The Hands-On Container Conference

Join us at the 2nd annual Sysdig CCWFS – The Hands-On Container Conference

This community-driven event is focused on the hands-on container practitioner as well as the strategic thinker. This educational event will bring together organizations using containers, those who are thinking about containers, and Sysdig lovers as well. The event will be deep, enlightening, hands-on, and generally awesome.

What should you expect? We think that we can pack a lot into a couple days, so you can simultaneously step up your container knowledge and skills big-time, have some fun, and meet some great people.  We promise to keep you well feed and hydrated.


  • **Early Bird** Registration

    Register now to be an Early Bird and save $175.00.  Tickets are limited and may run out quicker than you can kill a container!

    Thru Aug 31
  • Full Conference Registration

    Attend 2 full days of container, microservices, and orchestration technology sessions and hands-on labs.

    Opens Sept 1
  • Sysdig Contributor

    For dedicated Sysdig open source contributors with 3+ Sysdig or Falco commits.

    Commits will be verified.

    3+ commits

Schedule at a Glance

  • Day 1: September 26
    8:00 - 9:00
    Breakfast, Registration & Partner Showcase
    9:00 - 9:45
    Opening Keynote
    9:45 - 10:30
    Really Crazy Container Troubleshooting Stories
    In this talk, the presenter will share a few container troubleshooting stories that were encountered in the life of an infrastructure operator. The use cases are deliberately chosen to be a bit advanced and focused around exploring the inner workings of core libraries and kernel, to remind everyone that even the lowest level of modern systems need some love. The talk will follow a hands-on agenda, interactively iterating over all the key points of the troubleshooting process, focusing on the different tools used and providing immediate value to the listener, who should be able to apply the various workflows to other scenarios. Example use cases presented: - Troubleshooting resource isolation between containers - Tracing the root cause of a crashing containerized application - Monitoring memory and performance issues in containers
    10:30 - 10:45
    Lightning Talk: Top Container Use Cases
    Top use cases and different architectures for building and running containers. Overall, my goal is to help you gain insights into how you can most benefit from running containers in your environment.
    10:45 - 11:00
    Morning Break & Partner Showcase
    11:00 - 11:45
    Hey Bro, meet Sysdig
    11:45 - 12:30
    Lunch & Partner Showcase
    12:30 - 1:30
    Afternoon Keynote: Docker
    1:30 - 2:30
    Fishing for Hackers: A New Product Sneak Peak
    2:30 - 2:45
    Afternoon Break & Partner Showcase
    2:45 - 3:30
    No One Puts Java in a Container
    The current craze of Docker has everyone sticking their processes inside a container… but do you really understand cgroups and how they work? Do you understand the difference between CPU Sets and CPU Shares? Spark is a Scala application that lives inside a Java Runtime, do you understand the consequence of what impact the cgroup constraints have on the JRE? This talk starts with a deep understand of Java’s memory management and GC characteristics and how JRE characteristics change based on core count. We will continue the talk looking at containers and how resource isolation works. The session will detail specifically the difference between CPU sets and CPU shares and memory management. The session will close with a deep understanding of the consequences of running the JRE in a CPU share environment and the potential for pseudo-random behavior of running in a heterogeneous datacenter.
    3:30 - 4:15
    Sysdig Monitor Roadmap: Exploring Container Monitoring
    4:15 - 4:30
    Lightning Talk: Top 5 Kubernetes Metrics to Monitor
    4:30 - 5:15
    WTF My Container Just Spawned a Shell
    While there have been many improvements around securing containers, there is still a large gap in monitoring the behavior of containers in production. That’s why we created Sysdig Falco, the open source behavioral activity monitor for containerized environments. Sysdig Falco can detect and alert on anomalous behavior at the application, file, system, and network level. In this session get a deep dive into Falco: - How does behavioral security differ from existing security solutions like image scanning? - How does Falco work? - What can it detect? Building and customizing rules - Next steps
    6:00 - 9:30
    Paaaaaarty at Mission Bowling Club
    Join the party! A fun night at this funky, upscale bowling club with outstanding food and drink!
  • Day 2: September 27
    8:00 - 9:00
    Breakfast & Partner Showcase
    9:00 - 10:00
    Keynote: Kubernetes and Nomad. The Best of Both Worlds
    In this session you'll learn how Kubernetes and Nomad complement each other and provide a solid foundation for running diverse workloads across multiple computing environments.
    10:00 - 10:15
    Lightning Talk: Day 2 Operations with Containers: Myth vs Reality
    Containers have been hailed as an easy solution to many problems, from software testing to scaling stateless workloads in production. But anyone can write a deployment tool for a container-based infrastructure, the hard work comes when you get to day 2 and you need to handle the day to day operations and maintenance. Metrics, monitoring, logs, debugging, backups and upgrades are all considerations that operators need to take into account before they invest in a solution. Through lessons learned from direct experience in operations, as well as feedback from open source DC/OS community members, this talk will pull back the curtain to show the internals of how to handle these day 2 operations. It will also provide a checklist of things you want make sure are included when you build a plan for building and maintaining your infrastructure (hint: Logging should never be an afterthought).
    10:15 - 10:30
    Morning Break & Partner Showcase
    10:30 - 11:15
    3 Steps to Reducing Costs in Your Containerized World
    Congratulations, you are killing it with your container deployment. Application are faster and more stable with repeatable deploy cycles. You reined in the the single purpose server proliferation and consolidated them into isolated containers running on cluster of container. Your business owners are loving the higher feature velocity, and the somewhat lower costs. But do you know how much your container infrastructure costs, and how well utilized it is? Can you say for certain that your clusters have the right resources mix? Do you know which workloads are the biggest consumers of resources? In this session, we'll show you the steps to identify inefficient resource allocation, and drive continuous improvement across your environment, leveraging detailed information from SysDig together with analysis from CloudHealth. We will demonstrate how to use both SysDig Cloud and SysDig open source to reduce costs and improve utilization and highlight best practices from leading organizations.
    11:15 - 12:00
    Securing Your Containerized Environment with Falco
    By now, most people should be well aware of Sysdig Falco, the open source, behavioral security monitoring tool from Sysdig. In this presentation, I will walk through the simple process of deploying Falco across your Kubernetes fleet, and demo some of the unique insight that you can gain with behavioral monitoring of the containers in your cluster. I'll walk through Yahoo's use cases around visibility and compliance, as well as discuss some of the modifications we made to Falco's rules to meet our needs.
    12:00 - 12:45
    Lunch & Partner Showcase
    12:45 - 4:45
    The Container Troubleshooting Workshop
    This is the workshop you need to troubleshoot containers like a boss. Join us for a 4-hour use-case driven only training session on container visibility, troubleshooting and run-time security monitoring with the Sysdig open source tools (Sysdig and Falco) and learn how containers work under the hood.
    12:45 - 1:45
    Workshop: Visibility and Troubleshooting
    Learn how to debug a 502 error on a containerized LB with HAproxy, a Python webapp crashing after working for 5 minutes or where did you configure wrong credentials in a microservices app
    1:45 - 2:45
    Workshop: Analyzing Performance and Bottlenecks
    Compare yourself the performance of different web servers running in containers, use system call tracing to find the bottleneck in your application or learn how to use spectrograms (flame graphs) to visualize system call performance.
    2:45 - 3:45
    Workshop: Debugging Kubernetes
    Dive into Kubernetes internals using reverse engineering: why that Kubernetes service is valid but doesn't work? How does service resolution work? Or how Kubernetes instructs Docker Engine.
    3:45 - 4:45
    Workshop: Security Run-Time Monitoring and Forensics
    Last but not least, all these previous lessons can also be applied for security, not only doing forensics on an attack attempt. Sysdig Falco can alert on containers with anomalous behavior.



  • Address
  • Terra Gallery 511 Harrison St. San Francisco, CA
  • Email
  • [email protected]
  • Phone
  • 1.530.758.2923

Pre-Event Downloads

Sysdig Camp-Con-World-Fest-Summit is a hands-on event! Come prepared to interact through dynamic sessions and prepared labs. Here is what you’ll need for the Container Troubleshooting Workshop.

Please make sure to bring your laptop with your favorite Terminal and SSH client installed.

– If you don’t want to install anything on your computer, you will be able to SSH into a remote EC2 instance and run everything there.

– But if you are an advanced user and prefer to run things locally have prepared a Linux VM with Docker and Docker Composed installed:

– To install Docker:

– To install Docker Compose:

Note: use your favourite Linux flavor but make sure kernel headers are available to install Sysdig and Sysdig Falco.

– To install Sysdig:
– To install Sysdig Falco: