Talks for 2024

This year, more than any other before is going to be the year of AI. Artificial Intelligence is already augmenting our lives for better or for worse and it's the same in DevRel. The challenge is to be able to share knowledge that is AI-related in a useful, inciteful, and honest manner. All my talks are through the lens of my experience and that takes time to accumulate and digest. First impressions are often right but with capabilities as ranged as that emerging from generative AI it's important to give second thoughts a chance too. This year there are a couple of talks from me that are AI-related but I reserve the right to change my mind over later!

Older talks are listed here

Navigating the AI Landscape: A Java Developer's Guide to the Good, the Bad, and the Transformative

This talk came about through the research and experimentation needed for another one. Turns out this topic is more urgent to communicate than how to use AI. First given at Voxxed Days Bucharest under a different title.

Like all tools, AI can be used for good or for ill. AI, akin to any sharp instrument, can become dangerous if not wielded correctly. In our rush to achieve business differentiation, we may easily falter—diminishing our security and, perhaps ultimately, jeopardizing our organizations. The immense pressure to integrate AI into the Software Development Life Cycle (SDLC) must be balanced with a nuanced understanding of AI: recognizing the threats posed by malicious use, the risks of misuse by the uninformed, and the general challenges of AI implementation. This talk aims to assist Java developers tasked with incorporating AI into their applications by helping them understand the risks, challenges, and remedies available as they prepare to navigate the uncharted territories of this brave new world.

Key Takeaways for Developers from the State of the Software Supply Chain Report

I've given this talk at JUGs and companies alike. A great way to get devs and devops folks nodding heads and working together.

Maven Central hits 1 Trillion downloads,? Cyber bad guys make $6 Trillion, Governments respond and of course AI. ? What’s happened this year and what does it mean for 2024? A short overview of what Sonatype discovered in preparing the 9th State of the Software Supply Chain Report and what it might mean for developers in the future

https://www.slideshare.net/StevePoole/key-takeaways-for-java-developers-from-the-state-of-the-software-supply-chain-report

Future-Proofing Java: The Art of Crafting Resilient APIs

This talk is new for 2024.? It comes from a mix of history and experience from the JVM and Java lang side, plus the challenges faced by developers when they have to migrate components to newer versions.? If we were better at designing APIs for the future we could reduce the reluctance to upgrade and make software just a little safer and more consumable .?

Designing APIs is an art, a creative exercise.? Getting it right for right now is hard, getting it right for tomorrow is even harder. ?

This talk explores designing resilient Java APIs for upward compatibility, consumability, and flexibility.

We’ll discuss the practicalities of ideas like encapsulation and inheritance, look at wider elements like consistency, and effective communication of intent, and cover concepts like the Open-Closed Principle, Semantic Versioning, and other elements that are essential for seamless API evolution. ?

We’ll review real-world examples, Java gotchas, the latest Java API capabilities, API Check tools, and data? and take a look at what Maven Central tells us about the challenge we all face (and just how good we collectively are) ?

Amazingly,? good API design not only helps with evolivng? for the future, it make the API more secure and reduces maintenance overheads - all? while remaining flexible and consumable.

Time to break those bad design habits before they begin.

Vulnerability scanning - the whats, the why, and the oh-nos?

This is not a product pitch (or even a veiled one :-). It's a technical review of the process and mechanics of vulnerability detection etc.? It stems from the fact that most developers have little understanding of the process and often make poor choices in tools and when to use them and end up thinking they're more protected than they are.? There are no panacea tools out there, no one-stop, single solution. It's their choice as to tools - this talk is about making them more informed as to associated risks and rewards. ?

Let’s talk technical.? Regardless of whatever scanning tools you’re aware of or use there are fundamentals to discuss.? The Log4Shell saga shows us that even two years later 25% of downloads of Log4J are for vulnerable versions.? Is this a tool problem or something else?? After all, if we’re making mistakes with patching the most dangerous vulnerability ever, what else are we missing?

In this session, we’ll cover vulnerabilities end-to-end.? From that initial CVE report, through the technical aspects of creating a scanner for the vulnerability to the process of patching. ? Every step is more complicated and nuanced than you might realise and there’s always a margin for error and misunderstanding.

This talk will teach you the mechanics of vulnerability discovery and correction,? and leave you more informed about where the gaps might be in your CI/CD systems, etc.

As they say, forwarned is forarmed.

The Essential Guide to Java Dependencies

Using Maven or Gradle or something else?? However, you manage dependencies it’s a critical element in application development.? Most of us though use these tools without much thought and consume open-source components with little regard for the consequences.? Unfortunately, our choices often come back to bite us when it’s time to upgrade those pesky vulnerable dependencies.?

In this session, we’ll explore the world of dependencies and help you understand how to select components more wisely,? how to use the tools more effectively, and how to make upgrading less of a scary chore.?

As a Java developer, you’re likely to be using Maven or Gradle as your core build tool. Whatever one you have it’s the tool used to help with all the dependencies your application relies on.? ?

More tales from the Dark Side: How AI is the bad guys' new friend

The bad guys are clever, motivated, ruthless, and armed with AI. What was scary before is now terrifying. So many new ways of tricking you: Learn about sneaky device attacks, amazing attacks-by-post, AI's imitating your coworkers, AI being corrupted, unbelievable physical choreography manipulations, open source takeovers, and more!

In this talk learn a little about the scale of the challenge developers still face from assaults on our systems. Be prepared to be appalled and frightened. Fainting is not allowed.

Discover how to fight back and see how you can change your behavior and your code to defend against these attacks.

Your destiny is clear - it’s time to become a Cyber Defender

Navigating the New Normal: Collaborative Strategies in a Regulated, Secure, and AI-Powered World

Rising legislation, increasing cyber threats, and swift AI advancements are reshaping developer and DevOps roles. We must innovate, comply, secure, and optimally use AI.

Missteps can end the game. It's daunting but achievable.

The session's first part will overview these shifts and their implications. The second introduces a tested DevOps approach that actually can unify teams to a common goal - whether compliance, security, AI, or just plain old productivity

Join us to explore how this approach fosters innovation, streamlines processes, and fortifies software ecosystems, allowing teams to focus on creating exceptional software in a world governed by evolving legislation and amazing technologies