Technical debt plagues many software projects - but others are held back by more critical issues. Increase your software delivery efficiency by moving beyond technical debt!
Copy and paste to access the full recording: http://www.castsoftware.com/news-events/event/gartner-technical-debt?gad=ss
-------------------------------------------------------
In this webinar David Norton of Gartner Research discusses recent findings on Technical Debt that estimates industry IT debt is at $500 billion—and on target to reach $1 trillion by 2015. He also talks about the importance of Software Analysis & Measurement to manage Technical Debt, how to measure debt continuously to control TCO of the application lifecycle and include debt measurement in project management and prioritization.
Presented by David Croley at ALN Houston.
Learn about technical debt (the good and bad kind), its impact on your ability to ship working product via game format.
The technical debt metaphor is useful in capturing the long-term impacts of
tradeoffs taken during software maintenance between productivity (getting
something done sooner) and maintainability (degradation of the code's
quality over time). This webinar on Technical Debt will present
techniques and insights that help software engineers to identify and track
technical debt in their projects. We will outline how business and product
quality goals should affect the choice of approaches (and combinations of
approaches) for managing technical debt. More specifically, we will discuss
a set of automated approaches based on static code analysis that are likely
to spot problems in source code that have real impact on productivity and
defect proneness. Based on previous empirical studies, we will give further
advice on which types of debt can be found by these tools, and which types
are not yet detectable.
DevSecOps without DevOps is Just SecurityKevin Fealey
The best DevSecOps practices are built alongside strong DevOps practices. However, DevSecOps processes and tooling are often decided within a security silo, rather than by a DevSecOps collective. Security ends up more integrated and efficient than in the past, but the approach is still “bolt-on” and not ultimately streamlined.
Collaboration between security and other DevOps groups around roadmaps and sharing of resources can lead to greater efficiency and innovation, while better supporting the value stream.
This talk will discuss foundational considerations when building a DevSecOps practice. You will learn about the top prerequisites for a successful DevSecOps practice – most of which are provided by groups other than security; and we’ll discuss case studies, both from organizations who have embraced DevOps as a foundation for DevSecOps, and those who haven’t. Attendees will walk away with questions to ask their counterparts in DevOps to understand current DevOps maturity and where security can leverage existing and planned DevOps resources to enable effective DevSecOps.
Copy and paste to access the full recording: http://www.castsoftware.com/news-events/event/gartner-technical-debt?gad=ss
-------------------------------------------------------
In this webinar David Norton of Gartner Research discusses recent findings on Technical Debt that estimates industry IT debt is at $500 billion—and on target to reach $1 trillion by 2015. He also talks about the importance of Software Analysis & Measurement to manage Technical Debt, how to measure debt continuously to control TCO of the application lifecycle and include debt measurement in project management and prioritization.
Presented by David Croley at ALN Houston.
Learn about technical debt (the good and bad kind), its impact on your ability to ship working product via game format.
The technical debt metaphor is useful in capturing the long-term impacts of
tradeoffs taken during software maintenance between productivity (getting
something done sooner) and maintainability (degradation of the code's
quality over time). This webinar on Technical Debt will present
techniques and insights that help software engineers to identify and track
technical debt in their projects. We will outline how business and product
quality goals should affect the choice of approaches (and combinations of
approaches) for managing technical debt. More specifically, we will discuss
a set of automated approaches based on static code analysis that are likely
to spot problems in source code that have real impact on productivity and
defect proneness. Based on previous empirical studies, we will give further
advice on which types of debt can be found by these tools, and which types
are not yet detectable.
DevSecOps without DevOps is Just SecurityKevin Fealey
The best DevSecOps practices are built alongside strong DevOps practices. However, DevSecOps processes and tooling are often decided within a security silo, rather than by a DevSecOps collective. Security ends up more integrated and efficient than in the past, but the approach is still “bolt-on” and not ultimately streamlined.
Collaboration between security and other DevOps groups around roadmaps and sharing of resources can lead to greater efficiency and innovation, while better supporting the value stream.
This talk will discuss foundational considerations when building a DevSecOps practice. You will learn about the top prerequisites for a successful DevSecOps practice – most of which are provided by groups other than security; and we’ll discuss case studies, both from organizations who have embraced DevOps as a foundation for DevSecOps, and those who haven’t. Attendees will walk away with questions to ask their counterparts in DevOps to understand current DevOps maturity and where security can leverage existing and planned DevOps resources to enable effective DevSecOps.
My talk about DevOps in Knowit Developer Summit 2018 in Oslo. This talk is a condensed version of the DevOps workshop I run for management teams and technical teams to start their journey as an organization towards DevOps. We refer to DASA DevOps Agile Skills Association's definitions of DevOps. The talk includes also Knowit DevOps Maturity Model high level description.
Digital Transformation And Solution ArchitectureAlan McSweeney
Digital strategy is a statement about the organisation’s digital positioning, competitors and customer and collaborator needs and behaviour to achieve a direction for innovation, communication, transaction and promotion. Digital strategy needs to be defined in the same framework structure as the proposed digital architecture platform.
Achieving the target digital organisation means deploying solutions that enable the digital architecture. Solution architecture needs to design solutions that fit into the target digital architecture framework. This requires:
• Solution architecture team operating in an integrated manner designing solutions to a set of common standards and that run on the platform
• Solution architecture team leadership ensuring solutions conform to the common standards
• Solution architecture technical leadership to develop and maintain common solution design standards
• Solution architecture updates the digital reference architecture based on solution design experience
Digital solution design requires greater discipline to create an integrated set solutions that operate within the rigour of the digital architecture framework. The solution architecture function must interact with other IT architecture disciplines to ensure the set of solutions that implement the digital framework operate together. This requires greater solution architecture team leadership. This needs to be supplemented and supported by a well-defined set of digital solution design standards.
This follows-on from the previous presentation: Digital Transformation And Enterprise Architecture
https://www.slideshare.net/alanmcsweeney/digital-transformation-and-enterprise-architecture.
Presentation I gave to the Chicago ACM about Lean Software Development. Full audio can be found here:
https://soundcloud.com/griffinc/intro-to-lean-software
Developing a Testing Strategy for DevOps SuccessDevOps.com
To achieve rapid time-to-market, businesses have embraced DevOps, which places a premium on speed and efficiency. But speed is not the only measure of DevOps success. To release better software faster, enterprises must optimize testing strategy and embed a culture of quality within their DevOps processes.
In this webinar, you will learn:
How to transform QA from a bottleneck to a speed enabler
How to integrate quality and increase visibility throughout the SDLC
How to help your VPs and Directors gauge the success of their current quality initiatives
Technical Debt is a gap between Computer Science and Software Engineering. Common understanding of causes for the Technical Debt is centered on the careless software development choices for the sake of speed and expediency. However Technical Debt usually goes beyond just Technology. This presentation covers the origins of Technical and Product Debt, how to manage it and mitigate it
Cloud Native Engineering with SRE and GitOpsWeaveworks
Site reliability engineering (SRE), a model championed by Google, is a software engineering approach to IT operations. For companies striving to become cloud native and adopting modern tools such as Kubernetes, SRE best practices are crucial for success.
In this webinar, Brice, one of our seasoned Customer Reliability Engineers will show how to design a fail-proof Kubernetes platform using tried and tested SRE and GitOps methods.
He will share best practices on:
Increasing performance and ensuring scalability
Managing incident responses through disaster recovery
Designing for High Availability in Kubernetes
Achieving 360 visibility and alerts for your platform
Eric Ries, Author/Speaker/Consultant, The Lean Startup500 Startups
Presentation by Eric Ries (Author/Speaker/Consultant, The Lean Startup) at the 'Lean Startup, Lean Investor' event on November 3, 2010 (Produced by 500 Startups & Nokia/Nokia Growth Partners)
Developing software for complex & ever-changing business domains is challenging enough, but factor in the need to integrate with multiple legacy systems while working closely with business experts & it can feel a little overwhelming. In EventStorming developers & business experts use sticky notes to map out a story of how the software system behaves given a particular business problem to solve. This improves communication & collaboration, uncovers misunderstandings early, & accelerates deeper domain knowledge. Learn EventStorming rules, how to facilitate an EventStorming workshop, how it can help a team cultivate shared understanding & be more productive, & how it transitions to designing loosely-coupled, distributed, event-based systems.
Full Isolation in Multi-Tenant SaaS with Kubernetes and IstioIchsan Rahardianto
Ichsan will be talking about different architecture approach in multi tenancy SaaS, trade offs between each architecture.
Briefly talk about Kubernetes and Istio, and afterwards talk about how it lowers the barrier in creating the most complex multi-tenancy setup, full isolation which offers the highest isolation between tenants.
With which the SaaS provider can offer the highest security and data privacy between tenants, The setup would also be the best approach both when the business scales or disaster happens.
Ichsan will also introduce the devops toolchain that can help startups maintain the complex system with ease through automation, and with demo of course!
7 Peaks Software Angular Meetup July 2019.
Nx: Angular CLI Power-ups for your modern Development by JaMe Siwat Kaolueng – Developer at 7 Peaks Software.
Angular 8 is the newest version on the block, and comes with the effective CLI API, helping make developers experience better. Offering differential loading support for modern browser, and faster loading, and also includes Ivy renderer tree-shaking for a smaller website.
See all the event details here -> http://7peakssoftware.com/angular-meetup-2019/
Stay tuned to get information about 7 Peaks Software’s next Angular meetup at https://7peakssoftware.com/events/
Sketching, Wireframing, Prototyping - How to Be Agile and Avoid Half-Baked Us...Philipp Schroeder
A video recording of the talk is available online: http://youtu.be/C6HjF8XlxH0?t=2m32s
Compelling and powerful web applications such as Google Maps and Facebook have become mainstream and are setting a benchmark in terms of usability and design. Meanwhile, agile development is taking the software development world by storm. UX designers used to the traditional "waterfall" way of working - with lots of design documentation and big handovers - often struggle with the new development approach.
Without any claim to silver bullets, I will outline some practices and guiding principles for improving user interfaces by iterating on frontend design & code by way of sketching, wireframing and prototyping.
I intend to share some lessons learned from working in a agile development environment and talk about ways of collaborating effectively with stakeholders & team members.
Compelling and powerful web applications such as Google Maps and Facebook have become mainstream and are setting a benchmark in terms of usability and design. Meanwhile, agile development is taking the software development world by storm. UX designers used to the traditional "waterfall" way of working - with lots of design documentation and big handovers - often struggle with the new development approach.
Without any claim to silver bullets, I will outline some practices and guiding principles for improving user interfaces by iterating on frontend design & code by way of sketching, wireframing and prototyping.
I intend to share some lessons learned from working in a agile development environment and talk about ways of collaborating effectively with stakeholders & team members.
The DevOps movement has made significant traction but many organizations still have immature processes and technologies. The presentation reviews the areas of concerns.
My talk about DevOps in Knowit Developer Summit 2018 in Oslo. This talk is a condensed version of the DevOps workshop I run for management teams and technical teams to start their journey as an organization towards DevOps. We refer to DASA DevOps Agile Skills Association's definitions of DevOps. The talk includes also Knowit DevOps Maturity Model high level description.
Digital Transformation And Solution ArchitectureAlan McSweeney
Digital strategy is a statement about the organisation’s digital positioning, competitors and customer and collaborator needs and behaviour to achieve a direction for innovation, communication, transaction and promotion. Digital strategy needs to be defined in the same framework structure as the proposed digital architecture platform.
Achieving the target digital organisation means deploying solutions that enable the digital architecture. Solution architecture needs to design solutions that fit into the target digital architecture framework. This requires:
• Solution architecture team operating in an integrated manner designing solutions to a set of common standards and that run on the platform
• Solution architecture team leadership ensuring solutions conform to the common standards
• Solution architecture technical leadership to develop and maintain common solution design standards
• Solution architecture updates the digital reference architecture based on solution design experience
Digital solution design requires greater discipline to create an integrated set solutions that operate within the rigour of the digital architecture framework. The solution architecture function must interact with other IT architecture disciplines to ensure the set of solutions that implement the digital framework operate together. This requires greater solution architecture team leadership. This needs to be supplemented and supported by a well-defined set of digital solution design standards.
This follows-on from the previous presentation: Digital Transformation And Enterprise Architecture
https://www.slideshare.net/alanmcsweeney/digital-transformation-and-enterprise-architecture.
Presentation I gave to the Chicago ACM about Lean Software Development. Full audio can be found here:
https://soundcloud.com/griffinc/intro-to-lean-software
Developing a Testing Strategy for DevOps SuccessDevOps.com
To achieve rapid time-to-market, businesses have embraced DevOps, which places a premium on speed and efficiency. But speed is not the only measure of DevOps success. To release better software faster, enterprises must optimize testing strategy and embed a culture of quality within their DevOps processes.
In this webinar, you will learn:
How to transform QA from a bottleneck to a speed enabler
How to integrate quality and increase visibility throughout the SDLC
How to help your VPs and Directors gauge the success of their current quality initiatives
Technical Debt is a gap between Computer Science and Software Engineering. Common understanding of causes for the Technical Debt is centered on the careless software development choices for the sake of speed and expediency. However Technical Debt usually goes beyond just Technology. This presentation covers the origins of Technical and Product Debt, how to manage it and mitigate it
Cloud Native Engineering with SRE and GitOpsWeaveworks
Site reliability engineering (SRE), a model championed by Google, is a software engineering approach to IT operations. For companies striving to become cloud native and adopting modern tools such as Kubernetes, SRE best practices are crucial for success.
In this webinar, Brice, one of our seasoned Customer Reliability Engineers will show how to design a fail-proof Kubernetes platform using tried and tested SRE and GitOps methods.
He will share best practices on:
Increasing performance and ensuring scalability
Managing incident responses through disaster recovery
Designing for High Availability in Kubernetes
Achieving 360 visibility and alerts for your platform
Eric Ries, Author/Speaker/Consultant, The Lean Startup500 Startups
Presentation by Eric Ries (Author/Speaker/Consultant, The Lean Startup) at the 'Lean Startup, Lean Investor' event on November 3, 2010 (Produced by 500 Startups & Nokia/Nokia Growth Partners)
Developing software for complex & ever-changing business domains is challenging enough, but factor in the need to integrate with multiple legacy systems while working closely with business experts & it can feel a little overwhelming. In EventStorming developers & business experts use sticky notes to map out a story of how the software system behaves given a particular business problem to solve. This improves communication & collaboration, uncovers misunderstandings early, & accelerates deeper domain knowledge. Learn EventStorming rules, how to facilitate an EventStorming workshop, how it can help a team cultivate shared understanding & be more productive, & how it transitions to designing loosely-coupled, distributed, event-based systems.
Full Isolation in Multi-Tenant SaaS with Kubernetes and IstioIchsan Rahardianto
Ichsan will be talking about different architecture approach in multi tenancy SaaS, trade offs between each architecture.
Briefly talk about Kubernetes and Istio, and afterwards talk about how it lowers the barrier in creating the most complex multi-tenancy setup, full isolation which offers the highest isolation between tenants.
With which the SaaS provider can offer the highest security and data privacy between tenants, The setup would also be the best approach both when the business scales or disaster happens.
Ichsan will also introduce the devops toolchain that can help startups maintain the complex system with ease through automation, and with demo of course!
7 Peaks Software Angular Meetup July 2019.
Nx: Angular CLI Power-ups for your modern Development by JaMe Siwat Kaolueng – Developer at 7 Peaks Software.
Angular 8 is the newest version on the block, and comes with the effective CLI API, helping make developers experience better. Offering differential loading support for modern browser, and faster loading, and also includes Ivy renderer tree-shaking for a smaller website.
See all the event details here -> http://7peakssoftware.com/angular-meetup-2019/
Stay tuned to get information about 7 Peaks Software’s next Angular meetup at https://7peakssoftware.com/events/
Sketching, Wireframing, Prototyping - How to Be Agile and Avoid Half-Baked Us...Philipp Schroeder
A video recording of the talk is available online: http://youtu.be/C6HjF8XlxH0?t=2m32s
Compelling and powerful web applications such as Google Maps and Facebook have become mainstream and are setting a benchmark in terms of usability and design. Meanwhile, agile development is taking the software development world by storm. UX designers used to the traditional "waterfall" way of working - with lots of design documentation and big handovers - often struggle with the new development approach.
Without any claim to silver bullets, I will outline some practices and guiding principles for improving user interfaces by iterating on frontend design & code by way of sketching, wireframing and prototyping.
I intend to share some lessons learned from working in a agile development environment and talk about ways of collaborating effectively with stakeholders & team members.
Compelling and powerful web applications such as Google Maps and Facebook have become mainstream and are setting a benchmark in terms of usability and design. Meanwhile, agile development is taking the software development world by storm. UX designers used to the traditional "waterfall" way of working - with lots of design documentation and big handovers - often struggle with the new development approach.
Without any claim to silver bullets, I will outline some practices and guiding principles for improving user interfaces by iterating on frontend design & code by way of sketching, wireframing and prototyping.
I intend to share some lessons learned from working in a agile development environment and talk about ways of collaborating effectively with stakeholders & team members.
The DevOps movement has made significant traction but many organizations still have immature processes and technologies. The presentation reviews the areas of concerns.
Many organizations are comfortable using a Time and Materials approach to buying consulting services. This presentation describes Fixed Fee as a procurement option.
Presentation I gave at JPoint Meetingpoint (in a slight different version) and GotoCon Amsterdam 2012.
How to get your API or service from using the basic REST principles such as verbs and resources to a complete RESTful service that fully supports "Hypermedia as the engine of application state" (HATEOAS).
More info at www.smartjava.org
The Technical Debt Trap - Michael "Doc" NortonLeanDog
Technical Debt has become a catch-all phrase for any code that needs to be re-worked. Much like Refactoring has become a catch-all phrase for any activity that involves changing code.
These fundamental misunderstandings and comfortable yet mis-applied metaphors have resulted in a plethora of poor decisions.
What is technical debt?
What is not technical debt?
Why should we care?
What is the cost of misunderstanding?
What do we do about it?
A Holistic View of Complex Systems and Organizational ChangeTechWell
One of the most misunderstood concepts in the agile community, complexity is often used to explain why we can’t predict anything or why there are no rules we can follow. Ironically, it is exactly this attitude that allows complexity to work against us. Al Shalloway discusses the true nature of complex systems, why we must deal with them in a holistic manner, and ways to evaluate structural and organizational changes to manage this complexity. Unfortunately, most agile implementations take an incremental, piecemeal approach to change, ignoring complexity. Although this approach causes problems that are attributed to the fact that we have a complex system, in reality these challenges are due to the way we are dealing with the pieces individually. Al describes the patterns of effective organizational change management and explains how understanding the true nature of complex systems can be used to lead organizational change―particularly at scale.
What is Missing? - What WAS Missing?
If the analytics tools are so good, why don't they make the decisions, control the actions and explain why and why not?
Learn How to Maximize Your ServiceNow InvestmentStave
Understand how leading companies are adopting an aPaaS strategy
Learn the evolution of ServiceNow's platform capabilities
Assert IT's influence over shadow IT practices
Part of a series exploring enterprise IT decision makers.
This presentation explores: Who are they? What are they responsible for? Who should be talking to them? What do they want to talk about?
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
2. Technical Debt
Ward Cunningham suggested the term “technical debt” to refer
to the cutting of corners when you build software.
His premise was that if you cut corners, the shoddy work would
accumulate in the form of “interest” that needed to be paid on
the “principal”, much like a financial debt.
Some use the term to describe shortcuts they intend on taking,
while others use it as a historical view to identify what has
already accumulated.
April 17, 2013
3. Accumulation of Debt
We find the concept of technical debt useful to describe the
‘sins of the past’ and to encourage our customers to clean up
the debt or they’ll pay the price
Clearing up the debt comes in many shapes:
Taking time to refactor code bases
Document the system
Revisit the non-functional requirements / re-architect
Replace an outdated component or technology
April 17, 2013
4. The Real Debt Threat
In addition to the traditional technical debt, we’ve encountered
new forms of debt that plague software delivery teams
1. Organizational Debt 5. Tooling Debt
2. Personnel Debt 6. Automation Debt
3. Process Debt 7. Testing Debt
4. Practice Debt 8. Operations Debt
April 17, 2013
5. Organizational Debt refers to ineffective
organizational structures that obstruct the efficient delivery of
work.
Many organizational hierarchies are ancient relics. They haven’t
been changed to reflect new work patterns.
Some organizations are designed around office politics.
Conway’s Law suggests that our deliverables reflect the
organizational structure that created it.
Let software processes drive the organizational design.
April 17, 2013
6. Personnel Debt refers to organizations that have the
wrong people, leading to inefficient delivery.
Poor hiring practices let the wrong people in the door.
Poor firing practices kept the wrong people in.
Poor retention and training practices failed to get the most out
of the good people.
An organization can clean up technical debt but if they have a
personnel debt problem, technical debt will come right back.
April 17, 2013
7. Process Debt refers to organizations that have the wrong
delivery processes: Too much, not enough, or just wrong.
Some still using “agile” to mean “process free”
Many stuck in older methods (waterfall, RUP, etc.)
Few have Introduced cross-cutting process owners (such as
crossing DevTestOps)
It’s easy to detect a good process – and a bad one. It’s much
harder to define one and keep it around.
April 17, 2013
8. Practice Debt refers to organizations that fail to
accumulate and disseminate best practices to their teams.
“Those who fail to learn from the past are condemned to repeat
it.” – we must document tacit knowledge and leverage it.
The body of knowledge gets stale. Out with the old and in with
the new.
Only the most important practices should be enforced as policy.
Those who want to establish a TRUE culture should think more
about institutionalizing knowledge.
April 17, 2013
9. Tooling Debt refers to organizations that don’t have the
right tools or platforms for the job at hand.
“If all you have is a hammer, everything looks like a nail.”
Some organizations have failed to refresh the tools needed.
Other organizations have gone “tool crazy”; they have too many
tools to get knowledgeable on any one of them.
Languages, IDE’s, Platforms and other tools make us efficient but
only when we find the right balance.
April 17, 2013
10. Automation Debt refers to organizations that
continue to do things by hand that should be automated.
No continuous builds.
No continuous delivery.
No automated operational recovery.
Tool chain isn’t integrated.
Our industry is going through a rebirth in how we automate the
software development process and connect it to infrastructure
and platforms: DevOps + Software Defined Computing
April 17, 2013
11. Testing Debt refers to organizations that built software
but did inadequate testing.
System lacks unit or functional tests.
System lacks operational tests (perf, load, resilience, security)
System lacks UI or usability tests
Disaster recovery routines never tested
Debt associated with testing has a VERY HIGH interest rate. This is
a MUST FIX area.
April 17, 2013
12. Operational Debt refers to organizations that create
systems that are hard/expensive to operate in a production setting.
System wasn’t properly instrumented (logs, monitors, …)
Didn’t plan for patches or versioning up-front
System was hard-coded to specific hardware/platforms and can’t be
easily moved to new gear or DC locations
System only runs on most expensive gear or platforms
Developers make mistakes but it shows up in operations budget. Huge
opportunity to save money in this area!
April 17, 2013
13. Declaring Bankruptcy or Paying off the Debt
On occasion, we find a software system that has accumulated
large technical debts. Business owners are forced to make a
decision: Declare bankruptcy or pay off the debt.
Remember: It’s not just “technical (application) debt”.
If the other eight types of debt are still in place, it’s likely that
any effort to fix technical debt will fail.
Don’t just fix technical debt. Do root cause analysis on
your whole environment!
April 17, 2013
14. MomentumSI Consulting
Consulting – Strategy - Delivery
Assessment of current state, workshops and roadmaps
Culture transformation: rethinking processes, incentives and systems
Upgrading capabilities in continuous builds, testing and deployment
Experts in modern tooling and implementation practices
For a briefing on our offerings, email: Jeff Schneider
jschneider@MomentumSI.com
Cloud - App Dev - Big Data - DevOps
April 17, 2013