A look at how PaaS can be helpful in dealing with the 'audit paradox' presented by the choice between bolt on and build in for security, along with operational considerations for a serverless environment
Hear directly from the creators of the stack on the future of Elasticsearch, Kibana, Beats, and Logstash, new features and solutions, expanding deployment options, and the evolving solutions landscape.
Les créateurs de la Suite Elastic vous parleront de l'avenir d'Elasticsearch, Kibana, Beats et Logstash, des nouvelles solutions, fonctionnalités et options de déploiement, ainsi que d'un paysage en pleine évolution.
Hear directly from the creators of the stack on the future of Elasticsearch, Kibana, Beats, and Logstash, new features and solutions, expanding deployment options, and the evolving solutions landscape.
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
Radu-Emanuel Chiscariu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Hear directly from the creators of the stack on the future of Elasticsearch, Kibana, Beats, and Logstash, new features and solutions, expanding deployment options, and the evolving solutions landscape.
Les créateurs de la Suite Elastic vous parleront de l'avenir d'Elasticsearch, Kibana, Beats et Logstash, des nouvelles solutions, fonctionnalités et options de déploiement, ainsi que d'un paysage en pleine évolution.
Hear directly from the creators of the stack on the future of Elasticsearch, Kibana, Beats, and Logstash, new features and solutions, expanding deployment options, and the evolving solutions landscape.
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
Radu-Emanuel Chiscariu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Automating Event Driven Security in the AWS Cloud - AWS Public Sector Summit ...Amazon Web Services
<Management Track>
Paul Hidalgo, Security Solutions Architect, APAC, Trend Micro
You are quickly building and deploying exciting services on top on the AWS Cloud. As your deployment matures, you start to understand how each of these services has its own unique challenges when it comes to operations and security. Making sure that the diversity available in AWS services doesn't increase the operational burden on your teams is a significant challenge. If you don't use the right strategy, you risk implementing a unique security approach for each service. In this talk we'll look at an overall security strategy for your deployment pulled from the real-world experiences of some of the top companies around the world. This strategy along with services like AWS Lambda can provide a unified view of your deployment and automatically respond to incidents … regardless of scale.
In this video from the Global Tech Jam 2018, Dr. Kangwei Woo from QuantumCIEL presents: Project Grace - Towards a Secure Internet.
"The present Public Key Infrastructure (PKI) is known to be inadequate for the current scale of the Internet and the situation is exacerbated with the advent of IoT. Project GRACE (Graceful Remediation with Authenticated Certificateless Encryption) implements a security architecture using an advanced form of pairing-based cryptography called Verifiable Identity-based Encryption (VIBE) to provide a simple, scalable and secure key management for the cloud services, the IoT and indeed the Critical Information Infrastructure (CII) which are otherwise vulnerable to the extant and new cyber-physical attacks."
Watch the video: http://insidesmartcities.com/global-tech-jam-project-grace-towards-secure-internet/
Learn more: https://gctc.opencommons.org/Project_GRACE
and
https://globaltechjam.com/2018-global-tech-jam-presentations/
Sign up for our insideBIGDATA Newsletter: http://insidebigdata.com/newsletter
How to Consolidate in Order to Increase Operational Efficiency by Moving Your...Zia Consulting
Zia is an industry-leading, award-winning integrator of content management, process management, document capture, and cloud sharing technologies. Their core competencies include rationalizing legacy systems, moving content to the cloud, and ensuring compliance. Attend this session to learn how Zia is helping organizations deploy Mobius to the cloud—Amazon Web Services (AWS)—to rationalize legacy systems, reduce infrastructure costs, and increase operational efficiency to create a winning Mobius hybrid-deployment model.
The Journey from Zero to SOC: How Citadel built its Security Operations from ...Elasticsearch
See how Citadel Group replaced their IT ops infrastructure monitoring tool with Elastic Security and Elastic Cloud Enterprise — and how it positively impacted their enterprise software and services managed offerings for their end customers across the world.
A few slides form an ad-hoc presentation I gave following my hack-a-thon project to integrate Amazon Macie with Alfresco Governance Services, during Alfresco DevCon 2018.
Engineering Continuous Security and ComplianceQAware GmbH
Cloud Native Night December 2018, Munich: Talk by Andreas Zitzelsberger (@andreasz82, Principal Software Architect at QAware)
Join our Meetup: www.meetup.com/cloud-native-muc
Abstract: Currently, security and compliance are two separate worlds. There are numerous roles involved which do not collaborate well. The sheer complexity involved in both fields leads to costly mistakes and often, to only a one-time token effort.
At the heart of the problem, it’s about managing policies.
We show how we apply engineering virtues like automation, abstraction and creating interfaces to policy management, resulting in a methodology and tool set helping security and compliance to work in unison towards better and more secure products, while reducing headaches to those involved.
_______
Beispiel für Policies in der Infrastruktur: Kubernetes Admission Control mit Post-Processing und OPA (Open Policy Agent) Showcase:
https://github.com/az82/k8s-admission-control-showcase
Beispiel für Policies in der Anwendung: Micronaut mit OPA Demo
https://github.com/az82/micronaut-opa-demo
Agenda:
1. Cyber Security - How it works, today!
2. Data Analytics, the What and the Why
3. The technical aspects
4. The pipeline
5. Opportunities - Gaps we're aiming for
6. Demo
This presentation, talks about how data analytics can play a significant role in the cyber security space and it also talks about various design challenges associated with datasets in cyber security and how they can be solved.
APIdays Paris 2018 - From real-life challenges to industrial IoT solutions, i...apidays
From real-life challenges to industrial IoT solutions, in a few days with APIs & LTE-M
Director, Orange Developer marketing & advocacy, Orange
Mathieu Belouar, Responsable Digital & Web, SNCF Gares & Connexions
Apply to be a speaker here - https://apidays.typeform.com/to/J1snsg
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Elasticsearch
See how Randstad Netherlands uses all the features of the Elastic Stack to monitor their environments and put their analysts first. Randstad NL, an Elastic user since version 1.7, combines events from applications, systems and third party tooling into their Elastic Stack to detect and mitigate threats at scale — all from within Elastic Security.
How to build containerized architectures for deep learning - Data Festival 20...Antje Barth
When it comes to AI data scientists/engineers tend to focus on tools. Though the data platform that enables these tools is equally important, it’s often overlooked. In fact, 90% of the effort required for success in ML is not the algorithm – it’s the data logistics. In this workshop we will talk about common architecture blueprints to integrate AI in your data centers and how the right data platform choice can make all the difference in launching your AI use case into production! Presented at Data Festival Munich, 2019.
Overview and Opentracing in theory by Gianluca ArbezzanoGianluca Arbezzano
That is this group? How does it work? What is the CNCF? After this short introduction I am going to show you what is Opentracing what it means and why the adoption is growing so much in a short amount of time. Use cases, possible implementations and so on.
Palo Alto Networks and 2nd Watch DevOps and security experts discuss protecting your applications and data in the cloud:
-DevOps: laying a foundation for secure architectures
-A look at how DevOps practices can ensure security
-Setting up the proper security foundation
-Review/white board different Security Architectures
-Approach to automating your security deployments
Automating Event Driven Security in the AWS Cloud - AWS Public Sector Summit ...Amazon Web Services
<Management Track>
Paul Hidalgo, Security Solutions Architect, APAC, Trend Micro
You are quickly building and deploying exciting services on top on the AWS Cloud. As your deployment matures, you start to understand how each of these services has its own unique challenges when it comes to operations and security. Making sure that the diversity available in AWS services doesn't increase the operational burden on your teams is a significant challenge. If you don't use the right strategy, you risk implementing a unique security approach for each service. In this talk we'll look at an overall security strategy for your deployment pulled from the real-world experiences of some of the top companies around the world. This strategy along with services like AWS Lambda can provide a unified view of your deployment and automatically respond to incidents … regardless of scale.
In this video from the Global Tech Jam 2018, Dr. Kangwei Woo from QuantumCIEL presents: Project Grace - Towards a Secure Internet.
"The present Public Key Infrastructure (PKI) is known to be inadequate for the current scale of the Internet and the situation is exacerbated with the advent of IoT. Project GRACE (Graceful Remediation with Authenticated Certificateless Encryption) implements a security architecture using an advanced form of pairing-based cryptography called Verifiable Identity-based Encryption (VIBE) to provide a simple, scalable and secure key management for the cloud services, the IoT and indeed the Critical Information Infrastructure (CII) which are otherwise vulnerable to the extant and new cyber-physical attacks."
Watch the video: http://insidesmartcities.com/global-tech-jam-project-grace-towards-secure-internet/
Learn more: https://gctc.opencommons.org/Project_GRACE
and
https://globaltechjam.com/2018-global-tech-jam-presentations/
Sign up for our insideBIGDATA Newsletter: http://insidebigdata.com/newsletter
How to Consolidate in Order to Increase Operational Efficiency by Moving Your...Zia Consulting
Zia is an industry-leading, award-winning integrator of content management, process management, document capture, and cloud sharing technologies. Their core competencies include rationalizing legacy systems, moving content to the cloud, and ensuring compliance. Attend this session to learn how Zia is helping organizations deploy Mobius to the cloud—Amazon Web Services (AWS)—to rationalize legacy systems, reduce infrastructure costs, and increase operational efficiency to create a winning Mobius hybrid-deployment model.
The Journey from Zero to SOC: How Citadel built its Security Operations from ...Elasticsearch
See how Citadel Group replaced their IT ops infrastructure monitoring tool with Elastic Security and Elastic Cloud Enterprise — and how it positively impacted their enterprise software and services managed offerings for their end customers across the world.
A few slides form an ad-hoc presentation I gave following my hack-a-thon project to integrate Amazon Macie with Alfresco Governance Services, during Alfresco DevCon 2018.
Engineering Continuous Security and ComplianceQAware GmbH
Cloud Native Night December 2018, Munich: Talk by Andreas Zitzelsberger (@andreasz82, Principal Software Architect at QAware)
Join our Meetup: www.meetup.com/cloud-native-muc
Abstract: Currently, security and compliance are two separate worlds. There are numerous roles involved which do not collaborate well. The sheer complexity involved in both fields leads to costly mistakes and often, to only a one-time token effort.
At the heart of the problem, it’s about managing policies.
We show how we apply engineering virtues like automation, abstraction and creating interfaces to policy management, resulting in a methodology and tool set helping security and compliance to work in unison towards better and more secure products, while reducing headaches to those involved.
_______
Beispiel für Policies in der Infrastruktur: Kubernetes Admission Control mit Post-Processing und OPA (Open Policy Agent) Showcase:
https://github.com/az82/k8s-admission-control-showcase
Beispiel für Policies in der Anwendung: Micronaut mit OPA Demo
https://github.com/az82/micronaut-opa-demo
Agenda:
1. Cyber Security - How it works, today!
2. Data Analytics, the What and the Why
3. The technical aspects
4. The pipeline
5. Opportunities - Gaps we're aiming for
6. Demo
This presentation, talks about how data analytics can play a significant role in the cyber security space and it also talks about various design challenges associated with datasets in cyber security and how they can be solved.
APIdays Paris 2018 - From real-life challenges to industrial IoT solutions, i...apidays
From real-life challenges to industrial IoT solutions, in a few days with APIs & LTE-M
Director, Orange Developer marketing & advocacy, Orange
Mathieu Belouar, Responsable Digital & Web, SNCF Gares & Connexions
Apply to be a speaker here - https://apidays.typeform.com/to/J1snsg
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Elasticsearch
See how Randstad Netherlands uses all the features of the Elastic Stack to monitor their environments and put their analysts first. Randstad NL, an Elastic user since version 1.7, combines events from applications, systems and third party tooling into their Elastic Stack to detect and mitigate threats at scale — all from within Elastic Security.
How to build containerized architectures for deep learning - Data Festival 20...Antje Barth
When it comes to AI data scientists/engineers tend to focus on tools. Though the data platform that enables these tools is equally important, it’s often overlooked. In fact, 90% of the effort required for success in ML is not the algorithm – it’s the data logistics. In this workshop we will talk about common architecture blueprints to integrate AI in your data centers and how the right data platform choice can make all the difference in launching your AI use case into production! Presented at Data Festival Munich, 2019.
Overview and Opentracing in theory by Gianluca ArbezzanoGianluca Arbezzano
That is this group? How does it work? What is the CNCF? After this short introduction I am going to show you what is Opentracing what it means and why the adoption is growing so much in a short amount of time. Use cases, possible implementations and so on.
Palo Alto Networks and 2nd Watch DevOps and security experts discuss protecting your applications and data in the cloud:
-DevOps: laying a foundation for secure architectures
-A look at how DevOps practices can ensure security
-Setting up the proper security foundation
-Review/white board different Security Architectures
-Approach to automating your security deployments
Changing Times - the Future of ECM - AIIM 2017 Stephen Ludlow
This is my presenation from AIIM 2017 where I outline some of the key challenges facing organisations implementing ECM and looking to the future. The presentation finished with some advice for organisations looking to utilise content services
[AIIM17] Changing Times, The Future of ECM - Stephen LudlowAIIM International
It’s time to bring some clarity to the buzz and chatter surrounding ECM. What does the future of ECM look like? What’s behind the shift from “content management” to “content services?” And what should organizations be doing to take advantage of tomorrow’s opportunities? Join product leaders from OpenText and Documentum as they review the current state of ECM and lay out a go-forward strategy that maximizes current investments while preparing for future success.
Learn about the current state of Information Management in AIIM’s latest report: http://info.aiim.org/2017-state-of-information-management
SINC – An Information-Centric Approach for End-to-End IoT Cloud Resource Prov...Hong-Linh Truong
We present SINC –
Slicing IoT, Network Functions, and Clouds – which enables designers to dynamically create/update end-to-end slices of the overall IoT network in order to simultaneously meet multiple user needs.
That’s one small step for IT, one giant leap for business agility
Give to your business the moon as in this REX of micro-services solution used in the Airbus flight tests department to rebuild a large and complex systems. This medium size on-going project took some technical decisions and finally managed to bring the Micro-Services philosophy in a huge legacy IT system.
Slides for my talk at Cloud Foundry Summit Europe 2016.
Nearly 1.2 million people die in road crashes each year (WHO - 2015) with additional millions becoming injured or disabled. One big part of this problem is worst road traffic conditions and unless action is taken, road traffic injuries are predicted to become the fifth leading cause of death by 2030. Moreover, although road traffic injuries have been a major cause of mortality for many years, most traffic accidents are both predictable and preventable. In this talk, we want to demonstrate a scalable IoT platform that uses weather data and data from other cars to warn drivers of dangerous conditions. We will show how CF can help to save human lives and the architecture behind this. Additionally, we will also explain the data science that is involved.
Comparison of Open Source Frameworks for Integrating the Internet of ThingsKai Wähner
Session from JFokus 2017 (https://www.jfokus.se/jfokus/talks.jsp#ComparisonofOpenSour) in Stockholm, Sweden.
This session shows and compares open source frameworks built to develop very lightweight applications or microservices, which can be deployed on small devices with very low resources and wire together all different kinds of hardware devices, APIs and online services. The focus of this session is the comparison of open source projects such as Node-RED or Flogo, which offer a zero-code environment with web IDE for building and deploying integration and data processing directly onto connected devices using IoT standards such as MQTT, WebSockets or CoaP, but also other interfaces such as Twitter feeds or REST services. The end of the session compares these open source projects to other options such as SaaS offerings like AWS IoT or more powerful streaming analytics platforms.
CWIN16 UK Event - The Future of Infrastructure Gunnar Menzel
What technologies made the biggest impact and which ones will impact us in the future? Will technology advances slow down, stay the same of speed up? What trends and technologies should I consider?
The Digital agenda, shifting business models, as well as the need for speed at lower cost are impacting, shaping and forming new technologies; creating new opportunities at an ever increasing pace.
During the 30 min presentation Gunnar will outline the various key infrastructure related trends and technologies that are and will be key going forward.
DevSecOps Days London - Teaching 'Shift Left on Security'Chris Swan
Deck with backup screenshots of live demo of DevOps Dojo Yellow belt module 'Shift Left on Security' where students incorporate the OWASP dependency checking into a Jenkins CD pipeline around the Springboot Pet Clinic app.
LNETM - Atsign - Privacy with Personal Data ServicesChris Swan
London Enterprise Technology Meetup (LNETM) presentation on Atsign's atPlatform, which uses personal data services (PDS) and end-end encryption to build privacy preserving applications for everybody, every organisation and everyTHING.
SOOCon24 - Showing that you care about security - OpenSSF ScorecardsChris Swan
Open Source Security Foundation (OpenSSF) Scorecards provide a way for open source users to determine whether maintainers are being diligent about securing their link in the software security supply chain. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
This presentation will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across and organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdfChris Swan
Open Source Security Foundation (OpenSSF) Scorecards provide a way for open source users to determine whether maintainers are being diligent about securing their link in the software security supply chain. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
This presentation will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across and organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
Fluttercon Berlin 23 - Dart & Flutter on RISC-VChris Swan
Arm has dominated the mobile space since the dawn of smartphones, but systems based on the open source RISC-V instruction set architecture will bring new choices for manufacturers and us, their customers. RISC-V SDKs showed up in the Dart dev channel in Apr 22, but it's still pretty hard to build stuff due to lots of missing dependencies. As always happens with new stuff, the hardware people are waiting for broader software support, and the software people are waiting for a larger hardware installed base. This talk examines the forces that are driving RISC-V forward, and what developers can expect from a world that will have RISC-V devices, mobile phones, tablets and cloud services.
QConNY 2023 - Implementing OSSF Scorecards Across an OrganisationChris Swan
Open Source Security Foundation (OpenSSF) Scorecards provide a way for open source users to determine whether maintainers are being diligent about securing their link in the software security supply chain. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
This presentation will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across and organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and FlutterChris Swan
Walkthrough of how Internet of Things (IoT) devices can run full stack Dart and connect to Flutter apps using end to end encryption to provide security and privacy.
Dart's popularity has surged in the past few years, as it's the language behind Flutter - Google's cross platform front end framework. That's now driving a notion of 'Full Stack Dart', where if you've spent time learning Dart for the front end, why not also use it for the back end.
London IoT Meetup Sep 2022 - End to end encrypted IoTChris Swan
Your thing, your data.
An overview of why end-end encryption is desirable for the Internet of Things (IoT), and how it can be done using personal data stores such as atSigns on the atPlatform.
Flutter Vikings 2022 - End to end IoT with Dart and FlutterChris Swan
Things need apps to manage them, which Flutter is great for, providing an easy way to build cross platform support. But things also need to get their data (securely and privately) to their apps, and Dart can be used for that. This presentation will walk through a use case demonstrated at Mobile World Congress (and now open sourced) that uses Dart to read sensor data through to Flutter for user presentation.
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?Chris Swan
As a hacker and engineer I've been interested in identity and privacy since the dawn of the Internet and the online services it's enabled. For the past year I've been helping to build and open source The @ Platform, which inverts the usual model by giving everybody (and every thing) their own place to store data and control who (and what) has access to it. This talk will give an overview of the platform and its underlying protocol, and illustrate how it can be used to build privacy preserving apps and Internet connected things. It will also cover how the platform can be self hosted on devices like the Raspberry Pi, and how people can get involved in the open source community growing around it.
Devoxx UK 2022 - Application security: What should the attack landscape look ...Chris Swan
What do we need to do in the next few years to ensure that the attack landscape for 2030 isn't the same as 2020? Better languages and frameworks have already brought substantial improvements in memory safety, eliminating whole classes of vulnerabilities caused by buffer overflows.Yet despite a major reshuffle in 2021, the OWASP top 10 remains full of things that boil down to a lack of input validation. An issue that has bedevilled tech since its inception. We're all told that we shouldn't trust the input to our programs, and that validation is our best defence. But developers get precious little help on that front from today's languages and frameworks; something that can and should change. This talk will examine a hypothetical evolution of TypeScript - ValidScript, to consider a future where input validation is baked in.
Flutter Festival London 2022 - End to end IoT with Dart and FlutterChris Swan
A walk through of a demo system that was built for Mobile World Congress 2022 showing how Dart can be used to read data from a biometric sensor and send it to a Flutter front end application using end to end encryption.
Full Stack Squared 2022 - Power of Open SourceChris Swan
An examination of open source freedoms (free like beer
free like speech, and free like puppy), the people behind open source and how anybody can get involved.
Flutter provides an excellent way to build Android, iOS, web and desktop apps, but what about the back end services? Full stack Dart is all about using that investment in Dart programming to build the services used by applications, whether it's in the cloud or on the Internet of Things. This presentation will look at the tradeoffs between just in time (JIT) and ahead of time (AOT) compilation, Dart on Docker, the Functions Framework for Dart, Profiling and Performance Management. Choices of back end architecture (x86_64 vs Arm) will also be examined, along with some of the challenges this can present for Continuous Delivery.
Why Dart?
Language features
JIT vs AOT
Dart on Docker
Functions Framework for Dart
Profiling and performance management
Other places you can learn more
Call to action - try out the Functions Framework Examples
Dart on Arm - Flutter Bangalore June 2021Chris Swan
Running Dart on Arm servers, covering the trade offs between JIT and AOT. The dependencies needed for building and running AOT binaries, and how to cross compile Arm binaries.
The RC2014 system is built around a Z80 CPU, but is open and flexible enough to be used with alternatives. The presentation walks through a project to use Texas Instruments' TMS99xx parts, through to running 'Hello World' in BASIC and Forth.
Cooking with a touch of science and a dash of engineeringChris Swan
Lightning talk deck for EMFcamp 2018 and OSHUG 69 presentations on using a Raspberry Pi to control the temperature of a water bath for sous-vide cooking
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
2. May 16, 2018
Chris Swan – Why Me?
Combat Systems Engineer - Royal Navy
Security R&D - Credit Suisse
CTO Security - UBS
CTO - Cohesive Networks
CTO Global Infrastructure Services - CSC
CTO Global Delivery - DXC Technology
@cpswan
3. May 16, 2018
“With a monolith it's easy...
you just pile a bunch of
appliances in front of it“
Frank Chen
Andreessen Horowitz podcast
‘All about Microservices’
with Adrian Cockcroft
and Martin Casado
https://a16z.com/2016/09/01/microservices/
14. May 16, 2018
The NIST Model for Cloud Services
IaaS
PaaS
SaaS
OperationalConsistency
Speed/Stickyness
15. May 16, 2018
More Choices Have Emerged
IaaS
CaaS
PaaS
FaaS
SaaS
OperationalConsistency
Speed/Stickyness
16. May 16, 2018
And ‘Cloud’ Doesn’t Have to Mean ‘Public’
IaaS
CaaS
PaaS
FaaS
SaaS
OperationalConsistency
Speed/Stickyness
IaaS
CaaS
PaaS
FaaS
SaaS
On Premises Off Premises
17. May 16, 2018
Zooming in Around PaaS and Thinking About
Deployment Granularity and Platform ‘Opinion’
CaaS
PaaS
FaaS
Lessopinionated
Finergranularity
18. May 16, 2018
This Isn’t My Container Security Talk…
So Let’s Leave CaaS For Another Time
25. May 16, 2018
Or as Charity Majors @mipsytipsy Put It
“Operations is the constellation of
your org's technical skills, practices,
and cultural values around designing,
building and maintaining systems,
shipping software, and solving
problems with technology.”
26. May 16, 2018
#define DevOps
The operational practices that have co-evolved with IaaS
or
Flow
Feedback
Continuous Learning by Experimentation
31. May 16, 2018
We’re not there yet
By Alan Manson - Flickr: Yellow Canary (Serinus flaviventris), CC BY-SA 2.0
https://commons.wikimedia.org/w/index.php?curid=17379213