untitled Document
2017 West
Premium Sponsors
Diamond



Platinum
@DevOpsSummit

Bronze










Untitled Document
2017 West
Keynote Sponsor


Untitled Document
2017 West Exhibitors
























@ThingsExpo











Untitled Document
2017 West Media Sponsors














Untitled Document
2017 East
Premium Sponsors
Diamond



Platinum
@DevOpsSummit

@DevOpsSummit

Silver
@DevOpsSummit


Bronze










Untitled Document
2017 East Exhibitors
@DevOpsSummit




































Untitled Document
2017 East Media Sponsors
















Untitled Document
2016 West
Premium Sponsors
Platinum Plus



Silver
@ThingsExpo

Bronze







Untitled Document
2016 Welcome Reception Sponsor

Untitled Document
2016 West Exhibitors










@DevOps Summit






@DevOps Summit

@WebRTC Summit












@WebRTC Summit









@DevOps Summit

Untitled Document
2016 West Media Sponsors











Untitled Document
2016 East Gold Sponsors

@ThingsExpo

Untitled Document
2016 East Silver Sponsors


@DevOps Summit

Untitled Document
2016 East Bronze Sponsors

Cloud Expo







Cloud Expo

Untitled Document
2016 East Vendor Presentation Sponsors

@DevOps Summit

Untitled Document
2016 East Exhibitors

@DevOps Summit





@ThingsExpo



@DevOps Summit

@ThingsExpo


@DevOps Summit









@DevOps Summit







@DevOps Summit










Untitled Document
2016 East Media Sponsors










Untitled Document
2015 West Gold Sponsors

Untitled Document
2015 West Silver Sponsor


Untitled Document
2015 West Bronze Sponsors

Cloud Expo |@ThingsExpo

Cloud Expo | DevOps Summit


@ThingsExpo





@DevOps Summit

@ThingsExpo


@ThingsExpo

 


Untitled Document
2015 West Exhibitors












@DevOps Summit





@DevOps Summit












@DevOps Summit

@DevOps Summit




@ThingsExpo


@DevOps Summit

 


Untitled Document
2015 West E-Bulletin Sponsors

DevOps Summit

Untitled Document
2015 West
Associate Sponsor

Untitled Document
2015 West Media Sponsor

Untitled Document
2015 East Gold Sponsors


WebRTC Summit

DevOps Summit

Untitled Document
2015 East Silver Sponsors
DevOps Summit
WebRTC Summit

Untitled Document
2015 East Bronze Sponsors

DevOps Summit

Cloud Expo | DevOps Summit
@ThingsExpo

DevOps Summit

DevOps Summit

Untitled Document
2015 East Delegate Bag Sponsors


Untitled Document
2015 East Exhibitors

DevOps Summit


@ThingsExpo



DevOps Summit






Cloud Expo | @ThingsExpo
Internet of @ThingsExpo
@ThingsExpo
DevOps Summit

DevOps Summit
@ThingsExpo
DevOps Summit
DevOps Summit
DevOps Summit
DevOps Summit
DevOps Summit



@ThingsExpo

Untitled Document
2015 East Associate Sponsor

Untitled Document
2015 East
Media Sponsors

Rugged DevOps | @DevOpsSummit #DevOps #Microservices #ContinuousIntegration
An interview with Chris Corriere at Autotrader on the definition of Rugged DevOps and how it interacts with security.

I had the opportunity to catch up with Chris Corriere - DevOps Engineer at AutoTrader - to talk about his experiences in the realm of Rugged DevOps.  We discussed automation, culture and collaboration, and which thought leaders he is following.

Chris Corriere:  Hey, I'm Chris Corriere. I'm a DevOps Engineer AutoTrader.

Derek Weeks:  Today we're going to talk about Rugged DevOps. It's a subject that's gaining a lot of traction in the community but not a lot of people are really familiar with what it is.

DW: What's your definition of Rugged DevOps?

CC:  Rugged DevOps to me is definitely manifested in the security sector but it's a shifting quality and awareness left in doing the best we can with the tools we have, the constraints we're given, and in the environment we're in.  It's about being more experimental, understanding that we're going to encounter failure, and learning to adapt accordingly.  We're very much having to make tough decisions in real time.  If you're running anything in production these days, you need to do that as safely and as consistently as you can.

DW:  Is Rugged DevOps only about security?

CC: No. Security is really about mitigating risks. I think a lot of this ties into situational awareness about understanding your company's risk. Is it user data? Is it credit card transactions or do you have a Russian botnet running in your infrastructure that you're not aware of? What's the asset you need to protect? Are you trying to protect an asset that is not there?

You can't have security come in and become suffocating where it's not needed. In other situations you can't leave things wide open that really do need to be protected because you're more concerned with moving quickly than moving safely.

________________

"You can't leave things wide open that really do need to be protected because you're more concerned with moving quickly than moving safely."

________________

DW:  Security teams have been one of the last parts of the organization to come into DevOps practices. What's been your experience with engaging security teams at Auto Trader?

CC: That's a good question. I've had experience with more than just security teams at Auto Trader.  I've been involved in security a few places and they've approached me first when they found out I was into the DevOps stuff. They often come looking for assistance. They want to know:  How do we get this baked in? How do we make this a priority?

It really ties back into multi-factor authentication. It's a good way to frame it up where you want developers and operations (those people who aren't permanently rooted in security) to be aware of these things, to have automated scans, to be aware of cross-site scripting, and to understand how to remediate those kinds of issues.

We've been implementing open source tools earlier in the development lifecycle to give us quicker feedback loops in order to be able to triage these things. Security applauds that but they can't trust us too much with it.  They've got to verify that we're doing a good job with this, right? It's a give and take where I've seen security come and offer automated solutions to DevOps teams and those solutions get adopted. The DevOps teams then take that and really start to run with it. Then security wanted to slow down a little bit because they were concerned about the quality of the vulnerability remediation. There is some back and forth there that has to be anticipated.

________________

"We've been implementing open source tools earlier in the development lifecycle to give us quicker feedback loops."

________________

For security to trust you you've got to trust security to a large extent. If you're putting more automation into the left side of your process and doing things before they hit production should be making your job easier. One of the side effects of that security may start going through some systems with a finer tooth comb because they're not doing as much fire fighting.  That may result in another ask from security. Understanding that this isn't a declaration of war - we are simply continuing with an incremental progression toward further improvements.  Interactions are cyclic and will happen again.

We need to help security understand our pipeline, determine what's going to be a good fit, and keep that communication level high so the trust is there. In these symbiotic relationships, cooperation is dependent on that trust. If that trust goes away you end up in something more competitive.

There's always room to drop back to where it's more commensal and knowing when the kitchen's gotten too hot.  At those times, everybody needs to take a cool down lap and come back to it at the beginning of the next month. It goes back to that situation awareness, knowing where you're at right now before you try to get to where you're going.

https://www.youtube.com/watch?v=fgMPKkM1NdY

DW: We talked earlier today about red teams, blue teams, purple teams. What are they and can you describe some of the practices you've used to end up with more purple teams?

CC: Yeah. Red teams take an attacking, reactive posture. Red security teams are worried about internal compromise, and when they find gray areas - for example, things that haven't been fully signed off and authorized - it can result in unplanned work cropping up for the DevOps team. Generally that kind of unplanned work is introduced because the "Red" team felt they were not able to accomplish their job another way.

Then the blue team side of the equation is really trying to stomp all that out.  Blue teams keep things standard and locked down.  They make sure everything's approved in triplicate before it gets implemented, which can be rigid and very frustrating for developers.

Purple teams allow that experimentation in earlier in the development lifecycle where they've got a little bit more leash. They're allowed to experiment and stand up new things and make those things work before they getting it approved. Again, it's about being transparent.  Teams first want to understand what change was introduced and what the advantages of it are.  They may also acknowledge that you need more than one solution to some problems, and that one tool might not fit everybody.  If they're using tools to automate that's good. We can't box them all into one necessarily. That's where you see this go from blue and red to more of a purple. There's more communication. There's more conversation. There's less capture the flag, more teamwork.

________________

"There's more communication. There's more conversation. There's less capture the flag, more teamwork."

________________

DW: You've been involved in the conversations around Rugged DevOps for awhile. Who are some of the other thought leaders you learn from?

CC: Jamesha Fisher out of San Francisco is one.  She's done some neat security stuff and is starting to look more into the vulnerabilities around some of the automation tools.  Where are those vulnerable and where can they be leveraged against us?  Automation is great until it automatically starts doing things we didn't want. Another aspect of that is really trying to think more like an attacker; we need to think about: how would I break into this thing instead of just thinking how do I protect it.

Georgia Weidman is popular in a lot of security circles and I've missed her workshop once. I'd like to catch it. She's got a book out on pen testing, which covers a lot of operations and concepts from an attack perspective. I would say that can be a fault of some Rugged DevOps practices; you're so quick to get the thing working and provide business value that you don't realize where you've left something vulnerable. Sometimes you've got questions about why that thing you work with frequently is always locked down.  Perhaps you find you can't use it the way you want to.  At those moments, it's time to read through Georgia's book. You'll get some information as to why that thing is not open the way you want and where someone might use it for reasons might not expect..

________________

"You're so quick to get the thing working to provide business value that you don't realize where you've left something vulnerable."

________________

DW:  As we wrap up I know you're on the organizing committee for DevOpsDays Atlanta. Do you want to give us an insight on the dates of when that's coming up and call for papers, et cetera or we can help you share that?

CC: Our event is going to be in April. It's the 26th and 27th which is a Tuesday and Wednesday. Monday, the 25th of April, we have Jeff Sussna coming in to do a full day workshop on continuous design. He's going to be giving the keynote on our first day. We're excited to have Jeff in town and excited to have him as a keynote. John Willis is going to be giving our keynote on the second day.

We've got a lot of bright people in the space. We've got a lot of people learning as they go. We need to be more vocal about that learning process and how we find our way through it.  There's not always this instantaneous vision that strikes us. We understand how to convert a shop into continuous delivery every night. There are definitely steps in between that. We need to have more conversations about those step in our industry.

DW: Awesome. Thanks, Chris.

CW: Thank you.

If you are interested in learning more about this subject, I invite you to download Amy DeMartine's Forrester research paper, "The 7 Habits of Rugged DevOps."

As Amy notes, "DevOps practices can only increase speed and quality up to a point without security and risk (S&R) pros' expertise. Old application security practices hinder speedy releases, and security vulnerabilities represent defects that can leave a company open to cyberattacks. But DevOps practitioners can leap forward with both increased speed and quality by including S&R pros in DevOps feedback loops and including security practices in the automated life cycle. These new practices are called Rugged DevOps."

About Derek Weeks
In 2015, Derek Weeks led the largest and most comprehensive analysis of software supply chain practices to date across 160,000 development organizations. He is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies, reduce costs, and sustain long-lasting competitive advantages.

As a 20+ year veteran of the software industry, he has advised leading businesses on IT performance improvement practices covering continuous delivery, business process management, systems and network operations, service management, capacity planning and storage management. As the VP and DevOps Advocate for Sonatype, he is passionate about changing the way people think about software supply chains and improving public safety through improved software integrity. Follow him here @weekstweets, find me here www.linkedin.com/in/derekeweeks, and read me here http://blog.sonatype.com/author/weeks/.

Presentation Slides
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights a...
Security, data privacy, reliability and regulatory compliance are critical factors when evaluating whether to move business applications fro...

Register and Save!
Save $405
on your “Golden Pass”!
before October 30, 2017!
Call 201.802.3020


Santa Clara Call for Papers Open
Submit
submit your speaking proposal
for the upcoming WebRTC Summit in
Santa Clara!
[Oct 31- Nov 2, 2017]


WebRTC Summit 2017 West
Sponsorship Opportunities
Please Call
201.802.3021
events (at) sys-con.com
Sponsorship opportunities are now open for WebRTC Summit 2017 Santa Clara, Oct 31-Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, and for WebRTC Summit 2018 New York, June 5-7, 2018, at the Javits Center in New York, NY. For sponsorship, exhibit opportunities and show prospectus, please contact Carmen Gonzalez, carmen (at) sys-con.com.



WebRTC Summit Silicon Valley All-Star Speakers Include

MATTHIEU
Octoblu

MAHADEV
Cisco

MCCARTHY
Bsquare

FELICIANO
AMDG

PAUL
VenueNext

SMITH
Eviot

BEAMER
goTraverse

GETTENS
goTraverse

CHAMBLISS
ReadyTalk

HERBERTS
Cityzen Data

REITBAUER
Dynatrace

WILLIAM-
SON

Cloud
Computing

SCHMARZO
EMC

WOOD
VeloCloud

WALLGREN
Electric Cloud

VARAN-
NATH

GE

SRIDHARA-
BALAN

Pulzze

METRIC
Linux

MONTES
Iced

ARIOLA
Parasoft

HOLT
Daitan

CUNNING-
HAM

ReadyTalk

BEDRO-
SIAN

Cypress

NAMIE
Cisco

NAKA-
GAWA

Transparent
Cloud

SHIBATA
Transparent
Cloud

BOYD
Neo4j

WARD
DWE

MILLER
Covisint

EVAVOLD
Covisint

MEINER
Oracle

MEEHAN
Esri

WITECK
Citrix

LIANG
Rancher Labs

BUTLER
Tego

ROWE
IBM Cloud

SKILLERN
Intel

SMITH
Numerex
WebRTC Summit New York All-Star Speakers Include

CLELAND
HGST

VASILIOU
Catchpoint

WALLGREN
Electric Cloud

HINCH-
CLIFFE

7Summits

DE SOUZA
Cisco

RANDALL
Gartner

ARM-
STRONG

AppNeta

SMALL-
TREE

Cazena

MCCARTHY
Bsquare

DELOACH
Infobright

QUINT
Ontegrity

MALAU-
CHLAN

Buddy Platform

PALIOTTA
Vector

MITRA
Cognizant

KOCHER
Grey Heron

PAPDO
POULOS

Cloud9

HARLAN
Two Bulls

GOLO
SHUBIN

Bit6

PROIETTI
Location
Smart

MARTIN
nfrastructure

MOULINE
Everbridge

MARSH
Blue Pillar

PARKS
SecureRF

PEROTTI
Plantronics

HOFFMAN
EastBanc

WATSON
Trendalyze

BENSON-
OFF

Unigma

SHAN
CTS

MATTELA
Redpine

GILLEN
Spark
Coginition

SOLT
Netvibes

BERN-
ARDO

GE Digital

ROMAN-
SKY

TrustPoint

BEAMER
GoTransverse

LESTER
LogMeIn

PONO
-MAREVA

Google

SINGH
Sencha

CALKINS
Amadeus

KLEIN
Rachio

HOASIN
Aeris

SARKARIA
PHEMI

SPROULE
Metavine

SNELL
Intel

LEVINE
CytexOne

ALLEN
Freewave

MCCAL-
LUM

Falconstor

HYEDT
Seamless

WebRTC Summit Silicon Valley All-Star Speakers Include

SCHULZ
Luxoft

TAM-
BURINI

Autodesk

MCCARTHY
Bsquare

THURAI
SaneIoT

TURNER
Cloudian

ENDO
Intrepid

NAKAGAWA
Transparent

SHIBATA
Transparent

LEVANT-LEVI
testRTC

VARAN NATH
GE

COOPER
M2Mi

SENAY
Teletax

SKEEN
Vitria

KOCHER
Grey Heron

GREENE
PubNub

MAGUIRE
HP

MATTHIEU
Octoblu

STEINER-
JOVIC

AweSense

LYNN
AgilData

HEDGES
Cloudata

DUFOUR
Webroot

ROBERTS
Platform

JONES
Deep

PFEIFFER
NICTA

NIELSEN
Redis

PAOLAL-
ANTORIO

DataArchon

KAHN
Solgenia

LOPEZ
Kurento

KIM
MapR

BROMHEAD
Instaclustr

LEVINE
CytexOne

BONIFAZI
Solgenia

GORBA-
CHEV

Intelligent
Systems

THYKAT-
TIL

Navisite

TRELOAR
Bebaio

SIVARAMA-
KRISHNAN

Red Hat
Cloud Expo New York All-Star Speakers Included

DE SOUZA
Cisco

POTTER
SafeLogic

ROBINSON
CompTIA

WARUSA
-WITHANA

WSO2 Inc

MEINER
Oracle

CHOU
Microsoft

HARRISON
Tufin

BRUNOZZI
VMware

KIM
MapR

KANE
Dyn

SICULAR
Basho

TURNER
Cloudian

KUMAR
Liaison

ADAMIAK
Liaison

KHAN
Solgenia

BONIFAZI
Solgenia

SUSSMAN
Coalfire

ISAACSON
RMS

LYNN
CodeFutures

HEABERLIN
Windstream

RAMA
MURTHY

Virtusa

BOSTOCK
IndependenceIT

DE MENO
CommVault

GRILLI
Adobe

WILLIAMS
Rancher Labs

CRISWELL
Alert Logic

COTY
Alert Logic

JACOBS
SingleHop

MARAVEI
Cisco

JACKSON
Softlayer

SINGH
IBM

HAZARD
Softlayer

GALLO
Softlayer

TAMASKAR
GENBAND

SUBRA
-MANIAN

Emcien

LEVESQUE
Windstream

IVANOV
StorPool

BLOOM-
BERG

Intellyx

BUDHANI
Soha

HATHAWAY
IBM Watson

TOLL
ProfitBricks

LANDRY
Microsoft

BEARFIELD
Blue Box

HERITAGE
Akana

PILUSO
SIASMSP

HOLT
IBM Cloudant

SHAN
CTS

PICCIN-
INNI

EMC

BRON-
GERSMA

Modulus

PAIGE
CenturyLink

SABHIKHI
Cognitive Scale

MILLS
Green House Data

KATZEN
CenturyLink

SLOPER
CenturyLink

SRINIVAS
EMC

TALREJA
Cisco

GORBACHEV
Systems Services Inc.

COLLISON
Apcera

PRABHU
OpenCrowd

LYNN
CodeFutures

SWARTZ
Ericsson

MOSHENKO
CoreOS

BERMING-
HAM

SIOS

WILLIS
Stateless Networks

MURPHY
Gridstore

KHABE
Vicom

NIKOLOV
GetClouder

DIETZE
Windstream

DALRY-
MPLE

EnterpriseDB

MAZZUCCO
TierPoint

RIVERA
WHOA.com

HERITAGE
Akana

SEYMOUR
6fusion

GIANNETTO
Author

CARTER
IBM

ROGERS
Virtustream
Cloud Expo Silicon Valley All-Star Speakers

TESAR
Microsoft

MICKOS
HP

BHARGAVA
Intel

RILEY
Riverbed

DEVINE
IBM

ISAACSON
CodeFutures

LYNN
HP

HINKLE
Citrix

KHAN
Solgenia

SINGH
Bigdata

BEACH
SendGrid

BOSTOCK
IndependenceIT

DE SOUZA
Cisco

PATTATHIL
Harbinger

O'BRIEN
Aria Systems

BONIFAZI
Solgenia

BIANCO
Solgenia

PROCTOR
NuoDB

DUGGAL
EnterpriseWeb

TEGETHOFF
Appcore

BRUNOZZI
VMware

HICKENS
Parasoft

KLEBANOV
Cisco

PETERS
Esri

GOLDBERG
Vormetric

CUMBER-
LAND

Dimension

ROSENDAHL
Quantum

LOOMIS
Cloudant

BRUNO
StackIQ

HANNON
SoftLayer

JACKSON
SoftLayer

HOCH
Virtustream

KAPADIA
Seagate

PAQUIN
OnLive

TSAI
Innodisk

BARRALL
Connected Data

SHIAH
AgilePoint

SEGIL
Verizon

PODURI
Citrix

COWIE
Dyn

RITTEN-
HOUSE

Cisco

FALLOWS
Kaazing

THYKATTIL
TimeWarner

LEIDUCK
SAP

LYNN
HP

WAGSTAFF
BSQUARE

POLLACK
AOL

KAMARAJU
Vormetric

BARRY
Catbird

MENDEN-
HALL

SUPERNAP

SHAN
KEANE

PLESE
Verizon

BARNUM
Voxox

TURNER
Cloudian

CALDERON
Advanced Systems

AGARWAL
SOA Software

LEE
Quantum

OBEROI
Concurrent, Inc.

HATEM
Verizon

GALEY
Autodesk

CAUTHRON
NIMBOXX

BARSOUM
IBM

GORDON
1Plug

LEWIS
Verizon

YEO
OrionVM

NAKAGAWA
Transparent Cloud Computing

SHIBATA
Transparent Cloud Computing

NATH
GE

GOKCEN
GE

STOICA
Databricks

TANKEL
Pivotal Software


Testimonials
This week I had the pleasure of delivering the opening keynote at Cloud Expo New York. It was amazing to be back in the great city of New York with thousands of cloud enthusiasts eager to learn about the next step on their journey to embracing a cloud-first worldl."
@SteveMar_Msft
General Manager of Window Azure
 
How does Cloud Expo do it every year? Another INCREDIBLE show - our heads are spinning - so fun and informative."
@SOASoftwareInc
 
Thank you @ThingsExpo for such a great event. All of the people we met over the past three days makes us confident IoT has a bright future."
Yasser Khan
CEO of @Cnnct2me
 
One of the best conferences we have attended in a while. Great job, Cloud Expo team! Keep it going."

@Peak_Ten


Who Should Attend?
Senior Technologists including CIOs, CTOs & Vps of Technology, Chief Systems Engineers, IT Directors and Managers, Network and Storage Managers, Enterprise Architects, Communications and Networking Specialists, Directors of Infrastructure.

Business Executives including CEOs, CMOs, & CIOs , Presidents & SVPs, Directors of Business Development , Directors of IT Operations, Product and Purchasing Managers, IT Managers.

Download Cloud Expo Show Guide
Cloud Expo Show Guide
Download PDF

Join Us as a Media Partner - Together We Can Rock the IT World!
SYS-CON Media has a flourishing Media Partner program in which mutually beneficial promotion and benefits are arranged between our own leading Enterprise IT portals and events and those of our partners.

If you would like to participate, please provide us with details of your website/s and event/s or your organization and please include basic audience demographics as well as relevant metrics such as ave. page views per month.

To get involved, email Patricia Henderson at patricia@sys-con.com.

Digital Transformation Blogs
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at Dice, he takes a metrics-driven approach to management. His experience in building and managing high ...
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to integrate with your existing systems and security best practices.
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.