PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Judy Neher
Capturing security requirements in an agile environment. Bad guys are out there…Who’s thinking about securing our systems and data??? When do we/should we think about security in our software systems?? How can we pull security forward in our agile processes? Let’s talk about Abuser Stories…!!
How can we can use our familiar user story format to capture potential vulnerabilities in software systems?? While user stories are written from a user perspective, abuser stories are written from an enemy or attacker’s perspective and describe the enemy’s mal-intent and motivation.
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
Evil User Stories - Improve Your Application SecurityAnne Oikarinen
Evil user stories are a way of addressing security threats in the planning and implementation phase. The idea of evil user stories is simple: First, identify important data and assets in the application you are protecting. Then, identify threat scenarios by completing the sentence “An attacker should not be able to…”.
You can use evil user stories in development by putting them in the backlog and adding mitigations as acceptance criteria. This helps in implementing security together with functionality. In addition, they are a good starting point for test planning and getting testers involved in design.
How To Keep the Grinch From Ruining Your Cyber MondayMichele Chubirka
Ready to avoid crowded stores and online scammers during the holidays? Join Michele Chubirka as she goes through:
-Tips for safe online shopping and securing your banking information
-Protecting yourself from internet scams, phishing and fraud
Safeguard your personal information against identity theft
-How to use Anti-virus and other security software to keep your digital information safe.
Evil User Stories - Improve Your Application SecurityAnne Oikarinen
Evil user stories are a way of addressing security threats in the planning and implementation phase. The idea of evil user stories is simple: First, identify important data and assets in the application you are protecting. Then, identify threat scenarios by completing the sentence “An attacker should not be able to…”.
You can use evil user stories in development by putting them in the backlog and adding mitigations as acceptance criteria. This helps in implementing security together with functionality. In addition, they are a good starting point for test planning and getting testers involved in design.
How To Keep the Grinch From Ruining Your Cyber MondayMichele Chubirka
Ready to avoid crowded stores and online scammers during the holidays? Join Michele Chubirka as she goes through:
-Tips for safe online shopping and securing your banking information
-Protecting yourself from internet scams, phishing and fraud
Safeguard your personal information against identity theft
-How to use Anti-virus and other security software to keep your digital information safe.
Credit card data theft is a common concern, but what about theft of your marketing data? This data is just as valuable to hackers and can be resold multiple times on the underground. Guard against potential security breaches by having a plan in place. Be prepared, not paranoid.
I had amde this ppt for my college presentation. It doesnt cover the various faruds in minute detail but this presentation is a very good overview! Enjoy!
Presented by Vipin Chandra Joshi at IJSARD (International Journal of Socio-legal Analysis and Rural Development) International Virtual Conference 2017 On Law and Social Sciences.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Webinar: Stop Complex Fraud in its Tracks with Neo4jNeo4j
Financial Services firms are having difficulty with traditional fraud prevention measures that focus on discrete data points such as specific accounts, individuals, devices or IP addresses. However, today’s sophisticated fraudsters escape detection by using sophisticated techniques like card testing, masquerading as a legitimate merchant, skimming cards at vulnerable merchants, forming fraud rings comprised of stolen and synthetic identities, etc.
To uncover such fraud rings, it is essential to look beyond individual data points to the connections that link them. Big Data Platforms and Data Science teams have been deployed to get rid of this menace but it takes weeks and months to uncover these patterns leading to high risk levels and inability to catch the fraudsters before they move on.
Join this webinar to find out why enterprise organizations use Neo4j to augment their existing fraud detection capabilities to combat a variety of financial crimes – and doing so in real-time.
The Neo4j graph database is the fastest growing database engine in the market and has hundreds of customer references across Europe and globally, solving significant technology problems for large Enterprises in Finance, Telco, Retail, Utilities, Logistics and Internet sectors. Typical use cases are Recommendations, Fraud Detection, MDM, Network and Software Analysis and Optimization, Identity and Access Management.
Identity Theft and How to Prevent Them in the Digital Age Maven Logix
Mr. Jamshed Masood who is a telecom sector executive provided information about how to identity thefts and how to prevent them in the digital age. He discussed the real definition of identity theft, its impact. Not only limited to this, respected speaker also gave the complete information of different types of identity thefts and their methods such as hacking, shoulder surfing. While discussing these thefts, light on prevention methodology to treat these kind of thefts was also given to the audience.
Acceleration & Focus - A Simple Approach to Faster ExecutionProjectCon
#projectcon #agilecon
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Michael Hannan
Acceleration & Focus - A Simple Approach to Faster Execution
Many articles & books emphasize the importance of focus to getting more done, but not many offer proven techniques to achieve big jumps in focus for entire teams—and thus accelerate the speed of execution dramatically. This session will provide a simple, common-sense method to achieve such acceleration for teams of any size, and at any scale.
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
ProjectCon AgileCon Project Management
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Ryan Lockard
I was lucky enough to have interviewed 14 of the 17 authors of the Agile Manifesto for a special podcast project with the intent to chronicle the manifesto story. What emerged was much more. The story of why the event was needed, what the vision was, how this was ruined.
This project totally shifted my perspective on agility and working with teams. This project was the vision of his team – the Agile Uprising – and was conducted over 6 months and chronicled via a globally distributed podcast. During this time period, our podcast went from 0 listeners to an average of 8,000 per month.
The initial inception of the project was to tell the story behind the manifesto and it’s authors. The trigger was some work we we're doing with Ken Schwaber and it was cancelled due to his failing health. We realized there was a huge moment in software history that had not been told, and these men were not getting any younger. We intended to interview each to understand what they were doing before, during and shortly after the Manifesto event in 2001. As the interviews started adding up, we heard a story of what Agile was meant to be, versus what it has become. In this session, we will learn how DevOps is the true agility enabler.
We learned that there were essentially 3 themes in all 14 interviews:
1) Focus on engineering culture
2) Build strong, empowered, teams
3) Establish mindfulness in delivery organizations
These 3 simple bullets are generally missed in most agile adoptions and transformations. Perhaps parts or some aspects are met, but on-whole, they are lacking. We focus too much on agile as a topic of didactic learning, and not a mindset. And what you see really emerge as a thing of beauty, is the residual benefits where these themes intersect. When Mindfulness and Technical Practices overlap you form strong process and integrated DevOps. Where Strong Teams and Technical Practices overlap you find rapid delivery of high quality working software. And where you find the convergence of all three elements, you find true value delivery flow.
This talk hones in on the re-centering of agile intent. It is agnostic of certification and scaling conversations, and builds a solid argument for the movements in Alistair Cockburn’s “Heart of Agile”, Joshua Kerievsky’s “Modern Agile” and Bob Martin’s “Clean Coder” movements.
As the talk wraps, I provide hope for the future of agility and engineering. A direction for attendees to move and an attempt to challenge the larger agile anti-patterns that are very prevalent in practice today.
Event Website: https://projectconevent.com
More Related Content
Similar to Abuser Stories: Thinking Like the Bad Guy to Reduce Software Vulnerabilities
Credit card data theft is a common concern, but what about theft of your marketing data? This data is just as valuable to hackers and can be resold multiple times on the underground. Guard against potential security breaches by having a plan in place. Be prepared, not paranoid.
I had amde this ppt for my college presentation. It doesnt cover the various faruds in minute detail but this presentation is a very good overview! Enjoy!
Presented by Vipin Chandra Joshi at IJSARD (International Journal of Socio-legal Analysis and Rural Development) International Virtual Conference 2017 On Law and Social Sciences.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Webinar: Stop Complex Fraud in its Tracks with Neo4jNeo4j
Financial Services firms are having difficulty with traditional fraud prevention measures that focus on discrete data points such as specific accounts, individuals, devices or IP addresses. However, today’s sophisticated fraudsters escape detection by using sophisticated techniques like card testing, masquerading as a legitimate merchant, skimming cards at vulnerable merchants, forming fraud rings comprised of stolen and synthetic identities, etc.
To uncover such fraud rings, it is essential to look beyond individual data points to the connections that link them. Big Data Platforms and Data Science teams have been deployed to get rid of this menace but it takes weeks and months to uncover these patterns leading to high risk levels and inability to catch the fraudsters before they move on.
Join this webinar to find out why enterprise organizations use Neo4j to augment their existing fraud detection capabilities to combat a variety of financial crimes – and doing so in real-time.
The Neo4j graph database is the fastest growing database engine in the market and has hundreds of customer references across Europe and globally, solving significant technology problems for large Enterprises in Finance, Telco, Retail, Utilities, Logistics and Internet sectors. Typical use cases are Recommendations, Fraud Detection, MDM, Network and Software Analysis and Optimization, Identity and Access Management.
Identity Theft and How to Prevent Them in the Digital Age Maven Logix
Mr. Jamshed Masood who is a telecom sector executive provided information about how to identity thefts and how to prevent them in the digital age. He discussed the real definition of identity theft, its impact. Not only limited to this, respected speaker also gave the complete information of different types of identity thefts and their methods such as hacking, shoulder surfing. While discussing these thefts, light on prevention methodology to treat these kind of thefts was also given to the audience.
Similar to Abuser Stories: Thinking Like the Bad Guy to Reduce Software Vulnerabilities (20)
Acceleration & Focus - A Simple Approach to Faster ExecutionProjectCon
#projectcon #agilecon
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Michael Hannan
Acceleration & Focus - A Simple Approach to Faster Execution
Many articles & books emphasize the importance of focus to getting more done, but not many offer proven techniques to achieve big jumps in focus for entire teams—and thus accelerate the speed of execution dramatically. This session will provide a simple, common-sense method to achieve such acceleration for teams of any size, and at any scale.
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
ProjectCon AgileCon Project Management
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Ryan Lockard
I was lucky enough to have interviewed 14 of the 17 authors of the Agile Manifesto for a special podcast project with the intent to chronicle the manifesto story. What emerged was much more. The story of why the event was needed, what the vision was, how this was ruined.
This project totally shifted my perspective on agility and working with teams. This project was the vision of his team – the Agile Uprising – and was conducted over 6 months and chronicled via a globally distributed podcast. During this time period, our podcast went from 0 listeners to an average of 8,000 per month.
The initial inception of the project was to tell the story behind the manifesto and it’s authors. The trigger was some work we we're doing with Ken Schwaber and it was cancelled due to his failing health. We realized there was a huge moment in software history that had not been told, and these men were not getting any younger. We intended to interview each to understand what they were doing before, during and shortly after the Manifesto event in 2001. As the interviews started adding up, we heard a story of what Agile was meant to be, versus what it has become. In this session, we will learn how DevOps is the true agility enabler.
We learned that there were essentially 3 themes in all 14 interviews:
1) Focus on engineering culture
2) Build strong, empowered, teams
3) Establish mindfulness in delivery organizations
These 3 simple bullets are generally missed in most agile adoptions and transformations. Perhaps parts or some aspects are met, but on-whole, they are lacking. We focus too much on agile as a topic of didactic learning, and not a mindset. And what you see really emerge as a thing of beauty, is the residual benefits where these themes intersect. When Mindfulness and Technical Practices overlap you form strong process and integrated DevOps. Where Strong Teams and Technical Practices overlap you find rapid delivery of high quality working software. And where you find the convergence of all three elements, you find true value delivery flow.
This talk hones in on the re-centering of agile intent. It is agnostic of certification and scaling conversations, and builds a solid argument for the movements in Alistair Cockburn’s “Heart of Agile”, Joshua Kerievsky’s “Modern Agile” and Bob Martin’s “Clean Coder” movements.
As the talk wraps, I provide hope for the future of agility and engineering. A direction for attendees to move and an attempt to challenge the larger agile anti-patterns that are very prevalent in practice today.
Event Website: https://projectconevent.com
The Agile PMP: What PMPs need to know to compete in today's marketProjectCon
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: DJ McCord
The Agile PMP: What PMPs need to know to compete in today's market
Agile is not a buzz word. Agile is here to stay. If you organization has not yet adopted Agile in some way, shape, or form, it will soon. In 2018, PMI added Agile to the PMBOK and the PMP exam. This session will discuss why it is critical that PMPs understand what Agile is, how a PMP can improve their marketability, the new Agile content added to the PMBOK, how a PMP can learn the new Agile content included in the PMBOK, and what certifications a PMP can obtain to make them a triple threat in the industry.
Attendees will learn:
An overview of Agile
Why PMPs need to know Agile
Agile additions to the PMBOK 6th Edition
How a PMP can re-up their certification to include Agile
What combination of certifications a PMP should hold to gain a competitive advantage
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
ProjectCon AgileCon Project Management
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Nabila Safdary
Teaming for Agility
Interactive session focused on exploring attributes and motivations for optimal teams. Mastery and excellence in individual delivery doesn't directly translate to team excellence. Collective chemistry, intelligence and resilience champion wins. This session will share activities to sustain and grow team strength.
What You Will Learn:
Activities for team startups
Collaborative techniques to measure team success
Agility attributes
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
ProjectCon AgileCon Project Management
Transformation of an Agile Purist to an Agile MindProjectCon
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Jessica Soroky
Transformation of an Agile Purist to an Agile Mind
I have been a scrum master, release train engineer, agile coach and now the Director for Agile Delivery. I’ve lead teams, lead transformations, trained and collaborated with every level from team member to company president. In my 7 years doing and being agile (actual years not time where I was doing it ‘before it was called agile”), I have undergone a transformation i never saw coming - Agile purist to agile minded. How did this transformation happen? Why was it critical to my success? This session is all about a personal journey through all the stages of agile including the raw bumps and bruises along the way. Take a shortcut from my wins and my failures and learn how to be successful in corporate america agile - first hint; it has nothing to do with the scrum guide.
Key Take-a-Ways:
The difficulties and freedom that comes from transitioning from a purist to a agile mind.
Real life stories that capture what it means to ‘be” agile instead of “do” agile.
5 key tips to being a successful agile mind in the corporate world including do’s and don’ts.
An understanding how to apply agile concepts and techniques without ever having to reference the Scrum Guide again.
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
ProjectCon AgileCon Project Management
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Jesse Fewell
The Agile PMO
Now that agile methods are here to stay, executives are looking to PMO leaders for answers to fundamental questions: What is the agile movement all about? When does it fit for a given project, and when does it not? Even more puzzling, if agile methods encourage self-organizing teams, then how does that impact the role of a PMO, or even the role of the project manager itself? In this eye-opening session, we will sift out fact from fiction and walk away with actionable tips for evolving your PMO to support agile methods.
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
ProjectCon AgileCon Project Management
Automated Release Pipelines with Azure DevOpsProjectCon
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Benjamin Day
Automated Release Pipelines with Azure DevOps
What's DevOps and how do you make it work using Microsoft’s Azure DevOps service? At its core, DevOps is about automating every last thing that you can possibly automate between development and production. Basically, automate away all the annoying & tedious stuff that distracts you from being able to quickly and easily deliver done, working software.
This session will be a mix of the practical (75%) and the theoretical (25%). We'll start by talking about the DevOps mindset and why you should even care about DevOps. From there, we'll dive in to the skills and practices you'll need in order to implement an automated, multi-environment DevOps pipeline using Azure DevOps.
The demo will to take an existing ASP.NET Core application with automated tests, commit it to Git, create automated builds, and an automated release pipeline that'll take the application from development to test to production.
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
ProjectCon AgileCon Project Management
The Women in Agile Story - History of the Movement through MVP ExperimentsProjectCon
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Natalie Warnert
The Women in Agile Story - History of the Movement through MVP Experiments
Women in Agile started like most movements do, with a problem and a small grassroots effort. Now it has grown to a non-profit organization with local groups across the world and many conference pairings under its belt all in a timeframe of a few years. Women in Agile utilized targeted experiments to determine how to expand meaningfully and sustainably while examining data and experience collected along the way. This session discusses how Women in Agile got to where it is today, what is in store for the future, and how you can take our lessons learned to grow organizations and ideas in a successful and sustainable way.
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
ProjectCon AgileCon Project Management
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Bill Dow
A Guide to Risk Management
Most Project Managers struggle with managing risks and issues. It is a daily struggle, project managers don’t track and understand the purpose of risk management well enough, so we see them either ignore it all together or do the bare minimum. In this presentation, we will walk through the purpose and tracking of risks on projects.
Key Takeaways:
Learn the purpose behind Risk Management
Discover the key steps in Risk Management
Uncover Risk Management tools and techniques
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Benjamin Day
Real World Scrum with Azure DevOps
You’ve got a subscription for Azure DevOps (formerly known as Visual Studio Team Services or VSTS) and you’re looking to do Scrum. Ok. Great. Now what does that mean? What does Azure DevOps actually do to help your Scrum team(s) run more efficiently? If I’m the Scrum Master, what should I be coaching my team to do? What can you do to help get to high-quality, “done”, working software faster? How does Azure DevOps make anything in Scrum easier?
In this session, we will address these from the perspective of a technically-minded Scrum Master. He’ll show you how to address four of the main pieces of running a Scrum project using Azure DevOps: Stakeholder Interaction, Planning & Execution, Testing, and streamlining the Definition of Done (DoD). Along the way there will be plenty of talk about work tracking, project management, QA testing, and automated builds.
Key Take-a-Ways:
Streamline your scrum process using Azure DevOps
Use Azure DevOps for manage stakeholder interaction using the Feedback Manager
Planning & Executing your sprints
Using Azure DevOps’s Test Plan tools to track and manage the QA testing effort
Automating release and testing using automated build
Improving your skills as a Scrum Master
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
Capturing Lessons Learned Information – Making your current and future projec...ProjectCon
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Presenter: Bill Dow
Most Project Managers struggle collecting Lessons learned on their projects. Most make the terrible mistake of capturing lessons learned information at the end of the project when most team members are long gone and want no part of giving you feedback. This presentation takes project managers through the process of capturing Lessons Learned information on their projects. Learn tricks, tips and the top five best practices in collecting this critical project information.
Key Takeaways:
Learn the value of Lessons Learned information on the project
Discover industry leading Tips and Best Practices
Uncover how this process can be applied throughout the project
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
Mind the Gap - The Tension Between Job Titles and AgilityProjectCon
PROJECTCON | AGILECON Midwest 2019 in Indianapolis on May 10, 2019
Keynote Presentation
Presenter: Dave West, CEO and Product Owner Scrum.org
There is no mistaking it. The last 10 years has seen a fundamental shift in how we shop, consume news, even communicate with our friends and family. We have entered the Digital Age where the economics, systems and structures are different. Traditional organizations are trying to keep up and evolve to better serve this new age. The evolution to become more agile is not easy. The resulting tension manifests itself in many forms including confusion of job title and disconnected processes as organization run a hybrid agile and traditional organization. Some days this works, some days it doesn’t. Ideas such as self-organization, empowerment coupled with empirical process and customer centricity strike at the heart of job titles that were designed in a world of parental management, specialism of labor and resource management.
In this keynote, we will surface actionable insights to the questions:
How do you survive and thrive in this messy world?
What does it mean for your job title and skills?
Event Website: https://projectconevent.com
LinkedIn: https://www.linkedin.com/company/projectcon-llc
Facebook: http://www.facebook.com/ProjectConEvent
Twitter: http://www.twitter.com/projectconevent
YouTube: https://www.youtube.com/channel/UCLLG1SGPs1L5YLoFndvGGhQ
Instagram: https://www.instagram.com/projectconevent
Presentation Slides: https://slideshare.com/projectcon
Post Event Trailer: https://youtu.be/1_RzFBnZ7bo
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
3. Judy Neher, CST
• Certified Scrum Trainer® (CST)
• BS Mathematics, University of North Carolina
at Chapel Hill
• MS Computer Science, The Johns Hopkins
University
• Mathematician -> Computer Scientist ->
Software Manager
• Scrum Trainer, Agile coach, trainer, and
consultant
6. Your Travel
• 500 million travelers who
made reservations since 2014
• Undetected until September
8th 2018
• 327 million lost name, address,
phone, email, DOB, gender,
passport number
• One of the largest data
breaches in history.
7. Your Life Story
• 30 million accounts
• Since July 2017 but
detected Sep 2018
• Using the “View As”
feature, exposed a
diverse treasure trove of
user data
8. City of Atlanta
• March 2018
• Ransomware attack
• Destabilized municipal
operations
• Months/Millions of dollars
10. Your Travel Details at
Risk:
• British Airways:
• 21 Aug – 5 Sep: 380,000 reservations
• Names, addresses, email addresses, credit card
information using skimming code
• Cathay Pacific:
• 9.4 million travelers
• 3 months to fend off attackers
• Names, DOBs, addresses, passport numbers
11. $$ The average cost of a malware attack on a company is $2.4 million. (Accenture)
$$ The average cost per lost or stolen records per individual is $141 — but that cost
varies per country. Breaches are most expensive in the United States ($225) and
Canada ($190). (Ponemon Institute’s 2017 Cost of Data Breach Study)
$$ Damage related to cybercrime is projected to hit $6 trillion annually by 2021.
(Cybersecurity Ventures)
What is this costing?
37. Don’t Hide the Cost of Security!
Explicit
• User registration story
implementing a secure
connection
Not So Explicit
• Defending against a Denial
of Service Attack
• Ensuring Scalability
40. Inspiration Source =
Assets
• Intrinsic value (e.g. money in a bank
account)
• Derived value (e.g. revenue generation from
a random process at a gambling site)
Education
Government
Finance
Healthcare
What else?
At the end of November, the massive hotel chain Marriott announced that as many as 500 million travelers who made a reservation at a Starwood hotel since 2014 had their data compromised. The hack originated at Starwood's reservation system; Marriott acquired that hotel group in September 2016, but the intrusion went undetected until September 8 of this year. Marriott says it blocked attacker access by September 10, but it took until November 19 for the company to fully understand the scale of the breach. Reports have increasingly indicated state-sponsored Chinese hackers were behind the attack, though this attribution has not been officially confirmed. The stolen data would be an espionage bonanza for government hackers, though. About 170 million impacted Marriott customers only had their names and basic information like address or email address stolen, but about 327 million people lost much more. Marriott says that this larger group had different combinations of name, address, phone number, email address, date of birth, gender, trip and reservation information, passport number, and Starwood Preferred Guest account information stolen. The Marriott incident is one of the largest data breaches in history.
At the end of September, Facebook disclosed a data breach in which attackers gained access to 30 million accounts by stealing "user authorization tokens," essentially access badges that get generated after a user successfully logs in. Sites use authorization token schemes so users don't need to sign in multiple times as they move around a platform. In Facebook's case, the attackers coordinated exploitation of three different bugs in the social network's "View As" feature to grab user tokens, gain access to Facebook accounts, and exfiltrate a significant and diverse trove of user data. The vulnerabilities existed in Facebook's platform since July 2017, but the company only detected suspicious activity related to them on September 14 of this year. Eventually, Facebook discovered the flaws and the attack on September 25. Here's how to check whether your Facebook account data was compromised in the breach. The company is investigating with the FBI, and hasn't said who may have been behind the hack. The incident is Facebook's first known data breach—impressive given that the platform has existed for well over a decade. But between the company's increasingly dismal track record on third-party access limits and a recent incident in which a bug exposed 6.8 million users' photos to third-party developers, it's hard to feel like things are going as well as they could on the user privacy and data management front.
In March, a ransomware attack locked down the City of Atlanta's digital systems, destabilizing municipal operations. The recovery took months, not to mention millions of dollars. The notorious SamSam criminal hacking group targeted the city and asked for about $50,000-worth of bitcoin. The ransomware attack affected five of Atlanta's 13 government departments, and undermined services like the Atlanta Police Department's records system, infrastructure maintenance requests, and court networks. Atlanta residents also couldn't pay their water bills for days. At the end of November, the Department of Justice indicted two Iranian men for allegedly carrying out SamSam attacks.
In the lead up to the Pyeongchang Olympics, Russian hackers launched a number of related cyberattacks as retaliation for the country's doping ban from the games. Then, before the opening ceremony of the Olympics in February, they orchestrated a hack that crippled the event's IT infrastructure, knocking out Wi-Fi, the Olympics website, and network devices in the process. Hackers used a worm dubbed Olympic Destroyer to wreak havoc as event technicians raced to restore service. Then in June, the same hackers reemerged—this time in preliminary spear phishing attacks against labs that research biological and chemical threats in France, Germany, Switzerland, Russia, and Ukraine. Specifically, the targeted lab investigating the poisoning of former Russian double agent Sergei Skripal. Those attacks did not turn destructive—although no telling if they might have had security researchers not spotted them first.
At the beginning of September, British Airways revealed a data breach that impacted information from 380,000 reservations made between August 21 and September 5 of this year. The company said that names, addresses, email addresses, and sensitive payment card details were all stolen in the breach. Hackers from the well-known criminal group Magecart pulled off the attack by specifically evaluating the airline's digital systems and tailoring a plan for installing malicious skimming code in its payment data entry forms. That way, any time someone entered information to make a reservation, all the data would silently go to Magecart.
Cathay Pacific also announced an even larger data breach perpetrated in March that impacted 9.4 million travelers. The airline first disclosed the breach at the end of October. It then added in November that the intrusion had been even more intense than it originally said, and that it took three months to fend the hackers off. Cathay has been widely criticized for its delayed disclosure and lack of transparency about the incident. Data stolen in the breach included passenger names, dates of birth, addresses, telephone numbers, email addresses, nationalities, passport numbers, frequent flier membership numbers, and other ID numbers. Airlines can be a particularly valuable target for hackers, because they hold both personal and financial data, as well as travel data and passport numbers.
What security relevant acceptance criteria is missing?
User logs in with his credentials.
k
What’s missing? How can this feature be exploited? What security relevant acceptance criteria is missing?
The user authenticates himself
Talk at your tables for 5 mins about how this feature can be exploited, what security relevant acceptance criteria should be added and then share.
One way to look at security: typical security requirement
How excited would you be about implementing this feature? Functional features tend to overshadow these types of requirments!
Here’s another way….
Identify how attackers may abuse the system and jeopardize stakeholder assets.
Help organizations see their products in the same way attackers do.
Describe how users can misuse a system with malicious intent.
Every time a new requirement, feature is created, someone should spend time thinking about how that feature might be unintentionally or intentionally abused.
Help organizations see their products in the same way attackers do.
Describe how users can misuse a system with malicious intent.
Every time a new requirement, feature is created, someone should spend time thinking about how that feature might be unintentionally or intentionally abused.
Stories are logically equivalent, except from a planning standpoint
Estimating value, cost and effort significantly more difficult for the abuser story
Brainstorm some abuser stories for this feature.
TIMEBOX = 5 mins
What’s missing? How can this feature be exploited? What security relevant acceptance criteria is missing?
The user authenticates himself
Talk at your tables for 5 mins about how this feature can be exploited, what security relevant acceptance criteria should be added and then share.
No absolute guarantee that no exploitable vulnerability remains.
What would be some acceptance criteria for this story?
Add refutation criteria to your abuser stories!
Timebox = 5 mins
What would be some refutation criteria for this story?
User cannot login without 2 forms of identification
User cannot see credit card information
User stories carry business value.
Abuser Stories bring an expected cost = loss due to a successful attack or probability of an attack
Examples:
If a design assumes that connections from the Web server to the database server are always valid an attacker will try to make the Web server send inappropriate requests to access valuable data.
If the software design assumes that the client never modifies its Web browser cookies before they are sent back to the requesting server (in an attempt to preserve some state), attackers will intentionally cause problems by modifying the cookies.
Every sprint should optimize net value!
Abuser stories value and rank can be affected by….
A technological breakthrough may make an attack easier and therefore more likely.
Assets may become more attractive targets.
Adversaries may become better funded.
Similar systems may since have been secured, making the system being developed the weakest in its class.
Countermeasures taken in previous sprints may increase the risk of an abuser story because it has become the easiest way to attach the system.
User stories are written by customers. Customers should also be involved in writing abuser stories, as they are attuned to the business assets which need protection.
However, to achieve a good threat coverage quickly it is essential to draw on the expertise of the development team because many hands make light work and because developers distinctive areas of expertise tend to make them sensitive to certain types of threats sooner than non-technical authors. Some of the systems assets are, by definition, of a technical nature.
In the example of the gambling web site, it is likely that customers will quickly come up with threats to various accounts. For example, they may point out that accounts holding user’s gains must be protected from attack. Threats to the randomness of the gambling process, on the other hand are more readily identified by a developers.
So abuser stories depart from traditional agile requirements engineering to the extent that they are no exclusives written by customers, but jointly with the development team. They reinforce the agile principle of involving all team members in a broad spectrum of activities. No one I deemed to have a monopoly on a given area of expertise.
Assets are a good starting point for writing abuser stories. Anything of value to the customer which is potentially accessible through the system, should be considered a target.
An asset may have intrinsic value, such as a money in a bank account, or it may derive its value from its role in revenue generation, such as a random process at a gambling site. The latter are harder to identify, but will tend to show up with examining who the attackers are, their motivation, resources and expertise.
The nature of an attack is largely determined by the kind of adversary. I therefore pays to reflect on who protential abusers may be. Pertitnetn factors include the resources they command, their skills, motivation and risk aversion.
Predators co-evolve with their prey and hence sensitivity to the species that inhabit the customer’s ecosystem is required. The history of the customer’s industry is typically a good guide to the motivation and even the attack techniques.
Skills and resources are, in a certain sense, interchangeable as a resourceful adversary can hire skillful mercenaries.
Organized crime is a resourceful adversary.
So are intelligence agencies and terrorists.
However, their motivations are different and they will go after different targets, use different techniques and have a distinctive risk assessment.
Attackers are unlikely to invest many resources unless they have a clear motive. At the other end of the spectrum lie low-investment acts of vandalism. Threats from low-skilled system users may have devastating consequences. Secret gamblers using the example gambling site may rather deny using the site than settle their debts.
Customer staff are a rich source of inspiration for potential attackers. The majority of fraud cases occur with inside help.
Add refutation criteria to your abuser stories!
Timebox = 5 mins
What would be some refutation criteria for this story?
User cannot login without 2 forms of identification
User cannot see credit card information