Recommended for CTOs, architects, IT Managers
COVID-19 has emphasized the fact that business agility and hence technology agility are the most if not the only factors for business success. However, technology agility in most IT departments is not the “strongest muscle”. Technology adoption of Cloud, Devops, Integration, Low-Code and Zero Trust are affecting all IT departments and even the entire organization. New
processes and relationships between the various branches of the IT department should emerge, forsaking old habits and technologies. New technologies and roles\responsibilities are taking their place.
Target architecture: Overcoming barriers to effective Enterprise ArchitectureDave Hornford
Target architecture, and the resulting roadmap, is the fast path to effective business engagement. Change leaders are looking for help in effecting transformation. Dave will explore the real and self-imposed barriers to developing Target Architecture. Why most ‘Targets’ look more like a first Transition Architecture?
Migrating to Microservices Patterns and Technologies (edition 2023)Ahmed Misbah
This session is targeted towards teams and organizations considering to migrate their applications from Monolithic to Microservice architecture. Migrating application architectures to Microservices is considered a key area of transformation in the IT world. Modernizing legacy applications to Kubernetes-based Microservices can prove to be very challenging if not planned correctly, taking into consideration the right technologies and enablers.
The session proposes Istio as an enabler for migrating to Microservices. Istio is an implementation of service mesh, a technology useful for migrating to Microservices iteratively and safely. We explain how Istio can be used as a bridge and enabler for modernizing legacy Monolithic applications to Microservices.
Gartner - The art of the one page strategyDeepak Kamboj
The components of an IT strategy when using "science" to develop it
Techniques for developing an 'artful' one-page strategy
How to effectively use the one-page strategy
Strategic planning is at the heart of any enterprise, and alignment with the corporate strategic plan is often a key concern of CIOs. There is a science to developing an IT strategy, and there is an art. This session explores the art of strategic planning, helping attendees articulate IT's contribution to business success.
Source : Gartner
Heather Colella
Research VP
http://www.gartner.com/webinar/3203818/player?commId=192095&channelId=5502&srcId=null
Target architecture: Overcoming barriers to effective Enterprise ArchitectureDave Hornford
Target architecture, and the resulting roadmap, is the fast path to effective business engagement. Change leaders are looking for help in effecting transformation. Dave will explore the real and self-imposed barriers to developing Target Architecture. Why most ‘Targets’ look more like a first Transition Architecture?
Migrating to Microservices Patterns and Technologies (edition 2023)Ahmed Misbah
This session is targeted towards teams and organizations considering to migrate their applications from Monolithic to Microservice architecture. Migrating application architectures to Microservices is considered a key area of transformation in the IT world. Modernizing legacy applications to Kubernetes-based Microservices can prove to be very challenging if not planned correctly, taking into consideration the right technologies and enablers.
The session proposes Istio as an enabler for migrating to Microservices. Istio is an implementation of service mesh, a technology useful for migrating to Microservices iteratively and safely. We explain how Istio can be used as a bridge and enabler for modernizing legacy Monolithic applications to Microservices.
Gartner - The art of the one page strategyDeepak Kamboj
The components of an IT strategy when using "science" to develop it
Techniques for developing an 'artful' one-page strategy
How to effectively use the one-page strategy
Strategic planning is at the heart of any enterprise, and alignment with the corporate strategic plan is often a key concern of CIOs. There is a science to developing an IT strategy, and there is an art. This session explores the art of strategic planning, helping attendees articulate IT's contribution to business success.
Source : Gartner
Heather Colella
Research VP
http://www.gartner.com/webinar/3203818/player?commId=192095&channelId=5502&srcId=null
Digital Transformation And Solution ArchitectureAlan McSweeney
Digital strategy is a statement about the organisation’s digital positioning, competitors and customer and collaborator needs and behaviour to achieve a direction for innovation, communication, transaction and promotion. Digital strategy needs to be defined in the same framework structure as the proposed digital architecture platform.
Achieving the target digital organisation means deploying solutions that enable the digital architecture. Solution architecture needs to design solutions that fit into the target digital architecture framework. This requires:
• Solution architecture team operating in an integrated manner designing solutions to a set of common standards and that run on the platform
• Solution architecture team leadership ensuring solutions conform to the common standards
• Solution architecture technical leadership to develop and maintain common solution design standards
• Solution architecture updates the digital reference architecture based on solution design experience
Digital solution design requires greater discipline to create an integrated set solutions that operate within the rigour of the digital architecture framework. The solution architecture function must interact with other IT architecture disciplines to ensure the set of solutions that implement the digital framework operate together. This requires greater solution architecture team leadership. This needs to be supplemented and supported by a well-defined set of digital solution design standards.
This follows-on from the previous presentation: Digital Transformation And Enterprise Architecture
https://www.slideshare.net/alanmcsweeney/digital-transformation-and-enterprise-architecture.
The technical debt metaphor is useful in capturing the long-term impacts of
tradeoffs taken during software maintenance between productivity (getting
something done sooner) and maintainability (degradation of the code's
quality over time). This webinar on Technical Debt will present
techniques and insights that help software engineers to identify and track
technical debt in their projects. We will outline how business and product
quality goals should affect the choice of approaches (and combinations of
approaches) for managing technical debt. More specifically, we will discuss
a set of automated approaches based on static code analysis that are likely
to spot problems in source code that have real impact on productivity and
defect proneness. Based on previous empirical studies, we will give further
advice on which types of debt can be found by these tools, and which types
are not yet detectable.
Rationalizing an Enterprise IT ArchitectureBob Rhubart
Shaun McLaurin's presentation from OTN Architect Day in Pasadena, July 9, 2009.
Find an OTN Architect Day event near you: http://www.oracle.com/technology/architect/archday.html
Interact with Architect Day presenters and participants on Oracle Mix: https://mix.oracle.com/groups/15511
What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...Maruti Techlabs
Who are citizen developers? Do you even need citizen developers? What skills do they have? Moreover, should you be hiring citizen developers? Let’s jump right in for the answers!
It’s no surprise that every business today needs software or an app to handle various business functions. Every industry is currently reliant on multiple software, and hence on software developers.
SeedScientific reports that software developers’ employment is expected to grow at a whopping 22% in the coming decade. One of the most common open positions on a job searching site is that of a software developer. The demand for software developers is so high that the supply is falling short.
A citizen #developer is a person without formal training in #software development who develops software using low-code or no-code platforms.
Citizen developers have come to the rescue of organizations to fill the gap between software developers’ demand and supply. Citizen developers help organizations create apps and software at a faster rate.
According to @Gartner, “By 2024 75% of large enterprises will be using at least four low code development tools for both IT application development & citizen #development initiatives.”
Link to the complete article in the comments below ⬇️
#softwaredevelopment #IT #programming #coding
Understand the concept of DevOps by employing DevOps Strategy Roadmap Lifecycle PowerPoint Presentation Slides Complete Deck. Describe how DevOps is different from traditional IT with these content-ready PPT themes. The slides also help to discuss DevOps use cases in the business, roadmap, and its lifecycle. Explain the roles, responsibilities, and skills of DevOps engineers by utilizing this visually appealing slide deck. Demonstrate DevOp roadmap for implementation in the organization with the help of a thoroughly researched PPT slideshow. Describe the characteristics of cloud computing, its benefits, and risks with the aid of this PPT layout. Utilize this easy-to-use DevOps transformation strategy PowerPoint slide deck to showcase the difference between cloud and traditional data centers. This ready-to-use PowerPoint layout also discusses the roadmap to integrate cloud computing in business. Highlight the usages of cloud computing and deployment models with the help of visual attention-grabbing DevOps implementation roadmap PowerPoint slides. https://bit.ly/3eFxYYr
DevOps is a term for a combination of various software development practices including traditional software development and information technology operations. It shortens the systems development life cycle while delivering features, fixes, and updates. This is ensured by frequent and close alignments with business objectives. It comprises a vast set of cultural philosophies, practices and tools
to increase an organization's ability to deliver applications and services at high velocity.
This document gives insights how DevOps should be designed, what services they should offer, what organizational forms can be chosen (incl. their benefits), which aspects a DevOps governance should cover, how to assess and implement DevOps (DevOps transition), which technologies are important and how processes can be designed based on proven best practices.
Agenda DevOps best practice slide deck:
- DevOps Definition and Overview
- DevOps & Agile maturity
- DevOps Transition
- DevOps Technology
- DevOps Organization
Don't be scared, level zero in a capability map is just a way to structure the map so that we have a consistent way of communicating. It's really not that important if all you wish todo is create an excellent set of capabilities for your business. However if you are intent on changing the foundation of your business then level zero is absolutely imperative to get right. Capabilities and capability maps are not organization structures, they do however serve as a powerful instrument when one need to create an organization architecture, in fact they are best thought of as organizing structures.
Choosing the right development platform may not be as obvious as it seems.
Low code application platforms accelerate app delivery by dramatically reducing the amount of hand coding required. Faster delivery is the primary benefit of these application platforms; they also help firms respond more quickly to customer feedback after initial software releases.
While to benefits are clear - this does not mean they are always the best choice for your business. Equally, it should not always be an either/or choice between one platform or another.
These slides describe some of the things to consider when choosing a development platform. Please get in touch if you would like an unbiased discussion on how to choose the best platform for your needs.
How to manage technology obsolescence with LeanIX Enterprise Architecture Man...LeanIX GmbH
Running outdated and unsupported technology is a real risk for organizations. Discover how to mitigate this risk by keeping your technology product data clean and up to date.
LeanIX offers an innovative software-as-a-service solution for Enterprise Architecture Management (EAM), based either in a public cloud or the client’s data center.
Companies like Adidas, Axel Springer, Helvetia, RWE, Trusted Shops and Zalando use LeanIX Enterprise Architecture Management tool.
Free Trial: http://bit.ly/LeanIXDemoS
The Role of the CTO in a Growing OrganizationRoger Smith
The position of Chief Technology Officer is relatively new to corporate leadership and very little has been published on the role, responsibilities, and relationships of this position. Like many of the traditional leadership positions, the skills necessary to execute this position vary depending on the growth stage that the company is entering. In this paper we discuss the manner in which the role of the CTO changes as a company grows from a start-up to an industry dominating position.
From project to product mindset and onwards to product platform architecturesJorn Bettin
Is it possible to stay innovative and economically manage many hundreds or even thousands of products or product variants?
Organisations interested in benefiting from a product line and product platform approach must adopt values and organisational principles that encourage the development of deep domain expertise. This includes a deep understanding of the forces that continuously change the environment of the product line. These forces can then be harnessed as part of the architectural foundation for the product line.
The pervasive digitisation of services and the desire to create and operate platforms that can support large digital service ecosystems that include many organisations, have put the spotlight on design principles for product lines, product platforms, and related organisational structures.
These slides relate to a talk at ProductTank Auckland (https://www.meetup.com/ProductTank-Auckland/events/252496542/). The video recording is available at https://twitter.com/pmauckland/status/1021272934416109568.
Digital Transformation And Solution ArchitectureAlan McSweeney
Digital strategy is a statement about the organisation’s digital positioning, competitors and customer and collaborator needs and behaviour to achieve a direction for innovation, communication, transaction and promotion. Digital strategy needs to be defined in the same framework structure as the proposed digital architecture platform.
Achieving the target digital organisation means deploying solutions that enable the digital architecture. Solution architecture needs to design solutions that fit into the target digital architecture framework. This requires:
• Solution architecture team operating in an integrated manner designing solutions to a set of common standards and that run on the platform
• Solution architecture team leadership ensuring solutions conform to the common standards
• Solution architecture technical leadership to develop and maintain common solution design standards
• Solution architecture updates the digital reference architecture based on solution design experience
Digital solution design requires greater discipline to create an integrated set solutions that operate within the rigour of the digital architecture framework. The solution architecture function must interact with other IT architecture disciplines to ensure the set of solutions that implement the digital framework operate together. This requires greater solution architecture team leadership. This needs to be supplemented and supported by a well-defined set of digital solution design standards.
This follows-on from the previous presentation: Digital Transformation And Enterprise Architecture
https://www.slideshare.net/alanmcsweeney/digital-transformation-and-enterprise-architecture.
The technical debt metaphor is useful in capturing the long-term impacts of
tradeoffs taken during software maintenance between productivity (getting
something done sooner) and maintainability (degradation of the code's
quality over time). This webinar on Technical Debt will present
techniques and insights that help software engineers to identify and track
technical debt in their projects. We will outline how business and product
quality goals should affect the choice of approaches (and combinations of
approaches) for managing technical debt. More specifically, we will discuss
a set of automated approaches based on static code analysis that are likely
to spot problems in source code that have real impact on productivity and
defect proneness. Based on previous empirical studies, we will give further
advice on which types of debt can be found by these tools, and which types
are not yet detectable.
Rationalizing an Enterprise IT ArchitectureBob Rhubart
Shaun McLaurin's presentation from OTN Architect Day in Pasadena, July 9, 2009.
Find an OTN Architect Day event near you: http://www.oracle.com/technology/architect/archday.html
Interact with Architect Day presenters and participants on Oracle Mix: https://mix.oracle.com/groups/15511
What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...Maruti Techlabs
Who are citizen developers? Do you even need citizen developers? What skills do they have? Moreover, should you be hiring citizen developers? Let’s jump right in for the answers!
It’s no surprise that every business today needs software or an app to handle various business functions. Every industry is currently reliant on multiple software, and hence on software developers.
SeedScientific reports that software developers’ employment is expected to grow at a whopping 22% in the coming decade. One of the most common open positions on a job searching site is that of a software developer. The demand for software developers is so high that the supply is falling short.
A citizen #developer is a person without formal training in #software development who develops software using low-code or no-code platforms.
Citizen developers have come to the rescue of organizations to fill the gap between software developers’ demand and supply. Citizen developers help organizations create apps and software at a faster rate.
According to @Gartner, “By 2024 75% of large enterprises will be using at least four low code development tools for both IT application development & citizen #development initiatives.”
Link to the complete article in the comments below ⬇️
#softwaredevelopment #IT #programming #coding
Understand the concept of DevOps by employing DevOps Strategy Roadmap Lifecycle PowerPoint Presentation Slides Complete Deck. Describe how DevOps is different from traditional IT with these content-ready PPT themes. The slides also help to discuss DevOps use cases in the business, roadmap, and its lifecycle. Explain the roles, responsibilities, and skills of DevOps engineers by utilizing this visually appealing slide deck. Demonstrate DevOp roadmap for implementation in the organization with the help of a thoroughly researched PPT slideshow. Describe the characteristics of cloud computing, its benefits, and risks with the aid of this PPT layout. Utilize this easy-to-use DevOps transformation strategy PowerPoint slide deck to showcase the difference between cloud and traditional data centers. This ready-to-use PowerPoint layout also discusses the roadmap to integrate cloud computing in business. Highlight the usages of cloud computing and deployment models with the help of visual attention-grabbing DevOps implementation roadmap PowerPoint slides. https://bit.ly/3eFxYYr
DevOps is a term for a combination of various software development practices including traditional software development and information technology operations. It shortens the systems development life cycle while delivering features, fixes, and updates. This is ensured by frequent and close alignments with business objectives. It comprises a vast set of cultural philosophies, practices and tools
to increase an organization's ability to deliver applications and services at high velocity.
This document gives insights how DevOps should be designed, what services they should offer, what organizational forms can be chosen (incl. their benefits), which aspects a DevOps governance should cover, how to assess and implement DevOps (DevOps transition), which technologies are important and how processes can be designed based on proven best practices.
Agenda DevOps best practice slide deck:
- DevOps Definition and Overview
- DevOps & Agile maturity
- DevOps Transition
- DevOps Technology
- DevOps Organization
Don't be scared, level zero in a capability map is just a way to structure the map so that we have a consistent way of communicating. It's really not that important if all you wish todo is create an excellent set of capabilities for your business. However if you are intent on changing the foundation of your business then level zero is absolutely imperative to get right. Capabilities and capability maps are not organization structures, they do however serve as a powerful instrument when one need to create an organization architecture, in fact they are best thought of as organizing structures.
Choosing the right development platform may not be as obvious as it seems.
Low code application platforms accelerate app delivery by dramatically reducing the amount of hand coding required. Faster delivery is the primary benefit of these application platforms; they also help firms respond more quickly to customer feedback after initial software releases.
While to benefits are clear - this does not mean they are always the best choice for your business. Equally, it should not always be an either/or choice between one platform or another.
These slides describe some of the things to consider when choosing a development platform. Please get in touch if you would like an unbiased discussion on how to choose the best platform for your needs.
How to manage technology obsolescence with LeanIX Enterprise Architecture Man...LeanIX GmbH
Running outdated and unsupported technology is a real risk for organizations. Discover how to mitigate this risk by keeping your technology product data clean and up to date.
LeanIX offers an innovative software-as-a-service solution for Enterprise Architecture Management (EAM), based either in a public cloud or the client’s data center.
Companies like Adidas, Axel Springer, Helvetia, RWE, Trusted Shops and Zalando use LeanIX Enterprise Architecture Management tool.
Free Trial: http://bit.ly/LeanIXDemoS
The Role of the CTO in a Growing OrganizationRoger Smith
The position of Chief Technology Officer is relatively new to corporate leadership and very little has been published on the role, responsibilities, and relationships of this position. Like many of the traditional leadership positions, the skills necessary to execute this position vary depending on the growth stage that the company is entering. In this paper we discuss the manner in which the role of the CTO changes as a company grows from a start-up to an industry dominating position.
From project to product mindset and onwards to product platform architecturesJorn Bettin
Is it possible to stay innovative and economically manage many hundreds or even thousands of products or product variants?
Organisations interested in benefiting from a product line and product platform approach must adopt values and organisational principles that encourage the development of deep domain expertise. This includes a deep understanding of the forces that continuously change the environment of the product line. These forces can then be harnessed as part of the architectural foundation for the product line.
The pervasive digitisation of services and the desire to create and operate platforms that can support large digital service ecosystems that include many organisations, have put the spotlight on design principles for product lines, product platforms, and related organisational structures.
These slides relate to a talk at ProductTank Auckland (https://www.meetup.com/ProductTank-Auckland/events/252496542/). The video recording is available at https://twitter.com/pmauckland/status/1021272934416109568.
Recommended for CIOs and Applications Managers
In this session we will discuss how next generation business applications enable the
creation of much needed hyper-personalized experiences for customers and employees.
Center Office is a new delivery model that is emerging in response to the need to deliver
end to end hyper-personalized solutions that improve on older enterprise (legacy)
applications. Center Office relies on technologies such as APIs, microservices and
Hyperautomation (next level of automation that meshes AI tools with RPA,, enabling
scaling for complex business processes).
How do we manage employees' experiences as well as preserve talent and create
collaborative workplaces for teams? which new skills are needed? what will the
workforce of the future look like? Which new tools are needed for HR (employee well-
being)?
Recommended for CXOs and all IT Managers
If COVID-19 has demonstrated anything it is that organizations can no longer rely on traditional long-term strategic direction-setting, in order to succeed and grow. Today, organizations need to be able to quickly identify changes and respond with speed.
Adaptive enterprises have the technical and organizational agility to do this. In this session, we will present the organizational structure, technologies and concepts that make up an adaptive organization and discuss topics such as: Concierge hyper-personalization services; Personalized (PBC) Business Capabilities; adaptive organizational structure; Centers of Excellence; center office; hyper-automation and data centric organizations.
Recommended for CDOs and all Data & Analytics Managers
The past 2 years have had a huge impact on organizations journeys to become data driven. Existing data architectures were disrupted; rigid structures and processes were questioned, and many data strategies were re-written.
On the one hand, the global pandemic emphasized the need for organizations to raise the bar, implement strategies, improve data literacy and culture, increase investments in data and analytics, and explore AI opportunities.
On the other, it also presented new challenges such as: the war for data talent and the wide literacy gap. Inadequate structures as well as outdated processes were exposed. Major changes in the data landscape (Data Fabric, Data Mesh, Transition to Data Clouds) will further disrupt existing data architectures and enhance the need for a new adaptive architecture and organization.
The 28th edition of the annual research covering all aspects of the IT Market in Israel.
Volume 1: introduction, what is POSTCOVID19 Transformation and economic issues and market analysis
STKI researches and publishes once a year a complete Market Study about the Israeli Information Technology Scene. This is a version 2 that includes changes that were found after companies presented (again) their 2018 results and STKI analysts accepted the changes.
Presentation describes innovation process for IT, from digital transformation though data centric and finally automation revolution, outcome driven innovation and data, process and technical debt
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
JMeter webinar - integration with InfluxDB and Grafana
CTO presentation
1. 1
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
CTO’s presentation:
Age of Implementation
Pini Cohen, CTO STKI
2. 2
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Agenda
Intro: CTO’s and Architects
Adaptive Architecture
Cloud CoE
DevOps CoE
Zero Trust
2
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
3. 3
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
What is happening with CTO’s and
Architects?
More technologies to deal with
Technology last short time
Customization of technology is less
viable
Dependencies in technologies is
increasing
3
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
4. 4
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Microservices
implications:
•You can do whatever you
want, use database,
programming language
etc., as long as you get the
job done and other
services can depend on
you.
4
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
5. 5
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
This is how core legacy architecture looks
likes
6. 6
Copyright@STKI_2020 Do not remove source or attribution from any slide, graph or portion of graph
Solution: The
new architect
6
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
7. 7
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
What is happening with
CTO’s & Architects ?
we are
having more
fun!!
7
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
8. 8
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Not everything is so shiny
Not everything is so shiny
8
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
9. 9
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
The IT talent war*
*In the holly land
10. 10
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Massive move of personal from Enterprise IT to High-tech
10
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
11. 11
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
IT has little experience in Knowledge Transfer
11
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
12. 12
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
This will result
IT
Organization
•Downtime
•IT is a barrier for
the business
•Implement KM
platforms in IT
•Demand for Cloud
& SLA based
services
IT
Suppliers
•Sell products with
their operations
services
•High demand for
staffing services
(“gulglot”) but
hard (impossible?)
to fulfill
•Cloud & SLA
based services
13. 13
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Adaptive
Architecture
13
14. 14
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Adaptive Architecture
ADAPTIVE emerges as the top objective for the organization. Modern
architecture Integration is the core of being Adaptive
API’s are the most important indication of “what is happening” in modern
application
API’s and Event Driven will enable the use of Legacy system in modern
business processes
15. 15
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Adaptive Composable Organizational
Applications
16. 16
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
The evolution of integration patterns
16
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
17. 17
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
API gateway
The evolution of integration patterns
17
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
18. 18
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
API Gateway
• Protocol transformation
• Scheme validation (content filters like XSD, filed limits, field format, etc.)
• Authentication & security
• Basic logics
19. 19
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
API gateway
Cloud integration:
IPaaS
The evolution of integration patterns
19
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
20. 20
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
IPaaS –
Integration
Platform as a
Service
• For cloud connectivity
• Enable integration capabilities for ‘ad hoc’ or ‘citizen’ integrators”
• “I have more adaptors cloud SaaS”
• Selected products: Zapier, iConduct, Workato, Celigo, Snaplogic
20
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
21. 21
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
External (specific API)
API gateway
Cloud integration
IPaaSadvanced ESB
API management
The evolution of integration patterns
21
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
22. 22
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Business manager to CIO:
I want to sell
product X by
our systems
I want to sell
product Y by
our systems
I want to sell
product Z by
our systems
I want to sell
product A by
our systems
CIO CIO
CIO
CIO
23. 23
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Business manager to CIO:
I want to sell
product X by
our systems
CIO
• Place new products in my catalog –
dynamically
• Check stock variability in suppliers ERP
• Process payment (3rd party SW)
• Transfer money immediately to supplier
• Update delivery status and location (3rd
party)
• Update buyer when product was delivered
• Update “consumer club” in both our
systems and suppliers systems
24. 24
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
API Management
24
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
25. 25
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
BOI Open Banking Regulation
25
26. 26
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
API Management – the hottest project in market!
I’m Hot!
26
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
27. 27
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Will API management replace ESB?
It shouldn't – no oorchestration, no transformation, no adapters ( tech
and content), no messaging, no guarantee delivery, etc,
Still – green field organizations (enterprises and start-ups) are not
using ESB at all
28. 28
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
* Gradually when possible
API management tools are
replacing ESB*
28
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
29. 29
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
External (specific API)
API gateway
Cloud integration
IPaaSadvanced ESB
External partners
API management
developer portal
Industry API Standards
The evolution of integration patterns
29
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
30. 30
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Why API interoperability standards are critical for business agility?
“complete name” “full name” “full description” “Shem Male”
"The Hongkong and Shanghai Banking Corporation Limited“ is stored in field
Bank A Bank B Bank C Bank D
These banks can only manually co-ordinate.
This is not suitable for modern business!!
31. 31
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
The solution: standard Open API –
"banks": [
{
"id": "hsbc",
"short_name": "HSBC",
"full_name": "The Hongkong and Shanghai Banking
Corporation Limited",
"logo": "url of internet standard image",
"website": "www.postbank.de"
}
]
}
32. 32
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Internal integration
ESB
External (specific API)
API gateway
Cloud integration
IPaaSadvanced ESB
External partners
API management
developer portal
Industry API Standards
The evolution of integration patterns
Microservices
ServiceMesh
32
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
33. 33
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Source: http://martinfowler.com/
34. 34
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
34
API gateway /ESB
will not scale in
microservices
production
environment API
Gateway
34
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
35. 35
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
https://medium.com/microservices-in-practice/service-mesh-for-microservices-2953109a3c9a
service mesh pattern
36. 36
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Direct (unsupervised) API calls
36
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
37. 37
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Advanced Integration capabilities are the key to adaptive business
API centric development & operations are a key for availability, efficiency
(reuse) & security
Advanced Integration capabilities are the key to adaptive business
API centric development & operations are a key for availability, efficiency
(reuse) & security
37
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
38. 38
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Event Driven Architecture (EDA)
38
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Traditional programming: direct connection
By topic
39. 39
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Event driven - “If you love someone set him free”
• Traditional programming:
Make_Order {
…
…
Call Order_Fulfilment (id of
order).
Wait for response (ack)
• }
• EDA programming:
Make_Order {
…
…
Publish event:
Order_created(id of order)
//do not wait
• }
40. 40
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Event driven benefits & drawbacks
•Enables adaptive business processes
•Enables work of separate teams
•Fits microservices, self contained systems, DevOps,
serverless
•Basically for a-synchronous purpose
•Distributed transactions are difficult!!
•Needs to reskill architects & programmers
40
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
41. 41
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Low Code
“A low-code development
platform (LCDP) is a software that
provides a development environment
used to create application
software through graphical user
interfaces and configuration instead
of traditional hand-coded computer
programming.” Wikipedia
תפוקה הרבה
,
קוד פחות
42. 42
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
The advantages
TTM
Fit for junior/legacy
developers
Low technical debt
Good for business
(application) experiments
(MVP)
42
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
43. 43
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
The barriers
Prior experience- 4GL
Politics
Cost of entry
Lockdown
43
44. 44
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Lesson learned
from (Israeli) 4GL:
•Citizen developers should work
under IT guidance/supervision:
•Security, Central Identity,
Regulations, Monitoring
•Updates of infrastructure
•CAB – change advisory board
•Documentation and Architecture
guidance
44
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
44
45. 45
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
Will 2022 be the "LowCode Year" in
Israel?
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
45
46. 46
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Literacy
API Economy principals
Standards
API standards, Identity
standards, Cyber
security standards
Architecture
Event Driven, API
management vs.
ServiceMesh , Rest vs.
GraphQL
Tools
API management tools
IPaaS tools
Governance
Regulations , apply
standards
Use Cases Identification
and Prioritization
Priorities in DevOps efforts and tooling
Skills
Architect upskill for
Event Driven
Processes
API first culture , API testing
automation
Architecture
Integration
CoE
Governance – be integral part of development process
48. 48
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Reasons for
moving to cloud
• There is (almost) no option since new business applications are only cloud based. Applying modern business processes without using cloud software will be very difficult and unconventional.
New business applications
are only cloud based
Applying modern business
processes without using
cloud software will be very
difficult and unconventional
48
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
49. 49
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
More reasons for
moving to cloud:
• Cloud improve IT speed & agility and
hence business agility
• Cloud computing enables “fail fast”
(leanMVP) business culture
• Cloud drives technology innovation which
drives business innovation
• Cloud computing helps with compliance
• Cloud computing companies invest much
more on cyber security than traditional IT
• Cloud computing helps with IT-Business
alignment
49
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
50. 50
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Repatriation?
Cloud
50
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
51. 51
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Repatriation debate
51
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
52. 52
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Repatriation from cloud in Enterprise IT?
Cloud
Not Yet
52
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
53. 53
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Cloud unexpected
complexity:
•Cloud budget planning
•Bill Shock
•Lack of flexibility in cloud
contracts
•Forgotten areas in cloud SaaS
deals
•In general - mistakes in the
cloud are more harmful
53
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
54. 54
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Reduce the
dominance of
Windows Server
and VMWARE
ESX
54
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
55. 55
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Cloud technical
team is integral
part of the
general teams
55
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
56. 56
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Fact: most
resources are still
spent the on-
premise/traditional
infrastructure
Treat on premise
as cloud!!
56
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
57. 57
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Infrastructure as Code
•Central scriptcode repository (GIT) for
all infrasecurity
•Central workflow for all infrasecurity
57
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
58. 58
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Place infrastructure
as code KPI for all
infrasecurity
departments
58
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
59. 59
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Server is running unnecessarily in
traditional DC – not a big deal
Server is running unnecessarily in
Cloud – very big deal $$
“Pay by the minute” is new for IT* – FINOPS is the
answer
*what are “Spot Instances”?
59
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
60. 60
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Define and implement
mandatory tags for all
cloud resources in the
resource group level – DO
IT NOW
60
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
61. 61
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Cloud cost optimization tools
Build in tools:
62. 62
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Literacy
Explaining cloud business and
technology implications
Standards
Example: tagging
(FINOPS) standards,
security standards.
Identity standards
Architecture
Microservices, Event
Driven, Serverless
Tools
Which cloud, Cloud cost
optimization tools ,
Cloud identity tools,
cloud integration tools
Governance
Cloud related
regulations
Use Cases Identification
and Prioritization
Priorities in cloud migration
Skills
Cloud development,
Infrastructure as code
education
Processes
FINOPS, cloud licensing
management, Cloud asset
management
Cloud
CoE
CoE is an enabler, not doer itself. “One DBA team!”
64. 64
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Traditional deployment
• From dev to test to prod – takes ages..
64
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
65. 65
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
DevOps aims at:
• DevOps enables the benefits of Adaptive development to be felt at
the organizational level. DevOps does this by allowing for fast and
responsive, yet stable, operations that can be kept in sync with the
pace of innovation coming out of the development process.
Source:
http://dev2ops.org/blog/2010/2/22/what-is-DevOps.html
http://en.wikipedia.org/wiki/File:DevOps.png
65
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
66. 66
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Some perspective: DevOps at Amazon
Source: http://www.bogotobogo.com/DevOps/DevOps_Jenkins_Chef_Puppet_Graphite_Logstash.php
66
11.6 seconds : Mean time between
deployments (weekday)
Mean
1,079 : Max # of deployments in a single
hour
Max
10,000 : Mean # of hosts simultaneously
receiving a deployment
Mean
30,000 : Max # of hosts simultaneously
receiving a deployment
Max
66
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
67. 67
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
“Let there be DevOps”
68. 68
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
DevOps Tools
Monitoring/Observability/AIOPS
Collaboration
Configuration Automation
Testing
Issue Trekking/ITSM
Release Management
Security
Continues Integration
Artifacts/ Package Management
69. 69
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Legacy systems
must be part of
Value Stream
mapping &
DevOps
69
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
70. 70
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Measure until code
is in production and
not until value is
created
70
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
71. 71
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Value Stream
Mapping?
•Value stream enables you to
create a detailed visualization of
your workflows.
•This visualization represents
how your products and services
flow from supplier to customer
via your company.
•Value Stream tools should get
their input from ALM tools and
from manual inputs
71
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
72. 72
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
IMPROVING DATABASE PROVISIONING PROCESS TO
MEET BUSINESS DEMANDS
73. 73
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
IMPROVING DATABASE PROVISIONING PROCESS TO
MEET BUSINESS DEMANDS
74. 74
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Value stream mapping:
Source: https://www.scielo.br/j/jistm/a/wRTL87bgXHG6zZd8GGNNvxt/?format=pdf&lang=en
75. 75
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
STKI: start
DevOps with
Value stream
mapping
75
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
76. 76
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Operations team (NOC) vs. ESM (monitoring) team
76
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
77. 77
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
SRE is what happens
when you ask a software
engineer to design an
operations team
•SRE – Site Reliability
Engineering
•Automation (code, tooling) in
operations, self healing
architecture
•MTTR instead of MTBF
•Error Budget
•Developers responsibility for
operations
77
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
78. 78
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Developers
are not
responsible
of operations
78
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
79. 79
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Observability:
the new
Monitoring
79
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
80. 80
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Expected correlation in
golden signals. What is
anomaly?
80
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Normal behavior: Traffic--> Saturation --> Latency --> Error
81. 81
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Literacy
Explain DevOps to business
Standards
Naming conventions for
infrastructure, testing
standards, Monitoring
(Observability)
standards
Architecture
Microservices, Monitoring
(Observability) health
API’s
Tools
DevOps orchestrator,
Integration to Source
Control, Ticketing tools,
DEVSECOPS tools
Governance
Which type of DevOps
and controls (testing)
for each application
type
Use Cases Identification
and Prioritization
Priorities in DevOps efforts and tooling
Skills
Cloud development,
Infrastructure as code
education
Processes
Let Developers part of the
operations responsibility,
Unify the development and
operations processes and
KPI’s
DevOps
CoE
Cooperation between Development and
InfraOps departments is crucial in the
success of DevOps CoE
82. 82
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
STKI Webinar:
Coping with
Complex IT
Environment
27.10.21
CTO’s Architects,
Development, Infra &
Operations
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
83. 83
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Zero Trust CoE
83
84. 84
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Before:
Inside = safe
We are inside
Outside = not safe
84
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
85. 85
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Everything is outside !!
After:
86. 86
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Zero Trust :the organization has no perimeters
“Never trust – Always verify”*
Forrester-The Zero Trust eXtended (ZTX) Ecosystem
86
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
87. 87
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
What should we verify?
• The user’s identity (now)
• The device (now)
• The network (now)
• What is transferred (data, docs,
web) - now
• Role-based access control (process,
port, protocol) – preferably via
proxy – no network access
87
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
88. 88
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Who is the user in many clouds?
89. 89
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Cloud Identity Services principals
90. 90
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Possible
solution for
Zero Trust –
SASE – Secure
Access Service
Edge
90
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
91. 91
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
SASE capabilities
92. 92
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Close
“employees
WIFI” stay with
“guest WIFI”
92
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
93. 93
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Close the
internal
network
longer term
93
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
94. 94
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
Literacy
Explaining cloud business and
technology implications
Standards
Example: tagging
(FINOPS) standards,
security standards.
Identity standsrds
Architecture
Microservices, Event
Driven, Serverless
Tools
Which cloud, Cloud cost
optimization tools ,
Cloud identity tools,
cloud integration tools
Governance
Cloud related
regulations
Use Cases Identification
and Prioritization
Priorities in cloud migration
Skills
Cloud development,
Infrastructure as code
education
Processes
FINOPS, cloud licensing
management, Cloud asset
management
Cyber
CoE
CoE is an enabler, not a controller or a doer itself
Zero Trust is such a
big change for Cyber
Security – everybody
should take a big
breath
95. 95
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph
The End:
Implement
while
doing fun!!
Copyright@STKI_2021 Do not remove source or attribution from any slide, graph or portion of graph