SREDAY

SREs are on the frontlines of uptime, performance, cost efficiency, and incident response. So, at times, policies for security and compliance often live in stale docs enforced inconsistently, if at all, until something breaks or someone has an audit. Policy as Code (PaC) replaces that mess with real-time automation right where the work happens.

We will discuss how PaC bridges the gap between security and operations by making policies transparent, codified, versioned, and customizable so you can enforce external standards (CIS, SOC 2, HIPAA) and your own internal rules (like requiring HA in prod but not in dev). You'll see how to apply policy intent consistently from the pipeline directly to runtime, giving teams proactive control, not reactive fire drills or unnecessary "vibe killers".

We'll walk through a full-lifecycle live demo to see the possibilities of PaC to: - Prevent misconfigurations with real-time checks - Enforce policies consistently across repos, infra, and runtime - Customize and codify controls that reflect unique needs - Control cloud costs through autoscaling, right-sizing, and cleanup - Unify security, dev, and ops with shared policies

What will we accomplish? Well, no more stale docs or arguments around policies, faster deploy, tighter cost controls, and safer infrastructure without slowing anyone down.

Alayshia Knighten is a seasoned engineering leader and customer success strategist with a strong background in DevOps, cloud architecture, and technical enablement. Currently serving as the Founding Principal Customer Success Engineer at Mondoo, she brings over a decade of experience helping organizations build and scale secure, efficient, and reliable infrastructure.

Previously, Alayshia held key roles at Pulumi as a Senior Customer Architect and at Honeycomb.io, where she led implementation engineering and partnerships architecture. Her expertise spans across engineering consulting at Chef Software and hands-on DevOps engineering at Verisign. Passionate about empowering teams and driving technical excellence, Alayshia is known for bridging the gap between engineering and customer success.

In high-scale environments, metrics cardinality isn’t just a resource concern, it’s an architectural challenge. Left unchecked, it can impact performance, query latency, and even system stability. This talk takes a deep technical dive into how VictoriaMetrics enables advanced observability practices with a strong focus on cardinality management. I’ll explore how to design efficient and scalable scrape configurations using Prometheus-compatible jobs and exporters, optimize your label strategies, and use built-in cardinality analysis tools within VictoriaMetrics to identify and mitigate high-cardinality patterns early. The session also covers integration with Grafana open source for visualizing metrics in a way that supports signal clarity and operational response, as well as setting up practical alerting strategies that minimize noise while ensuring fast issue detection. By the end of the talk, the audience will understand the engineering trade-offs of high-cardinality metrics and how to detect them, how VictoriaMetrics handles storage and querying at scale, how to build resilient and low-overhead scrape configs with Prometheus compatibility and how to use Grafana open source to highlight cardinality hot spots and improve alert signal quality.

Diana is a DX Engineer at VictoriaMetrics. She is passionate about Observability, machine learning. She is an active contributor to the OpenTelemetry CNCF open source project and supports women in tech.

The Model Context Protocol (MCP) has seen a meteoric rise to become the de-facto connecting mycelium for GenAI models and applications. In this session, we will explore the critical role of API management in securing MCP servers. Learn how to leverage API management as the "USB-c" connector for your Copilot, ensuring seamless and secure integration. We will cover best practices, real-world examples, and practical tips to enhance your server security and streamline operations. Join us to discover how API management can be the key to unlocking robust security for your MCP servers.

Alessandro, a seasoned community leader, has spent the last few years architecting cloud-native infrastructures for Microsoft customers, energizing the Dutch tech community, and helping professionals achieve CKx certification. With over 25 years immersed in open-source technologies, Alessandro is deeply passionate about the cloud-native ecosystem. He's now back at Microsoft as a Senior Technical Specialist in Application Innovation & AI.

Two Buzzwords Finally Meet! How should we manage AI in large organizations? What are the "services" developers need to add AI to enterprise apps, and what role do platform engineers take? Where do data scientists fit in? How does MCP, A2A, and whatever the latest AI API is fit in? There are so many questions because the field of managing AI in enterprises barely exists. We need to figure it out quickly however, before we see a repeat of a past patterns, like shadow AI and unmanageable apps in production. Based on real-world examples, this talk will go over what we currently know about using platform engineering to help developers use AI.

Michael Cote studies how large organizations get better at building software to run better and grow their business. His books Changing Mindsets, Monolithic Transformation, and The Business Bottleneck_ cover these topics. He's been an industry analyst at RedMonk and 451 Research, done corporate strategy and M&A, and was a programmer. He also co-hosts several podcasts, including Software Defined Talk. His daily-ish newsletter is at newsletter.cote.io.

After recovering from incidents, we must ensure that effective mitigation measures are in place to prevent similar issues in the future.

However, clearly expressing the characteristics of past problems and identifying similar occurrences across large codebases is a significant challenge, especially at the scale of ING.

We present our approach to encoding known and ING-specific (anti)patterns as CodeQL queries. These queries are used to assess both individual and multiple repositories, enabling us to pinpoint risks and reach out directly to the responsible teams, rather than broadcasting generic warnings to everyone.

A key challenge is the volume of findings: a single query can yield hundreds of results, overwhelming engineering teams if not managed carefully. To address this, we define a process that not only assesses findings but also generates actionable patches and contextual advice. By integrating Large Language Models (LLMs), we combine the specific context of each code finding with the surrounding source code and high-level problem descriptions, resulting in tailored, practical recommendations for engineers.

We translate incident learnings and ING-specific anti-patterns into CodeQL queries, making them reusable and scalable. For each finding, we use LLMs to generate context-aware advice and, where possible, code patches. This ensures recommendations are both actionable and relevant to the code owner.

By combining static analysis with LLM-driven advice, we turn past mistakes into valuable lessons, foster professional growth, and continuously improve our engineering community. We believe this approach is broadly applicable to other large organizations seeking to scale preventive mitigation.

Kevin van der Vlist is a software engineer at ING, focused on improving reliability and analyzing code across 75.000+ repositories. With an MSc from the University of Amsterdam and an Engineering Doctorate from the University of Twente, he specializes in software analysis to identify patterns and enhance code quality and security. The objective is to elevate code quality and security by offering developers guardrails, ensuring the reliability of INGs software systems.

Most AI code review implementations focus on the wrong metrics—counting comments generated or code accepted rather than measuring developer velocity and code quality improvements. The real value lies in intelligent context integration and organizational learning at scale. This talk examines successful AI code review deployments across engineering organizations, revealing four critical success factors: seamless integration with your existing development context (codebase, tickets, architectural decisions), specialized review guidelines that scale from 5 to 50,000 repositories, comprehensive observability to understand where AI adds value versus where it creates noise, and strategic human-AI collaboration patterns. We'll explore real case studies of teams who've moved beyond basic linting to utilizing AI code review that understands business logic, catches architectural anti-patterns, and actually accelerates PR cycles. You'll learn when AI reviews shine, when they don't, and how to measure the difference. This isn't about replacing human reviewers—it's about building an intelligent system that amplifies human expertise and reduces cognitive load where it matters most.

Over One year of operating Karpenter in production across multiple Kubernetes Clusters has taught us at adjoe many valuable lessons that we want to share in this talk. We will talk about how we handled the migration process, why we build a custom controller to handle broken nodes as well as how we have optimized our nodepools to avoid too frequent disruptions and much more

Marius, a dedicated DevOps Engineer at Hamburg’s fast-growing adtech company, adjoe. Since joining over three years ago, Marius has been on a mission to enhance the reliability and scalability of our backend — an event-driven microservice architecture written in Go and powered by Kubernetes. His passion for coding and Kubernetes doesn’t stop here. Marius also actively contributes to open-source projects, including CoreDNS and Karpenter, constantly pushing his skills and knowledge forward. When he’s not scaling systems or optimizing code, you’ll find him hosting board game nights, tackling bouldering walls, or setting off on adventures across Asia.

So you decided to automate tasks in your Azure cloud platform? Are you sure this automation is secured properly and not causing any more attack surfaces for malicious actors?

In this talk I will cover different ways of automating your cloud platform and risks involved with these techniques. I will go over topics like authentication, secrets, auditability and more. I’ll also show situation I encountered in the field and how these were fixed to provide more confidentiality, integrity and availability.

So if you want to learn to automate your could platform with a zero trust policy, then join this talk! Afterward you will know common mistakes and how to avoid them while also being capable of setting up proper automation in the cloud!

Since 2012 I’ve been working in the field of IT in different positions. Now I am the product lead Automation + AI for the transformation department of OGD ict-diensten. I’m responsible for the propositions regarding Power Platform, AI and Automation. Besides that I also consult a multitude of customers about these topics and their cloud platforms. Due to this broad range of topics I work with on a daily basis, I’ve developed a passion for connecting them all together. When I’m not working on improving specific systems I’m looking into how the systems can work together to create even more value. I also write on my blog https://www.autosysops.com about the solutions I find.

Lambda provides multi-AZ support out of the box, but even then, things can still go wrong in production.

Region-wide outages and performance degradations can render your applications non-responsive. And what if you're dealing with downstream systems that aren't as scalable as your system and can't handle the load you put on them?

The bottom line is that many things can go wrong, and they often do at the worst of times. The goal of building resilient systems is not to prevent failures, but to design systems that can withstand them.

In this talk, we will examine several practices and architectural patterns that can help you build more resilient serverless architectures, such as multi-region design, employing DLQs and surge queues and cell-based architectures.

We'll also explore how chaos experiments can help us identify failure modes before they happen in production.

Yan is an experienced engineer who has run production workload at scale on AWS since 2010. He has been an architect and principal engineer in a variety of industries ranging from banking, e-commerce, sports streaming to mobile gaming. He has worked extensively with AWS Lambda in production since 2015. Nowadays, he splits his time between advancing the state of serverless observability as a Developer Advocate at lumigo.io and helping companies around the world adopt serverless as an independent consultant.

Yan is also an AWS Serverless Hero and a regular speaker at user groups and conferences internationally. He is the author of Production-Ready Serverless and co-author of Serverless Architectures on AWS, 2nd Edition. And he keeps an active blog at theburningmonk.com and hosts a serverless-focused podcast at realworldserverless.com.

In the world of DevOps and SRE, we pride ourselves on automation, observability, and engineering excellence. But even the most sophisticated infrastructure can be derailed by something far more human: our own brains.

This talk explores the invisible enemies of reliability — cognitive biases that affect how engineers make decisions, solve problems, and respond to incidents. From confirmation bias during outages to groupthink in postmortems, we’ll unpack six specific mental shortcuts that silently undermine your systems.

Each bias is brought to life with real-world engineering examples, memorable visuals, and practical strategies you can apply immediately. You’ll hear relatable war stories — like how anchoring on a bad hypothesis prolonged a major incident, or how optimism bias led to a Friday deployment that ended in disaster.

More than a lecture, this is a wake-up call. We don’t need more YAML linters or dashboards. We need to debug ourselves.

By the end of the session, attendees will: • Understand how specific biases impact reliability and team performance • Recognize symptoms of biased thinking in real-world DevOps workflows • Learn actionable techniques to create more resilient, self-aware engineering cultures

This talk is ideal for DevOps engineers, SREs, team leads, and reliability advocates looking to take their incident management and system design to the next level — not by adding more tools, but by thinking more clearly.

As the founder of Melomar-IT, I am dedicated to demystifying complex IT concepts and providing clear, actionable insights to professionals and enthusiasts alike. With a robust background in Platform Engineering, DevOps, and Site Reliability Engineering (SRE), I specialize in creating content that bridges the gap between intricate technical subjects and practical understanding. Professional Expertise: • Platform Engineering: Designing and managing scalable, efficient, and secure IT infrastructures that support seamless application development and deployment. • DevOps Engineering: Implementing and promoting DevOps best practices to enhance collaboration, automate workflows, and accelerate software delivery. • Site Reliability Engineering (SRE): Ensuring system reliability, performance, and scalability through proactive monitoring, automation, and incident response strategies. • IT Education and Content Creation: Developing comprehensive IT explainers and tutorials that empower individuals to enhance their technical skills and stay abreast of industry trends. Melomar-IT on YouTube: Through Melomar-IT, I produce and share content focused on: • In-Depth Tutorials: Step-by-step guides on Platform Engineering, DevOps tools, and SRE practices. • Industry Insights: Analysis of current trends and emerging technologies in the IT sector. • Practical IT Explainers: Simplifying complex concepts for better understanding and application. Mission: My goal is to equip IT professionals and enthusiasts with the knowledge and tools necessary to excel in the rapidly evolving tech landscape. By fostering a community centered on continuous learning and growth, I aim to inspire innovation and excellence in the field of Information Technology. Connect with Me: I am always eager to connect with fellow professionals, share insights, and explore collaborative opportunities. Feel free to reach out to discuss all things IT, from Platform Engineering and DevOps to the latest industry developments.

Chaos Engineering is often misunderstood as simply “breaking things on purpose.” This talk challenges that perception and repositions Chaos Engineering as a critical pillar of reliability and resilience engineering. Rather than focusing on failure injection alone, we explore how to leverage existing knowledge, validate known truths, and foster confidence in complex systems.

In the first part, we deconstruct common myths around Chaos Engineering and reframe its core principles. Learn how aligning chaos practices with reliability goals can transform the way your organization perceives and applies these techniques—by emphasizing structured validation over blind experimentation.

The second part brings theory into practice with a hands-on framework that reimagines chaos experiments as self-feeding, iterative loops—mirroring the scientific method. We introduce the concept of continuous verification, drawing parallels with integration testing, and show how Chaos Engineering can seamlessly integrate into the Software Development Lifecycle (SDLC) through a shift-left approach.

The session wraps up with a visual framework for implementing a sustainable Chaos Engineering strategy, including how to evolve gamedays into repeatable, hypothesis-driven validations that scale with system changes.

Whether you're just exploring Chaos Engineering or looking to mature your reliability strategy, this talk will leave you with actionable insights, a modernized mindset, and a clear path to operational resilience.

I am a software engineer with an attrition for low-level and Linux internals who joined Datadog 7 years ago in the SRE group. After developing the now open-source Chaos Controller project meant to provide large-scale fault injection to engineering teams, I built the Security Chaos Engineering group now made of 3 teams and 20 people for which I act as the Engineering Manager. I am also part of the Core Incident Commanders group involved in all high severity outages to help with internal coordination and external communication.

We, tech people, have internalized the concept of reliability so deeply that we don't need an explanation for why it's bad to have services failing in production. It doesn't matter what your software is doing — whether it controls train schedules, allows people to make money transfers, or serves funny pictures online.

We have invented an entire language to talk about reliability. We say things like, "This service runs with three nines availability," "Mean-Time-To-Repair for the website is 25 minutes," or "This month, we consumed 80% of our error budget."

And yet, it's a common struggle to convince business stakeholders to prioritize technical improvements.

In the past seven years, I've been responsible for products and services used by millions of people. I have been on call for years and have spent many nights resolving production incidents. From that experience, I learned how to make reliability a shared priority and prove, with data, the value of technical improvements.

In this session, I'll share techniques you can use to improve the reliability of your services, convince business stakeholders of the importance of reliability, and drive positive change in your organization.

Maxim Schepelin has been an engineering leader in various industries including game dev, e-commerce, and travel building teams capable of launching products from idea to world-scale. With over a decade of experience leading engineering teams, Maxim has mastered the art and science of management, as well as how to exit both Vim and Emacs. Maxim continues exploring ways to build effective engineering teams that deliver value at a sustainable pace.

Services are the backbone of our systems. They are the pieces that make up our businesses—whether they are literal microservices or functional components of a traditional application, we can’t do the computer thing without services.

When it comes to a service in your company or organization, who’s responsible for it? The cast of characters involved in the lifecycle of a service is more than just software engineers. It can include program managers, product owners, sustainability teams (SREs/operations engineers), and business stakeholders, just to name a few.

Topics covered in this talk include: – Defining what a service means to you and your organization – Roles in service ownership – What are you observing about your service? – How you want a team to respond to a service outage or incident – Managing your service in production – Tuning your service – Understanding how the service impacts the business

Daniel Afonso is a Senior Developer Advocate at PagerDuty, SolidJS DX team member, Instructor at Egghead.io, and Author of State Management with React Query. Daniel has a full-stack background, having worked with different languages and frameworks on various projects from IoT to Fraud Detection. He is passionate about learning and teaching and has spoken at multiple conferences around the world about topics he loves. In his free time, when he's not learning new technologies or writing about them, he's probably reading comics or watching superhero movies and shows.

A deep dive into how we ensure reliability and availability in a complex distributed environment, with lessons learned from real-world incidents and rollouts.

Lukasz Groszkowski is a seasoned IT professional with over 8 years of experience at Inter Cars S.A., where he currently serves as Software Engineering Manager / Site Reliability Engineering (SRE) Manager. Specializing in the stability, scalability, and high availability of IT systems, he leads efforts to optimize infrastructure, automate operations, and promote SRE culture across the organization. Łukasz has a strong background in E-Commerce platform management (including SAP Hybris), monitoring with ELK stack and Dynatrace, and cross-functional collaboration with DevOps and development teams. His career path includes roles such as Team Leader, Senior System Analyst, Implementation Analyst, and ERP Systems Analyst, reflecting a deep technical and operational understanding of enterprise IT environments.

Using multiple Availability Zones (AZs) is often seen as essential for building resilient and highly available cloud systems. This is true, until it is not. While Multi-AZ is a proven architectural choice, there are important drawbacks to consider and common assumptions that don’t always hold up. There are also different ways to implement it, each with its own trade-offs.

In this session, we will explore the Multi-AZ journey, separating fact from fiction. We will discuss when Multi-AZ truly helps, the costs involved, and some surprising side effects that are often overlooked.

Renato has extensive experience as a cloud architect, tech lead, and cloud services specialist. He lives in Berlin and works remotely as a principal cloud architect. His primary areas of interest include cloud services and relational databases. He is an editor at InfoQ and a recognized AWS Data Hero.

Coming soon...

Kubernetes is dynamic—and so are its threats. Traditional security tools struggle to keep up. In this session, we’ll explore how eBPF powers next-gen observability and security by running directly in the Linux kernel. Using Cilium for networking and Tetragon for runtime security, we’ll trace system calls, enforce behavior-based policies, and detect threats in real time—all without sidecars or agents. By the end, you’ll understand how to turn the kernel into your security ally.

Hello, I'm Mert Polat.

I'm currently working as an Cloud and Platform Engineer at Sufle. I started my career as a Jr. DevOps Engineer at Zip Turkey, where I gained extensive experience in Infrastructure and DevOps domains. At Duzce MEKATEK, I worked in the software team for an autonomous vehicle project and took on a leadership role. Additionally, I honed my skills in technologies like Docker, Kubernetes, and Ansible during a DevOps internship at Formica.

I am passionate about technology and knowledge sharing, so I write various articles for @DevopsTurkiye and @Bulut Bilişimciler publications on Medium.

I graduated from Duzce University with a degree in Computer Programming, and I'm currently pursuing a bachelor's degree in Management Information Systems at Anadolu University.

Batuhan, a.k.a. developer-guy, is well-known in the Turkish cloud native community. He’s been highly active in the Software Supply Chain Security space and has contributed to several CNCF projects such as Flux, Kyverno, and ko. He’s also one of the key organizers behind DevOpsTr, CNCF Istanbul Chapter, and KCD Turkey. Notably, he won the “Best Sigstore Evangelist” award and was part of the program committee for the first-ever SigstoreCon. He’s passionate about open source, has written 10+ technical blog posts published on official project websites, and continues to grow the community through meetups, workshops, and online initiatives.

Coming soon...

Coming soon...

Today’s observability platforms are often vertically integrated—binding data storage, query, and visualization layers into a single stack. This tight coupling drives up costs, makes integrations painful, and slows teams down. But it doesn’t have to be this way. In this talk, we’ll explore how SRE teams can benefit from a more modular approach to observability—one inspired by the evolution of Business Intelligence. Just as BI stacks evolved to separate ETL, data warehouses, and dashboards, observability stacks can be designed around clear boundaries: interoperable tools, technology-neutral query layers, and plug-and-play storage. You’ll learn why decoupled observability architecture is essential for cost control, agility, and tool flexibility—and how to move toward a stack that meets the real-world needs of today’s SRE teams.

Peter Marshall is a technology leader and community builder with a background in developer relations, data architecture, and digital transformation. As Director of Developer Relations at Imply, he leads programs that grow and engage the global Apache Druid community through education, support, and events. With experience across startups, enterprises, and the public sector, Peter brings a blend of technical expertise and strategic vision to help organizations connect with developers and drive impact through open source.