Andreas Falk

Stuttgart, Germany ·

Scan contact card

Scannable QR code with contact info

Hi, my name is Andreas Falk and I am working as a Managing Consultant for Novatec Consulting located in Stuttgart/Germany.
I’m enthusiastic about the architecture and development of Cloud-Native Java enterprise applications. Mostly these are based on the Spring-Framework-Platform. The cloud platforms I use are CloudFoundry and Kubernetes. And I love to deploy my apps using cloud providers like AWS, Google Cloud and Microsoft Azure.

Agile Security

As a member of OWASP and the OpenID Foundation, I support the development of secure software. In my current role as Practice Lead for Agile Security at Novatec Consulting, I teach and coach internal and external developers. Specifically, my training/coaching portfolio includes:

  • Secure Design, Coding and Testing
  • Identity and Access Management (SAML, OAuth 2.0 & OpenID Connect)

Conference Speaker & Author

I am a frequent speaker appearing at conferences like JAX, Voxxed Days, Devoxx and Spring I/O. These are great places to share my project practical experience with you. This includes among other topics like Authentication of Microservices using OpenID Connect and Kubernetes Security.
From time to time I also like to write articles and blog posts. Some of my articles can be found in Java Magazin, iX or Objekt Spektrum.

Leisure Time

As a balance to work, leisure activities are also needed. Here, I spend time with my family and my dogs. My dogs are a Labrador-Lady and a Golden-Doodle male. If time allows, I also play the electric guitar in my Band Scallywag. And in order to keep my fitness, I try to practice running sessions several times a week.


  • Microservices
  • RESTful APIs
  • Serverless
  • SaaS/PaaS/IaaS
Languages, Operating Systems & Tools
  • Java
  • Spring
  • Python
  • git
  • subversion
  • linux
  • bash
  • Angular
  • typescript
Platform Development & Administration
  • Atlassian
  • Bitbucket
  • GitHub
  • Wordpress
Data Management
  • Microsoft SQL Server
  • Oracle
  • MySql
  • PostgreSql
  • MongoDB
  • Redis
Containers & Cloud
  • Kubernetes
  • Docker
  • AWS
  • Google Cloud Platform
  • Microsoft Azure
  • Linux


A collection of projects authored by Andreas, and likely shared out with the community as an open source project.

OAuth 2.0 & OpenID Connect compliant Authorization Server

An OAuth 2.0 & OpenID Connect (OIDC) compliant authorization server just for demo purposes to be used as part of OAuth2/OIDC workshops.

Read more..

Cloud-Native Microservice Security Boot-Camp

Cloud-Native Microservice Security Boot-Camp.

Read more..


A collection of presentations and talks, most likely on Security and Software Development.

Workshop - Cloud-Native Microservices Security Bootcamp (Sec4Dev 2020 Wien)

All developers today are also DevSecOps engineers even if they are not aware of it. In this Bootcamp, you will learn how to secure cloud-native Java microservices.

February 2020

Talk - Kubernetes und Container – Aber Sicher! (Frankfurter Entwicklertag 2020)

Mit dem Siegeszug von Kubernetes ist auch der Java Entwickler vollends im DevOps-Zeitalter angekommen. Neben der eigentlichen Entwicklung muss dieser sich u.a. mit Netzwerken, Containern, Ingress-Controllern, Load-Balancern, Nodes, Services und Pods beschäftigen.

February 2020

Hands-On Lab - Securing Microservices with OpenID Connect and Spring Security 5 (Devoxx Belgium 2019 Antwerp)

Have you ever wondered what the heck is OpenID Connect and how it differs from OAuth 2.0? Are Grant Types, Flows, JOSE, JWT or JWK unknown beings for you? Then this workshop is a great opportunity for you to get to know all these things by getting your hands dirty in code using Spring Security 5.

November 2019

Talk - Spring Cloud on Kubernetes (Spring I/O 2019 Barcelona)

Spring Boot and Spring Cloud are great in helping building cloud-native Java or Kotlin applications. Using Spring Cloud components like Discovery Service, API Gateway or the Config Server have improved the experience in the cloud to a big extent. With the rise of Kubernetes, this has changed.

May 2019

Wait! There's more..

See all Speakings for more examples!


A collection of articles, most likely on Security and Software Development.

Article - Java Aktuell 06-2018: Agil - aber sicher!

Es vergeht kaum ein Tag ohne Meldung über eine gehackte Software-Anwendung, einhergehend mit dem Diebstahl sensibler Daten wie KreditkartenDaten oder Passwörter. In der Software-Entwicklung sind inzwischen agile Vorgehensweisen wie Scrum oder Kanban weitverbreitet.

June 2018

Article - iX Special 2017: Security in der agilen Softwareentwicklung

Agile Entwicklung mag angesichts der Omnipräsenz von Software und der extrem kurzen Time-to-Market-Zeiten ihre Vorteile haben. Konflikte ergeben sich allerdings beim Thema Security, denn das flexible Arbeiten verträgt sich nicht mit einigen grundlegenden Anforderungen der Informationssicherheit.

June 2017

Wait! There's more..

See all Publications for more examples!

Custom launch script for Spring Boot executable

Introduction In addition to running Spring Boot applications by using java -jar, it is also possible to make fully executable applications for Unix systems. A fully executable jar can be executed like any other executable binary or it can be registered with init.d or systemd. Details on this are described in the Spring Boot reference docs. To achieve this the Spring Boot Maven or Gradle plugins repackage the jar file and add an embedded shell script to the jar.

March 27, 2020
Nifty tech tag lists from Wouter Beeftink

Commit: "cd452ff"

LastMod Date using GitInfo: cd452ff