Demo Theater Cider Security
•
0 likes•106 views
This document discusses DevOpsDays and security. It introduces Cider Security, which aims to enable security teams to keep up with the pace of development through providing real-time visibility into CI/CD pipelines. Cider's platform integrates security tools and provides a complete overview of a pipeline's security posture to help reduce friction between development and security teams. The document promotes a Cider Security demo that shows its visibility into technology stacks and how a scanner can be incorporated into a CI/CD pipeline.
Report
Share
Report
Share
Download to read offline
Recommended
Cloud Operations
It is supplemented by management to ensure that all of the processes and resources are managed properly to keep cloud operations running smoothly. Cloud operations are intended to provide the following objectives: Deliver cloud services and/or infrastructure.
Shift Left Security - The What, Why and How
The shift left approach in DevOps moves software testing earlier in its lifecycle to prevent defects early in the software delivery process. How can developers use this approach to ensure security? Josh Thorngren, VP of Marketing at Twistlock, will explain what it means to shift left, and share five steps to ensure a successful transition to a shift left approach with DevOps.
Join this webinar to learn:
Best practices in adopting a successful shift to the left
How ‘shifting left’ promotes security
How developers are the new security guards in protecting company information
A New View of Your Application Security Program with Snyk and ThreadFix
Snyk continuously monitors your application’s dependencies and lets you quickly respond when new vulnerabilities are disclosed. Threadfix allows organizations to gain true visibility into a your project’s security posture by cross referencing results on an app from multiple sources (SCA, SAST, DAST, etc.), ultimately enabling better prioritization, while Snyk focuses on remediation at the source with the automated fix pull requests. Join us to see how, together, Snyk and ThreadFix can enhance application security and prevent risks, while preserving development scale and speed.
The Evolving Role of the Developer in 2021
The role of the developer continues to change as they sit on the front line of application and even cloud infrastructure security. Today, developers are focused on innovating fast and improving security, but how do high-performing teams accomplish this? They commit code frequently, release often and update dependencies regularly (608x faster than others).
In this webinar, we'll discuss the key traits of high-performing teams and how that impacts the role of the developer.
Key Takeaways:
Choose the best third party dependencies
Determine the lowest effort upgrades between open source versions
Solve for issues in both direct and transitive dependencies with a single-click
Block and quarantine suspicious open source components
Tales from an Enterprise DevOps transformation
Driving large scale change is hard, but the reward is more than worth the effort. In this talk, Lee shows some of the benefits he's seen and highlights three key areas to focus on: executive buy in, driving behavior changes by evolving values, and keeping teams healthy through all the changes.
Secure DevOPS Implementation Guidance
Awareness and Guide to a Practical Implementation.
Discover how to automate security testing, and ensure every bit of code is scanned before it leaves the developer’s hands
https://bsidesdc2018.busyconf.com/schedule#day_5acff470ec4a15f24e000036
ITAM UK 2017 Open source alternatives_John Springall
Open Source Alternatives from John Springall of SAM Eclat
Recommended
Cloud Operations
It is supplemented by management to ensure that all of the processes and resources are managed properly to keep cloud operations running smoothly. Cloud operations are intended to provide the following objectives: Deliver cloud services and/or infrastructure.
Shift Left Security - The What, Why and How
The shift left approach in DevOps moves software testing earlier in its lifecycle to prevent defects early in the software delivery process. How can developers use this approach to ensure security? Josh Thorngren, VP of Marketing at Twistlock, will explain what it means to shift left, and share five steps to ensure a successful transition to a shift left approach with DevOps.
Join this webinar to learn:
Best practices in adopting a successful shift to the left
How ‘shifting left’ promotes security
How developers are the new security guards in protecting company information
A New View of Your Application Security Program with Snyk and ThreadFix
Snyk continuously monitors your application’s dependencies and lets you quickly respond when new vulnerabilities are disclosed. Threadfix allows organizations to gain true visibility into a your project’s security posture by cross referencing results on an app from multiple sources (SCA, SAST, DAST, etc.), ultimately enabling better prioritization, while Snyk focuses on remediation at the source with the automated fix pull requests. Join us to see how, together, Snyk and ThreadFix can enhance application security and prevent risks, while preserving development scale and speed.
The Evolving Role of the Developer in 2021
The role of the developer continues to change as they sit on the front line of application and even cloud infrastructure security. Today, developers are focused on innovating fast and improving security, but how do high-performing teams accomplish this? They commit code frequently, release often and update dependencies regularly (608x faster than others).
In this webinar, we'll discuss the key traits of high-performing teams and how that impacts the role of the developer.
Key Takeaways:
Choose the best third party dependencies
Determine the lowest effort upgrades between open source versions
Solve for issues in both direct and transitive dependencies with a single-click
Block and quarantine suspicious open source components
Tales from an Enterprise DevOps transformation
Driving large scale change is hard, but the reward is more than worth the effort. In this talk, Lee shows some of the benefits he's seen and highlights three key areas to focus on: executive buy in, driving behavior changes by evolving values, and keeping teams healthy through all the changes.
Secure DevOPS Implementation Guidance
Awareness and Guide to a Practical Implementation.
Discover how to automate security testing, and ensure every bit of code is scanned before it leaves the developer’s hands
https://bsidesdc2018.busyconf.com/schedule#day_5acff470ec4a15f24e000036
ITAM UK 2017 Open source alternatives_John Springall
Open Source Alternatives from John Springall of SAM Eclat
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Cloud Native Day Tel Aviv
Traditionally, security teams have been accustomed to investigating incidents and falling back to previous code releases if they detect serious issues. With the rise of modern cloud-native applications and immutable infrastructure, however, security engineers have new solutions at their fingertips. Immutable infrastructure refers to infrastructure with components that are designed to be destroyed and replaced with new versions whenever a change is necessary. This makes immutable infrastructure different from conventional deployment technologies, in which components were typically updated while they were still running rather than being redeployed whenever a change takes place. In this session, Dima Stopel will discuss the changing security landscape and how immutable infrastructure and cloud-native technologies such as containers, can make tedious, risk-prone security workflows a thing of the past. Are your DevOps and Security teams friends or foes?
An intro to DevOps for security professionals + Our latest innovation: auto-generated security policies in the CI/CD pipeline
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
The tempo for software delivery to the warfighter continues to accelerate to meet the goals and demands of their missions. Pressures to rapidly build and deploy mission software drive the need to deliver new capabilities via DevSecOps pipelines. Many of the latest leading-edge DevSecOps practices draw heavily from commercial tech companies and innovative programs across DoD like Kessel Run. What are these latest trends, and how do you take advantage of them? How do you quantify the risk of microservices, new languages and frameworks, and cloud environments and still obtain authority to operate (ATO)?
The ThreadFix platform has built-in automation and orchestration capabilities to enable your teams to provide immediate feedback in the form of policy evaluation, notifications in the form of emails and automated developer defect creation, and decision-making on your CI program as scan results are generated. In addition to built-in automation, plugins and the ThreadFix API enable CI programs to seamlessly integrate security testing into existing build/release pipelines to provide evaluation of code changes directly to your development tools.
These key issue items and other trends will be discussed in this highly interactive briefing, providing critical insights on how to inject agility and responsiveness into environments that have traditionally struggled to keep pace with modern development approaches.
Enhancing your Cyber Skills through a Cyber Range
Bill Rowan
VP, Federal Sales, VMware
2019 DC CyberTalks
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
DOD Enterprise DevSecOps Initiative
Nicolas Chaillan, Chief Software Officer, U.S. Air Force
Deliver your App Anywhere … Publicly or Privately
Developers are increasingly adopting a microservices approach for their apps in order to gain rapid iteration capabilities required for delivering new services faster. However, delivering the App still requires multiple steps such as allocation of virtual IPs, provisioning the front load balancer, configuring firewall rules, configuring a public domain, and DDOS. At present, each of these steps requires coordination across multiple teams with multiple iterations per team. The time efficiencies gained by adopting microservices and cloud-native technologies is negated due to the time taken to deliver the App.
In this session, Pranav Dharwadkar, VP of products at Volterra, and Jakub Pavlik, director of engineering, will help you understand these challenges and introduce a distributed proxy architecture that can alleviate the challenges across different cloud environments. This webinar will include a live demo using a distributed proxy architecture to advertise an App publicly and privately.
In this webinar, you will learn:
The steps required to deliver an App using the current approaches
How a distributed proxy architecture can be used to deliver the app publicly and privately
The operational benefits of a distributed proxy architecture for delivering new services
Summer "Tuning" in Jira and DevSecOps
David Eads, Atlassian, presents how to clean and tune your Jira and Confluence instances and Himanshu Chhetri, Addteq, discusses how to implement DevSecOps within your software organization's delivery pipeline.
Microservices the Good Bad and the Ugly
Sildes of an internal talk given at Twitter similar to a previous webinar for Redhat with the same title.
Speeding up development is a key concern, cloud and technology improvements like Docker speed up key steps that make continuous delivery possible. Breaking up the work into many separate microservices and datastores with stable APIs allows teams to make progress independently so that the organization scales. Monolithic apps are preferred for small projects, built by small teams and when very low latency and high efficiency is the primary requirement. Monitoring microservices is currently a challenge with solutions starting to emerge.
Mission Possible: How VMware's Private Cloud Migrated to Jira Service Desk
Imagine you had five years of built functionalities in ServiceNow. Now, imagine your team of five was asked to migrate it all to Jira Service Desk with a full-blown ITILv3 scope in just eight months. Challenge accepted!
Join VMWare’s Dimitar Dimitrov, Manager of Cloud & Productivity Engineering, on his mission of epic proportions to migrate one of the largest private cloud instances to Jira Service Desk. From technology to people, learn how his team architected, designed, and deployed end-to-end service for a multi-service portfolio, how they met ITSM requirements with a lean approach, how partnering with a third party app vendor can help you shave months off your migration timeline and why starting with configuration management sets you up for success. This talk will include practical tips and demos so you can be successful in your own enterprise ITSM migration and beat your timelines.
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGs
Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...
Virtual Reality is set to be one of the most disruptive technologies. Whether you work in Gaming, Construction, Financial Services or even for a Formula1 team, chances are you will be working with VR in the very near future. But current VR architectures are not practical for the Enterprise. So how do you go about building an Enterprise VR platform? How do you deliver solutions like Nvidia Holodeck, integrate with Google Hangouts, leverage infrastructure as code for a consistent user experience? In the session, you’ll get a glimpse at the VR Platform Cisco is building with our partner eBB3
SUGCON: The Agile Nirvana of DevSecOps and Containerization
Sitecore deployments are traditionally relatively expensive due to the technological and architectural limitations. The introduction of a containerized hosting model is a game-changer in the Sitecore DevOps story. It allows DevOps teams to enable delivery security features, and reduce deployment cycles through automation, by activating DevSecOps strategies. This flexibility or cost-efficiency of containerized deployments allows DevOps and engineering teams to focus on and align around business value, rather than being handicapped by the legacy technology and systems. In this session we will walk the attendees through the benefits of a DevSecOps pipeline to IT, development teams, and their business leadership and show what it takes to migrate to the AKS-hosted infrastructure from an on-premise setup. We will present a reference design for an automated DevSecOps pipeline that focuses on security, quality, and speed. The session will cover the learnings from a major healthcare technology and research company that has gone through this shift and highlight the impact they experienced on the infrastructure, solution architecture, DevOps pipeline, processes and internal resources - Infrastructure: we will provide a feature overview of Azure vs AWS as it relates to a containerized Sitecore implementation, covering risks, cons, and pros associated with each and the cost estimation process for AKS. Sitecore Topology: we will cover the steps for changing Sitecore default AKS topology for maximum cost efficiency, and flexibility. DevOps pipeline: we will cover the automation that is required to move towards DevSecOps with environment creation via Infrastructure as Code, disaster recovery, and zero-downtime fully automated deployments to production. Processes and team changes: We will present how the new DevSecOps pipeline will affect internal processes and what internal support team changes are required to continue managing the new infrastructure and release pipeline.
Image Scanning Best Practices for Containers and Kubernetes
DevOps teams are looking to manage security risk without slowing down application delivery. Image scanning is critical to integrate into DevOps, but how can you get started?
Join Sysdig’s security team as they share practical guidance and demonstrate five (5) key steps to adopt in your image scanning workflow. You’ll walk away with a short, impactful checklist and be on your way to a more secure environment. Specifically, you’ll hear:
Key areas where you should embed scanning: CI/CD pipelines, registries, Kubernetes admission controller, Open Policy Agent (OPA)
Do’s and don'ts of selecting an appropriate base OS image
What to look for when scanning your Dockerfile
How to flag vulnerabilities quickly across large multi-cloud Kubernetes deployments
Why customers prefer a SaaS-based scanning solution
ICS Cyber Security Effectiveness Measurement
Presentation about ICS Cybersecurity Effectiveness Measurement on Kaspersky ICS Cybersecurity Conference
Wise Men TIBCO ADF Webinar- 16 October 2014
TIBCO has a broad range of products which are used for developing various types of enterprise solutions such as, EAI, BPM, CEP and MDM. Most of the enterprises follow agile development methodology and need TIBCO applications to be deployed and promoted as quickly as possible while reducing the develop-test-debug-deploy cycle.
Wise Men has the most comprehensive services on the TIBCO platform. We have an “Automated Deployment Framework” that supports most of the frequently used TIBCO products and we have an implementation service for ADF that guarantees the results..
Please join the experts from Wise Men to understand and discover how we can help you save 75% of lifecycle management cost of your TIBCO applications.
Optimize your CI/CD with GitLab and AWS
Building high volume software factories is all about combining workflow and automation functionality to ensure that each application development team is able to repeatedly deliver secure, high quality, feature rich iterations and operate them on scalable, highly available cloud infrastructure.
Attendees will learn how GitLab and Amazon Web Services (AWS) integrate together to provide best of breed development workflows and rock solid cloud application infrastructure.
Overview:
Hard lessons for CI / CD from how Ford automated automobile manufacturing.
GitLab CI / CD is a factory toolkit for software manufacturing.
GitLab CI/CD accelerates time to automation maturity with premade assembly lines and components.
GitLab CI/CD accelerates AppSec (DevSecOps) time to maturity with premade Security assembly lines.
How to have a tortured transformation to software manufacturing.
GitLab rich CI / CD workflows ensure cross-team (Dev, Ops, Sec) collaborative engagement and compliance with change gating controls with auditability.
GitLab CI / CD integrates with AWS infrastructure with multiple possible points of integration.
Steps to Scale Internet of Things (IoT)
Cisco Tech Advantage Webinar. June 4th, 2014
Video: http://youtu.be/RkmMi9qea5Y
IoT is everywhere, from smart meters on houses to parking sensors in the ground – all devices are connected to the Internet. Internet engineers are helping traditional industries solve new industrial world challenges by connecting billions of new devices. An exciting part of the IoT journey is the integration between both worlds: Information Technology (IT) and Operation Technology (OT). For that a systems approach is required to scale the existing Internet infrastructure to accommodate IoT use cases, while making IT technology easy to adopt for OT operators.
In this session you will learn:
IoT infrastructure challenges and the need for open standards and partner ecosystem
Key elements to build large-scale IoT systems as IPv6, access control, plug and play, distributed intelligence and contextual awareness
Introduction to fog computing and advantages of extending cloud computing and services
Looking ahead to the future
Devops security-An Insight into Secure-SDLC
The integration of Security into DevOps is already happening out of necessity. DevOps is a powerful paradigm shift and companies often don’t understand how security fits. Aim of this session is to give an overview of DevOps security and How security can be integrated and automated into each phases of software development life-cycle.
Next Dimension + Cisco Smart Manufacturing
Mike Killian from Cisco was in attendance at Next Dimension to discuss IoT, IT/OT Convergence, and all things Smart Manufacturing. This presentation showcases the impact of Smart Manufacturing strategies as implemented across Cisco's supply chain.
Best Practices for Building Scalable Visibility Architectures
These slides - based on the Webinar and featuring EMA Vice President of Research, Jim Frey, and Ixia Senior Director, Product Management, Scott Register – cover:
•Key goals and objectives of a visibility architecture
•Ways in which Network Visibility Controllers (NVCs) are being used, both today and in the future
•NVC features and capabilities having the broadest impact and delivering the most value
•Architectural and administrative qualities that are making the most difference
•Impact of server and network virtualization technologies on technology and product choices
More Related Content
What's hot
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Cloud Native Day Tel Aviv
Traditionally, security teams have been accustomed to investigating incidents and falling back to previous code releases if they detect serious issues. With the rise of modern cloud-native applications and immutable infrastructure, however, security engineers have new solutions at their fingertips. Immutable infrastructure refers to infrastructure with components that are designed to be destroyed and replaced with new versions whenever a change is necessary. This makes immutable infrastructure different from conventional deployment technologies, in which components were typically updated while they were still running rather than being redeployed whenever a change takes place. In this session, Dima Stopel will discuss the changing security landscape and how immutable infrastructure and cloud-native technologies such as containers, can make tedious, risk-prone security workflows a thing of the past. Are your DevOps and Security teams friends or foes?
An intro to DevOps for security professionals + Our latest innovation: auto-generated security policies in the CI/CD pipeline
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
The tempo for software delivery to the warfighter continues to accelerate to meet the goals and demands of their missions. Pressures to rapidly build and deploy mission software drive the need to deliver new capabilities via DevSecOps pipelines. Many of the latest leading-edge DevSecOps practices draw heavily from commercial tech companies and innovative programs across DoD like Kessel Run. What are these latest trends, and how do you take advantage of them? How do you quantify the risk of microservices, new languages and frameworks, and cloud environments and still obtain authority to operate (ATO)?
The ThreadFix platform has built-in automation and orchestration capabilities to enable your teams to provide immediate feedback in the form of policy evaluation, notifications in the form of emails and automated developer defect creation, and decision-making on your CI program as scan results are generated. In addition to built-in automation, plugins and the ThreadFix API enable CI programs to seamlessly integrate security testing into existing build/release pipelines to provide evaluation of code changes directly to your development tools.
These key issue items and other trends will be discussed in this highly interactive briefing, providing critical insights on how to inject agility and responsiveness into environments that have traditionally struggled to keep pace with modern development approaches.
Enhancing your Cyber Skills through a Cyber Range
Bill Rowan
VP, Federal Sales, VMware
2019 DC CyberTalks
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
DOD Enterprise DevSecOps Initiative
Nicolas Chaillan, Chief Software Officer, U.S. Air Force
Deliver your App Anywhere … Publicly or Privately
Developers are increasingly adopting a microservices approach for their apps in order to gain rapid iteration capabilities required for delivering new services faster. However, delivering the App still requires multiple steps such as allocation of virtual IPs, provisioning the front load balancer, configuring firewall rules, configuring a public domain, and DDOS. At present, each of these steps requires coordination across multiple teams with multiple iterations per team. The time efficiencies gained by adopting microservices and cloud-native technologies is negated due to the time taken to deliver the App.
In this session, Pranav Dharwadkar, VP of products at Volterra, and Jakub Pavlik, director of engineering, will help you understand these challenges and introduce a distributed proxy architecture that can alleviate the challenges across different cloud environments. This webinar will include a live demo using a distributed proxy architecture to advertise an App publicly and privately.
In this webinar, you will learn:
The steps required to deliver an App using the current approaches
How a distributed proxy architecture can be used to deliver the app publicly and privately
The operational benefits of a distributed proxy architecture for delivering new services
What's hot (6)
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
Similar to Demo Theater Cider Security
Summer "Tuning" in Jira and DevSecOps
David Eads, Atlassian, presents how to clean and tune your Jira and Confluence instances and Himanshu Chhetri, Addteq, discusses how to implement DevSecOps within your software organization's delivery pipeline.
Microservices the Good Bad and the Ugly
Sildes of an internal talk given at Twitter similar to a previous webinar for Redhat with the same title.
Speeding up development is a key concern, cloud and technology improvements like Docker speed up key steps that make continuous delivery possible. Breaking up the work into many separate microservices and datastores with stable APIs allows teams to make progress independently so that the organization scales. Monolithic apps are preferred for small projects, built by small teams and when very low latency and high efficiency is the primary requirement. Monitoring microservices is currently a challenge with solutions starting to emerge.
Mission Possible: How VMware's Private Cloud Migrated to Jira Service Desk
Imagine you had five years of built functionalities in ServiceNow. Now, imagine your team of five was asked to migrate it all to Jira Service Desk with a full-blown ITILv3 scope in just eight months. Challenge accepted!
Join VMWare’s Dimitar Dimitrov, Manager of Cloud & Productivity Engineering, on his mission of epic proportions to migrate one of the largest private cloud instances to Jira Service Desk. From technology to people, learn how his team architected, designed, and deployed end-to-end service for a multi-service portfolio, how they met ITSM requirements with a lean approach, how partnering with a third party app vendor can help you shave months off your migration timeline and why starting with configuration management sets you up for success. This talk will include practical tips and demos so you can be successful in your own enterprise ITSM migration and beat your timelines.
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGs
Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...
Virtual Reality is set to be one of the most disruptive technologies. Whether you work in Gaming, Construction, Financial Services or even for a Formula1 team, chances are you will be working with VR in the very near future. But current VR architectures are not practical for the Enterprise. So how do you go about building an Enterprise VR platform? How do you deliver solutions like Nvidia Holodeck, integrate with Google Hangouts, leverage infrastructure as code for a consistent user experience? In the session, you’ll get a glimpse at the VR Platform Cisco is building with our partner eBB3
SUGCON: The Agile Nirvana of DevSecOps and Containerization
Sitecore deployments are traditionally relatively expensive due to the technological and architectural limitations. The introduction of a containerized hosting model is a game-changer in the Sitecore DevOps story. It allows DevOps teams to enable delivery security features, and reduce deployment cycles through automation, by activating DevSecOps strategies. This flexibility or cost-efficiency of containerized deployments allows DevOps and engineering teams to focus on and align around business value, rather than being handicapped by the legacy technology and systems. In this session we will walk the attendees through the benefits of a DevSecOps pipeline to IT, development teams, and their business leadership and show what it takes to migrate to the AKS-hosted infrastructure from an on-premise setup. We will present a reference design for an automated DevSecOps pipeline that focuses on security, quality, and speed. The session will cover the learnings from a major healthcare technology and research company that has gone through this shift and highlight the impact they experienced on the infrastructure, solution architecture, DevOps pipeline, processes and internal resources - Infrastructure: we will provide a feature overview of Azure vs AWS as it relates to a containerized Sitecore implementation, covering risks, cons, and pros associated with each and the cost estimation process for AKS. Sitecore Topology: we will cover the steps for changing Sitecore default AKS topology for maximum cost efficiency, and flexibility. DevOps pipeline: we will cover the automation that is required to move towards DevSecOps with environment creation via Infrastructure as Code, disaster recovery, and zero-downtime fully automated deployments to production. Processes and team changes: We will present how the new DevSecOps pipeline will affect internal processes and what internal support team changes are required to continue managing the new infrastructure and release pipeline.
Image Scanning Best Practices for Containers and Kubernetes
DevOps teams are looking to manage security risk without slowing down application delivery. Image scanning is critical to integrate into DevOps, but how can you get started?
Join Sysdig’s security team as they share practical guidance and demonstrate five (5) key steps to adopt in your image scanning workflow. You’ll walk away with a short, impactful checklist and be on your way to a more secure environment. Specifically, you’ll hear:
Key areas where you should embed scanning: CI/CD pipelines, registries, Kubernetes admission controller, Open Policy Agent (OPA)
Do’s and don'ts of selecting an appropriate base OS image
What to look for when scanning your Dockerfile
How to flag vulnerabilities quickly across large multi-cloud Kubernetes deployments
Why customers prefer a SaaS-based scanning solution
ICS Cyber Security Effectiveness Measurement
Presentation about ICS Cybersecurity Effectiveness Measurement on Kaspersky ICS Cybersecurity Conference
Wise Men TIBCO ADF Webinar- 16 October 2014
TIBCO has a broad range of products which are used for developing various types of enterprise solutions such as, EAI, BPM, CEP and MDM. Most of the enterprises follow agile development methodology and need TIBCO applications to be deployed and promoted as quickly as possible while reducing the develop-test-debug-deploy cycle.
Wise Men has the most comprehensive services on the TIBCO platform. We have an “Automated Deployment Framework” that supports most of the frequently used TIBCO products and we have an implementation service for ADF that guarantees the results..
Please join the experts from Wise Men to understand and discover how we can help you save 75% of lifecycle management cost of your TIBCO applications.
Optimize your CI/CD with GitLab and AWS
Building high volume software factories is all about combining workflow and automation functionality to ensure that each application development team is able to repeatedly deliver secure, high quality, feature rich iterations and operate them on scalable, highly available cloud infrastructure.
Attendees will learn how GitLab and Amazon Web Services (AWS) integrate together to provide best of breed development workflows and rock solid cloud application infrastructure.
Overview:
Hard lessons for CI / CD from how Ford automated automobile manufacturing.
GitLab CI / CD is a factory toolkit for software manufacturing.
GitLab CI/CD accelerates time to automation maturity with premade assembly lines and components.
GitLab CI/CD accelerates AppSec (DevSecOps) time to maturity with premade Security assembly lines.
How to have a tortured transformation to software manufacturing.
GitLab rich CI / CD workflows ensure cross-team (Dev, Ops, Sec) collaborative engagement and compliance with change gating controls with auditability.
GitLab CI / CD integrates with AWS infrastructure with multiple possible points of integration.
Steps to Scale Internet of Things (IoT)
Cisco Tech Advantage Webinar. June 4th, 2014
Video: http://youtu.be/RkmMi9qea5Y
IoT is everywhere, from smart meters on houses to parking sensors in the ground – all devices are connected to the Internet. Internet engineers are helping traditional industries solve new industrial world challenges by connecting billions of new devices. An exciting part of the IoT journey is the integration between both worlds: Information Technology (IT) and Operation Technology (OT). For that a systems approach is required to scale the existing Internet infrastructure to accommodate IoT use cases, while making IT technology easy to adopt for OT operators.
In this session you will learn:
IoT infrastructure challenges and the need for open standards and partner ecosystem
Key elements to build large-scale IoT systems as IPv6, access control, plug and play, distributed intelligence and contextual awareness
Introduction to fog computing and advantages of extending cloud computing and services
Looking ahead to the future
Devops security-An Insight into Secure-SDLC
The integration of Security into DevOps is already happening out of necessity. DevOps is a powerful paradigm shift and companies often don’t understand how security fits. Aim of this session is to give an overview of DevOps security and How security can be integrated and automated into each phases of software development life-cycle.
Next Dimension + Cisco Smart Manufacturing
Mike Killian from Cisco was in attendance at Next Dimension to discuss IoT, IT/OT Convergence, and all things Smart Manufacturing. This presentation showcases the impact of Smart Manufacturing strategies as implemented across Cisco's supply chain.
Best Practices for Building Scalable Visibility Architectures
These slides - based on the Webinar and featuring EMA Vice President of Research, Jim Frey, and Ixia Senior Director, Product Management, Scott Register – cover:
•Key goals and objectives of a visibility architecture
•Ways in which Network Visibility Controllers (NVCs) are being used, both today and in the future
•NVC features and capabilities having the broadest impact and delivering the most value
•Architectural and administrative qualities that are making the most difference
•Impact of server and network virtualization technologies on technology and product choices
Active Directory in ICS: Lessons Learned From The Field
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
Similar to Demo Theater Cider Security (20)
Mission Possible: How VMware's Private Cloud Migrated to Jira Service Desk
Mission Possible: How VMware's Private Cloud Migrated to Jira Service Desk
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGs
Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...
Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...
SUGCON: The Agile Nirvana of DevSecOps and Containerization
SUGCON: The Agile Nirvana of DevSecOps and Containerization
Image Scanning Best Practices for Containers and Kubernetes
Image Scanning Best Practices for Containers and Kubernetes
Best Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility Architectures
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
More from DevOpsDays Tel Aviv
YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...
From idea to execution, the challenges of publishing an open source project are very similar to initializing a startup when it comes to creating a successful product that people will love and use.
Most open source projects are not “taking-off”, although they are really good! This is because developers (which are usually the creators of open source projects) think that writing the code is the hard part and “neglect” the other parts of publishing a good open source project.
In this talk, I will use my experience as a contributor to open source and product head of a startup, to go beyond writing the code itself and cover the other central aspects of creating an open source project, like MVP, product/market fit, marketing and more.
GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto
If you have never used GraphQL before, you probably think that it is just another buzzword that will be forgotten in a few years. You might think: “Why do I need to learn a new way to write APIs when REST already answers all my needs?”. Or, you are excited to learn something new but don’t believe GraphQL is mature enough for production.
In this talk, I will remind you of some of the pain points you have probably experienced when using REST. I will then explain what GraphQL is and demonstrate how it solves these pain points. Next, I will discuss the disadvantages of GraphQL. Finally, I will provide some guidelines for choosing between REST and GraphQL. By the end of this talk, you will understand what GraphQL is and when to use it.
MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...
“The International Space Station has been orbiting the Earth for over 20 years. It was not launched fully formed, as a monolith in space. Instead, it is built out of dozens of individual modules, each with a dedicated role - life support, engineering, science, commercial applications and more. Each module (or container) functions as a microservice, adding additional capabilities to the whole. Not only do the modules need to function together, delivering both functional and non-functional capabilities, they were designed, developed and built by different countries on Earth and once launched into space (deployed in multiple different ways), had to work together - perfectly.
Despite the many (minor) reliability issues which have occurred over the decades, the ISS remains a highly reliable platform for cutting edge scientific and engineering research.
In this session I will describe the way the space station was developed and the lessons Site Reliability and DevOps Engineers can learn from it.
THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...
Have you ever felt you took every wrong turn possible in the process of mitigating a production incident? Did you go through a 3-hour hell during incident response and felt the incident wasn’t complex enough to justify the horrors you’ve experienced? Did it cause you to question your engineering or problem-solving skills?
Well, it’s only partially you. Our brain is wired to make decision-making simpler. In doing so, it exposes itself to biases, heuristics, and other quirks that may seem like “bad decisions” in hindsight.
In this talk, through real-life outages, we’ll project those psychological principles onto the world of production monitor, and incident management. As a responder, you’ll learn why those behavioral patterns emerge during production incidents and what can be done to limit their effect, and as a manager, you’ll learn how to enable and encourage a healthy environment to better support those patterns.
PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog
The word observable entered the English language roughly 400 years ago, but the concepts of what it means to see, comprehend, and understand something have been debated since time immemorial. Starting in the 19th century, a series of postulates and criteria coalesced into control theory, and it is from this body of knowledge that we gained the word “observability”. Today, with the advent of complex, interconnected computer systems, that word has taken on new meanings and connotations—some useful, some detrimental, and some just plain confusing.
In this talk, we’ll mix a little history, a touch of philosophy, and a healthy dose of reality, to demystify what observability means to us as professional computer people. We’ll tear through the marketing material and unearth foundational principles that will help us to build better infrastructure, write better software, and promote healthier business practices. Finally, we’ll explore some potential new avenues for discussion and understanding.
NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...
Security people say users are the weakest link. But are they? When complying with security becomes too burdensome, users take shortcuts, find workarounds, and end up jeopardizing security. Blaming users is lazy and easy. Making security usable is time consuming and challenging. How does design research help us understand our customers? What patterns and principles drive secure behavior? How can we build empathy with customers and make the right thing to do the easiest thing to do? This session explores these questions, and provides examples of how design thinking and research can help us be more secure. We will walk through our creation of core user personas, design principles, and how these inform and direct our design choices and intent. Don’t blame your users anymore. Come learn how to be part of a future where usability leads security.
(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG
This is for you, you rockstar, ninja coffee drinking workaholic who doesn’t know what a vacation day looks like. Even though you love your job and are dedicated and are super important, you need a break too.
We tend to think that working all the time is an effective practice while the truth is that finding the time for self care and recharging your batteries is beneficial for both you and your company. Additionally, if you’re a leader, you’re responsible for the wellbeing of your team. In this talk I’ll discuss the importance of taking time off of work and creating a positive culture surrounding vacation time.
BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...
This is a story about taking the cloud infrastructure of a successful company, that is still managed as infrastructure of a startup company, and rebuilding it to support the growing business requirements, especially around disaster recovery and business continuity. In the session I will share Next Insurance’s journey - where we started, where we are now and what we learned on the way so far. I will talk about how we managed to build our proven DR plans, and actually execute them in our DR drills. I will also talk about why we decided that the only way to prove your DR plan works is to continue running your business in the DR account and make it your production account, and go on to build your next DR account. If you are a part of a company that is about to embark on a similar journey, this session might equip you with some very useful insights on how to think about such a challenge, and some very useful and practical tips on how to execute it.
THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security
CI/CD pipelines are quickly becoming the path of least resistance for would-be attackers into sensitive internal systems, gaining access to critical data, with minimal effort.
In the InfoSec world when we talk about CI/CD security often times this focuses on specific aspects of securing your pipeline - scanning the code, protecting secrets, securely managing code deployments, or even authentication and authorization mechanisms, but we rarely talk about all of these together.
After years of being in the trenches and realizing that the attack surface is growing and the threat landscape becoming more and more complex, it has become increasingly apparent that security teams need to adapt and modify strategies to keep up with the new reality of CI/CD protection, without compromising developer velocity.
In this talk I would like to propose a new way of thinking about CI/CD security - that encompasses the three disciplines that comprise CI/CD security - security in the pipeline, of the pipeline, and around the pipeline. Partial coverage of any or all of these disciplines simply will not cut it with the continuously evolving risk landscape. Security engineers need to address each of these aspects in their entirety to provide the full scope of coverage that modern organizations need, and I will take a deep dive on the challenges each introduce, and the approaches and techniques for mitigating them based on adversarial sec research.
THE PLEASURES OF ON-PREM, TOMER GABEL
The last two decades have been all about SaaS, with advantages that cannot be overstated. Except SaaS isn’t always an option, nor is it always the right choice: businesses in tightly regulated industries, or where information security is paramount, for example, will not - often can not - consider any software that isn’t under their control. For many software enterprises, this leads to the dreaded inevitability of on-premise deployment.
Fortunately, the situation today is dramatically different to a scant few years ago, let alone a decade or two: the same technologies that enable SaaS have also radically transformed on-prem deployment. Modern tools like Docker, Consul, ELK and Kubernetes - to name a few - can be leveraged to completely transform the experience for both customers and vendors. In this talk we’ll contrast the challenges and advantages of SaaS and on-prem, see how things have evolved in recent history, and see how modern on-prem deployment can be, if not pleasurable, at least relatively painless.
CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack
Configuration Management is at the core of Ops. It’s the biggest enabler of any compute operation, small and big. In the past decade, we have switched from thinking about the machines we are configuring, to think about the software and services we are controlling. With that change of mindset, so did the tools we are using. Traditional tools like Puppet, chef, salt and Ansible are slowly declining while new tools such as Terraform, Pulumi, Helm and Kustomize are on the rise. In this talk I will try to describe the pain-points and the opportunities of this transformation as well as suggesting a future direction based on tools developed at the big-tech companies (Mainly facebook and google).
SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap
We all know how hard it is to find DevOps engineers, and creating a diverse team despite gender and ethnicity bias? Nearly impossible. At this talk we will show our tools and methods implemented in the Develeap hiring process that overcome this inherited bias.
About 2 years ago we faced a crisis in our DevOps consulting company - the market demand was higher than we could supply. The traditional recruiting process depending on CV and artificial credentials was not working. So we came up with an alternative solution, and since then - we are growing exponentially and diversely. In this talk we will show the practical tools we deployed in order to increase our capacity, and we will show how these tools overcome the inherited bias in the process.
OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...
Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent and collectors.
With the increasing complexity of modern applications, continuous profiling methods and tools are gaining popularity among the Developer and Engineering communities. In this session, we cover what continuous profiling entails and why you should implement a profiler into your tech stack (if you haven’t done so already). We’ll then bring theory to practice and demonstrate a real-life scenario using gProfiler, a free open-source continuous profiling tool, covering Linux servers on multiple architectures (such as Graviton).
HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH
“Being oncall sucks. But it doesn’t have to!” We all heard this one before. Why is it though, that oncall still remains the biggest scar for many? What can a modern Engineering org do to rein the oncall dragons, and actually help people grow as professionals as they go oncall?
In this talk, I will present the main reasons why oncall is difficult in modern orgs, and describe ways to mitigate these hardships. The idea is that oncall is often the ‘backroom’ of an org, where all the technical and organizational debt take their toll. Be it unwieldy systems or broken processes between teams, oncall checks all the ‘weak boxes’. Therefore, the only way to win at oncall is to sort out your debts, starting with the organizational ones.
I will dive into the detail of the oncall rotation at Snyk as the org scaled from 1 to 220 people, what worked well about it, and what was less than perfect. I will discuss the decisions made to turn oncall into a building block of the org, and show a path to rein oncall in your organization as well.
HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB
Github Copilot and tools that help us code better are cool. But I’m lucky if I spend 90 minutes a day writing code. We really need to optimize the hours we spend reviewing code, updating tickets and tracing where our code is deployed. Learn how I save an hour a day streamlining non-coding tasks.
This talk is unique because 99% of developer productivity tools and hacks are about coding faster, better, smarter. And yet the vast majority of our time is spent doing all of this other stuff. After I started focusing on optimizing the 10 hours I spend every day on non-coding tasks, I found I my productivity went up and my frustration at annoying stuff went way down. I cover how to save time by reducing cognitive load and by cutting menial, non-coding tasks that we have to perform 10-50 times every day. For example:
Bug or hotfix comes through and you want to start working on it right away so you create a branch and start fixing. What you don’t do is create a Jira ticket but then later your boss/PM/CSM yells at your due to lack of visibility. I share how I automated ticket creation in Slack by correlating Github to Jira.
You have 20 minutes until your next meeting and you open a pull request and start a review. But you get pulled away half way through and when you come back the next day you forgot everything and have to start over. Huge waste of time. I share an ML job I wrote that tells me how long the review will take so I can pick PRs that fit the amount of time I have.
You build. You ship it. You own it. Great. But after I merge my code I never know where it actually is. Did the CI job fail? Is it release under feature flag? Did it just go GA to everyone? I share a bot I wrote that personally tells me where my code is in the pipeline after it leaves my hands so I can actually take full ownership without spending tons of time figuring out what code is in what release.
FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga
Do you know what it feels like to navigate as someone who can’t distinguish between green and red - looking at those badges that tell you whether something is broken or a-okay? I’ll give you a quick look into what it feels like with some examples from the monitoring tool Icinga Web 2.
We all tend to forget, that not everyone sees the world like we do. In this talk I’ll be walking you through different views in Icinga Web 2 with side-by-side comparisons for the default views and how different kinds of vision impairments affect those. The talks also features a few suggestions on how to improve colour schemes and making websites and webapps better to navigate with screen readers!
(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY
Recent years have exposed startups to a major plague - cloud overspend. No vaccine appears to exist, plethora of tools and consultants fail to stop the bleeding. And yet, some companies manage to stay safe. What makes them different? Is it the tools? Is it the mindset? Is it developer training?
In this session we will examine the cultural factors involved in sound and responsible financial management in the cloud. We will also look at relevant system design elements and product design elements which enable us to spend wisely while our business runs smoothly.
Following this session, you should be better versed in cost-aware system design and some of the cultural and structural requirements to keeping your cloud bill low.
SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io
In every development process there is the question, do we invest enough on quality? Do we need to invest more? Every team knows about the dilemma of how many tests is the right amount of tests we should write. Is 80% test coverage is good enough? Maybe 90%? 100%? Should we invest more time in unit testing? Are we wasting too much time on unit-testing? Should we invest time on a faster rollback mechanism?
WIIFM
“Without data, you’re just another person with an opinion” - W. Edwards Deming
SLO Driven Development is a framework that helps the developers focus on impact and balance of every aspect of the dev process. When working currently with SLI, SLA, SLO and error budget you can learn where to invest in the development process.
Let’s talk about the importance of good SLOs and how they can help us improve our day2day
ONBOARDING IN LOCKDOWN, HILA FOX, Augury
In this talk, I will share do's and don'ts on how to onboard successfully in a remote or hybrid setup including moving to a leadership role, speaking from my own journey onboarding remotely in the midst of a global pandemic.
I will share the tips that worked for me for successful onboarding, how I was able to be productive, impactful, and make a good impression on others. The key issues as an “onbordee” that I will talk about are how to create relationships, make yourself visible in the company, time management, and more.
Since I started working in Augury over 100 new employees have joined the company. Each month I give a session that is part of their general onboarding process. This became a crucial step due to the fact that we are now a hybrid company and a lot of people are onboarding remotely or in a hybrid setup for the first time in their lives.
I joined the company as a backend developer and a few months into my role, the squad leader position in my squad was up for grabs and I was fortunate enough to grab it :) This is my first official leadership role, which I also needed to onboard into in a hybrid setup. I will share the process that I built for myself on “How to lead”. Also, a word or two on the process we built as a squad on how we work in a hybrid setup, what are we optimizing for when we do meet and how to include new members of the team.
DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly
In your ever-changing Infrastructure, some changes are intentional while others are not.
Drift is what happens whenever the real-world state of your infrastructure differs from the state defined in your configuration. This can happen for many reasons, sometimes it happens when adding or removing resources, other times when changing resource definitions upon resource termination or failure, and even when changes have been made manually or via other automation tools.
While Terraform itself can detect drifts, in most cases, you will be informed about it too late: just before you are about to deploy new changes to your infrastructure. What’s interesting about Terraform though, is that you can apply changes in two separate and distinct steps of “Planning” and “Applying”. This means that you have full visibility of what Terraform is planning on doing beforehand, and if you are satisfied with the changes, you can choose to apply them.
So how does this work? When something is changed intentionally, it will appear in the source code, and the Terraform plan will not do anything. However, if any part of the infrastructure has been changed manually, Terraform’s plan will identify this, and alert you to the change. In other words, if your IaC drifted from its expected state, then Terraform’s plan will, in fact, detect it.
Applying this simple solution can empower DevOps and developer velocity, with the reassurance and context for unexpected changes in your IaC, in near real-time. This talk will showcase real-world examples, and practical ways to apply this in your production environments while doing so safely and at the pace of your engineering cycles.
More from DevOpsDays Tel Aviv (20)
YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...
YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...
MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...
MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...
THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...
THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...
PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog
PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog
NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...
NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...
(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG
(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG
BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...
BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...
THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security
THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security
CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack
CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack
SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap
SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap
OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...
OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...
HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH
HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH
HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB
HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB
FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga
FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga
(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY
(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY
DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly
DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly
Recently uploaded
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
DevOps and Testing slides at DASA Connect
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GridMate - End to end testing is a critical piece to ensure quality and avoid...
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
By Design, not by Accident - Agile Venture Bolzano 2024
As presented at the Agile Venture Bolzano, 4.06.2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI support
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Recently uploaded (20)
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Demo Theater Cider Security
- 3. Security is important so why does this happen? Security Team R&D
- 6. Yonatan Krieger | VP R&D Leading Cider Security’s development teams for last year, previously in BigPanda, WalkMe and SearsIL yonatan@cidersecurity.io
- 7. Cider’s Cider’s mission mission To enable Security teams to run at the pace of development: Real Time Visibility Integrate tools such as SAST scanners Complete overview of the CI/CD pipeline security posture
- 8. Cider Cider Demo Demo Complete visibility into the organization’s Technology stack Adding a new integration Incorporating a scanner into the CI/CD pipeline
- 9. Summary Securing CI/CD environment is hard Lots of changes Cider’s platform - reduces friction between R&D teams and Security teams
- 10. Thank you!