DrupalSouth 2023 proposals

Call for papers is now closed.

We will contact everyone in early April.

Title Summary Track
Building an API with GraphQL 4 The GraphQL Drupal module provides a powerful out-of-the-box toolkit for writing GraphQL APIs backed by Drupal. There are also some great docs on how to get started and how to write some basic schemas and data producers.

However, with such a powerful toolkit, it can be hard to get your head around the concepts and how the puzzle pieces fit together, especially once you start getting into more complex content modeling.

In this session we'll cover:
- How to kickstart your GraphQL API
- The fundamentals of the module's architecture and how to write your own maintainable data producers.
- How to write secure Mutations to Create, Update, and Delete content on your site.
- A sneak peek into how to integrate all of this into a decoupled React app
Drupal Development
Drupal Confessions - We are not alone - Panel Sessions at Drupal South tend towards the positive and the evangelistic.

I have presented this panel format in the past and have had feedback of it's value
And others expressed interest in attending such a session again.

Newbies can come away from a conference with a sense that drupal is somehow magical, and certain features and modules can be enabled and configured with the click of a button.

Experienced Drupal users know that there are common gotchas. They've made their own mistakes.

There would be great value in a casual session, with an emphasis on casual, where people have the opportunity to express their honest experiences, let their guard down, a great chance for everyone to learn from other people's mistakes, and to give new developers (and even experienced ones) a chance to see that even the most experienced developers make mistakes. And often these are common mistakes. We are all in this together and you are not alone.

I'm envisioning this as being suitable as one of the last sessions for the conference, where everyone is ready to start winding down, and relax with a bit of fun, a completion and culmination of the previous events of the conference, prior to the final keynote. A chance for people to chill, enjoy themselves, and feedback some of their successes and their failures too.

I'll bring together and experienced and diverse mix volunteers for the panel chairs, so they can share their stories, and encourage the audience to come up with some examples of their own, and also ask questions that will inevitably come to mind.
Drupal Development
It's time to manage multiple sites under one roof. Numerous corporations are tasked with managing numerous brands at once. Usually, they design unique websites for each brand according to the requirements. Nevertheless, they might need certain standard components including client data, official statements, digital content, job listings, and more. The same data would need to be duplicated and managed across all sites, which would be unnecessary and ineffective.
Drupal CMS includes a ton of features that are quite helpful. Multisite is one of these features. Using Drupal's multisite capability can help decrease redundancy. You can leverage the data from all sites to grow operations in a unified way by developing a shared module in addition to each website having its own database.

In this session, I will go over more benefits of Drupal Multisite and how we can manage several sites using the same code base.



Learning Objective:

A Drupal Multisite: What Is It?
When to use a Multisite.
When dealing with Drupal Multisite, things to keep in mind.
Use Cases of Drupal Multisite.
Benefits of Using Drupal Multisite
Risks associated with the use of Drupal Multisite.
How to configure Drupal multisite in an effective way.
What is the best way to manage custom modules within a multisite environment?
Dealing with Drush in multisite environments.
Drupal Development
Announcing the 2023 Drupal Local Development Survey Results The Drupal Local Development Survey asks Drupal devs all over the world about the tools and processes they use when building amazing Drupal sites. It provides a fascinating insight into how Drupal sites get built and the people that build them. It's also really useful for web hosts and tool developers to build better solutions.

The survey used to be run by Jeff Geerling and Chris Urban in 2018 to 2020, but has been on a bit of a break. In 2023, it's back and has had a really amazing response.

The survey is open now and closing on April 17. We're hoping to share the results of this survey at Wellington for the first time. We'll answer questions like:

- How many people are working on headless Drupal sites?
- What's the most popular local environment manager?
- Do people still think they'll be working with Drupal a year from now?
- Which regions are still supporting Drupal 6 and 7 sites?
- What other PHP frameworks do Drupal devs use?
- How are Drupal devs testing the security of their sites?

And much, much more!
Web Tools & Technologies
How would you feel if your website could update itself Drupal 10 features provide developers with secure and smooth updates. The update feature will be added to the core and will be available for Composer-based sites.
The Automatic Updates Initiative is working on several major projects, including UX improvements, package signing for improved security, testing with various host providers, and so on.

The prime goal of this initiative is to strategically implement a safe system for Drupal’s automatically installing updates, reducing Drupal site’s total maintenance costs, enhancing Drupal site’s security that further leads to good user experience and making an easy entry for the users to the Drupal community without any major concerns.

Scope includes :
1. Availability of automatic updates for Drupal core patch and security releases.
2. For safe updates, site readiness checks are available.
3. Verification and code signing is accessible for updates from Drupal.org
4. Attainability of Composer integration.

Scope excludes
1. Major version updates and core minor.
2. The availability of contributed project updates.
Drupal Development
Six weeks on the dark side A case study about a GovCMS SaaS project with a dark theme - from kick off to forklift in 6 weeks (aka 3 sprints).

The presentation will provide insights into the project team structure, development set up, theming, content types, design iterations, and accessibility testing.

There will be low level technical information, and is aimed towards anyone who wants to know about our lessons learned on a short GovCMS SaaS forklifted project.


Showcases & Project Management
Vue JS for React JS developers and vice versa Developers can be a bit tribal at times, and when it comes to JavaScript frameworks, things can really get ugly.
But with the release of Vue 3, the differences between Vue and React might not be as big as you think.

In this session a React developer will share their experience building components with Vue 3's composition API and show the equivalent concepts from both frameworks in a way that should be familiar to developers familiar with either.

This session is for developers experienced in either React or Vue JS but curious about the grass on the other side of the fence.
Web Tools & Technologies
Build Your Own Mailchimp in Amazon SES Have you ever wanted to implement your own subscription and email templating system using Amazon Web Service's Simple Email Service? Me neither, but here we are. In this talk I'll go through the requirements that Land Information NZ (LINZ) gave us and how we shifted their custom Drupal 7 + Mailchimp mailing solution into Drupal 9 + Amazon SES.

I'll cover how to integrate Amazon SES into Drupal with webforms, build a queue system to handle high-volume mailing lists, the challenges we faced, hard limitations the AWS API has, and being able to contribute back to Drupal's open source community.

[The session is a mix of Drupal Development, Web Tools & Technologies, and Showcases, but the focus will be on developer-y technical things.]
Web Tools & Technologies
ChatGPT vs Acquia TAM For the longest of time, software architecture and development jobs were safe from automation. These jobs required in-depth knowledge and creativity that no rule-based algorithm could easily duplicate.

But, recent advances in Artificial Intelligence (AI) have made robots much smarter and are now able to “think” for themselves after being fed with a gargantuan amount of data scoured from the Internet. As tools like ChatGPT becomes more ubiquitous in everyday life, we start to wonder just how secure is my job as a Drupal expert? Can a robot really come up with a better solution to a problem than I can?

In this talk, I’m going to reveal what happens when I pit ChatGPT against some of my fellow Acquia Technical Account Managers (TAM) head-to-head in 3 rounds of Expert Challenges to see who comes up with better answers to typical Drupal problems.
Web Tools & Technologies
Streamlining CI/CD with Lagoon and Github Actions In today's fast-paced development environment, CI/CD is more important than ever. CI/CD (Continuous Integration/Continuous Deployment) helps us to catch errors early, automate tedious tasks, and deploy code quickly and easily. In this talk, we'll explore how Lagoon, an open-source platform for managing containers in Kubernetes, can help streamline your CI/CD pipeline. We'll cover the basics of Lagoon, including how to set up, test, and deploy environments, and then dive into how to use the Lagoon CLI to automate these processes.

We'll also showcase how to integrate Lagoon with Github Actions to make your CI/CD pipeline even more efficient. We'll walk through a demo that demonstrates how to use Github Actions to build and test your code, deploy to a Lagoon environment, and then run automated tests against that environment. We'll cover best practices for setting up Github Actions workflows and demonstrate how to use the Lagoon CLI within those workflows.

By the end of this talk, you'll have a better understanding of how Lagoon can help streamline your CI/CD processes and how to integrate Lagoon with Github Actions to create a powerful, efficient, and automated development workflow.
Web Tools & Technologies
Unlocking the Power of GraphQL in Drupal for Frontend Developers Frontend and backend teams need to work together seamlessly to deliver effective digital experiences. However, often these teams have different tools and ways of working that can create friction and inefficiencies.

This is where GraphQL comes in, providing a flexible and intuitive query language that allows frontend developers to access the exact data they need from the backend.

In this talk, we'll explore how Drupal and GraphQL can work together to empower frontend developers with a sensible API using `graphql` 4.x and `graphql_compose`, how you can create simple and targeted schemas for your frontend developers.
Drupal Development
Introduction to decoupled Drupal with a Gatsby frontend Decoupled Drupal has been quite abuzz, from centrally managed content, to multiple, swappable, fast and secure frontends. There are now several ways to decouple Drupal and we'll look at using the Gatsby ecosystem for the frontend.

We will step through the basic setup process using the https://www.drupal.org/project/gatsby module with the gatsby-source-drupal plugin and then I'll demo Drupal serving content and have Gatsby preview the frontend locally. (If the internet connection is working well, we'll try to build on Gatsby Cloud too).
This talk will best be suited to people who have never done this before, rather than for those who are already using this setup in production.

I have created a demo repo https://github.com/stewest/GatsbyDrupalSectorDemo with a local DDEV (Docker) option with both front and backend ready to install.
Drupal Development
How (anyone!) can get constructive user feedback. This session goes through the basics of how to get constructive user feedback from your product users, even if you’ve never facilitated any research or user testing before. It goes through key aspects of the feedback session covering what to include, avoid and common mistakes. Below is a guide of the presentation structure.
.
1. Make it clear what's going to happen
- What’s the plan and what will happen with their feedback – create an information sheet.
- Get their consent.
- Introduce the session, the people, the format.
.
2. Building rapport
- Clear your mind and be present. Participants can tell when you are distracted and not listening fully and they won’t share as deeply.
- Help the participant to feel comfortable.
.
3. What questions to ask and to avoid
- Person first, product second.
- Understand their goal for using this product.
- What to avoid
-- Validation vs insight.
-- Closed question including examples.
-- Leading questions including examples.
.
4. How to respond
- Reflective & Curious listening, what are these and how to use these to get more insight.
- What to do when they ask you a question.
.
5. Wrapping up a session
- Genuine thank you and express how helpful they have been.
- Next steps what will happen from here with what they’ve shared.
.
6. Observers – who to invite and how to prep them.
- Don’t get too excited yet – things to be mindful of when inviting observers.
- Get 1-2 of your clients to join.
- Creating the space for an effective session – how to prepare observers for joining a session.
.
7. Note taking / recording
- Buddy-up – Take notes as you go (if you can!)
- Write some main dot-points or summary directly after the session.
- Capture the findings in a spreadsheet with headings and filters.
.
8. Practice where you can
- Start with people you know.
User Experience & Content
Open Source, Seriously When done right, open source projects can have a positive impact also on society at large. When choosing an open-source CMS platform, you’re not just choosing a software product, but also a community-driven, collaborative approach to software development that is very different from that of closed-source vendors.

This talk is about the fundamentals of open source, but also about how these fundamentals affect more than our day-to-day work. We’ll look at how open-source projects depend on each other and how open source can contribute to a stronger civil society and democracy-building — and a new way to do development aid.

Open source practice can teach us a lot about how to live in a peaceful, free, and democratic society. And just like the benefits of civil liberties, the benefits of open source freedom can be easy to take for granted — until you lose them.
Showcases & Project Management
Services and dependency injection in Drupal 8+ Services : Service is any object managed by the services container. or we can say that services is a simple PHP class with some methods. we can access these services and methods in anywhere in the application with the help of service container.

The service can be used the in following way. We use the \Drupal::service() method to get an instantiated AliasManager object and then use a function in that object to translate the path to the alias.

$aliasManager = \Drupal::service(‘path_alias.manager’);
$path = ‘/node/123’;
$alias = $aliasManager->getAliasByPath($path);

Accessing Services: Services are all defined in YML files within Drupal. Every module that wants to define a service needs to create a file with the name of [module name].services.yml . In order to find all the available services in Drupal you can follow the services list .

So best practice for accessing the services is dependency injection instead of direct calling the global Drupal service container.

Dependency Injection : Dependency injection is a design pattern in which an object or function receives other objects or functions that it depends on. It means we can directly inject the services to the class __construct method, and it will load the dependency runtime when instantiate the class.

Why use DI in Drupal :

Decoupled functionality
Eases unit testing
Reusable & flexible code
Cleaner code
Retrieving dependencies from the container is better for performance.

How to Inject Dependency : DI with in Controller
Drupal Development
LINZ & Charts Showcase: From Discovery and Designs, to Development and Delivery In the middle of 2021, Sparks were tasked with rebuilding https://www.linz.govt.nz/ in Drupal 9, looking to replace the previous Drupal 7 website.

We'll cover the main build - matching like-for-like from Drupal 7 to Sector (https://www.sector.nz/) for Drupal 9, whilst working in an agile way: setting tasks to complete in fortnightly sprints, chopping and changing ideas and methodology to match updated thinking and opportunities.

Then thrown into the mix: another requirement, to rebuild a tool from scratch that previously existed within the LINZ website - https://charts.linz.govt.nz/. With a different audience and requirements, it was clear that a second website would be needed.

We'll showcase how we did it, from discovery and designs, to development and delivery.
Showcases & Project Management
From 'them' to 'us': Demystifying Drupal contribution Millions of people use Drupal, but a small fraction of those contribute in a given year. That's enough to make Drupal one of the biggest open-source projects in the world, but it still leaves a high proportion of takers to makers.

Contributing to a project the size of Drupal can be overwhelming, and some who want to contribute struggle to find a way. But we need new contributors in order to ship new versions and releases on time.

In this session we'll examine the contribution ecosystem, from the perspective of two/three members of the core committer team: pameeela, quietone and larowlan.

They will share:
* some of their background and various skillsets
* how they came to become part of the committer team
* insights into how Drupal is actually built

The session will cover topics such as the issue queue, community channels, roles and processes that keep the project moving towards it goals.

Instead of asking, "Why haven't they fixed that bug yet?" or "Why haven't they added that feature yet?" this session aims to get you thinking, "How can I help fix that bug?" and "How can I progress that feature?"

In other words, go from taker to maker!

If you're new to Drupal, this session might help you find your niche and be your impetus for getting more involved in this amazing community. If you've been around a long time, you might find answers to questions you've always wanted to ask but never did.

The session will be delivered in two parts, the first part with the two/three presenters sharing their insights, and the second part open the floor to the audience to ask their questions.
Drupal Development
The road to zero friction testing - getting the most out of Drupal Testing Traits Every project of medium complexity should have at least some automated tests to ensure new features can be shipped without regressions. However for those new to testing or testing with Drupal, it can be overwhelming knowing where and how to start.

In this session we'll look at some real world approaches from large client projects that make writing new tests a breeze. With some basic foundations in place adding new tests can become smooth like butter.

Covered in the session:
* Getting setup with Drupal Testing traits
* Writing your first test
* Building a library of project specific traits
* Maximising test-suite performance and reliability
* The benefits of fostering a test-focused culture within your development team
Drupal Development
A Case Study On Building A Cloud Native Platform Skpr is a hosting platform built on top of cloud-native technology and managed cloud services.

Over the past 7 years, the Skpr platform has gone through many iterations to make it the platform it is today.

Whether it be keeping up with the latest Kubernetes releases, cloud-native ecosystem technologies, or AWS announcements. It’s safe to say we have some stories to tell.

This talk is a dive deep into those stories and the lessons we learned along the way.

Attendees can expect to learn about cloud-native platform concepts, how they differ from traditional hosting and the difficulties of building on top of a rapidly developing technology.
Web Tools & Technologies
Next level Search API Large organisations can have complex search requirements. Many great SaaS search solutions exist, but sometimes the flexibility of implementing your own Search API based search can solve the exact problems you face.
In this session we'll explore some of the lesser known or "enterprise" features that can extend Search API. These include things like:
* Fast and fuzzy client-side search with Lunr.js.
* Hands off managed search with AWS OpenSearch.
* Allowing multiple Drupal sites, and in multiple Drupal versions, to be searched seamlessly from one search interface.
* Search result faceting over the same field multiple times with different filters, in a single query!
Drupal Development
I thought you'd said you'd written the tests!? Drupal tests for all those developers who thought about or were told to write tests, but never got around to it. Drupal testing with phpunit now includes browser testing, and if you are brave, also javascript tests. This presentation covers all the steps involved in setting up tests for your development environment for a website with reasonably complex access rules and then running those tests as a foundation to building on github using circleci.
1. creating phpunit.xml
2. writing and debugging tests involving multiple modules and a site build
3. creating schema.yml
4. writing browser tests and using chromedriver
5. viewing browser_output and debugging tests
6. setting up browser tests in circleci
This presentation showcases an actual project
Drupal Development
Enhance User Experience with Partially Decoupled Drupal Webforms Webforms are an essential part of many Drupal websites, and they play a critical role in facilitating user interactions. However, standard Drupal webforms can be limited in terms of flexibility and customization, which can impact the user experience. Partial decoupling is a technique that can help enhance the user experience by allowing more customization of webforms.

In this presentation, we will explore how partially decoupled Drupal webforms can improve user experience. We will start by discussing the basics of webforms and decoupling. Then, we will dive into the benefits of partial decoupling and how it can be used to enhance user experience. We will explore several examples of how partial decoupling can be used to create custom webform elements and improve the look and feel of webforms.

We will also cover some of the technical aspects of partial decoupling, including the use of Drupal's REST API and JavaScript frameworks like React and Vue.js. Finally, we will discuss some best practices for implementing partially decoupled Drupal webforms and potential pitfalls to avoid.

By the end of this presentation, you will have a clear understanding of how partial decoupling can enhance the user experience of Drupal webforms and be equipped with the knowledge to start implementing it in your own projects.
Web Tools & Technologies
Lagoon as a service - how we support our open-source customers You might be thinking “open-source customers? How does that work?” and that’s what we’re going to cover in this talk. Here’s the gist: amazee.io is a hosting company, and we offer hosting services with all the bells and whistles to paying customers. That’s straightforward. Here’s where it gets interesting: our hosting platform is Lagoon, which is entirely open-source. People can use Lagoon on their own, with no help from us, as you do with FOSS. However, not everyone has a team that can manage that, so we offer some support to those folks who want to host Lagoon on their own, but need a little help from us.

In this talk, we’ll cover how we structure that support, how that differs from our hosting customers, and how that helps us to grow our open-source community around Lagoon. We’ll talk about some of the challenges of navigating both an open-source product and a commercial hosting business, and the delicate intersection of those worlds. Attendees will come away with a look into an interesting business concept, as well as ideas for how to support their own projects and customers.
Showcases & Project Management
Creating a Culture of Documentation Picture this: you’ve found a new project on GitHub. It does exactly what you’re looking for, and it’s open-source. Amazing! So you roll up your sleeves and get to it. But then, you run into an error. You Google it. You find similar queries, but never the answer. You pour over the code. You search for anything documenting this project, but keep coming up empty. This project would be perfect, but no one ever documented it.

Far too often, the information we need is never found. It stays locked in the minds of the engineers who wrote the code. But what good is code that no one knows how to use? Documentation is every bit as important as making sure the project works.

That buy-in can be hard. Stakeholders don’t want to pay for the time. Project managers don’t prioritize the work. Engineers don’t want to do it.

The only way to solve this problem is to create a culture around documentation. In this session, we’ll talk about how to elevate the status of the humble documentation to its rightful place alongside your code. We’ll cover how to integrate the documentation process into your existing processes so that your engineers are on board, and how to show stakeholders and others who push back that documentation is not only worthwhile, but essential to the success of your project.
Showcases & Project Management
Scanning the New Zealand Government ecosystem. How popular is Drupal in the land of the long white cloud? Have you ever wondered how popular Drupal is in your local region and at the National Government level? This talk will answer that question, using open source tooling. The hope is that you gain some insight to the relative popularity of Drupal and appreciate more the impact you and Drupal have in New Zealand.

This session will include:

* How to get a list of every government web site in New Zealand
* How to determine what CMS they are using
* How to measure site impact
* Trends we are seeing at the national level, and by region
* Comparison to Australia
* Taking this tool further
* How to contribute
Showcases & Project Management
Easy site building with Twig Tweak Build Drupal sites in code with FUN!! No, you don’t need to know all Drupal API classes and functions to do so. Twig Tweak allows you to build sites with templates like a breeze. Hassling with variables in preprocessors is a thing of the past.

Let’s get productive and have a well structured template set up in your project.

In my presentation, I am going to share the experience I have learned from building sites with Layout builder. Adopting the layouts / sections / components structure from Layout builder and applying that into my site building with templates with the help of Twig Tweak.
Drupal Development
The competitive advantage of contributing to Drupal Many business owners view open source code contribution on company time as a drain on billable hours. As a company committed to the Drupal open source project, PreviousNext has had a formalised approach to code contribution baked into company culture, policies and processes. Rather than being a cost to the company, its helped us retain staff at a rate that's almost triple the industry average, high levels of profitability and retention of long term clients. This talk will share the details of how we did this within our own company and how it can be applied to your own company or team tomorrow. Showcases & Project Management
Getting Started with Views in Drupal The Views module in Drupal is a truly powerful module. Since being moved into core in Drupal 8, it’s the best way to build pages, tables, admin pages, lists and search pages.

In this session, you’ll learn what the Views module is all about. Then we do a live demo and show you how to use the module.

You’ll learn the following:
- How to create pages and blocks using views
- How to create tables
- Add exposed filters to views
- Create custom search pages and more

By the end of the session, you’ll understand just how powerful Views is and how to use it. You’ll also learn some tips and tricks to get the most out of it.
Drupal Development
Understanding the Fields System in Drupal One of Drupal’s best features is the entity and field system. The ability to create content types and attach custom fields makes Drupal a flexible CMS.

In this session, you’ll learn about the field and entity system. We’ll also perform a live demo and show you how to create a content type and attach fields to it.

You’ll learn the following:
- How to create a content type
- Attach fields
- Discuss all the different fields
- Reuse fields
- Understanding the “number of values”
- And we’ll look at some modules that offer useful field types

By the end you’ll have a better understanding of how fields in Drupal work and have practical examples on how to use them in your next project.
Drupal Development
Creating the optimal editorial experience with Layout Builder Layout builder can be intimidating, and handing over the control of the presentation layer of a website can be a reason why people think twice before using Layout Builder. But the good news is that it doesn't have to be that way. Layout Builder has come a long way and in 2023, it doesn't need to be avoided.

This talk will cover modules that can be used to enhance and control the Layout Builder experience, and approaches we have taken to empower the content editorial experience for our editors while keeping the front end consistant.
Drupal Development
Lightning Talk - Helping editorial teams by creating in-site Documentation When building and maintaining an enterprise website with Drupal, natually over time the amount of different tasks and tools the editorial team can use is going to scale over time. This can lead to confusion when there is staff turnover and or people unfamilar with Drupal.

To fix this problem, documentation is often built into an external system.

Why not just keep this documentation inside Drupal? This talk covers why the documentation should live inside Drupal, the best ways to do this and how to keep the documentation inside your site fresh.
Drupal Development
Build Forms in Drupal using Webform Webform is a native form builder for Drupal. It offers a powerful user interface for building forms and managing their fields.

Webform can create a contact us form, all the way to a complex multi-page form with conditional field logic.

In this session, you'll learn the following:
- Introduction to Webform
- Contact a form
- Manage fields on the form
- Add conditional logic to fields
- Add confirmation step
- Manage submissions
- Embed forms into pages

By the end, you'll have the necessary skills to build custom forms directly within Drupal.
Drupal Development
CKEditor 5: One Small Step for Content Editor, One Giant Leap for Drupal Introduction of CKEditor 5 to Drupal core has improved the content creation experience for website editors. The new version of rich text editor offers a more intuitive and modern interface than its predecessor. The complete rewrite of core features have made it easier to produce high-quality content with less effort.

Drupal configuration process has undergone some changes, and it is essential to understand how to configure the editor when building new and upgrading existing websites. We will kick off by configuring CKEditor 5 for Drupal 10 highlighting practical tips and gotchas.

Some functionality provided by contrib modules might not be available, so we will list top Drupal modules that are currently updated to support CKEditor 5 and how site builders can utilise them to improve the content creation. If a specific functionality is not available, site builders can contribute back by identifying the gaps and sharing the findings with the community.

The best for the last, demo of the editor's premium features enhancing functionality relevant to teams such as real-time collaboration, revision history, and comments.

Overall, the presentation will showcase the improvements brought to Drupal by CKEditor 5, the changes to configuration process, and the Drupal modules and premium features available to improve the editor's functionality and collaboration.
User Experience & Content
Secure by Design: Integrating Security into Development Cyber security (or lack of) has been covered extensively in the news. Hacker attacks range from bored school kids toying around to state-sponsored ransom-driven targeted strikes. As software engineers it’s our responsibility to incorporate cyber security best practices into the development cycle. In this presentation, I’ll provide a list of resources, best practices, tools and Drupal modules for designing and implementing a more secure Drupal web application and to prepare for penetration testing.

Repository: https://gitlab.com/testudio/security-by-design-starter-kit
Web Tools & Technologies
Demystifying HTTP Security Headers HTTP Security headers are directives used by web applications to configure security defenses in web browsers. Based on these directives, browsers can make it harder to exploit client-side vulnerabilities such as Cross-Site Scripting or Clickjacking.
HTTP Security Headers are often underused or totally forgotten during development and deployment process until a security penetration testing report calls for action. During this presentation, I will provide an overview of HTTP security headers and discuss the various testing and implementation tools that can help improve the security of your web application.
Web Tools & Technologies
Revamping Drupal Documentation: Using Interactive UI and Visual Aids to Enhance Learning Experience Drupal documentation can be made more engaging and memorable by incorporating interactive UI elements such as quizzes, polls, and other interactive elements. These components can improve users' memory retention and increase their enjoyment of the learning process.

For instance, a quiz can be included to assess users' comprehension of a specific idea. You might include a poll to get opinions on a particular subject. Both of these components give users a way to engage with the content and increase their sense of learning.

Documentation can also be made more entertaining by adding graphic aids. Step-by-step instructions and difficult concepts can be illustrated using infographics, pictures, and videos. Users are able to comprehend the information being provided and retain it better by employing these visual aids.

Drupal documentation may be made more imaginative, interesting, and memorable for users by adding interactive UI features and visual aids. This strategy can enhance users' ability to learn more efficiently and their overall Drupal platform experience.
Here are some additional facts related to creative documentation:

According to a Nielsen Norman Group study, adding multimedia to documents can increase comprehension by as much as 50%.
According to research by the Content Marketing Institute, visual content receives 94% more views than text-only material.
87% of consumers are more inclined to buy a product from a firm that offers its knowledge and experience through online content, according to the Cone Communications/Ebiquity Global CSR Survey.
According to a research by the eLearning Industry, interactive components like quizzes and polls can increase user engagement with documentation by up to 50%.
The correctness and comprehensiveness of the content can be increased through collaborative documentation that welcomes user additions, according to research from the University of Maryland.
User Experience & Content
Rapid content generation in Drupal In this session, we will explore the challenges and solutions for rapid content generation in Drupal websites.

Kicking off with the short history of content editing for the web and the challenges faced by content creators. With the rise of content management systems, the process has become easier, but challenges still remain, especially when it comes to creating high-quality content at scale.

The presentation will focus on the future of content generation in Drupal and a mix of different approaches taken including migration, default content, profiles and starter templates. Drupal is known for its flexibility and extensibility, and there are already several modules and tools available that can help content creators generate high-quality content quickly. We will discuss how Drupal can be further improved to meet the needs of content creators, including better integration with external tools and services and more intuitive content editing interfaces.

To make the presentation relevant, I will compare the different approaches taken by Drupal and popular CMSes like Wordpress and Wix to address these challenges. Wordpress is known for its ease of use and user-friendly content editor, while Wix has a drag-and-drop interface that allows users to easily create visually appealing websites. We will discuss the advantages and limitations of these approaches and how they can be applied to Drupal.
User Experience & Content
Follow-up: A case study about location based search on nsw.gov.au website Note: This is a follow-up to the session "A case study about location-based search on nsw.gov.au website" presented at DrupalSouth Brisbane 2022. It will be more focused on the implementation.
The NSW Government Digital Channels team at the Department of Customer Service NSW is working on the OneCX program.
The OneCX program is transforming the customer’s digital experience of the NSW Government. It’s making it easier for customers to access the information they need, without having to understand or navigate the structure of government.
With over 750 websites across 10 NSW government clusters, the OneCX program is working with agencies to build nsw.gov.au as the single location for customers to source information.
It is imperative to give the end user the ability to search the content based on their location for a site of this magnitude. Based on the type of content a location can consist of a few different things e.g. regions, suburbs, postcodes, and street addresses.
A location-based search, on suburbs, postcodes, and addresses, is relatively straightforward. The problem arises when the location-based search is built on top of regions. The region names, sizes, and boundaries are different for different agencies e.g. the Department of Premier and Cabinet NSW regions are different than the Transport for NSW regions.
In this session we'll discuss:
- How are different types of regions, suburbs, and postcodes stored?
- How did the content model change to store different types of regions, suburbs, and postcodes?
- How is the content with different types of regions being searched based on postcodes and suburbs?
- How is the Drupal search API module being used to index all the location data?
- How is the partially decoupled solution being utilised to provide the different types of proximity searches based on the location data?
Showcases & Project Management
How much does a polar bear weigh? If you don’t know how that joke ends, I may be able to help if you come along to hear me talk about icebreakers. Something so simple can play a significant role in building and maintaining team connection. Whether you're working with a new team or an established one, in person or remotely, icebreakers can help alleviate any initial awkwardness. Of course, there are some dos and don'ts to consider, but having a better understanding of icebreakers and how to use them effectively is an essential tool for any facilitator. Showcases & Project Management
Drupal Hosting Security Panel Join us as we discuss the current state of Drupal security with some of Australia’s Drupal Hosting experts.

Joining us on the panel will be:

Mike Richardson
Managing Director - Ironstar
Mike has helped government and enterprise clients secure their sites and comply with industry frameworks such as the Australian Cyber Security Standard’s Information Security Manual, the Hosting Certification Framework, and the Payment Card Industry Data Security Standard.

Nick Schuch
Platform Lead - Skpr
Nick leads the platform architecture of Skpr which hosts some of Australia’s largest Drupal sites. Driven and passionate about technology, Nick Schuch is a highly experienced systems administrator who has been involved with the Drupal community for over a decade.

Scott Leggett
Application Security Engineer - Amazee IO
Scott started his career writing Unix systems software over a decade ago and has spent several years working with Kubernetes and cloud-native technology. He is still a Unix nerd, but now carries a Yubikey instead of a serial cable. Scott is passionate about integrating Information Security best practices into Software Engineering and is a huge shift-left security advocate.


Bring along your toughest questions on Drupal security in the cloud and join the discussion!
Web Tools & Technologies
Unlock the power of cache contexts Drupal has some incredibly powerful functionality but it can be tricky to work out the best time and place to use them in your project.

Go from "it works with caching turned off but I don't know why" to "oh right, I can fix that" when presented with some types of intermittent issues, and learn to recognise how to prevent such issues in the first place.

This session attempts to de-mystify:
- What a cache context is
- Why and when to use them
- How to recognise when the core-provided contexts are not fit for your purposes
- How to create a cache context that responds to your busines logic
Drupal Development
Getting the most from your CI/CD experience In this talk, Karl will dive into a CI/CD maturity model which can evaluate how far you are into the DevOps experience.

We will dive into a complete end-to-end user story familiar to us all, from the start of adoption until being fully mature, and explore all the avenues of opportunity along the way.

Attendees will be able to evaluate their own CI/CD maturity and discover what might be in store for their journey next and into the future, and learn about some opportunities between where they are now, and where they can expect to arrive in the future.
Web Tools & Technologies
Uplifting content with AI: ChatGPT and NLP Cloud The development and interest in AI technologies has exploded in recent months. AI is now mainstream and is being introduced to workflows at a rapid pace. ChatGPT has captured the public’s imagination and the recent release as a public API has made it easily integrated into tech such as Drupal. OpenAI isn’t the only game in town with many other services such as NLP Cloud offering compelling AI services which can also be integrated into Drupal.

This presentation will review the recent advancements in generative AI and demonstrate how they can be used in the context of Drupal to provide assistance to editors and creators in Drupal as they carry out their editorial tasks. ChatGPT offers new and improved capabilities over GPT3 for summarising and generating content. NLP Cloud offers a suite of services which can analyse and process text in a variety of ways. Together they form a formidable team capable of uplifting content.

The session will provide practical steps for implementing AI into Drupal. The following open source modules will be demonstrated in this presentation:
- Augmentor: AI ecosystem for Drupal
- ChatGPT Augmentor
- NLP Cloud Augmentor

By the end of the presentation, the audience should have a grasp of the following:
- Site owners: How AI can be safely integrated into a site.
- Editors: A stack of ideas for how their workflow can be improved.
- Site builders: Modules to install and how to wire together an AI implementation using open source code and SaaS integrations..

This presentation is suitable for anyone who wants to find out more about what this AI thing is all about. The main audiencewould be for site owners and editors to show some of the possibilities with AI. The future is now here.
Web Tools & Technologies
TanStack Query deep dive Formerly known as React Query, TanStack Query is an amazingly good asynchronous data fetching library that is the go to tool for requesting and storing Drupal data in your front end. The new version 4 has plugins for React, Vue and Svelte making it highly versatile in its cross framework approach.

This deep dive will present:

A complete overview of the technology
How to use it with Drupal’s JSON:API and GraphQL
Ideal caching strategies
Pushing data to Drupal
Developer tooling
Testing with Jest
And much, much more

If you are building a custom decoupled or partially decoupled front end that needs to communicate with a Drupal back end, this talk should not be missed to set you on the path of powerful asynchronous state management.
Web Tools & Technologies
Using multiple fields with Search API facets I was recently the tech lead of a government website replatforming and one of the requirements was that search facets should be able to query multiple fields with AND/OR conditions. Unfortunately, the Search API UI only allows you to select one field for one facet. I could not find any information or documentation on how to achieve this, so I started looking into the Search API module’s code to find out how the queries were set up. I found the answers and hooks I needed and I could finally implement what the client required.
Why it is important to be able to select multiple fields for a single facet
• The data might be stored in different indexed fields, especially if they are different types of indexed fields, especially with geolocation searches
• Querying multiple fields will bring up certain results in the relevant order that might be important for users
• You can combine different categories together that will provide the user with more results
• It makes date searches more flexible, allowing you to have a defined start and end date selected by the user
How to set up the initial module files and what hooks/overrides will be needed
I’ll demonstrate what’s needed to setup a module, explain that different hosts supports different versions of Search API and provide information on the hooks and classes required.
How to implement the changes necessary to make it work
I’ll setup a facet in the UI and implement the changes needed so that the query can find the correct data. I’ll enable debugging so we can read the full query being sent to the search engine. Once certain the correct query is being sent, the search results will be filtered down by the modified facet, demonstrating the result of the changes that were made.
Testing changes
I’ll run through what testing would be required to ensure the changes that were made comply with the acceptance criteria.
Integrating analytics
I’ll also talk about how Google Analytics can be integrated with the search.
Drupal Development
Understanding Users Better at Scale with Google Looker Studio In the last decade, simple metrics around page views or new users have been replaced by much more granular and comprehensive journey mapping. Using every available metric is important for websites to gauge whether the website is an effective tool or not. But the risk is that so much data leads to analysis paralysis.

Google Analytics and Google Looker Studio work together to provide data and visualisation that help website owners understand whether their website is working or not. Whether the goal is awareness, engagement or conversions, using these tools will give you a much clearer picture of the user’s experience and give you better direction on how to make improvements at scale.

In this session, we will share our experience with building the analytics reporting to measure the user engagement before and after implementing various personalisation features.

The session will include:
Overview of the Google Looker Studio and Analytics
How reports and dashboards are built and shared
Dashboard and report examples
Q&A

By the end of the presentation, the audience would have the understanding of the benefits of this analytics reporting methodology.
Web Tools & Technologies
Tips and tricks for working with GovCMS SaaS GovCMS SaaS provides an easy entry for government agencies to quickly benefit from the awesome power of Drupal. The regular maintenance of the site’s code is very convenient and GovCMS support also helps build trust and expertise in the tools.

But that’s not to say it’s the easiest onboarding for a developer new to Drupal or to the GovCMS SaaS framework. From a developer’s point of view, any site has its “ghosts in the machine,” and the complexity of the GovCMS SaaS platform also can make getting started a challenge.

This session contains some of the most important lessons learned on my journey to efficiency on GovCMS. Come to the session to learn from my previous mistakes and hopefully your GovCMS development will become more joyful and productive. Feel free to bring your own lessons learned, so we all benefit!

GovCMS-specific topics and examples will include:
* Best practices in using config management.
* Enabling and using XDEBUG
* Using watchdog logs, even in OpenSearch

This will also include how to solve head-scratching issues:
* Has your gitlab pipeline finished but your site is still running the old code?
* Does your database import take too long?
* Are you sure you are running the same GovCMS release locally as the same one in production?

If any of the above questions sounds familiar, let’s tackle these together!

This presentation is suitable for any developer working with GovCMS SaaS sites, from beginners to experienced.
Drupal Development
Using Drupal for Rules as Code projects in NZ and Australia Phillipa and Suchi worked on two projects in 2022 that combined Drupal and Rules as Code (RaC).
This presentation will provide a quick overview of both projects, before moving into the technical solution. Salsa built an OpenFisca Drupal module to integrate OpenFisca with a Drupal webform. This was built for a GovCMS (Australia) proof of concept that focused on some of the rules around COVID-19 vaccination. Users were taken through a series of questions to find out if they were up-to-date with their COVID vaccinations and if they needed to be vaccinated to work in their industry. The GovCMS proof of concept was completed in September 2022.
This module was then customised for BenefitMe, which is an RaC project focused on codifying New Zealand’s Social Security Act.
The webform allows users to enter information that’s then sent to OpenFisca. The webform also includes conditional logic, so new questions are displayed depending on the user’s previous responses. We also built custom blocks to display the eligibility results and calculation logic (how much someone was eligible to) after the form is submitted. The alpha version of benefitme.nz was launched in mid December 2022.
Our presentation will cover:
A brief intro on RaC and the two projects above
A quick overview of the process of turning legislation into RaC
A more detailed look at how Drupal has been used in both projects and the Drupal module
Creating a frontend experience for the GovCMS PoC and BenefitMe
Showcases & Project Management
The Fast and the Functional: Pragma's Strategy for a Successful Website Rebuild This session is a must-see for professionals seeking to deliver high-impact and meaningful outcomes for their clients across both the public and private sectors.

Since 2020, Pragma has been engaged by a high-profile Australian government client to manage the maintenance and improvement of its public-facing GovCMS website.

More recently, when preparing to implement a new information architecture system and redesigned page layouts, Pragma saw an opportunity to completely overhaul the website and build it from scratch.

This came after Pragma’s evaluation of back-end functionality, user testing, and content review identified significant opportunities to reduce site complexity, align with best-practice standards, and significantly improve the user experience.

But before Pragma could start, there was a challenge: how to convince the client to rebuild their whole website.

Pragma had to develop a strong, evidence-based pitch to get the client on board. It had to show the client that not only would a rebuild improve the end-user experience, it would have significant business benefits. It would enhance the back-end user experience and publishing processes, and reduce technical debt and site issues.

After successfully gaining support from the client and additional project funding, Pragma had only three months to build a new GovCMS website from the ground up, incorporating a whole new design system, redesigned information architecture and multiple interactive features.

In this session Pragma share insights into:
- How the team was able to pitch the website rebuild, get client buy-in, and secure extra project funding to stand up an additional agile team
- How the uplift was conducted, from project kick-off through to go-live
- The team’s biggest challenges and wins across management, development, design and content streams.

Using real-life examples, Pragma will share practical ways to effectively advocate for change with clients.
Showcases & Project Management
3 sites that used a design system (CivicTheme) to quickly deliver a high quality user experience What does a New Zealand not-for-profit organisation have in common with Australian government websites? The open source, component-based design system, CivicTheme.
Developed over 3 years based on a proven design system and user research, CivicTheme was launched in September 2022 as a design system to allow Drupal websites to be quickly designed and built at low cost. Since launching, CivicTheme has had several releases and was officially endorsed for government use by GovCMS, Australia’s Federal Drupal-based platform, in December 2022.
With many sites now using CivicTheme, we highlight how this New Zealand based not-for-profit organisation and two Australian government websites delivered a quick, low-cost solution that delivers high quality digital experience to its customers using CivicTheme.
In this presentation we’ll look at several web development projects across three categories:
Out-of-the-box implementations (e.g. NZ’s benefitme.nz, www.aeic.gov.au)
Extended implementations with minor enhancements (e.g. https://beta.accesshub.gov.au/)
Custom implementations with more substantial customisations, including a site build for a major Australian Federal Government department
Showcases & Project Management
Engineering data pipelines, but not code The NSW Government is undergoing a large project to consolidate many *.nsw.gov.au websites into www.nsw.gov.au. We have a team of 10+ developers at any one time and this brings with it unique challenges.

This means we have problems like many developers solving similar problems in different ways. This adds time to the development lifecycle, makes it difficult for others to pick up the implementation (and the code) and reduces reuse across teams and developers.

One of these is that we pull data from a tonne of different sources (json files / http, csv files / http, APIs, push/pull, etc) and from a bunch of different providers. Given the scale of our site, using the data directly from the source wasn’t an option. We always imported the data into our site and wrapped it in a controller or imported into a custom entity.

A review was undertaken about the issues with the current solution and how to solve them. Data Pipelines (https://www.drupal.org/project/data_pipelines) is the result of that review.

This solved the problem by:
- Identifying that we could store most of the data in non structured noSQL storage.
- Removing the need to create a bunch of custom entities, saving time and database performance.
- Removing the custom controllers implementing custom API.
- Removing requests to our application server altogether by allowing access to the data by Elasticsearch.
- Removing a security issue of ‘trusting’ the data from the remote source.
- Mitigating our risk of invalid data causing flow on issues.
- Making the backend and the frontend problem the same for all developers.
- Making sure we don’t inadvertently take down our data providers with too many requests.
- Frontend react application reuse.

I'm not actually sure if 'Drupal Development' is the correct category for this. If you have some insight, I'd be happy to discuss it.
Drupal Development
Stuck on Windows? Some tips with Docker WSL and some tricks with Lando We use Docker containers for local development. When stuck on windows, how does Windows Sub-system for Linux speed up development? Lando is a docker wrapper, used especially for regular Drupal projects, what are some tricks that I use? Come to the session to find out from my experience.

- Why use Docker with WSL instead of Docker with Hyper-V ?
- Why store Drupal projects files in WSL, instead of the on the windows file system? (hint: performance gains)
- My own performance benchmarks of Docker Hyper-V vs Docker WSL.
- When is Docker Hyper-V useful instead?
- How to edit files easily in WSL.
- Some Lando tricks including, How to have Docker and Lando and show database SQL file import progress (The command ‘lando db-import’ doesn’t always show it) and change document root
- How to integrate Lando projects with the pygmy reverse proxy (used by GovCMS projects for local development)
- How to run Xdebug for WSL docker Drupal projects.
- And more….
Web Tools & Technologies
Migrating to Drupal10 - A 5-step, source-agnostic process with validation support! Wait - this is not another Drupal migrate session!

Drupal migrate API is a very strong tool, but to use it effectively we need to rely on the source to be really well-structured. Most of the time, we do not really have access to the source content in a complete and structured way, and so that’s when we use this source-agnostic process – that helps with validations as well.

The 5-step process we follow is:

Step 1 - Get the list of URLs you want to migrate. Merlin (an open-source tool) can be used to get a complete list of all the URLs on a website. Typically, migration is a good time to cull the content on your website. If that’s the case, we define the business rules around URLs which will not be migrated. Then we create a refining script that takes the URL list, adds business logic, and exports a list of the final URLs that need to be migrated.
Step 2 - Quant - Create a static snapshot of the website using Quant. (This is an optional step.) This helps because we can then scrape this static site in the next step thus reducing the load on the production site.
Step 3 - Merlin - Create Merlin configs that scrape the static site and create JSON files as output.
Step 4 - Create Drupal migrate configs, which use the JSON files created in #3 as input, and migrate content into Drupal.
Step 5 - Run the validation script, which outputs a CSV file. This file contains a list of all the URLs that need to be migrated, their migration status, their new URL, and some additional parameters. This CSV file can be used by the QA team as well as by the client for UAT migrations.

In this presentation, I will demonstrate all of the above steps and the tools needed.
Drupal Development
Drupal 7 EOL don't despair! – 3 unconventional alternatives to a traditional D10 upgrade As we know, Drupal 7 is nearing End-of-Life. No more support, no more security patches, no more feature development. However, Drupal 7 still makes up over 50%* of all Drupal sites worldwide! Many companies have invested significant $$, time, blood, sweat and tears in developing their Drupal 7 sites. The thought of doing it all again hurts…it really hurts.
But does it need to? There are 3 unconventional options to protect your website from cyber attacks and still serve content fast.
1/ Does your Drupal 7 site host content that hardly changes?
“Leave it”: What if you could decommission your site instantly but still host the content publicly and make minor content updates if/as required?

2/ Do you still publish lots of content on your Drupal 7 site but no longer need new features?
“Keep it”: What if you could lockdown and secure your Drupal 7 site content admin area, yet at the same time have your public content available, secure and fast?

3/ Do you have an active digital roadmap but limited budget or time?
“Rebuild it”: What if you could rebuild (upgrade) onto a new Drupal 10 open source, component-based design system with an out-of-the-box Drupal theme that is WCAG AA 2.1 compliant, and have your content automatically migrated using an open source migration tool?

Learn how we’ve spent the past 18 months developing the tools, technologies and processes to make these unconventional alternatives a reality to allow faster, cost-effective D7 EOL solutions.
…Or option 4, you could Upgrade it going “full traditional” and rebuild everything over many months from the ground up from visual designs to Drupal components, user test it all and then get it accessibility audited to meet WCAG compliance, remediate, test and maybe remediate a bit more, then go live.
It’s your choice.
*Source: https://www.drupal.org/project/usage/drupal
Web Tools & Technologies
SEO + Web core vitals + Drupal: a 360o view on the metrics that matter SEO and web core vitals (WCV) go hand in hand and are usually an afterthought with most projects. Improvements in these areas early on in your project can have a significant impact on your bottom line, especially if you have an e-commerce type website or a website that relies heavily on organic traffic.
I’ll outline some easy tips and tools on how to improve your WCV and SEO.
I’ll cover:
Early decisions with devastating impacts
Tools/Libraries you can use for testing
Important metrics to analyse
Implementation strategies
User Experience & Content
Test Your Progressively Decoupled application with Cypress Testing is a vital part of application delivery. With manual testing, ensuring the application stays bug free is a time consuming and mistake-prone process. Automated testing has been the way to successfully deliver features. Cypress is a next generation front end testing tool built for modern web applications, and it’s being integrated into GovCMS automated testing. It has many unique and powerful feature, including:

- Automated snapshots as tests run.
- Readable debugging
- Spies, Stubs, and Clocks to verify code behaviour

In this session, we will share our experience in testing a progressively decoupled application based on GovCMS. It will cover some best practices, but at a level that non-technical people can easily understand.

The session will include:
- Brief about the Cypress
- Advanced Cypress tips you can use while testing applications
- Encapsulation in cypress tests with fixture data
- Our experience in managing 250+ cypress tests
- Tips specific to testing Drupal applications with Cypress
- Showcase of our testing suite(if client allows)
- Questions

By the end of the presentation, Drupal developers and project managers alike will have a better understanding of basic Cypress functionality and the benefits of this kind of automated testing with modern tools. Let’s do testing the right way and have fun doing it!
Web Tools & Technologies
The forgotten user group - content authors are real people too. Content Authors are people too, and their experience using a website should not be dismissed. While a website user may only visit the site for a few minutes once in their lifetime, content authors may be in the backend daily.

When projects are kicking off, there is often a user research component, that user research will inform how the website is built and who the audiences are for the public users.
Most public users will only end up using the website for a fraction of the time that your content authors will.

And who ends up developing the interface for those content authors… the developers.

In this talk I will explain how my experience as a content author for years before becoming a developer has given me an understanding on the day to day usage of websites, a few examples I’ve worked on recently where the content authoring experience was terrible (One site had 40+ content types, another had only 1), and one example of a bad interface that made 1.42 million people think they were going to die.

I’ll close with some examples of best practice, some themes and contrib modules that can help developers create better interfaces, and some advice from hard learnt experiences.
User Experience & Content
GovCMS Deep Dive into content sharing at scale Last year at DrupalSouth I spoke about GovCMS emerging from Covid and kickstarting a wave of new initiatives to make Digital Experience Platform (DXP) tools available to agencies who wanted to personalise and develop a stronger user experience on their Drupal sites. That work is now in its final stages with tenders currently being evaluated.

Today’s session is a more focused deep dive on specific aspects of DXP and content that are most compelling to a whole of government implementation on GovCMS. We will discuss the business, security and technical challenges that we will be seeking to solve, iterate and roll out over the next 12 months and how the Drupal community can participate and contribute.
User Experience & Content
Breaking Barriers: Navigating a career in tech as a female developer As women only make up a mere 25% of the computing-related jobs, it is imperative that we explore the experiences of those who have managed to thrive in this industry. For the past 14 years, I have been working diligently in this field, from junior dev to tech lead at a major consultancy. Through the lens of my own personal experiences, I have come to understand the importance of allies and friends in creating a more inclusive and welcoming environment for women in the computing industry.
My session will follow the path of my own career to show attendees, what a real ally looks like, how they act, how they don’t act, and how you can become a better friend to women in tech.
By sharing our own journeys, we can create a network that can help women rise up and succeed in their careers.
I’m excited to open up, and share my successes and my struggles, to inspire others to seek out allies, friends and mentors, and to embrace the power of community in building more inclusive teams.
Some specifics topics I will cover include:
• Starting out as a female in tech, and how I (successfully and unsuccessfully) built an army of allies.
• My journey to tech lead, and how I learned just because you have a seat on the table, doesn’t mean you’ll be heard.
• Dealing with the doubters (and worse), and how I’ve had my suggestions and advice taken and presented back to me.
• Becoming a mother and working part-time
• Surviving the pandemic, and surviving home schooling and home duties without burning out.
• What I love about being a woman in tech (and a role model to my own 2 girls), and how I see the industry improving
• Some practical tips for women and allies on how they can be part of the most important transformations in digital and tech.
Showcases & Project Management
Automate your tests so you can spend more time drinking coffee Deployments can be a nightmare, especially when you're the only developer available to test multiple websites. It's not uncommon to miss critical issues when you're under pressure, and human error can be costly. But with Cypress, you can eliminate these risks and make testing a breeze. In this talk, we'll explore how Cypress can help you test the front-end and back-end of your Drupal site, saving you valuable time and effort. Say goodbye to manual testing and hello to more coffee breaks and problem-solving time! Web Tools & Technologies
Switching to Drupal: A developers first time experience Do you remember what it was like building your first Drupal site?

As an experienced developer, but new to Drupal, I go through the process of building a Drupal site for the first time, and comment on its ease and approachability for new users, comparing it to other platform experiences.

What is building a site like for a first time Drupal developer today? How do they feel upon entering the community? How hard is the learning and onboarding process, and where do they look for help when they run into issues? And what can seasoned developers and community leaders do to help those new or looking to switch to Drupal?

By better understanding this experience, we can potentially reduce the barrier of entry, help make it easier for first-time devs, and find ways to encourage new developers into the Drupal community.
Drupal Development
Food for thought: empowering food producers with an intuitive webapp How do you educate food producers about food standards and how to best label their products? Create a highly intuitive webapp in Drupal.

NSW Food Authority is one of Morpht’s long-standing clients. It needed to better support small to medium food producers in Australia who struggle to understand legal requirements for labelling food products and be able to meet food standards. Food producers regularly as some complex, but crucial questions which include:

How do I present ingredients and allergens?
What type of date marking is required?
Is percentage labelling required?
How do I brief the designer to create the food label?

Our first-hand user research helped uncover these and more. Morpht then developed the business rules that guide users through a step-by-step process providing the right level of advice and collecting their input to ultimately generate an example label. Food producers are now able to share the label with their designers to create the product packaging.

The outcome was a progressively decoupled webapp in Drupal which delivered a smooth and highly responsive experience. The site is in use by merchants across the country.

In this session, we’ll answer the following questions:

What UX methodologies did we follow?
How did we approach the design process?
Why did we choose progressive decoupling?
What are the best practices to maintain a progressive web application on GovCMS?
How was this app received by the end users?
Showcases & Project Management
9 Steps to Perfecting your Project Onboarding process Every project is unique and comes with its own challenges. There is no perfect bible to help you or a defined path on how things should be done, NOR there will be. On top of project uniqueness, everyone has a unique way to deal with those challenges and approach in their own style. The only solution to approach this uniqueness and uncertainties is to minimise upcoming challenges.

Being in the service industry, every 3 - 6 months I am handed over a new project to start with and associated challenges to deal with. In the beginning, I used to struggle a lot because in spite of taking all the necessary precautions, things used to start falling in the middle of the project or if you are lucky enough then towards the end.

With time and experience and after handling more than 20 projects, I have developed a process and checklist that tries to cover maximum loopholes and mitigate future risks to a great extent. Through this session I would like to share my experience, checklist which I follow and process which will lay the concrete foundation of the project. It’s all about setting the right process at the beginning rather than intensive planning

OVERVIEW OF THE SESSION
1. Step by step approach to kick start and onboard new project/client - Applicable to any project
2. What details to be covered at every step and sample template of same
3. How to monitor steps and foundation laid ? Checkpoints and Responsibilities

INTENDED TAKEAWAYS
Step by Step approach to start with a bang (Onboard project along with associated tools and techniques)
Handy Checklist to refer to at the start and also throughout the project
Showcases & Project Management
How to do a kickass portfolio discovery remotely According to Microsoft work trend index, 66% of employers are redesigning their workplace to accommodate hybrid work arrangement. Tech giants like Adobe, Twitter, Spotify have already made the switch.

Although there are methods to foster good team relations and create an environment for remote product discovery, product management can be very tricky in a remote-work setting.

As a Delivery Manager with over 10+ years of experience, the speaker was met through many rounds of trial and error in her remote project portfolio discovery to find what works best for her team and client, alike.

Through this session, the speaker shares her learnings and unique perspective on how to manage remote discovery, offering her latest project portfolio, of 8+ brands with 100+ stakeholders (of different verticals), as a use case.

In this session the speaker will cover:
a. Step-by-step guide to do portfolio discovery remotely
b. Challenges and how to overcome them with different tools at every step
c. Strategy to design to achieve all intended goal (since it's a portfolio discovery and not of single project)


Key Takeaways:

1. How to remotely conduct entire portfolio discovery
2. Challenges you will face along with recommendations
3. What to strategize, document and sign off for better success and outcomes
4. How to empower team and sharpen listening skills which is key to cover everything offline along with maintaining work-life balance
Showcases & Project Management
The Best of Both Worlds: Combining Drupal Headless and Next.js Drupal Headless and Next.js are two powerful technologies that can be used together to create modern, high performance web applications. In this talk, we'll explore the benefits of using Next.js with Drupal Headless and how to set up a new project. We'll discuss best practices for working with these technologies, including building components and integrating data. We'll also showcase real-world examples of using Next.js with Drupal Headless and the benefits experienced. By the end of the talk, you'll have an understanding of how to use these technologies together and be equipped to create your own Next.js and Drupal Headless project. Web Tools & Technologies
Single Sign-on at scale Developers do you want to be friends with your web publishers?

30 + web properties? 10 Web Publishers / Editors?

How many beers do you want to be bought at work drinks?

Problem
I log in via SSH `drush uli --name=` every day. My beloved Web Editors and Publishers do not have that luxury. What if I told them they never have to log into a website on their work laptop every again - roll video of happy people.

SSO TO THE RESQUE!

Give me words I can send to my dev lead.
Yes, it can be some work to setup but it solves a stack of problems
- Off boarding employees
- too big to know when users are employeed
- one user, one login, all your sites

What?
- Simplesamlphp v2 just released! Whoot Whoot.
But what if I have a reverse proxy? or multiple reverse proxies? and Varnish?
- Sessions tokens can be a real pain! Here is what SSP offers


But i have users that aren't in my identity provider??
Tonnes of options
- Configure accounts to be outside of SSO. This can be good for
- Administrators with protected / off network / standalone devices
- development partners that are outside of your org that need elevated access (how do you manage them later)

If your org changes names / brands / or Machinery of Government (sigh)
All my staff change email addresses. What happens now?
- This is not pretty, but some SQL statements can make your life super simple


Ok, but what does that mean for the tech effort?
Walk through how to setup your Identity provider
- Azure Active Drectory
- Cloud Identity (Google)
- there are lots of options for identity providers - your Drupal site can be one of them!

In conclusion
We're rolling this out for our Publishing teams in DEWR and Education and we have excellent feedback so far.

If there's time lets get freaky
- mapping roles from AD to Drupal
- Drupal 'just in time accounts'
- black mapping accounts
Drupal Development
You've been hacked. What's next ? Imagine this - it's 3am on a Saturday night, and you're jolted awake by your phone ringing. You see the caller ID - it's your CTO. Your heart starts racing as you answer the phone, only to be met with the worst news possible - your Drupal website has been hacked, and it was a targeted attack designed to damage your brand. What do you do now?

The talk delves into the alarming increase in website hacks over the last decade, and the vulnerabilities that make it so easy for hackers to exploit websites. From SQL injections to module vulnerabilities and a lack of sanitisation, no website is 100% immune.

The talk focuses on the steps to take in the immediate aftermath of a website hack, including understanding the attack, minimising the impact, reviewing organisation policies, implementing emergency procedures, and recovering the website.

The speaker, who has personal experience in recovering from targeted attacks on Drupal sites, shares best practices for recovery to help website owners and developers better prepare for and respond to similar incidents in the future.
Drupal Development
Securing your Drupal projects with Essential 8: Scanning Tools & Compliance Strategies This talk highlights the crucial importance of complying with the Australian Cyber Security Centre Essential 8. As developers, attendees are not only responsible for ensuring the security and reliability of their Drupal projects but also for adhering to government regulations to protect against cyber threats.

Drawing on the presenter's experience with a Federal Government Client - Fair Work Commission, the talk will provide valuable insights into the challenges involved in achieving compliance with Essential 8. Attendees will gain a deeper understanding of the tools and strategies that can be leveraged to maintain project security and compliance, including the approach deemed acceptable by the client.

Compliance with Essential 8 is a necessary step towards safeguarding against cyber threats, and developers have a responsibility to ensure that their projects are secure and compliant. Attending the talk will provide attendees with valuable insights into the world of cybersecurity compliance, enabling them to better protect their Drupal projects and contribute to creating a safer online environment.
Drupal Development
Design in Figma, launch on Drupal in days, not weeks You have the perfect final design, ready to be built. You’ve spent months and an eye-watering budget creating, researching, validating and testing your visual website designs. The designs look exquisite and next…a simple build in Drupal.

The first thing your development team does is start asking how the interactions look for this component or how the behaviours work for that design.

So they do their best Google Translate impression and begin interpreting the designs and inevitably your visual design artwork is a thing of the past and the Drupal build is fantastic, but not quite like the designs and it cost another small fortune to build (say bye-bye Christmas party)...

The cost, time and pain in translating design to build is often very high. Designs get missed, misinterpreted and take a long time to translate into code. Many bugs arise, which take time to resolve that end up breaking the bank.

Compare that to an experience when designers can arrange key page layouts and assign interactions in Figma design files and web publishers and administrators in Drupal can create and manage the identical pages and flexible layout designs without any coding.

CivicTheme is a true atomic, component-based design system in Figma that is 100% in sync with its Drupal 10 build. This significantly reduces the time it takes to build your website while ensuring a consistent, compliant and visually stunning experience.

Learn more about the Figma-to-Drupal process with CivicTheme and how you can design fast, build fast and deploy fast. This gives a head start to all content, development and research teams, reducing your Drupal design-build-test-deploy project lifecycle.

Finally find out how you can deliver exactly the designs your executives signed off on.
Web Tools & Technologies
The Recipe for Enduring and Meaningful Workplace Relationships According to a recent survey, only 38 percent of respondents feel that leaders in their organisation take proactive steps to create a positive workplace culture. In fact, a toxic work culture is one of the main reasons people leave their jobs, ranking even higher than seeking better pay.
While some of us can talk about a positive work environment they have experienced, many more of us have found ourselves on teams where we feel undermined and unappreciated. As employees, managers, or even clients, what can we do to create and maintain better places to work?
In this presentation I will provide the ingredients and recipe for building a strong workplace culture and how this impacts client relationships. We will delve into what turns a workplace sour and how to tell when it’s happening. We will also discuss how to counteract an office culture headed in the wrong direction and provide a set of ingredients to build a better team environment.
We will also describe in detail how to deftly handle the most challenging parts of a job: setting boundaries, saying no, and giving and accepting criticism.
Showcases & Project Management
Securing Australian citizens with Ship Shape A robust security framework requires that appropriate measures and controls are in place to ensure systems operate in an expected manner. These measures include identification, auditing and prevention of accepted operating parameters with deployed workloads.
To help with this, Salsa built an open source audit framework named Ship Shape for GovCMS, Australia’s federal Drupal-based platform. Ship Shape is an open source, extensible configuration-as-code audit tool that ensures deployed workloads meet security expectations and provides clear visibility into breaches so remediation can be prioritised.
The Shipshape tool was built to allow Drupal projects to be secured against a domain-specific ruleset to ensure the security posture of the GovCMS SaaS platform is maintained.
The tool allows engineers to easily implement rulesets in yaml configuration files. The configuration file can be shared between all projects that are being managed to ensure consistency.
Find out how this portable tool can be run in many different operating environments to provide visibility during all stages of development and was developed as an open source framework to allow other programs to adopt and contribute to the task library.
Web Tools & Technologies
DevOps, CI/CD, SDLC: Do you REALLY know what are they all about? DevOps, CI/CD, SDLC... so many important terms made into buzzwords.

People tend to talk a lot about them without actually understanding what they really mean for the development and deployment processes.

In this session we will:
* Go briefly back to the basics to lay down a strong base
* Discuss how much a team can evolve and do more just by having the proper CI/CD processes in place.
* Review good and bad CI/CD processes
* Talk about tools and how they fit the various phases of the SDLC
* Give some tips on how to create the best process for your need
(and probably more)

The goals are to make you understand the importance of the processes, share lessons learned, destroy the myth that CI/CD is hard and share some tips that may help you improving what you currently have or create a brand new strategy.
Web Tools & Technologies
Lessons learned managing config across 120 projects Single Digital Presence has around 120 projects each with 4 environments deployed to Lagoon. This is a pretty substantial fleet and the workflow to manage and maintain the configuration of projects has evolved over several years.

This session will outline the challenges of managing such a fleet, and the various "solutions" we have tried on our journey.

*Who should attend this session?*

- Developers and operations working with a large number of projects on a cloud native platform such as Lagoon, Acquia, platform.sh etc…
- Anyone using Ansible, kubernetes operators, and Terraform

*What can attendees expect?*

- An in-the-trenches perspective of the technical and organizational challenges faced with a large fleet.
- Overview of various approaches to address these issues.
- The current state of configuration management at SDP.
Web Tools & Technologies
Drupal for Changemakers - past, present, future We attend events like this one to learn from one another and to be an active part of the Drupal community. Collaborating on projects together using Drupal is a great way to to achieve goals for ourselves and our employers. We know how having a team allows us to have different perspectives; enhanced problem solving; increased productivity; improved communication, the ability to learn from one another and it generally improves the chances of success and longevity of a project.

How about the non technical goals in our lives?
How can we build a community around what is important to us so we can work with many other people that have the same values?
How can use Drupal and other Open Technologies to achieve bigger things?

As technologists we hold the power and have the responsibility to make change by using what we are good at, Drupal, to join together with those that have the many other skills that we need.

This talk will be a case study of how we can make a big impact by taking small actions and do that by using Drupal with Open Social, We'll explore the way to create engaging social experiences

OpenSocial is a powerful framework for building social applications and widgets that can be integrated with various social networking platforms. It enables developers to create applications that are portable across multiple social networks, making it easier to reach a larger audience and build a thriving community.
Showcases & Project Management
Securing the software that will change the world There has never been a more exciting time for us to be building software. From fashion to e-commerce, gaming to energy generation - we are building incredible systems no matter where you look. Many of these technologies will improve the world, and as a software developer, I couldn’t be more excited.
However, I find myself conflicted as a cyber security person; it’s not like we have an excellent track record in securing this space so far.

I have concluded that to secure the future; we need to embrace it and understand it. (how hard could it be?). So I started collecting stories and interviewing 1000 engineers worldwide. The stories of the systems we dream of building and the nightmare that cyber security could pose if we don’t get it right, and how we could address that issue.

In this talk, we will look at these amazing technologies, their stories, and, most importantly, what we need to change if we are going to protect the software that will change the world.
Keynote
Why Drupal? Why Now? - Panel Discussion With more than 10% of the top 10,000 websites worldwide using Drupal, and over 20 years as a leading open source project, the popularity and success of Drupal as a CMS and development framework is legendary.

Where to from here? The release of Drupal 10 in December 2022, with a modernised UI, support for newer Javascript frameworks and an eye on decoupled as standard, opens up a new discussion around the best uses for Drupal and where it fits into the market.

If you're interested in learning why Drupal works so well for people in this part of the world, keen to leverage the latest developments for your web presence, or comparing CMS and Digital Experience Platforms for your next project - this panel discussion is for you!
User Experience & Content
Open Source is Dead, Long Live Open Source Kia whakatōmuri te haere whakamua.
I walk backwards into the future with my eyes fixed on my past.”

The world of open source software (OSS) has come a long way since its inception, and it's worth taking a look back at what has been achieved. However, as we delve into the past, we also need to be aware of the mistakes we have made along the way. In this keynote presentation, Donald Christie, the founder and the Managing Director at Catalyst IT, will explore the evolution of OSS and examine the challenges that threaten its future.
Keynote