Talks
Posted on January 1, 0001 • 5 minutes • 978 words
I’ve been standing in front of crowds, waving my hands, and talking about containers, Kubernetes, and cloud infrastructure since 2018. I aim for 1 or 2 talks per year, enough to keep me on my toes without turning into a full-time conference speaker. Whether it’s a cozy meetup in Hanoi or a packed conference hall, I love sharing the war stories, the “aha!” moments, and the lessons learned from building and breaking things in production. Topics usually revolve around container orchestration, cloud infrastructure, security, and the never-ending quest to make developers’ lives a bit easier.
A few of my favorite talks in no particular order are:
- From Container to Bare Metal: Redefining OS Build with bootc – how we’re redefining VM patching by leveraging Red Hat’s bootable containers.
- The road to 0 CVE – our approach toward zero CVEs and how we utilize Sonatype Repository and Firewall to protect and secure our software supply chain.
- Secured Container Images with Wolfi – how we use Wolfi to build a set of secured base images for all of our application workloads.
- Defending Software Supply Chain Security in Banking – securing software supply chain in banking domain using SLSA framework and OSS projects like cosign.
- eBPF: A peek into the future of networking security and more – a brief introduction about eBPF, eBPF programming and its applications.
- Cloud Cost Optimization at Scale – how we use Kubernetes, .NET core and spot instances to cut EC2 billing cost by up to 80%.
Many of the above talks exist in various forms on the Internet, but the recording quality and my delivery quality wildly vary. Here are a couple that I think I nailed:
From Container to Bare Metal: Redefining OS Build with bootc
Note: Clicking the video constitutes your consent to view it via YouTube (including cookies). To view it on the YouTube site instead, please use this link.
We’re using Red Hat’s bootc to rethink how we patch VMs. Instead of the usual mess, we write a Dockerfile, build it with BuildKit, sign it with Cosign, and boom, you’ve got a bootable Linux system. The talk covers how we build, verify, and deploy OS images from OCI registries straight to bare metal or VMs. It’s pretty wild that you can treat your OS like any other container.
Presented at Chainguard - In Container We Trust tech talks .
Presentation Archive
2025
From Container to Bare Metal: Redefining OS Build with bootc
We’re using Red Hat’s bootc to rethink how we patch VMs. Instead of the usual mess, we write a Dockerfile, build it with BuildKit, sign it with Cosign, and boom, you’ve got a bootable Linux system. The talk covers how we build, verify, and deploy OS images from OCI registries straight to bare metal or VMs.
Presented at:
2024
The road to 0 CVE
Our approach toward 0 CVE and how we ultilize Sonatype Repository and Firewall to protect & secure our software supply chain security.
Presented at:
- Sonatype DevSecOps Leadership Forums - Singapore
Secured Container Images with Wolfi
0-CVE is not a myth. It’s actually very much achievable.
We were early adopter of Chainguard’s Wolfi and actively contribute to Wolfi from early days. This is the story how we use Wolfi to build a set of secured base images for all of our application workload.
Presented at:
- FOSSASIA Summit 2024 - Hanoi, Vietnam
- OpenInfra Summit Asia | OCP APAC Summit 2024 - Suwon, Korea
2022
Defending Software Supply Chain Security in Banking or Any Highly Regulated Environment
I presented about what we did to secure software supply chain in banking domain using SLSA framework and OSS projects like cosign, etc…
Presented at:
- OpenInfra Day Vietnam 2022 - Hanoi, Vietnam
2021
DevSecOps: Decoding…
I talked with Dang Sy Cong (FPT) and Luat Nguyen (CyberJutsu) about various aspects of DevSecOps: how to do security properly, securing the software supply chain, what’s going on in DevSecOps world, etc…
2020
eBPF: A peek into the future of networking security and more
This talk is a brief introduction about eBPF, eBPF programming and its applications in networking security and other areas such as profiling, tracing, etc…
Presented at:
- Vietnam Web Summit 2020 (Dec 2020) - Hanoi, Vietnam
Building Docker container: how many ways are too many?
This talk goes over all the ways you can use to build Docker container. Find out about the pros and cons of each method and what you should use in production.
Presented at:
- Viet OpenInfra Meetup #24. Videos available as Facebook livestream here .
2019
Building Next Generation Websites with Serverless and Micro-frontend Architecture
Is serverless technology mature enough for building real-world applications? Can we use it on actual workload on production? Is it still limited to backend only?
This talk dives into a novelty approach of using serverless technology to power everything you need for a website, from backend to frontend.
Presented at:
- Vietnam Web Summit 2019 (Dec 2019) - Hanoi, Vietnam
2018
Cloud Cost Optimization at Scale
This talk dives into some of the problems of scalability when running large application at scale: performance scalability and cost scalability. We describe and demonstrate how we make use of Kubernetes, .NET core and spot instances in increase availability and to cut EC2 billing cost by up to 80% in the process.
Learn about the flaws of spot instances, how to overcome that and use them in your system. The session covers the best practices and workarounds that we apply when using spot instances on our production workload.
The architecture that we used is not limited to AWS. It can be applied to other cloud providers like Google, Azure, etc…
Presented at:
- Vietnam Web Summit 2018 (Dec 2018) - Hanoi, Vietnam
- Kubernetes Hanoi Meetup #2 (Mar 2018) - Hanoi, Vietnam
Discussion: