While people are fixating on the threat AI brings to cybersecurity as
a discipline, there’s the considerably more pedestrian but crucial
perspective of securing these systems. The role of the CISO is
expanding beyond security practices to include risk management,
compliance, and more and these role expansions will cascade through
the organization.

Agentic systems collapse traditional boundaries between user, system,
and adversary. Not only do they introduce new risks, they challenge
foundational assumptions in security engineering. Identity and
authorization grants are fluid based upon contextual composition,
behavior becomes non-deterministic, and threat models become
continuous, not static.

What are the risks, challenges, and opportunities that are unleashed
at the intersection of security postures, agents with agency, ambient
authority, context-specific interactions, and engineering discipline?
How does one grow this capability in an organization and how does one
align their career in this direction.

Gartner just declared the semantic layer a non-negotiable foundation for AI. Most of the industry responded with a blank stare.

This presentation is the answer to that blank stare.

Classic system design teaches you how to scale requests. AI-era architecture teaches you how to scale reasoning, retrieval, tokens, tools, trust, and cost.

In the AI era, the best architects do not just draw boxes. They design authority, evidence, fallback, observability, and cost controls into every system.

Modern system design has entered a new era. It’s no longer enough to optimize for uptime and latency — today’s systems must also be AI-ready, token-efficient, trustworthy, and resilient. Whether building global-scale apps, powering recommendation engines, or integrating GenAI agents, architects need new skills and playbooks to design for scale, speed, and reliability.

This full-day workshop blends classic distributed systems knowledge with AI-native thinking. Through case studies, frameworks, and hands-on design sessions, you’ll learn to design systems that balance performance, cost, resilience, and truthfulness — and walk away with reusable templates you can apply to interviews and real-world architectures.

An architecture pattern is a reusable solution to a commonly occurring problem in software architecture within a specific context. However, lurking alongside these patterns are their dangerous counterparts—anti-patterns—that, while appealing in theory, can lead to costly and far-reaching consequences in practice.

Event-driven architecture (EDA) is a design principle in which the flow of a system’s operations is driven by the occurrence of events instead of direct communication between services or components. There are many reasons why EDA is a standard architecture for many moderate to large companies. It offers a history of events with the ability to rewind the ability to perform real-time data processing in a scalable and fault-tolerant way. It provides real-time extract-transform-load (ETL) capabilities to have near-instantaneous processing. EDA can be used with microservice architectures as the communication channel or any other architecture.

In this workshop, we will discuss the prevalent principles regarding EDA, and you will gain hands-on experience performing and running standard techniques.

AI models are evolving fast, but the systems around them aren’t. Every backend change still breaks your carefully tuned AI client, while on the web, every change to a server doesn’t require you to download a new browser. What if AI worked the same way?

Security problems empirically fall into two categories: bugs and flaws. Roughly half of the problems we encounter in the wild are bugs and about half are design flaws. A significant number of the bugs can be found through automated testing tools which frees you up to focus on the more pernicious design issues. Even in the time of AI, there's a discussion to be had.

 In addition to detecting the presence of common bugs as we have done with static analysis for years, however, we can also imagine automating the application of corrective refactoring. In this talk, I will discuss using OpenRewrite and the Moderne cli to fix common security issues and keep them from coming back.

In the fast-paced world of software development, maintaining architectural integrity is a
continuous challenge. Over time, well-intended architectural decisions can erode, leading to unexpected drift and misalignment with original design principles.

This hands-on workshop will equip participants with practical techniques to enforce architecture decisions using tests. By leveraging architecturally-relevant testing, attendees will learn how to proactively guard their system's design, ensuring consistency, scalability, and security as the codebase evolves. Through interactive exercises and real-world examples, we will explore how testing can serve as a powerful tool for preserving architectural integrity throughout a project's lifecycle.

Key Takeaways
Participants will learn to:
Write architecture-driven tests that validate and enforce design constraints.
Identify architectural drift early and prevent unintended changes.
Maintain consistent, scalable, and secure architectures over time.
Collaborate effectively within teams to sustain architectural excellence.
Prerequisites
Basic Understanding of Software Architecture: Familiarity with architectural patterns and
principles
Experience with Automated Testing: Understanding of unit, integration, or system testing
concepts
Collaboration and Communication Skills: Willingness to engage in discussions and
teamwork
Experience working with Java
Optional
Familiarity with Static Analysis and Code Quality Tools: Knowledge of tools like ArchUnit,
SonarQube, or custom linters is beneficial but not required
Experience with Large-Scale Systems: Prior work on complex systems can enhance the

This workshop will explore the principles of the Ports and Adapters pattern (also called the Hexagonal Architecture) and demonstrate how to refactor legacy code or design new systems using this approach. You’ll learn how to organize your domain logic and move UI and infrastructure code into appropriate places within the architecture. The session will also cover practical refactoring techniques using IntelliJ and how to apply Domain Driven Design (DDD) principles to ensure your system is scalable, maintainable, and well-structured.

As software professionals, we deal with complexity and uncertainty on a daily basis. In fact, we are often masters at understanding all the various forms of systems complexity, and often are proficient at coherently communicating designs and solutions.

Unfortunately, within and amongst organizations, we set ourselves up as “the expert” – as prima donnas, if you will. Oftentimes, we set up unnecessary psychological competitions amongst peers, rather than treating peers and the wider software community as just that: collaborative and self-improving communities. Surely, there are better ways of working as a community and a society that promote individual and community growth, learning, and exponential improvement.

There's a clear need for security in the software systems that we build. The problem for most organizations is that they don't want to spend any money on it. Even if they did, they often have no idea how much to spend. No particular initiative is likely to imbue your system with “security”, but a strong, deep defensive approach is likely to give you a fighting chance of getting it right.

Web Security as applied to APIs in particular are an important part of the plan. In this workshop, we'll show you how approaches to defining “enough” as well as concrete techniques to employ incrementally in your designs.

In this workshop, we will pick a hands on framework for implementation, but the ideas will generally be standards-based and transcend technology choice so you should have a strategy for mapping the ideas into your own systems.