TechSummit

Menu

Talk and breakout sessions

Deep Dive talk | Resilience in Microservices with Congestion Control

Mourjo Sen, Senior Software Engineer, Booking.com

Room: Grote zaal – 2nd floor
Time: 11:15 – 11:45

Mourjo Sen

Unchecked traffic congestion can render our microservices unresponsive, driving away customers – we do not want our users to ever see an HTTP 503. So, how do we (a) detect congestion before it breaks end-user experience and (b) recover from congestion? To make congestion detection and mitigation resilient and scalable, we must also be able to do it with local measurements inside our application.

Microservices are sandwiched between two pieces of the congestion problem: (a) users may start making too many requests and (b) services we depend on may become slow. Either of these scenarios can cause a traffic congestion. We want to detect this and gracefully degrade our quality of service to allow users to know what is going on, instead of an unexplained HTTP 503 status.

In this talk, I will explain how we can build resilient micro services with built-in congestion control mechanisms. I will use a sample Java Spring Boot application to demonstrate the effect of congestion building up and illustrate how we can detect and react to it. All of this will be done with simple local measurements to ensure stability and resilience.

Back to agenda >

The Podfather: Orchestrating Security for Scalable Systems

Marco Pierobon, Principal Developer, Thoughtworks

Room: Grote zaal – 2nd floor
Time: 13:15 – 13:45

Marco Pierobon

As systems expand and containers multiply, security can’t be an afterthought. In this session, we’ll explore strategies for embedding security throughout the lifecycle of containerized applications. From Kubernetes orchestration practices to automated threat detection and patching, you’ll learn how to maintain airtight defenses while scaling up. Discover practical tips on identity, network policies, and runtime protection—ensuring even the largest deployments stay resilient. Whether you’re new to container orchestration or fine-tuning established pipelines, this talk will arm you with the insights to confidently scale your systems and defend them against emerging threats.

Back to agenda >

$1M Breach? Never Again:
Designing & Building Cloud Foundation with First Principles

Prerit Munjal, CTO,  InfraOne

Room: IJ zaal – 5th floor
Time: 13:15 – 13:45

Prerit Munjal

After losing $1M to crypto-miners in a weekend, we rebuilt our security posture using Terraform/OpenTofu+ OpenSearch. Then we took it a step further—turning metrics into actionable infrastructure code.

We’ll walk through our journey to securing 400+ Google Cloud projects by combining OpenSearch’s metrics capabilities with AI-powered Terraform/OpenTofu generation: first visualizing 21,000+ quota implementations across our GCP estate in OpenSearch, then building our game-changer tool that lets engineers query “Show me unprotected compute instances” and get both the vulnerability data AND the remediation Terraform code. We’ll see how we integrated OpenAI with OpenSearch to analyze metric patterns and generate appropriate security configurations—reducing remediation time from days to minutes. Our approach isn’t theoretical—it’s saved us from three potential breaches and cut security implementation time by 70%.

This isn’t just for security teams—we’ll explore how this same pattern works for performance optimizations, cost savings, and compliance.

Back to agenda >

How Google Built a Consistent, Global Authorization
System with Zanzibar (and you can too!)

Sohan Maheshwar, Lead Developer Advocate, AuthZed

Room: Grote zaal – 2nd floor
Time: 13:50 – 14:20

Sohan Maheshwar

Broken Authorization now tops OWASP’s Top 10 Security Risks for Web Apps. In order to build resilient systems at scale, one must fix broken access control. This talk describes the internal workings of Google Zanzibar is the singular authorization service that powers permissions and sharing across all Google properties, including Docs, YouTube, and Cloud IAM.

Creating a consistent, global-scale authorization system that can process “more than 10 million client queries per second” is not a trivial task. The talk will cover how the paper lays out an engineer-friendly blueprint for building a highly scalable distributed system with flexible consistency guarantees.

This talk will start with foundational knowledge of Relationship Based Access Control (ReBAC) and then cover the technical implementations behind Zanzibar – How Google solved for correctness, scale and speed. The presentation will cover the different APIs for interacting with the system and also a deep-dive into how the “New Enemy” problem was solved. The talk will conclude with how you an use open source tools to build authZ into your application.

Back to agenda >

Vibe-Coding Your Way into a Security Nightmare

Arjen Wiersma, Cyber Security Consultant, Scyon

Room: IJ zaal – 5th floor
Time: 13:50 – 14:20 

Arjen Wiersma

AI is revolutionizing software development, promising unprecedented speed. But blindly accepting AI-generated code – a practice coined “vibe coding” – can swiftly lead to security nightmares, as illustrated by real-world examples of exposed keys, bypassed payments, and chaotic architectures.

This talk dissects the inherent risks when developers, especially those new to coding, leverage AI without oversight. I contrast risky “AI-driven” development with secure “AI-enhanced” development practiced by experienced engineers. Drawing on over 30 years in software and cybersecurity, I present seven essential rules for building secure applications in the age of AI.

Learn how to evaluate generated code, apply established standards, perform effective testing, manage complexity, ensure documentation, and stay ahead of emerging AI security threats like prompt injection. Equip yourself to harness AI’s power safely and build robust systems, avoiding the pitfalls of the security nightmare.

Back to agenda >

Stateful Applications in the Age of Durable Execution

Marc Klefter, Senior Solutions Architect, AxonIQ

Room: Grote zaal – 2nd floor
Time: 14:50 – 15:20 

Marc Kleftler

Durable execution is an emerging programming model, offered by vendors such as Temporal and Azure Functions, for developing resilient, distributed applications with ease, wherein a ”durable function” – a unit of execution guaranteed to run to completion – orchestrates a business process and encapsulates state. However, if an application is made up of these functions, and parts – or even all – of its state is stored alongside each function, what impact does that have on data modeling and retention, supporting complex updates and queries that span multiple workflows, concurrent access, and other issues related to managing state in this type of system architecture?

This session explores durable execution in the context of designing, implementing and operating stateful applications; hands-on examples will demonstrate how a durable function ensures robustness, correctness and efficiency in writing and reading state while eliminating the need for locks and having to deal with race conditions, lost or duplicate updates, and stale views. The discussion will also cover scenarios that require the use of an external database and outline strategies for evolving application state as new versions of function code are deployed. The session will conclude by examining methods for debugging and observing function execution and state changes, as well as the challenges in maintaining and scaling stateful applications composed of durable functions.

Join this session to gain comprehensive, practical and novel insights into state management in distributed systems built using durable execution.

Back to agenda >

Shipping Through Chaos: Engineering
Resilience Across Borders

Kaustubh Hiware, Senior Software Engineer, Mercari

Room: IJ zaal – 5th floor
Time: 14:50 – 15:20 

Kaustubh Hiware

What does it take to ship critical backend infrastructure in a legally complex, high-stakes e- commerce environment—across 10 teams, 3 platforms, 2 timezones, and during a structural reorganization?

Over nine months, I led a cross-functional effort at Japan’s largest C2C marketplace to enable business buyers on a consumer-first platform. The stakes were high: regulatory ambiguity, evolving specs, legacy systems, and a live production environment that couldn’t break. This talk breaks down how resilience is built not just into systems, but into architecture, communication, and decision-making. I’ll share how we coordinated changes across 7 backend services, 3 client platforms, and multiple staging environments—while handling legal constraints, inter-team dependencies, and a variety of collaboration styles. You’ll hear about a 61-page design doc, 30K+ backend lines changed in 2 months, and the tradeoffs made to keep it all stable.

This talk also looks at the human side of resilience: adapting to org shifts, mentoring under load, recognizing design dark patterns, reading Japanese laws for DB normalizations, and building trust through transparency—even when unsure.

This is a talk for backend engineers, tech leads, and architects who operate across borders— technical, organizational, or national—and want to build resilience into both systems and teams.

Back to agenda >