From idea to the first line of code to production deployments - DevSecOps workflows help develop software faster. There is a different level of adoption, and processes feel inefficient or block progress and innovation.
Open the DevSecOps lifecycle. Which is the most inefficient task you spend a lot of time on? Long discussions in issues, MR reviews without context, maintaining legacy code, team onboarding with new project structures, missing unit tests, analyzing the impact of security vulnerabilities, or even debugging blocking CI/CD pipelines with long stack traces…
Join this session to learn about efficient AI workflows with practical prompts and advanced practices with custom LLMs, retrieval augmented generation (RAG), and AI agents. We will also discuss how to implement AI guardrails and measure the impact of AI on DevSecOps efficiency. Get inspired to implement everything into your AI adoption plans, and join the conversation after the talk.
Interview:
What's the focus of your work these days?
I’m working with customers to adopt AI into their environments and workflows through workshops and tutorials. This comes with a rich variety of requirements (many programming languages, frameworks, IDEs, platforms) and keeps me challenged to find the best Chat prompts and Code suggestions comment prompts in real use cases. The future is beyond code generation though - I need to validate how Root Cause Analysis and explaining vulnerabilities aid developers, platform engineers and security engineers in their current tasks. All my conversations lead to fresh ideas and feature proposals for the product roadmap.
I’m also getting creative – refactoring Perl to Python, C to Rust actually works with AI/LLMs, similar to learning COBOL for the first time in my life … with a little help from AI.
What technical aspects of your role are most important?
Deep understanding of development challenges, and programming languages in general. My background is in C/C++, Python, Go, but I also feel confident in C#, Java, and Ruby. If I want to convince you to use AI in your workflows, I need to feel the pain points and create helpful learning content to enable adoption. Customer environments are diverse and unique, and require a technical understanding of operations/SRE, development, and security workflows to ensure that everyone can contribute.
Transparency helps me achieve that, with YouTube sessions and a low level of shame, aiming to solve a challenge, fail often, debug, think, iterate, and finally come to a successful moment.
How does your InfoQ Dev Summit Munich session address current challenges or trends in the industry?
The session will provide two angles - for those who are beginners, seeking to add AI into DevSecOps workflows to gain efficiency benefits, and for those who are experienced with AI and different tools and platforms, looking for AI impact analysis, guardrails and advanced tips for prompt engineering.
Since the industry is moving fast, with LLMs getting better and new workflows being developed, I’ll try to address new challenges – or inspire discussions after my talk.
How do you see the concepts discussed in your InfoQ Dev Summit Munich session shaping the future of the industry?
Attendees can learn new use cases for AI, and take inspiration to propose and implement them into their work environments. The overall goal is efficiency, but we also need to make sure that everyone understands the benefits and potential blockers or problems with AI. For example, AI won’t replace security scanning and testing – but it can be your efficient helper in existing DevSecOps workflows.
Speaker
Michael Friedrich
DevSecOps AI Advocate @GitLab, 20 years in hardware/software systems engineering, it is always DNS
Michael Friedrich is a Staff Developer Advocate at GitLab, focussing on DevSecOps efficiency with AI. His desire to learn how a computer works brought him from Hardware/Software Systems Engineering to DNS to open-source monitoring development to authoring Git/GitLab training and DevOps workflows. Michael loves to educate everyone and regularly speaks at industry events and meetups. He enjoys unexpected challenges and creates best-practice tutorials and live-programming sessions. When not traveling the world and working remotely, he enjoys building LEGO models and dives into embedded hardware adventures.
