Platform Engineers Oslo

Platform teams face a critical bottleneck: developers demand rapid project bootstrapping, while maintaining security and consistency standards.

Join Derry Bradley, Field Engineer at CircleCI, to learn how to leverage self-service developer platforms that eliminate provisioning bottlenecks.In this session, Derry Bradley will demonstrate how Terraform and templated CI/CD create secure "paved roads" for rapid project bootstrapping, while maintaining organizational control. You will:

• Understand architecture patterns for IDP-driven infrastructure provisioning
• Learn how to implement security layers with OIDC and restricted contexts
• Discover the benefits of creating reusable pipeline templates with flexible override capabilities
• Leverage CircleCI's MCP integration to reduce developer context switching

After a 30-minute talk there’ll be a 15-minute Q&A, for which we encourage you to submit questions in advance.
A webinar recording and related materials will be shared with all attendees after the event.

______________________
Derry Bradley - Senior Solutions Engineer @ CircleCI

Derry Bradley is a Senior Field Engineer at CircleCI, where he helps organizations streamline their software delivery through tailored automation solutions. He demonstrates the technical feasibility of the CircleCI platform to technical audiences and provides guidance from pre-sales through implementation.

Prior to CircleCI, Derry was a Software Engineer at Fidelity Investments, where he built automated CI/CD pipelines, developed cloud infrastructure, and trained teams on DevOps best practices

Helm charts streamline Kubernetes deployments, but they introduce potential security vulnerabilities. This practical workshop explores common threats, attack scenarios, and proven strategies for securing Helm charts through Cloudsmith's artifact management, maintaining supply chain integrity and regulatory compliance.

Misconfigured charts, unverified dependencies, and lax RBAC and privilege settings can lead to supply chain attacks in Kubernetes. If your business or open-source project relies on Helm charts, which is likely the case if you’re using Kubernetes, this session covers best practices and automation strategies to secure your containerised workloads, by:

• Verifying every asset: Validate public Helm charts, dependencies, and images from popular OSS projects before deployment
• Automating compliance: Scan for vulnerabilities with Trivy and enforce runtime OPA Gatekeeper security policies in real-time.
• Preventing supply chain attacks: Audit and manage Helm charts before distributing through secure repositories.
• Accept the manual overhead: Understand that most charts are insecure-by-default, and require further security checks by your team.

Bonus: Participants will receive access to a hands-on, interactive Instruqt lab platform that analyzes actual insecure chart templates and demonstrates how to scan and detect these vulnerabilities with open-source tools, implement security standards, and properly validate Helm charts prior to production Kubernetes deployment.

After a 30-minute talk there’ll be a 15-minute Q&A, for which we encourage you to submit questions in advance.
A webinar recording and related materials will be shared with all attendees after the event.

___________________
Speaker:
Nigel Douglas - Head of Developer Relations @ Cloudsmith

Nigel Douglas is the Head of Developer Relations at Cloudsmith. He champions Cloudsmith’s developer ecosystem by creating compelling educational content, engaging with developer communities, and promoting Cloudsmith as the go-to solution for artifact management and supply chain security. Nigel helps build and shape the DevOps community through events, tutorials, and innovative programs.