Microservices architecture has become a buzzword in the tech industry, promising unparalleled agility, scalability, and resilience. Yet, according to Gartner, more than 90% of organizations attempting to adopt microservices will fail. How can you ensure you're part of the successful 10%?

Success begins with looking beyond the superficial topology and understanding the unique demands this architectural style places on the teams, the organization, and the environment. These demands must be balanced against the current business needs and organizational realities while maintaining a clear and pragmatic path for incremental evolution.

In this session, Michael will share some real-world examples, practical insights, and proven techniques to balance both the power and complexities of microservices. Whether you're considering adopting microservices or already on the journey and facing challenges, this session will equip you with the knowledge and tools to succeed.

REST APIs often fall into a cycle of constant refactoring and rewrites, leading to wasted time, technical debt, and endless rework. This is especially difficult when you don't control the API clients.

But what if this could be your last major API refactor? In this session, we’ll dive into strategies for designing and refactoring REST APIs with long-term sustainability in mind—ensuring that your next refactor sets you up for the future.

You’ll learn how to design APIs that can adapt to changing business requirements and scale effectively without requiring constant rewrites. We’ll explore principles like extensibility, versioning, and decoupling, all aimed at future-proofing your API while keeping backward compatibility intact. Along the way, we’ll examine real-world examples of incremental API refactoring, where breaking the cycle of endless rewrites is possible.

This session is perfect for API developers, architects, and tech leads who are ready to stop chasing their tails and want to invest in designing APIs that will stand the test of time—so they can focus on building great features instead of constantly rewriting code.

Learning and understanding AI concepts is satisfying and rewarding, but the fun part is learning how to work with AI yourself. In this presentation, author, trainer, and experienced technologist Brent Laster will help you do both! We’ll explain why and how to run AI models locally, the basic ideas of agents and RAG, and show how to assemble a simple AI agent in Python that leverages RAG and uses a local model through Ollama.

Join us to learn about all 3 topics in 90 minutes!

No experience is needed on these technologies, although we do assume you do have a basic understanding of LLMs.

This will be a fast-paced, engaging mixture of presentations interspersed with code explanations and demos building up to the finished product – something you’ll be able to replicate yourself after the session!

Just as CI/CD and other revolutions in DevOps have changed the landscape of the software development lifecycle (SDLC), so Generative AI is now changing it again. Gen AI has the potential to simplify, clarify, and lessen the cycles required across multiple phases of the SDLC.

In this session with author, trainer, and experienced DevOps director Brent Laster, we'll survey the ways that today's AI assistants and tools can be incorporated across your SDLC phases including planning, development, testing, documentation, maintaining, etc. There are multiple ways the existing tools can help us beyond just the standard day-to-day coding and, like other changes that have happened over the years, teams need to be aware of, and thinking about how to incorporate AI into their processes to stay relevant and up-to-date.

In this example-driven session, we'll review several tips and tricks to make the most out of your Spring development experience. You'll see how to apply the best features of Spring and Spring Boot, including the latest and greatest features of Spring Framework 6.x and Spring Boot 3.x with an eye to what's coming in Spring 7 and Boot 4.

Spring has been the de facto standard framework for Java development for nearly two decades. Over the years, Spring has continued to evolve and adapt to meet the ever-changing requirements of software development. And for nearly half that time, Spring Boot has carried Spring forward, capturing some of the best Spring patterns as auto-configuration.

As with any framework or language that has this much history and power, there are just as many ways to get it right as there are to get it wrong. How do you know that you are applying Spring in the best way in your application?

Workshop Requirements

You'll need…

• A Java IDE of your choice. I'll be using IntelliJ, but you are welcome to use Spring Tools, Netbeans, or whatever you prefer for Java development. (Spring Tools–either the Eclipse or VSCode version–or IntelliJ is recommended, though).
• Java 17 or higher. I recommend using SDKMan (https://sdkman.io/) for managing multiple versions of Java on your machine. I'll be using Zulu 17.0.6 for most tasks, but may switch to a Liberica NIK version for purposes of native builds.
• Docker (optional, but may be necessary for some tasks)

Spring Security has long been a powerful guard to place around your Spring applications, providing authentication, authorization, and many more concerns around keeping your application secure.

As time has progressed, Spring Security has evolved to provide even more capabilities, but has applied some self-improvement to make working with Spring Security even easier. That is to say, the way you configure and apply Spring Security today has changed dramatically from it's early XML-oriented approach and is even different now than some of the more recent Java-based configuration strategies.

In this example-driven session, we'll explore the latest and greatest that Spring Security has to offer, with an emphasis on how to apply security aspects to your applications with the latest configuration styles supported by Spring Security. You'll see how security is enabled in modern Spring applications using the Lambda DSL configuration approach, the preferred way to configure Spring Security and the ONLY way to configure Spring Security 7.

Modern application observability involves tracking key metrics and tracing the flow of an application, even across service boundaries. Spring Boot 3 introduced some powerful metrics and tracing capabilities based on Micrometer to open a window into your application's inner-workings.

Among the things you might want to keep an eye on in your Generative AI applications are how many interactions and how much time is spent with vector stores and AI provider APIs and, of course, how many tokens are being spent by your application. And being able to trace the flow of prompts, data, and responses through your application can help identify problems and bottlenecks.

Great news! Spring AI comes equipped to record metrics and tracing information through Micrometer. In this session, you'll learn how to put Spring AI observability to work for you. You'll learn about the metrics it exposes as well as the keys you can use to build dashboards and tracing to build a window into your Generative AI applications.

In this session, we'll cover several useful prompt engineering techniques as well as some emerging patterns that are categorized within the “Agentic AI” space and see how to go beyond simple Q&A to turn your LLM of choice into a powerful ally in achieving your goals.

At it's core, Generative AI is about submitting a prompt to an LLM-backed API and getting some response back. But within that interaction there is a lot of nuance, particularly with regard to the prompt itself.

It's important to know how to write effective prompts, choosing the right wording and being clear about your expectations, to get the best responses from an LLM. This is often called “prompt engineering” and includes several patterns and techniques that have emerged in the Gen AI space.

Architectural decisions are often influenced by blindspots, biases, and unchecked assumptions, which can lead to significant long-term challenges in system design. In this session, we’ll explore how these cognitive traps affect decision-making, leading to architectural blunders that could have been avoided with a more critical, holistic approach.

You’ll learn how common biases—such as confirmation bias and anchoring—can cloud judgment, and how to counteract them through problem-space thinking and reflective feedback loops. We’ll dive into real-world examples of architectural failures caused by biases or narrow thinking, and discuss strategies for expanding your perspective and applying critical thinking to system design.

Whether you’re an architect, developer, or technical lead, this session will provide you with tools to recognize and mitigate the impact of biases and blindspots, helping you make more informed, thoughtful architectural decisions that stand the test of time.

MCP, or Model Context Protocol, is a standardized framework that allows AI agents to seamlessly connect with external data sources, APIs, and tools. Its main purpose is to make AI agents more intelligent and context-aware by giving them real-time access to live information and actionable capabilities beyond their built-in knowledge.

Join AI technologist, author, and trainer Brent Laster as we learn what MCP is, how it works, and how it can be used to create AI agents that can work with any process that implements MCP. You'll work with MCP concepts, coding, servers, etc. through hands-on labs that teach you how to use it with AI agents.

With MCP, developers can easily integrate AI agents with a wide variety of systems, from internal business databases to third-party services, without having to build custom integrations for each use case. MCP servers act as gateways, exposing specific actions and knowledge to the AI agent, which can then dynamically discover and use these capabilities as needed. This approach streamlines the process of adding new functionalities to AI agents and reduces ongoing maintenance.

MCP is particularly useful for scenarios where AI agents need up-to-date information or need to perform actions in external systems-such as customer support bots fetching live ticket data, enterprise assistants accessing knowledge bases, or automation agents processing transactions. By leveraging MCP, organizations can create more adaptable, powerful, and enterprise-ready AI solutions that respond to real-world business needs in real time

Workshop Requirements

Attendees will need the following to do the hands-on labs:

• A laptop with power
• A GitHub account on the public GitHub.com (free tier is fine)
• Browser

MCP, or Model Context Protocol, is a standardized framework that allows AI agents to seamlessly connect with external data sources, APIs, and tools. Its main purpose is to make AI agents more intelligent and context-aware by giving them real-time access to live information and actionable capabilities beyond their built-in knowledge.

Join AI technologist, author, and trainer Brent Laster as we learn what MCP is, how it works, and how it can be used to create AI agents that can work with any process that implements MCP. You'll work with MCP concepts, coding, servers, etc. through hands-on labs that teach you how to use it with AI agents.

With MCP, developers can easily integrate AI agents with a wide variety of systems, from internal business databases to third-party services, without having to build custom integrations for each use case. MCP servers act as gateways, exposing specific actions and knowledge to the AI agent, which can then dynamically discover and use these capabilities as needed. This approach streamlines the process of adding new functionalities to AI agents and reduces ongoing maintenance.

MCP is particularly useful for scenarios where AI agents need up-to-date information or need to perform actions in external systems-such as customer support bots fetching live ticket data, enterprise assistants accessing knowledge bases, or automation agents processing transactions. By leveraging MCP, organizations can create more adaptable, powerful, and enterprise-ready AI solutions that respond to real-world business needs in real time

Workshop Requirements

Attendees will need the following to do the hands-on labs:

• A laptop with power
• A GitHub account on the public GitHub.com (free tier is fine)
• Browser

Since ChatGPT rocketed the potential of generative AI into the collective consciousness there has been a race to add AI to everything. Every product owner has been salivating at the possibility of new AIPowered features. Every marketing department is chomping at the bit to add a “powered by AI” sticker to the website. For the average layperson playing with ChatGPT's conversational interface, it seems easy however integrating these tools securely, reliably, and in a costeffective manner requires much more than simply adding a chat interface. Moreover, getting consistent results from a chat interface is more than an art than a science. Ultimately, the chat interface is a nice gimmick to show off capabilities, but serious integration of these tools into most applications requires a more thoughtful approach.

This is not another “AI is Magic” cheerleading session, nor an overly critical analysis of the field. Instead, this session looks at a number of valid usecases for the tools and introduces architecture patterns for implementing these usecases. Throughout we will explore the tradeoffs of the patterns as well as the application of AI in each scenario. We'll explore usecases from simple, direct integrations to the more complex involving RAG and agentic systems.

Although this is an emerging field, the content is not theoretical. These are patterns that are being used in production both in Michael's practice as a handson software architect and beyond.

Architects must maintain their breadth, and this session will build on that to prepare you for the inevitable AIpowered project in your future.

Since ChatGPT rocketed the potential of generative AI into the collective consciousness there has been a race to add AI to everything. Every product owner has been salivating at the possibility of new AIPowered features. Every marketing department is chomping at the bit to add a “powered by AI” sticker to the website. For the average layperson playing with ChatGPT's conversational interface, it seems easy however integrating these tools securely, reliably, and in a costeffective manner requires much more than simply adding a chat interface. Moreover, getting consistent results from a chat interface is more than an art than a science. Ultimately, the chat interface is a nice gimmick to show off capabilities, but serious integration of these tools into most applications requires a more thoughtful approach.

This is not another “AI is Magic” cheerleading session, nor an overly critical analysis of the field. Instead, this session looks at a number of valid usecases for the tools and introduces architecture patterns for implementing these usecases. Throughout we will explore the tradeoffs of the patterns as well as the application of AI in each scenario. We'll explore usecases from simple, direct integrations to the more complex involving RAG and agentic systems.

Although this is an emerging field, the content is not theoretical. These are patterns that are being used in production both in Michael's practice as a handson software architect and beyond.

Architects must maintain their breadth, and this session will build on that to prepare you for the inevitable AIpowered project in your future.

If you are getting tired of the appearance of new types of databases… too bad. We are increasingly relying on a variety of data storage and retrieval systems for specific purposes. Data does not have a single shape and indexing strategies that work for one are not necessarily good fits for others. So after hierarchical, relational, object, graph, columnoriented, document, temporal, appendonly, and everything else, get ready for Vector Databases to assist in the systematization of machine learning systems.

This will be an overview of the benefits of vectors databases as well as an introduction to the major players.

We will focus on open source versus commercial players, hosted versus local deployments, and the attempts to add vector search capabilities to existing storage systems.

We will cover:

• A brief overview of vectors
• Why vectors are so important to machine learning and datadriven systems
• Overview of the offerings
• Adding vector search to other systems
• Sample use cases shown with one of the key open source engines

If you are getting tired of the appearance of new types of databases… too bad. We are increasingly relying on a variety of data storage and retrieval systems for specific purposes. Data does not have a single shape and indexing strategies that work for one are not necessarily good fits for others. So after hierarchical, relational, object, graph, columnoriented, document, temporal, appendonly, and everything else, get ready for Vector Databases to assist in the systematization of machine learning systems.

This will be an overview of the benefits of vectors databases as well as an introduction to the major players.

We will focus on open source versus commercial players, hosted versus local deployments, and the attempts to add vector search capabilities to existing storage systems.

We will cover:

• A brief overview of vectors
• Why vectors are so important to machine learning and datadriven systems
• Overview of the offerings
• Adding vector search to other systems
• Sample use cases shown with one of the key open source engines

Java advances quickly. It is incredible how much incremental change accumulates over time. JDK 17 is now three years old, and we are at JDK 22 as of 2025. In this session, I will take some select JEPs (Java Enhancement Process) and demonstrate what they are and their use case. Then you can be ahead of the curve, and give you all the information you need to sell and demand the next generation Java for your work or opensource initiative.

• How do you turn on these advanced features?
• Stream Gatherers
• Statements before super()
• Unnamed Variables and Parameters
• Launch Multi-File Source-Code Programs
• Implicit Declared Classes and Enhanced Main Methods
• Updates on switch expressions
• Stable Values

In today’s data-driven world, the ability to process and analyze data in real time is no longer a luxury—it’s a necessity. Apache Flink, a powerful stream processing framework, has emerged as a game-changer for handling high-throughput, low-latency data applications.

In this session, you’ll gain a clear understanding of what Apache Flink is, how it works, and why it’s become a cornerstone for modern data infrastructure. We’ll explore key features such as its robust stream and batch processing capabilities, event-time handling, stateful computations, and fault tolerance. You’ll also discover how Flink integrates seamlessly with popular systems like Kafka, Kubernetes, and major cloud platforms.

Whether you’re working with real-time analytics, event-driven applications, or machine learning pipelines, Apache Flink provides the scalability and flexibility needed to turn massive streams of data into actionable insights. Join us to see why Flink is critical to modern data ecosystems and learn how to start leveraging its power in your projects.

This workshop will explore the principles of the Ports and Adapters pattern (also called the Hexagonal Architecture) and demonstrate how to refactor legacy code or design new systems using this approach. You’ll learn how to organize your domain logic and move UI and infrastructure code into appropriate places within the architecture. The session will also cover practical refactoring techniques using IntelliJ and how to apply Domain Driven Design (DDD) principles to ensure your system is scalable, maintainable, and well-structured.

What You’ll Learn:

1. What is Hexagonal Architecture?
   Understand the fundamental principles of Hexagonal Architecture, which helps isolate the core business logic (the domain) from external systems like databases, message queues, or user interfaces. This architecture is designed to easily modify the external components without affecting the domain.

2. What are Ports and Adapters?
   Learn the key concepts of Ports and Adapters, the core elements of Hexagonal Architecture. Ports define the interface through which the domain interacts with the outside world, while Adapters implement these interfaces and communicate with external systems.

3. Moving Domain Code to Its Appropriate Location:
   Refactor your domain code to ensure it is correctly placed in the core domain layer. You will learn how to separate domain logic from external dependencies, ensuring that business rules are isolated and unaffected by user interface or infrastructure changes.

4. Moving UI Code to Its Appropriate Location:
   Discover how to refactor UI code by decoupling it from the domain logic and placing it in the appropriate layers. You’ll learn how to use the Ports and Adapters pattern to allow the user interface to communicate with the domain without violating architectural boundaries.

5. Using Refactoring Tools in IntelliJ:
   Learn how to use IntelliJ’s powerful refactoring tools to streamline code movement. Techniques such as Extract Method, Move Method, Extract Delegate, and Extract Interface will be applied to refactor your codebase.

6. Applying DDD Software Principles:
   We’ll cover essential Domain-Driven Design principles, such as Value Objects, Entities, Aggregates, and Domain Events.

7. Refactoring Techniques:
   Learn various refactoring strategies to improve code structure, Extract Method, Move Method, Extract Delegate, Extract Interface, and Sprout Method and Class

8. Verifying Code with Arch Unit:
   Ensure consistency and package rules using Arch Unit, a tool for verifying the architecture of your codebase. You will learn how to write tests confirming your project adheres to the desired architectural guidelines, including separating layers and boundaries.

Who Should Attend:

This workshop is perfect for developers who want to improve their understanding of Ports and Adapters Architecture, apply effective refactoring techniques, and leverage DDD principles for designing scalable and maintainable systems.

Workshop Requirements

If you wish to do the interactive labs:

1. Java 21+ Higher
2. IntelliJ (a must)
3. Maven

This workshop will explore the principles of the Ports and Adapters pattern (also called the Hexagonal Architecture) and demonstrate how to refactor legacy code or design new systems using this approach. You’ll learn how to organize your domain logic and move UI and infrastructure code into appropriate places within the architecture. The session will also cover practical refactoring techniques using IntelliJ and how to apply Domain Driven Design (DDD) principles to ensure your system is scalable, maintainable, and well-structured.

What You’ll Learn:

1. What is Hexagonal Architecture?
   Understand the fundamental principles of Hexagonal Architecture, which helps isolate the core business logic (the domain) from external systems like databases, message queues, or user interfaces. This architecture is designed to easily modify the external components without affecting the domain.

2. What are Ports and Adapters?
   Learn the key concepts of Ports and Adapters, the core elements of Hexagonal Architecture. Ports define the interface through which the domain interacts with the outside world, while Adapters implement these interfaces and communicate with external systems.

3. Moving Domain Code to Its Appropriate Location:
   Refactor your domain code to ensure it is correctly placed in the core domain layer. You will learn how to separate domain logic from external dependencies, ensuring that business rules are isolated and unaffected by user interface or infrastructure changes.

4. Moving UI Code to Its Appropriate Location:
   Discover how to refactor UI code by decoupling it from the domain logic and placing it in the appropriate layers. You’ll learn how to use the Ports and Adapters pattern to allow the user interface to communicate with the domain without violating architectural boundaries.

5. Using Refactoring Tools in IntelliJ:
   Learn how to use IntelliJ’s powerful refactoring tools to streamline code movement. Techniques such as Extract Method, Move Method, Extract Delegate, and Extract Interface will be applied to refactor your codebase.

6. Applying DDD Software Principles:
   We’ll cover essential Domain-Driven Design principles, such as Value Objects, Entities, Aggregates, and Domain Events.

7. Refactoring Techniques:
   Learn various refactoring strategies to improve code structure, Extract Method, Move Method, Extract Delegate, Extract Interface, and Sprout Method and Class

8. Verifying Code with Arch Unit:
   Ensure consistency and package rules using Arch Unit, a tool for verifying the architecture of your codebase. You will learn how to write tests confirming your project adheres to the desired architectural guidelines, including separating layers and boundaries.

Who Should Attend:

This workshop is perfect for developers who want to improve their understanding of Ports and Adapters Architecture, apply effective refactoring techniques, and leverage DDD principles for designing scalable and maintainable systems.

Workshop Requirements

If you wish to do the interactive labs:

1. Java 21+ Higher
2. IntelliJ (a must)
3. Maven

Join us for an indepth exploration of cuttingedge messaging styles in your large domain.

Here, we will discuss the messaging styles you can use in your business.

• Event Sourcing
• EventDriven Architecture
• Claim Check
• Event Notification
• Event Carried State Transfer
• Domain Events

Platform engineering is the latest buzzword, in a industry that already has it's fair share. But what is platform engineering? How does it fit in with DevOps and Developer Experience (DevEx)? And is this something your organization even needs?

In this session we will aim to to dive deep into the world of platform engineering. We will see what platform engineering entails, how it is the logical succession to a successful DevOps implementation, and how it aims to improve the developer experience. We will also uncover the keys to building robust, sustainable platforms for the future

Platform engineering is the latest buzzword, in a industry that already has it's fair share. But what is platform engineering? How does it fit in with DevOps and Developer Experience (DevEx)? And is this something your organization even needs?

In this session we will aim to to dive deep into the world of platform engineering. We will see what platform engineering entails, how it is the logical succession to a successful DevOps implementation, and how it aims to improve the developer experience. We will also uncover the keys to building robust, sustainable platforms for the future

Microservices have fundamentally changed the way we develop and deploy applications. Everything from team topologies, to DevOps to observability—everything changed, and for the better.

However, it's not all rainbows and unicorns. Operationalizing microservices is hard. Microservices encourage WET (write everything twice) to ensure that services are as decoupled from each other as possible. But how does that work when we have to deal with cross-cutting concerns that we need for every service?

Enter the service mesh. Service meshes like Istio allow us to “slot” in cross-cutting architectural concerns within a kubernetes cluster, letting our services focus on solving actual business concerns.

In this fast-paced session, we will blitz through what Istio is, how it works, and what facilities it offers to DRY out your microservices. Come see how Istio can make your cluster programmable and application-aware.

In this session we'll take a tour of some features that you might or might not have heard of, but can significantly improve your workflow and day-to-day interaction with Git.

Git continues to see improvements daily. However, work (and life) can take over, and we often miss the changelog. This means we don't know what changed, and consequently fail to see how we can incorporate those in our usage of Git.

In this session we will look at some features you are probably aware of, but haven't used, alongside new features that Git has brought to the table. Examples include:

• Rebase and interactive rebase
• restore/switch and when to use them
• worktrees
• shallow-clones
• Git's filesystem monitor

By the end of this session, you will walk away with a slew of new tools in your arsenal, and a new perspective on how this can help you and your colleagues get the most out of Git.

GitHub Copilot is a popular AI assistant that helps software developers more easily create content, get answers to coding-related questions, and handle many of the boilerplate tasks of software development. But it can also do much more in the areas where it can be used. Join Copilot expert (and author of the upcoming “Learning GitHub Copilot” book from O'Reilly) for a quick overview of some of the additional tips and tricks to allow you to make the most from this AI assistant.

Most users know GitHub Copilot can help with the basics of code generation, creating test cases, documentation, etc. But because the tool is AI based, there's a lot more that it can help you with in these areas simply by asking it and giving it the right prompts. In this session, we'll take a look at some ways to leverage beyond the basics of these tasks to creating results that are usable more deeply and widely. We'll also look at some ways to compensate when Copilot does not have the most recent information, or needs to be picking up more relevant context.

Security problems empirically fall into two categories: bugs and flaws. Roughly half of the problems we encounter in the wild are bugs and about half are design flaws. A significant number of the bugs can be found through automated testing tools which frees you up to focus on the more pernicious design issues. 

 In addition to detecting the presence of common bugs, however, we can also imagine automating the application of corrective refactoring. In this talk, I will discuss using OpenRewrite to fix common security issues and keep them from coming back.

In this talk we will focus on:

Using OpenRewrite to automatically identify and fix known security vulnerabilities.
Integrating security scans with OpenRewrite for continuous improvement.
*Free up your time to address larger concerns by addressing the pedestrian but time-consuming security bugs.

There's a clear need for security in the software systems that we build. The problem for most organizations is that they don't want to spend any money on it. Even if they did, they often have no idea how much to spend. No particular initiative is likely to imbue your system with “security”, but a strong, deep defensive approach is likely to give you a fighting chance of getting it right.

Web Security as applied to APIs in particular are an important part of the plan. In this workshop, we'll show you how approaches to defining “enough” as well as concrete techniques to employ incrementally in your designs.

In this workshop, we will pick a hands on framework for implementation, but the ideas will generally be standards-based and transcend technology choice so you should have a strategy for mapping the ideas into your own systems.

We will cover a broad range of topics including:

• The concepts behind Building Security in
• Designing for Security
• Authentication and Authorization Strategies
• Identity Management
• Protecting Data in transit
• Protecting Data at rest
• Frameworks for selecting security features
• Attack and Threat Models for APIs

There's a clear need for security in the software systems that we build. The problem for most organizations is that they don't want to spend any money on it. Even if they did, they often have no idea how much to spend. No particular initiative is likely to imbue your system with “security”, but a strong, deep defensive approach is likely to give you a fighting chance of getting it right.

Web Security as applied to APIs in particular are an important part of the plan. In this workshop, we'll show you how approaches to defining “enough” as well as concrete techniques to employ incrementally in your designs.

In this workshop, we will pick a hands on framework for implementation, but the ideas will generally be standards-based and transcend technology choice so you should have a strategy for mapping the ideas into your own systems.

We will cover a broad range of topics including:

• The concepts behind Building Security in
• Designing for Security
• Authentication and Authorization Strategies
• Identity Management
• Protecting Data in transit
• Protecting Data at rest
• Frameworks for selecting security features
• Attack and Threat Models for APIs

By now, you've no doubt noticed that Generative AI is making waves across many industries. In between all of the hype and doubt, there are several use cases for Generative AI in many software projects. Whether it be as simple as building a live chat to help your users or using AI to analyze data and provide recommendations, Generative AI is becoming a key piece of software architecture.

So how can you implement Generative AI in your projects? Let me introduce you to Spring AI.

For over two decades, the Spring Framework and its immense portfolio of projects has been making complex problems easy for Java developers. And now with the new Spring AI project, adding Generative AI to your Spring Boot projects couldn't be easier! Spring AI brings an AI client and templated prompting that handles all of the ceremony necessary to communicate with common AI APIs (such as OpenAI and Azure OpenAI). And with Spring Boot autoconfiguration, you'll be able to get straight to the point of asking questions and getting answers your application needs.

In this handson workshop, you'll build a complete Spring AIenabled application applying such techniques as prompt templating, Retrieval Augmented Generation (RAG), conversational history, and tools invocation. You'll also learn prompt engineering techniques that can help your application get the best results with minimal “hallucinations” while minimizing cost.

Workshop Requirements

In the workshop, we will be using…

• Java 17+
• An IDE of your choosing (I will be using IntelliJ IDEA)
• OpenAI's API (you will need an account and a small amount of credit $5 is more than enough).

Optionally, you may choose to use a different AI provider other than OpenAI such as Anthropic, Mistral, or Google Vertex (Gemini), but you will need an account with them and some reasonable amount of credit with them. Or, you may choose to install Ollama (https://ollama.com/), but if you do be sure to install a reasonable model (llama3:latest or gemma:9b) before you arrive.

Know that if you choose to use something other than OpenAI, your workshop experience will vary.

By now, you've no doubt noticed that Generative AI is making waves across many industries. In between all of the hype and doubt, there are several use cases for Generative AI in many software projects. Whether it be as simple as building a live chat to help your users or using AI to analyze data and provide recommendations, Generative AI is becoming a key piece of software architecture.

So how can you implement Generative AI in your projects? Let me introduce you to Spring AI.

For over two decades, the Spring Framework and its immense portfolio of projects has been making complex problems easy for Java developers. And now with the new Spring AI project, adding Generative AI to your Spring Boot projects couldn't be easier! Spring AI brings an AI client and templated prompting that handles all of the ceremony necessary to communicate with common AI APIs (such as OpenAI and Azure OpenAI). And with Spring Boot autoconfiguration, you'll be able to get straight to the point of asking questions and getting answers your application needs.

In this handson workshop, you'll build a complete Spring AIenabled application applying such techniques as prompt templating, Retrieval Augmented Generation (RAG), conversational history, and tools invocation. You'll also learn prompt engineering techniques that can help your application get the best results with minimal “hallucinations” while minimizing cost.

Workshop Requirements

In the workshop, we will be using…

• Java 17+
• An IDE of your choosing (I will be using IntelliJ IDEA)
• OpenAI's API (you will need an account and a small amount of credit $5 is more than enough).

Optionally, you may choose to use a different AI provider other than OpenAI such as Anthropic, Mistral, or Google Vertex (Gemini), but you will need an account with them and some reasonable amount of credit with them. Or, you may choose to install Ollama (https://ollama.com/), but if you do be sure to install a reasonable model (llama3:latest or gemma:9b) before you arrive.

Know that if you choose to use something other than OpenAI, your workshop experience will vary.

Containers are everywhere. Of course, a large part of the appeal of containers is the ease with which you can get started. However, productionizing containers is a wholly different beast. From orchestration to scheduling, containers offer significantly different challenges than VMs.

In particular, in terms of security. Securing and hardening VMs is very different than that for containers.

In this twopart session, we will see what securing containers involves.

We'll be covering a wide range of topics, including

Understanding Cgroups and namespaces
What it takes to create your own container technology as a basis of understanding how containers really work
Securing the build and runtime
Secrets management
Shifting left with security in mind

Containers are everywhere. Of course, a large part of the appeal of containers is the ease with which you can get started. However, productionizing containers is a wholly different beast. From orchestration to scheduling, containers offer significantly different challenges than VMs.

In particular, in terms of security. Securing and hardening VMs is very different than that for containers.

In this twopart session, we will see what securing containers involves.

We'll be covering a wide range of topics, including

Understanding Cgroups and namespaces
What it takes to create your own container technology as a basis of understanding how containers really work
Securing the build and runtime
Secrets management
Shifting left with security in mind