Sessions

As a friend of mine always says, "Technology is easy; people are hard." As important as it is to grow your technical skills, it is vitally important to also nurture your personal skills. In this session we will dive into the "soft" skills that are often harder than the complex technology we work with every day, using scientific studies and actual case stories where knowing the technology wasn't enough, backed by 15 years of experience in consulting, working with dozens of clients and technologies, and hundreds of individuals from developers to C-Suite executives.

In 2024, there are multiple ways that your next big money-making idea can get off the ground. However, choosing the right tools upfront means being able to add features sooner and make your customers even happier. In this interactive session, we'll explore what it takes to build a modern fullstack serverless application on AWS that uses generative AI. We'll then iterate on the the approach by introducing new features and services based on real-world scenarios from actual AWS customers.

You may have heard about this thing called .NET Aspire, and you've been told it's only for cloud native distributed systems and microservices. Did you know that's not the case? .NET Aspire brings value to any application whether it's a single majestic monolith running on-premises or an application with thousands of microservices running in the cloud. In this talk, we'll break down Aspire from the ground up. We won't be creating an Aspire project that pre-wires everything up for you. We'll start with an empty project and then add on the Aspire bits so you can see how this works under the hood. We'll set up the app host, the service defaults, various Aspire components, and of course the fancy dashboard. By the end of this talk, you'll not only have a better understanding of what Aspire is and how it works, but you'll also realize that every application should be using Aspire today, not just cloud native distributed applications.

Great software development isn’t just about writing flawless code—it’s about building strong teams, fostering collaboration, and navigating change with agility. In this workshop, we’ll dive into the principles of Adaptive Leadership, equipping you with the tools to be not just a great coder, but a powerful team player and leader. Through a mix of theory and hands-on exercises, you’ll learn how to tackle deep-seated challenges, foster innovation, and lead your team through the complexities of today's ever-evolving development landscape. Learning Objectives: Identify and Address Challenges Beyond Code. Learn to spot and address adaptive challenges within your team using strategies like "Getting on the Balcony" and "Identifying the Adaptive Challenge." Foster a Culture of Innovation and Inclusion. Understand how to give ownership back to your team, leveraging diverse perspectives to create an environment that encourages experimentation and fresh ideas. Lead Through Change with Confidence. Build the skills to maintain focus, regulate stress, and navigate uncertainty, ensuring that your team stays resilient and adaptable in the face of change.

As cloud adoption continues to surge, with global spending projected to hit $597.3 billion by 2023, leveraging multi-cloud environments has become essential for businesses aiming to optimize costs and boost operational efficiency. With 89% of enterprises now utilizing multi-cloud strategies, this approach offers a strategic advantage in reducing vendor lock-in, accessing diverse services, and achieving significant financial savings. In this session, we will explore the nuances of multi-cloud implementation, focusing on how to strategically optimize workloads, leverage a diverse array of cloud services, and select the right instance types to maximize cost savings. By presenting data from leading industry reports, we will illustrate how organizations employing multi-cloud strategies have achieved an average of 15% reduction in cloud expenditures and a 93% decrease in unplanned downtime. Participants will learn how to effectively distribute workloads based on performance and cost criteria, utilize various cloud providers to cut costs by up to 90% through spot instances, and enhance system resilience through geographic diversity and redundancy. Additionally, the presentation will emphasize the importance of ongoing benchmarking to ensure real-time cost and performance optimization, offering insights into improving negotiation leverage and refining cloud infrastructure. We will also address common challenges in multi-cloud management, including complexity, data transfer costs, and governance issues, and provide practical solutions such as advanced management tools and standardized processes. Attendees will leave with actionable strategies to develop cost-effective, resilient, and scalable multi-cloud architectures, paving the way for sustained operational success.

The Agile Manifesto says "Working Software over Comprehensive Documentation", not "Do No Documentation". Let's talk about how some simple architecture documentation can help bring clarity and consistency to a project. 1. Let's describe the problem 2. Team size and maturity matters 3. Who, What, and Why? 4. Guides, not Instructions 5. Walkthrough of implementation example with C4 and IcePanel 6. Wrap up and Questions

In today's fast-paced digital landscape, large organizations are constantly seeking innovative solutions to streamline workflows, enhance productivity, and deliver exceptional user experiences. Retrieval-Augmented Generation (RAG) emerges as a transformative approach that combines natural language understanding and generation models. This talk dives into the realm of RAG, offering a comprehensive exploration of its principles, applications, and implications within organizational contexts. Attendees will gain insights into how RAG can revolutionize knowledge management, decision-making processes, and user interactions. Through real-world case studies and best practices, this presentation equips attendees with actionable strategies for implementing and maximizing the potential of RAG within their organizations. Join us as we uncover the untapped opportunities and navigate the challenges of integrating RAG into the fabric of large organizations, paving the way for unparalleled innovation and efficiency in the digital era

In today's constantly connected, always available world, effective communication is paramount for businesses and organizations to thrive. Two-way text messaging applications have emerged as powerful tools to facilitate real-time, personalized, and interactive conversations with customers, clients, and stakeholders. This conference session aims to delve deep into the world of implementing these interactions and unlocking their potential for enhancing engagement, customer satisfaction, and operational efficiency. This session will explore not only the technical how of implementation but will also explore the personal, legal, and emotional considerations regarding the proper application architecture to ensure that a truly effective communication strategy can be realized. With an example application at hand, the session will explore feature enablement, user experience expectations, feature support, and regulatory impacts of SMS messaging implementation projects. Attendees will leave with the tools and insights to create their own solutions within their apps to better service customers in a manner that is repeatable, reliable, and relatable to a wide variety of users.

Do you have unstructured data sitting around that you can't get value out of? Let's turn it into something useful! Learn how to navigate pesky mixed-media pdfs and use few shot prompting with images to improve data accuracy.

Do you want to test all of your Entity Framework queries without setting up a test database? Do you want to test your API without leaving Visual Studio? Do you want to add integration tests to your CI build without adding another library? Do you want to "cheat" and hit 95%+ code coverage? In this talk, I will walk through using the WebApplicationFactory (Microsoft.AspNetCore.Mvc.Testing) library to spin up your API in memory. I will then show how to add an in-memory data connection. Finally, I will pull it all together and show a full integration test.

Everyone finds themselves in the position of looking for a job at some point in their career. The key is being ready, which should start before you are looking. This talk will equip you with practical tips from your resume/LinkedIn, what to do along your career to help you tell your story, interviewing pointers, the compensation conversation, and what employers look for when they turn outside to hire leaders and senior engineers. I'll also shoot straight about the strategic use of third-party recruiters - when and, more importantly, when you should NOT use one. You do not need to actively look for a role to find value in this conversation. My goal is to give engineers a streamlined approach so that when the time comes, they are prepared and it's a positive experience.

Developers who love strongly typed languages like C# but also see the value of rich interactive web applications can now "have it all" with Asp.NET Core Blazor! Blazor is a component-based, reactive framework that builds on top of modern .NET, Razor syntax, HTML, and CSS, to create a single-language full-stack application. Components can be statically generated on the server, be live-updated from the server via WebSockets, or run in the client browser just like a JavaScript SPA application. In this session, we will learn how to get started with Blazor, as well as some advanced tips and tricks.

Zero downtime deployments is just something people talk about but never actually do, right? Wrong! In this presentation, Mike will highlight the building blocks to enable zero downtime deployments for an ASP.NET application in Azure. He will discuss several dev team practices that contribute to pain-free deployments. He will show patterns in GitHub Actions for deployments. We will touch on using Bicep for Infrastructure As Code, as well as methods for performing database migrations. After this presentation, you should have all the tools you need to improve your deployment process.

Do you have a lot of BFFs (Back-end for Front-end) that you are maintaining for your front-end applications? Do your front-end applications require a lot of disparate calls to different services? Is your front end having to deal with multiple security models to appease back-end requirements? Are you in the process of modernizing your back-end and need a way to abstract the migration from consumers? This session will include live coding to demonstrate building a federated graphQL schema using disparate technologies and data stores. Furthermore, it will show how a front end can call that graphQL instance using one security model and pull back data from those sources. Finally, we will switch out one of the back-end services and show how the consumer doesn't need to make any changes. Attendees to this session will learn the following items. What is a graphQL query? What is a graphQL mutation? What are subgraphs? What is a supergraph? How do all these items fit together? How does security work? How do consumers interact with graphQL?

As the Metaverse evolves, the demand for immersive experiences through Augmented Reality (AR), Virtual Reality (VR), and Mixed Reality (MR) is growing rapidly. However, developing these experiences can often seem complex and overwhelming. This session is designed to demystify the process, offering practical insights and techniques for building AR/VR/MR applications with ease. We'll explore the foundational principles of AR, VR, and MR, and provide a clear roadmap for creating engaging, high-quality immersive environments. Whether you’re new to the field or looking to refine your skills, this session will equip you with the essential knowledge and strategies to bring your Metaverse projects to life, making the development process more accessible and manageable.

A new ticket comes in. It's for "that app." You know the one. The one nobody wants to touch, because the code is a mess and yet the application is business critical. In this talk, the fancy technologies will be put to the side, and instead the the reality most people live in will be acknowledged. You'll learn how we can evolve legacy code from the state it's in today to the value we need to get from it tomorrow

In 2024, it’s hard to find an application that isn’t enhanced with some form of AI capabilities. If you’re curious about the AI buzz but unsure how to integrate it seamlessly with your existing Spring applications, this session is for you. We’ll explore essential AI terminology and create a Spring-based application that easily integrates with various Large Language Models, such as OpenAI’s GPT-4. Time permitting, we’ll demonstrate creating effective prompts, utilizing OpenAI’s function calling, and implementing Retrieval Augmented Generation (RAG).

We all want to have someone else review our C# code to make sure it's written well. Wouldn't it be even better if we can have that review process done automatically? In this session, you'll see how you can use static analysis tools to find all kinds of implementation issues before they show up in a release. You'll also see how you can create your own analyzers to hunt down problematic areas in code.

Come discuss software topics with others, moderated by the Iowa Code Camp leadership. The advantage of fishbowl is that it allows the entire group to participate in a conversation. Several people can join the discussion.

The landscape of cross-platform app development has evolved significantly with the introduction of .NET MAUI, and developers are presented with a myriad of architecture choices. In this engaging conference talk, we will embark on a comprehensive exploration of .NET MAUI and its versatile architecture options. Whether you're a seasoned developer looking to expand your horizons or a newcomer eager to make the right architectural choices from the start, this session is designed to equip you with the knowledge and insights needed to navigate the architectural intricacies of .NET MAUI. This talk will explore the differences between the various architectures and how existing team skillsets, business requirements, or legacy code can impact the proper selection of project architecture. Filled with practical examples and real-world user feedback and backed with documentation guidance, attendees will leave the session with a keen understanding of the options available to them and why their team may need to go in a particular direction. Additionally, they will be armed with the proper references to make an educated decision on their project's future direction.

Your team has been working well for a long time, but developers keep checking in the connection strings to Azure Services (like SQL Databases and Storage). You know that once you check in a secret it should be considered compromised so you've built a robust rotation strategy and you are ready to move forward, but you want to solve the real problem, which is preventing the team from checking in (and even knowing) what your secrets are. Another problem that you noticed is that Application Insights and your users are logging sensitive information that needs to be sanitized. In this session you will learn how to get notifications when users have checked in secrets using GitHub and third-party tools. You'll also see how to leverage secrets in your code without having to know the secrets, both locally and at Azure via the Azure Key Vault. You will then learn how to leverage secrets that need to be shared to Azure App Configuration and have the ability to use them from your local and Azure environments. To complete the journey, you will then learn how to capture output before committing to your logs (or app insights) with a few simple code changes to make sure that sensitive information is sanitized before being permanently recorded.

We’re not talking about the outdoor game where you are trying to steal a physical flag and bring it back to your base, this capture the flag is a series of computer security challenges you solve to retrieve a flag and get points! Solving these challenges require various skills including decrypting content, SQL Injection, reverse engineering and more. Learn about how capture the flag works, where you find challenges/competitions, and some techniques required to solve them. I went from never having tried one to winning a competition the next year. The challenges are not only interesting, they helped change my perspective about how web sites are attacked and how I could better protect them.

Join us as we explore the transformative potential of diverse perspectives, collaboration, and the wisdom of crowds. In this engaging talk, we'll dive into the benefits of surrounding ourselves with people who possess different skills, experiences, and knowledge. We'll examine how embracing intellectual humility and being open to learning from others can lead to groundbreaking insights and innovative solutions. By the end of this talk, you'll be inspired to embrace intellectual humility, appreciate the wealth of knowledge that surrounds you, and understand the true power of collaboration in our ever-evolving world.

Between aggressive deadlines and mounting Tech Debt, teams often feel helpless . They struggle to deliver high quality solutions they are proud of which also delight their users. Sometimes leaders can't help them. Teams recognize the origins of the mess but often grapple to break free. Thankfully there are tried and true tactics to tackle the tech debt troubles, Today! You don't need a dramatic dedicated deconstruction department. You and your team can solve this yourselves! Learn technical, political, and procedural techniques to create more joy in the new work with less pain from the old.

You've heard about advanced prompt engineering and Retrieval Augmented Generation (RAG), but now, all the cool kids are talking about "Function Calling" and "Agentic Workflows". What does that mean? Here we talk about different aspects of agentic workflows and walk through a very simple example you can use with any model you want.

In this presentation, we will explore the powerful capabilities of OpenRewrite, a cutting-edge tool for automating code refactoring and modernization across various programming languages. Attendees will gain insights into how OpenRewrite can streamline large-scale code transformations, enforce best practices, and improve code quality with minimal manual intervention. We'll dive into real-world use cases, demonstrate how to create custom recipes, and discuss best practices for integrating OpenRewrite into your development workflow. Whether you're a developer, architect, or tech lead, this session will equip you with the knowledge to harness OpenRewrite for more efficient and effective code management.

You’re in the cloud or you’re about to move and you’ve heard about this Infrastructure As Code (IAC) thing. As you start to dive in you realize you’re overwhelmed with options. Terraform? CloudFormation? CDK? Pulumi? Bicep? ARM? Which do I pick? In this talk we’ll demystify what IAC is, why you should be doing it if you aren’t already, give some pros and cons of all the different options out there, and then show real live demos of IAC in action to compare the approaches. You'll also see how to integrate DevSecOps into your pipelines to prevent cloud misconfigurations. If you feel iffy about IAC or cloud configuration in general, this talk is for you.

A lightning talk is a very short presentation lasting only a few minutes sharing a technical topic of interest. Come share with others!

As AI technology advances, the need for highly efficient and customizable models has never been greater. This session delves into the world of Phi SLM (Small Language Models) and the art of fine-tuning, offering a comprehensive guide to building custom AI solutions tailored to your unique applications. Join us to uncover the fundamentals of Phi SLM, a powerful approach for creating efficient, interpretable models. Discover how fine-tuning can further optimize pre-trained models, enhancing their performance for specialized tasks. By the end of this session, you'll be equipped with the knowledge and tools to harness the power of Phi SLM and fine-tuning, enabling you to develop AI solutions that are not only robust but also precisely aligned with your application’s unique requirements.

Question: is it possible to introduce new features and provide bug fixes for an application once the source code is lost? Most of the time, when approached with this scenario, organizations resort to a very expensive rewrite project. What happens though, if the legacy application just needs 10-20 bug fixes and it otherwise sufficient for the time being? Advances in reverse engineering over the last few years have made binary patching and modification much easier than in the past. Even for bytecode-based languages, such as C# (CLR) and Java (JVM), new tools allow for analyzing and even modifying existing programs, without the source code, without even recompiling! Now bugfixes are just an example of the approach, but there is no reason to stop there! Here's a scenario; your business relies on an ancient 3rd party WinForm app for critical business processes; using reverse engineering and binary patching, there is nothing prohibiting you from introducing a REST API on top of the old application, thereby increasing the shelf life of the "legacy" software.

Learn the fundamentals of cryptography, including public/private and symmetric encryption, hashing, and digital signatures. Discover which techniques are appropriate for various situations. Review practical real life examples for storing passwords, protecting URL parameters, securely exchanging information with partners, and safely encrypting sensitive information on public web sites. Concepts apply to all platforms, examples will be in C# and .NET

Picasso said, "Learn the rules like a pro, so you can break them like an artist." In this talk, Judah De Paula PhD, will draw upon over two decades of industry experience to discuss some of his favorite rules for writing software and explain why the rules sometimes work better in theory than in practice. For example, one must accept you suck as a programmer before you can be good at it. If you think there is something Zen in that, he does too. Concrete examples will be mixed with theoretical principles to inspire you to think of your daily routine in new ways. Code will be in C# and Python. You might be briefly forced to learn about Pascal the programming language and Pascal the man.

Good feedback has the power to improve performance, increase team engagement, and lead to higher quality products. The ability to deliver feedback is an essential skill for high performing teams. Good feedback is clear and delivered in a way that preserves working relationships. This talk will explore key elements to include in good feedback and leave attendees able to more confidently and effectively communicate both positive and constructive thoughts to their teammates. We’ve all been in a situation where we want to give feedback but are struggling to find the best way to do it. Maybe a coworker said something in a meeting that undermined your credibility or a teammate is consistently delivering late or low quality work. How do you address the situation in a way that preserves your working relationship, but still solves the issue? Giving feedback can feel awkward. What do I say? Am I going to hurt their feelings? We will explore methods for giving well crafted feedback that make sharing your observations with a teammate feel less daunting and lead to more productive team dynamics.

One of the features added in C# 9 is called "source generators", enabling a developer to create new code at compile time. This can be used for a myriad of cases, such as optimization, automating repetitive code, and dynamic API creation. In this session, I'll cover how source generators work and demonstrate a number of implementations.

I would like to cover the importance behind using tools, frameworks, and libraries as black boxes, but making sure that you open the hood and understand what is going on underneath. So often, a lack of deeper understanding about third party code can lead to issues. Performance, security, and just your general approach to development can be improved if you take the time to understand the inner workings of what you are using. Some real world examples will be provided from my experience in the industry and plenty of time for discussion and questions.

One of the best ways to improve data literacy and foster an active, passionate data culture within an organization is to establish a "Community of Practice" around the technologies the organization uses to process, store, analyze, and consume data. In this session, we'll learn about "The Data Dojo: A Power BI Community of Practice," which was established at Des Moines University to facilitate the sharing of knowledge and experience among faculty and staff interested in analyzing the data generated by their teams and departments. We'll also talk about the Data Dojo's egalitarian founding principles and unconventional structure, some of the topics we've covered at our workshops, what has gone right, what we could have done better, and what we're planning for the future. And finally, we'll discuss how you can encourage data literacy and foster a vibrant data culture within your organization by establishing a Data Dojo of your own!

A non programmers show and tell of an engine built for providing novel insight into the action on a basketball floor. Now we really get to see the value of who's out there playing. A college programmer who hasn't programmed in YEARs rolls his sleeves back up on a basketball related passion project. Go get some !

What is a hardware root of trust? Why is it important? What measure of security does a hardened host provide? These are some of the questions I hear when I bring up the topic of boot security. This talk is focused on how computers boot up and how technologies like Intel Secure Boot work. We will go over the boot process before the OS is executed and talk about some of the attacks that are possible at this stage and the impact such an attack can have on the entire platform. After this groundwork is complete, we will talk about how some of the different hardware root of trust technologies work to mitigate the risk posed by these types of attacks.

Working in a product space requires knowing how to take a very complex problem and break it down into iterative chunks. Far too often, we’re so wrapped up in the problems we’re solving professionally, that we completely forget to introspectively look at ourselves and ask what problems in our own lives need solving. Burnout is real and worth addressing. But much like the dev process, understanding the “why” behind behavior leads to a more sustainable outcome. We want to develop a framework and language to properly identify burnout and how we can work through it.