RailsWorld 2023 Recap

Michael Buckbee

10 Oct 2023


Attending the inaugural RailsWorld 2023 conference in Amsterdam was a significant decision for our company as there were so many unknowns about the event. But we're glad we did. The conference was a resounding success, and we're already looking forward to RailsWorld 2024.

Why attend a conference?

Developer-led startups die in the dark.

They fail because developers (like Ryan and myself) are much more comfortable sitting at home in front of our screens and coding features than we are going out and talking to prospects.

While we're always cautious about our expenses, we view conferences as a strategic investment.They provide valuable opportunities to engage with people, understand their concerns, and assess whether the problems we're solving are the ones people care about and are willing to pay to go away.

While there are undoubtedly other ways to do this, conferences are an excellent high-bandwidth firehose of feedback and ideas we need.

Past conference experience

Wafris has a history with Rails conferences.

At the excellent Rails SaaS 2022 (LA), I spoke about the real-world security challenges we've seen helping to protect Rails applications. I ended the presentation by announcing our prototype of Wafris.

The contacts and encouragement from the community there helped give us the confidence to pursue Wafris full-time, and shortly after rearranging our lives to do so, an opportunity to take over the primary vendor location at Blue Ridge Ruby (Asheville, NC) fell into our laps.

So we showed up, bought everyone artisanal ice cream sandwiches, went tubing, and from the conversations and feedback we received, we drastically changed our product development to switch from "tools" to instead adding features focused on handling security as automatically as possible for developers.

Deciding on RailsWorld

Beyond the standard financial and time commitment, a few other factors made us hesitate about attending RailsWorld 2023.

Conferences, in general, are a gamble, and whether they're "worth it" hinges on factors that are often unknowable ahead of time, like:

  1. The interests and roles of the attendees. A conference full of CTOs has different experiences and concerns than one full of junior developers. Similarly, staff engineers talk to us about other things than freelancers and founders do.
  2. Venue and the precise location of the booths vs the attendees. I've seen conferences where the booths were in a separate building from the talks, and the attendees never came by. We've also been to conferences where the booths were in the same room as the talks, and the noise made it impossible to have a conversation.

Add to this the challenge for us of handling the logistics of getting to Amsterdam with all of our booth materials, and it took a lot of work as to whether we should exhibit or not.

Ultimately, we decided to go for it based on the professionalism and obvious competence of Amanda Perino and the rest of the RailsWorld team. She was terrific to work with and helped us iterate through different ideas for the conference and how to make those happen on the ground in Amsterdam.

RailsWorld goals

While there are many reasons to attend a conference, we had one particular goal for RailsWorld: for every attendee to leave with a clear understanding of what Wafris is and how it can help them.

You can dress this up in marketing terms like "branding" or "awareness." Still, at the end of the day, if developers don't know what Wafris is (a Web Application Firewall) and what it does (protects Rails applications from attacks), then we've failed.

Radical commitment

After we decided to attend RailsWorld, we decided to go all in.

Counterintuitively, this makes the conference less risky. With each additional activity we can independently produce, we increase the odds of positively interacting with an attendee, and we're less reliant on people just walking by our booth.

To this end, we decided to:

  1. Develop a custom card game, "Code for Insanity," to break the ice and start conversations with developers. As an icebreaker, all attendees were given a couple of cards and encouraged to find other attendees and come up with weird and funny combinations.
  2. Run a giveaway for a custom Lego sculpture of Rails creator DHH's car.
  3. Gift each speaker a custom card deck with their name and picture on the cards commemorating their talk.

What did we learn?

We're much more confident that we're solving a real problem felt directly by developers than before the conference. One of the most exciting takeaways was that multiple teams were independently creating their own solutions on top of Redis to try and address these problems..and they were unhappy with them as it pulled them away from their actual work.


RailsWorld 2023 was more than just a conference; it was a deep dive into the incredibly energetic Rails community. Rails has given us so many opportunities throughout our careers and we were proud that our participation in some small way contributed to the experience of attendees.

Weighing the costs against the benefits, RailsWorld 2023 was invaluable to us. The Rails-specific insights and networking opportunities have prepared us well for the coming year. And yes, we're excited for RailsWorld 2024 in Toronto!

Do this next

We're on a mission to better secure every web app on internet. Here's some ways you can jump in:

1. Check out our Open Source Web Application Firewall

Wafris is the free open source WAF that you can use to understand and visualize the requests hitting your apps and then take steps to protect them. It's still in early development, but you can signup for the waitlist to get early access at wafris.org

2. Investigate IP addresses with our IP Lookup service

Bad bots and probes hit sites within minutes of being put on the Internet. Sort the good from the bad by identifying request IPs as coming from bots, Tor networks, VPNs, proxies and malware hosts at wafris.org/ip-lookup

3. Anything else?

If you have any questions or need help finding the right way to handle web app security issues, please let us know at: help@wafris.org