Julien Lenormand

Tech Lead and Software Engineer for cybersecurity at Kor Labs.

Python programmer convinced by Agile, Software Craft, Accelerate and the antic greek philosophy. Former consultant for big industrial clients (SNCF, EDF, Thales, Schneider Electric).
Regular meetuper, speaker at different French conferences, technical coach.


Sessions

07-13
09:30
90min
Getting out of the testing hell
Julien Lenormand, GAFFIOT Jonathan

We know we should write automated tests. But too often, it is a real chore: they may be slow, unreliable, difficult to run, to maintain, even to write! Why is it so hard? How to take back control?

For that, you will work on a realistic project: a Python app with FastAPI backend, a PostgreSQL database, configuration files, third-party APIs, ... and tests that are awful.

You will review:

  • the quality culture of the project
  • how it is architectured
  • the existing tests
  • and the code quality

Then you will prepare the plan:

  • your own test pyramid / strategy
  • testing tools needed
  • essential scenarios
  • the CI to have your back

And start coding:

  • updating the existing tests
  • adding new tests using powerful tooling
  • minimal refactoring to enable testing
  • creating fakes/mocks/simulators to enable testing

You'll leave able to:

  • diagnose what makes tests slow or convoluted
  • design a pragmatic test strategy for your codebase
  • implement reliable tests, with fakes and testcontainers
  • refactor just enough to make code testable

It will be around 65% hands-on, and 35% guided analysis. The first two parts will take the first half of the session, so that you have plenty of time to actually implement the strategy during the second half.
The code repository will stay available to you after the workshop, along with an example of the end-result.

Setup :

  • uv
  • (optional) docker or podman, to run TestContainers
  • (optional) a GitHub or GitLab account, to run CI
Testing, Quality Assurance, Security
S4B
07-13
11:15
90min
Getting out of the testing hell
Julien Lenormand, GAFFIOT Jonathan

We know we should write automated tests. But too often, it is a real chore: they may be slow, unreliable, difficult to run, to maintain, even to write! Why is it so hard? How to take back control?

For that, you will work on a realistic project: a Python app with FastAPI backend, a PostgreSQL database, configuration files, third-party APIs, ... and tests that are awful.

You will review:

  • the quality culture of the project
  • how it is architectured
  • the existing tests
  • and the code quality

Then you will prepare the plan:

  • your own test pyramid / strategy
  • testing tools needed
  • essential scenarios
  • the CI to have your back

And start coding:

  • updating the existing tests
  • adding new tests using powerful tooling
  • minimal refactoring to enable testing
  • creating fakes/mocks/simulators to enable testing

You'll leave able to:

  • diagnose what makes tests slow or convoluted
  • design a pragmatic test strategy for your codebase
  • implement reliable tests, with fakes and testcontainers
  • refactor just enough to make code testable

It will be around 65% hands-on, and 35% guided analysis. The first two parts will take the first half of the session, so that you have plenty of time to actually implement the strategy during the second half.
The code repository will stay available to you after the workshop, along with an example of the end-result.

Setup :

  • uv
  • (optional) docker or podman, to run TestContainers
  • (optional) a GitHub or GitLab account, to run CI
Testing, Quality Assurance, Security
S4B
07-15
13:50
60min
Security and Ethics in the Age of Generative AI
Sylwia Budzynska, Maria Lowas-Rzechonek, Mike Fiedler, Seth Michael Larson, Julien Lenormand, Maria Jose Molina-Contreras

This panel brings together experts from different corners of the field to talk about how generative AI is changing cybersecurity and the tricky challenges that come with it. Not only will we explore the technical aspects, but also the ethical considerations our society must have with in this rapidly evolving landscape.

We're not treating this as just a technical conversation. Generative AI in cybersecurity touches code, strategy, and ethics all at once, and we want to dig into all three. By the end of the panel, you should walk away with a clearer sense of the real risks at the language and ecosystem level, some practical lessons from teams working security operations day to day, and a more grounded take on the ethical questions this technology raises.

S3A