I speak at conferences and other events fairly regularly. The talks I give evolve over time, but at any time I normally have 4 or 5 topics that I can speak about without too much notice and I’m always interested in developing new talks in my areas of expertise if I have enough notice of the date of the talk.
- Democratising Software Architecture – a new and still evolving talk, that originated as a keynote talk at ICSA 2019 and has been presented a couple of times since, on how I see architecture work evolving to be less about an architect and more about something that an entire team undertakes together. Part of the Continuous Architecture theme. I explain why this approach is important for many modern software development projects and outlines its activities and principles.
- Uniting Architecture Work with Reality using Architecture Principles – this talk, which can be tailored to various lengths, explains what an architecture principle is and how principles can be a practical tool to align the work of enterprise architects, application architects, the development teams delivering the real work.
- Software Architecture with Stakeholders, Viewpoints and Perspectives – historically, one of my most popular talks, explaining how to go about developing the architecture of a system using the approach described in the highly acclaimed book I wrote with Nick Rozanski. Introduces software architecture, explains how to deal with a varied stakeholder community and how to develop and describe an architecture that meets their conflicting needs.
- Event Driven Systems – a talk that explains the principles, patterns and pitfalls of developing systems that use events as one of their primary abstractions. Event driven systems (and architectures – EDA) look easy and obvious until you try to use them for a real system. This talk explains the power of events and how to apply them to real information systems.\
- System Security Beyond the Libraries – a talk that has been well received at a number of events, where I talk about the fundamental security knowledge that developers need to know before they start worrying about specific security technologies. It covers what security really is, how to go about designing secure systems and specific techniques like threat modelling, risk assessment and principles for designing secure systems.
- Common Webapp Vulnerabilities and What To Do About Them – this is a talk that in some ways follows on from System Security Beyond the Libraries and gets more specific. The purpose of the talk is to introduce people to the OWASP Top 10 Web Application Vulnerabilities list, to explore how it has changed over the last few versions in 2013 and 2017, and to explain each of the vulnerabilities and how they can be mitigated. I’ve given this talk at a couple of conferences and to clients too and people have found it to be useful. I also have an interactive workshop version where people get to try to exploit the vulnerabilities themselves using a deliberately insecure application running in a VM.
- Security Principles for the Working Architect – this talk has been presented at a number of large conferences and has received very good feedback each time. It presents a set of 10 practical security principles to guide architects, designers and teams to make design decisions that help to make their systems more secure.
- Building Applications Securely – this is a relatively new talk which has been well received at several development conferences. It explains how to move beyond secure analysis and design and explains the practices that help regular teams to increase the security of their software in a practical and accessible way.
- Getting Your System to Production and Keeping It There – a talk explaining why getting a system into production is often a painful process and the set of design principles, technology decisions and processes that can ease the pain.
- Three Practices for Effective DevOps Adoption – the difficulties in DevOps adoption are never the automation technology but rather the ways-of-working, which require a much more fundamental change in people’s behavior and culture. Having observed a number of organisations on a DevOps journey, it emerged that there are three practices that have been repeatedly useful in helping successful DevOps adoption: (real) agile development, incubator teams and pipelines. In this talk, I briefly review all three, discuss why they facilitate successful DevOps adoption and talk in a bit more depth about incubator teams, which may be less familiar to attendees than the other two.