Agenda

Traditional, manual approaches are no longer enough to keep pace with the demands of modern businesses. This session goes beyond the console, exploring how adopting NetDevOps strategies can transform the way we manage and optimize data networks. Discover the tools, coding practices, and real-world lessons that bridge the gap between DevOps methodologies and network operations. Through industry experiences and practical examples, we’ll unpack the benefits and challenges that organizations, big and small, encounter on their NetDevOps journeys. Join us to learn how to move from reactive troubleshooting to proactive, automated network management, and unlock the full potential of your infrastructure.

this talk takes you on a fast-track journey to Kubernetes pro 💪🏼

Within our organization, we scaled from 10 to 300 developers with just 5 Ops engineers in four years. We initially introduced SRE practices to handle this growth, but they proved difficult to adopt at scale. 

Instead, we turned to Platform Engineering as a more sustainable approach. By building our Internal Developer Platform (IDP) integrated with cloud and toolchains, and embedding SRE principles into the platform itself, we reduced bottlenecks and accelerated delivery. The IDP not only increased flow but also created a more joyful developer experience, allowing teams to launch new services faster and with greater autonomy.

In this session, we’ll cover the key decisions, lessons learned in adoption and team enablement, and how open-sourcing helped us grow the maturity.

In the AI era, the development environment remains a differentiator? What challenges does AI pose for the development environment? When is a dev env better than another? Why is dev env a DevOps topic? The session will explore these topics with examples from Criteo use cases.

I believe that understanding or carefully designing the internal boundaries of your code base is the key ingredient to prevent that notorious Big Ball of Mud. This is not a trivial feat, so in this talk I will show you why I believe the importance of boundaries and provide you with heuristics and examples to (re)design your own boundaries to end up with a healthy codebase, whether you prefer to keep that monolith or go for a microservices approach.

We’ll cover what worked, what didn’t, tools, and metrics that kept us audit-ready. 

These registries power:

• Developers pulling images to run locally
• CI/CD pipelines executing builds and tests inside containers
• Kubernetes clusters deploying pods across distributed nodes

However, container images are often large, leading to high bandwidth usage, slower pulls, and delays caused by network latency or registry bottlenecks. At scale, this not only impacts delivery speed but also drives up costs—from bandwidth consumption to potential licensing fees.

For globally distributed teams and infrastructure, accelerating and offloading Docker image delivery is essential.

In this presentation I’ll demonstrate how Varnish, acting as an HTTP reverse caching proxy, can cache Docker image manifests and binary layers to dramatically improve performance at large scale.

I’ll break down the HTTP requests behind the docker pull and docker push commands and explore how the Varnish Configuration Language (VCL) can be used improve Docker image caching—supporting both public and private repositories—while preserving authentication and access controls.

When I tried a simple search on GitHub for pull_request_target, it resulted with over 90k code findings, which strengthen my confidence in the fruitful pursuit of this research. Before attempting exploitation, I decided to create a list companies with a public registered bug bounty program, and GitHub organizations that have at least one repository with over 5k stars. I then scanned all of the repositories of the aforementioned organizations and start the hunt. The results were surprising and concerning, with dozens of vulnerable targets, including sensitive repositories of Microsoft and Google. Using this attack vector, I could push code, steal secrets and often even manage pull requests (comment, approve, merge) and push organization-level packages. This process was heavily relied on AI to speed up my analysis and vulnerability research. At a very early stage I had transitioned from manual discovery to fully developed AI-agent that can find and exploit this vulnerabilities on my behalf. During this conference talk, I will demonstrate my step-by-step operations, thoughts and mindset.