All Hands on Deck — Handling Security Issues

My talk from The Lead Developer Berlin 2019 conference.

In this talk, we will look into what it means for a company when there is a security issue in a piece of software. This talk will provide suggestions on who needs to get involved.

We live in a world of technology and engineering. Almost everything around us requires software. Unfortunately, the software we use or build has bugs. While most bugs can be fixed, there are these other types of bugs, called vulnerabilities, that cause headaches and haunt us at night. Security issues can be found in our own infrastructure, on customers’ infrastructure, or — worse — around user data. It is on us as engineers to do the best we can to not make security issues in the first place. But it is on everybody involved in a product to provide communication, guidance, and support when an issue exists.

Logging Rethought 2: The Actions of Frank Taylor Jr. — DjangoCon EU, PyCon AU, PyCon UK

My talk from DjangoCon Europe 2019, PyCon AU 2019 and PyCon UK.

We build services, potentially used by thousands or even millions of people. And despite all the testing we do, some interactions with these services will not work out the way we hope. Wouldn’t it be great to reconstruct what let to a problem and analyze if the problem occurred at other times?

Less Obvious Things To Do With Django’s ORM — PyCon SK

My PyCon SK 2019 talk.

Django’s ORM is powerful. And it has been for ages. It only became even more powerful over the last years. Django’s ORM can be intimidating because it can do so many things. And it can also be confusing when trying to find out how to do things.

Oh, I Found a Security Issue — Python.Pizza.Berlin

My Python.Pizza.Berlin talk.


On The Look-Out For Your Data — DjangoCon EU

My DjangoCon Europe 2018 talk.

Do you have data in the database of your Django project? Do you want to find that needle in the haystack of your data? There are plenty options how you can achieve that. With various levels of complexity, confidence, and reliability. I’ll give an insight into what the most common are nowadays.

Oh, I Found a Security Issue — PyCaribbean

An extended version of my PyCon CA 2017 talk. I’m additionally looking into what security issues existed in Django and what types of security issues are out there in the web context.


Oh, I Found a Security Issue — PyCon CA

A 10 minutes talk about Django’s Security Process and how one can implement a similar process for their own projects.

Thoughts About Normal and Abnormal Data — PyCon UK

A lot of data lives in relational databases. And there are relations between records in these databases. Relations that might be normal or abnormal.

To Index Or Not, That’s Not The Questions — DjangoCon EU

As databases are used to store more and more information every day, these are also a key component in every Django project. Thus it’s important to understand how they work.


Django and 2 Factor Authentication — DjangoCon AU

Most websites these days require some kind of authentication. User name & password is the most common one. OAuth with Facebook / Github / Google / Twitter is also common. But sometimes you can’t rely on 3rd party services and user name & password is not enough. In those cases 2 Factor Authentication is a nice, additional security layer. Use e.g. a phone to ensure a more secure authentication.

SSL All The Things — PyCon AU / PyCon NZ

A revised version of my talk from DjangoCon US targeted at a more generic Python audience. Instead of having Django specific code and slides I show how to use Python’s built-in ssl module.

SSL All The Things — DjangoCon US

Over the last few years SSL/TLS encryption of not only websites but many other services as well has risen tremendously. The Let’s Encrypt organization and certificate authority (CA) makes that pretty easy. Since September 2015 almost 1.8 million certificates have been issued. And you can use it, too. For free!

In this talk I’ll demonstrate how to integrate SSL/TLS and point out some common pitfalls. I’ll briefly layout the Let’s Encrypt ACME protocol and explain what you need to set up in Django to make SSL/TLS the default and only way to access your site.

Don’t be afraid of writing migrations — DjangoCon EU

With Django 1.7 the built-in migrations framework was introduced. With the release of version 1.9, the migrations framework is much more robust, faster and can handle many more edge cases.

While the makemigrations management command became smarter in the last two releases in terms of detecting what has changed and what migrations to generate, there are still a couple of things Django cannot do automatically.

I will point out some of the common cases where you should get your hands dirty, and show you how writing migrations is easier than you think. Migrations are just Python code, and are as much a part of your apps as your models, forms, and views. After all, they were always meant to be human-writable.


What’s new in Django 1.9

I gave this presentation at the Sydney Django meetup on Nov 24th, 2015.

See the full Django 1.9 release notes for details and all changes:

The Necessity of Configuration and System Management Tools — PyCon AU

I gave this talk during PyCon Australia 2015 in Brisbane.

In practically every moment of our life we rely on the possibly largest communication medium humanity ever had. The Internet. Being able to at least partially understand how this thing works, we know that it takes a lot of work to keep it running smoothly.

To do that IT administrators use configuration and system management tools to deploy changes to thousands of servers and keep them in sync. But how can one roll back a change done in the past that turned out to introduce a bug?

This talk I will introduce you to configuration management and explain the problems that arise over time and make changing something back complicated or even impossible.

Forms are static” — “No, they aren’t” — DjangoCon EU

I gave this talk during DjangoCon Europe 2015 in Cardiff, Wales.

Introduction to Django

This is an introductory talk I gave to a course of Bachelor students at Technical University of Berlin as guide about how to build a basic web application.

Combining Django & Elasticsearch

Some thoughts and ideas on how to integrate Elasticsearch into your Django project. I gave that talk at a Django Users Berlin meetup.


You Should(n’t) Normalize Your Database

This talk you make you start thinking about when database normalization — as you might have learned during computer science lessens at school or university — is a good approach and when you should actually avoid it. I gave this talk at various occasions, one being the pykonik, the Krakow Python meetup, where I have been invited to by the amazing Ola Sendecka and Tomasz Paczkowski.

Introduction to Django-CMS

An introduction to a very early stage of Django-CMS 3.


Showing BVG Departures In Your Office