Efficient DevSecOps Workflows With a Little Help From AI

From idea to the first line of code to production deployments - DevSecOps workflows help develop software faster. Everyone has reached a different level of adoption, and some processes may feel inefficient, or blocking progress and innovation.

Open the DevSecOps workflow, and find the stage where you spend the most time. Which is the most inefficient task? Planning issues after long discussions, MR review requests without context, maintaining legacy code, team onboarding with new project structures, missing unit tests, or analyzing the impact of security vulnerabilities, or even debugging blocking CI/CD pipelines with long stacktraces …

Join this session to hear a story about experienced pain points, wasted hours to debug and solve, and learn how a little help from AI makes DevSecOps workflows efficient again. Get inspired to take the learnings into action, and join the conversation after the talk with your feature ideas and stories.

What's the focus of your work these days?

Helping users and customers get more efficient through learning content and exploring new technologies. 

AI adoption increased massively in 2023, and 2024 will be no different. The landscape is moving fast, and learning can be overwhelming. My focus is to explain complex topics into stories and explore AI use cases for DevSecOps from different viewpoints.

What's the motivation for your talk at QCon London 2024?

AI can help make us more efficient beyond code suggestions across the DevSecOps lifecycle. It also expands into platform engineering and developer experience and opens new ways to look at Observability data or security vulnerabilities. 

A chat prompt to ask a question and get help sounds promising. What about data privacy, is my data being used to train the language models? Which alternatives are available to tackle these challenges?

My motivation is twofold: Understand the most inefficient task in your daily workflow and show ideas for getting more efficient. Changing sides into building AI and LLMs and looking behind the scenes – what is required to build, train, and operate your own cloud-native AI and solve privacy concerns.

How would you describe your main persona and target audience for this session?

Experienced developers, DevOps engineers, and platform engineers. Team leaders measure efficiency and productivity. An intermediate level is required for DevOps workflows, as well as a general understanding of cloud-native infrastructure. 

Is there anything specific that you'd like people to walk away with after watching your session?

To be able to identify the most inefficient tasks in the DevSecOps lifecycle and start implementing proposed ideas and actions. Explore new technology and projects, and start a conversation with attendees after the talk to share more use case stories where AI could help. 


Michael Friedrich

Senior Developer Advocate @GitLab

Michael Friedrich is a Senior Developer Advocate at GitLab, focussing on DevSecOps, AI, Observability. He loves to educate everyone and regularly speaks at events and meetups. Michael created o11y.love as an Observability learning platform, and shares technology trends and insights into day-2-ops, eBPF, OpenTelemetry and AI/MLOps in his opsindev.news newsletter. When not traveling and working remotely, he enjoys building LEGO models.

Read more
Find Michael Friedrich at:


Monday Apr 8 / 11:45AM BST ( 50 minutes )


Churchill (Ground Fl.)


DevSecOps AI/ML Efficiency Development Security


From the same track

Session architecture

Building SaaS From Scratch Using Cloud-Native Patterns: A Deep Dive Into a Cloud Startup

Monday Apr 8 / 02:45PM BST

A robust and extensible Cloud platform is the foundation on which to build and distribute powerful Software as a Service (SaaS). It provides a common layer upon which you can quickly iterate to deliver specialized services to meet the needs of your end users.

Speaker image - Joni Collinge
Joni Collinge

Founding Software Engineer @Diagrid

Session Infrastructure as Code

Borderless Cloud: Designing, Implementing, and Securing Apps Across Multiple Clouds

Monday Apr 8 / 03:55PM BST

There are different reasons why your team might want to leverage the multi-cloud architecture. It could be a result of the desire to enhance redundancy and optimize costs, to ensure regulatory compliance, or to capitalize on the diverse services offered by different cloud providers.

Speaker image - Adora Nwodo
Adora Nwodo

Senior Software Engineer, Founder of NexaScale, Multi-Published Author

Session AWS

Efficient Serverless Development: Latest Patterns and Practices on AWS

Monday Apr 8 / 10:35AM BST

Ready to dive into the world of serverless with AWS? In this talk, we're going to cut through the jargon and get straight to what serverless really means and why it's a game-changer for developers like us.

Speaker image - Yan Cui
Yan Cui

AWS Serverless Hero & Independent Consultant

Session storage

Stateful Cloud Services at Neon: Navigating Design Decisions and Trade-Offs

Monday Apr 8 / 05:05PM BST

Cloud-native engineering talks frequently focus on implementing and operating the stateless parts of applications.

Speaker image - John Spray
John Spray

Storage Engineering Lead @neon.tech, Formerly Redpanda, Inktank (Ceph), Whamcloud (Lustre)


Unconference: Cloud-Native Engineering

Monday Apr 8 / 01:35PM BST

An unconference is a participant-driven meeting. Attendees come together, bringing their challenges and relying on the experience and know-how of their peers for solutions.