This document discusses model-driven automation for enforcing compliance. It begins with an overview of compliance benchmarks and the CIS benchmarks. It then discusses implementing benchmarks, common challenges around configuration drift and lack of visibility, and how to define compliance policy as code. The key points are that automation is essential for compliance at scale; a model-driven approach defines how a system should be configured and uses desired-state enforcement to keep systems compliant; and defining compliance policy as code, managing it with source control, and automating it with CI/CD helps achieve continuous compliance.
SecDevOps is a set of business methodologies, operational procedures, & cultural practices proven to increase security, improve software quality, improve release frequency, & provide immediate insight into organizational exposures.
This presentation was accepted to the ASIA 2018 conference, authored by Thomas Cappetta.
Deep Visibility: Logging From Distributed MicroservicesAaronLieberman5
Visibility into any system is a key component of creating a supportable platform. Without proper logging, support can be costly and inefficient. With the emergence of APIs, microservices, and distributed, decoupled architectures, logging becomes even more important because there are more components that make up a system than ever before. This is beneficial from the standpoint of creating reliable systems, but logging frameworks need to adapt to this architecture because the premise of logging remains the same as it always has: log clear messages that are easy to read with the goal of enhancing visibility into a system.
In this Meetup hosted by Big Compass, we will explore techniques of logging from the typical iPaas or always-on managed system like a custom application on an EC2, and we will balance that with a discussion on logging from serverless microservices such as AWS Lambda also. We’ll walk through a real system we have created and discuss how a logging framework can be created using AWS serverless services to enhance the visibility and supportability of the system.
You will learn:
Common best practices and blind spots of logging
Differences of logging from always-on systems versus serverless services (AWS Lambda)
Successful use cases where logging has been implemented to improve supportability of a system
Who should attend:
IT leaders who want to decrease support cost and have a system visibility pain point
Developers struggling with implementing a robust, highly visible logging solution
Anyone considering using serverless technology for an upcoming implementation
Reasons to attend:
Create a logging framework that garners deep visibility and a great experience for users, no matter the underlying architecture
Scania: A DevOps Journey in an Automotive Enterprise Perforce
DevOps is a software development methodology that emphasizes communication, collaboration, integration and automation. The DevOps movement at Scania is yet in its early stages, but from the very beginning, the Development and Operations teams have been working in close collaboration. I’ll present key takeaways on how best to proceed with implementing a DevOps culture within a large globally dispersed IT department.
Just when you thought DevOps was the new black, along comes SecDevOps. In this webinar, Andrew Storms, Sr. Director of DevOps at CloudPassage and Alan Shimel Co-Founder of DevOps.com will discuss the emerging hybrid role of DevOps and Security. Tune in to hear them cover the following topics and why DevOps should want to play a bigger part in security:
Go beyond the traditional using DevOps tools, practices, methods to create a force multiplier of SecDevOps
Orchestrate and Automate - Deputize everyone to incorporate security into their day to day responsibilities
Examples of security automation, case situations minimizing risk and driving flexibility for DevOps
See how SaaS provider CloudPassage integrates security into its own development and operations workflows
SecDevOps is a set of business methodologies, operational procedures, & cultural practices proven to increase security, improve software quality, improve release frequency, & provide immediate insight into organizational exposures.
This presentation was accepted to the ASIA 2018 conference, authored by Thomas Cappetta.
Deep Visibility: Logging From Distributed MicroservicesAaronLieberman5
Visibility into any system is a key component of creating a supportable platform. Without proper logging, support can be costly and inefficient. With the emergence of APIs, microservices, and distributed, decoupled architectures, logging becomes even more important because there are more components that make up a system than ever before. This is beneficial from the standpoint of creating reliable systems, but logging frameworks need to adapt to this architecture because the premise of logging remains the same as it always has: log clear messages that are easy to read with the goal of enhancing visibility into a system.
In this Meetup hosted by Big Compass, we will explore techniques of logging from the typical iPaas or always-on managed system like a custom application on an EC2, and we will balance that with a discussion on logging from serverless microservices such as AWS Lambda also. We’ll walk through a real system we have created and discuss how a logging framework can be created using AWS serverless services to enhance the visibility and supportability of the system.
You will learn:
Common best practices and blind spots of logging
Differences of logging from always-on systems versus serverless services (AWS Lambda)
Successful use cases where logging has been implemented to improve supportability of a system
Who should attend:
IT leaders who want to decrease support cost and have a system visibility pain point
Developers struggling with implementing a robust, highly visible logging solution
Anyone considering using serverless technology for an upcoming implementation
Reasons to attend:
Create a logging framework that garners deep visibility and a great experience for users, no matter the underlying architecture
Scania: A DevOps Journey in an Automotive Enterprise Perforce
DevOps is a software development methodology that emphasizes communication, collaboration, integration and automation. The DevOps movement at Scania is yet in its early stages, but from the very beginning, the Development and Operations teams have been working in close collaboration. I’ll present key takeaways on how best to proceed with implementing a DevOps culture within a large globally dispersed IT department.
Just when you thought DevOps was the new black, along comes SecDevOps. In this webinar, Andrew Storms, Sr. Director of DevOps at CloudPassage and Alan Shimel Co-Founder of DevOps.com will discuss the emerging hybrid role of DevOps and Security. Tune in to hear them cover the following topics and why DevOps should want to play a bigger part in security:
Go beyond the traditional using DevOps tools, practices, methods to create a force multiplier of SecDevOps
Orchestrate and Automate - Deputize everyone to incorporate security into their day to day responsibilities
Examples of security automation, case situations minimizing risk and driving flexibility for DevOps
See how SaaS provider CloudPassage integrates security into its own development and operations workflows
Microsoft Azure DevOps - The Developers ConferenceLucas Chies
DevOps é uma questão cultural, mas também uma questão de processos que visa a integração do time de Dev com o time de Operações.
Nesta apresentação mostro um pouco de como o DevOps funciona no Azure e como montar um ambiente de trabalho baseado em DevOps com o Visual Studio Online.
As SDN technologies become more mainstream, it is imperative to replicate the success of DevOps techniques from the IT world to bridge the gap that few envisioned in the first place –between the Application/Service and the Network layer.
This presentation made in the DevNet Zone at Cisco Live, San Francisco, 2014.
Presenter - Peter Chestna, Veracode
If you are moving between methodologies, you are probably looking for a roadmap or at least lessons from someone that’s been through it already. Over its 10+ years, Veracode has moved from monolith to microservice and fromwaterfall to DevOps. We have learned a lot along the way and I’m eager to share the story.
As you consider the shift from waterfall to agile, or agile to continuous deployment and eventually DevOps, there is more to think about than just architecture. Peter Chestna, the Director of Developer Engagement at Veracode, led Veracode’s own transition from Waterfall to DevOps and in turn has helped hundreds of customers do the same.
Join us as Peter shares his own case study, how Veracode reengineered its own architecture but more importantly the overall process including team structure, the technologies to build a robust pipeline, security considerations and the cultural shifts required.
The DevOps Playbook: How to Start, Scale, and SucceedPuppet
Over the past few years, Puppet’s annual State of DevOps Report has shown that DevOps practices have a positive impact on business results, improving speed, agility, security, and stability. This link is widely acknowledged; what’s less clear is how to achieve these results.
Our 2018 State of DevOps Report is a prescriptive guide to achieving DevOps success: from building the foundation to scaling across teams. Based on the experiences of over 3,000 survey respondents, we’ve mapped distinct phases of the evolution and the key practices needed to advance to each stage.
In this webinar, the report’s authors discuss findings from the report, the five stages of DevOps evolution, and how they apply to your organization.
Infrastructure as Code Maturity Model v1Gary Stafford
Systematically Evolving an Organization’s Infrastructure . The original version of the IaC Maturity Model. See the latest version here: https://www.slideshare.net/garystafford/how-mature-is-your-infrastructure.
Kubernetes Administration Certification Cost-Register Now(7262008866)Novel Vista
Kubernetes Administration Certification Cost was originally designed by Google and is now maintained by the Cloud Native Computing Foundation. Kubernetes is basically the most popular container orchestration tool available in the market. Classroom training during weekends, Practice tests to make you certification-ready, Virtual & Interactive Training sessions. There is no particular prerequisite for Kubernetes Administrator training as such. Although, a solid understanding of containers, and Docker, in particular, is beneficial.
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...Amazon Web Services
TinyCo is a game studio that powers and monetizes hit titles such as Tiny Village and Tiny Pets. In this session they will share their best practices for developing engaging titles that work across mobile platforms. TinyCo has learned how-to scale their AWS app servers and databases to handle viral demand, and they will talk about what they learned while they were developing their gaming platform and code libraries. Additionally, TinyCo was successful marketing and monetizing their game with the Amazon Appstore and Kindle Fire, and they will explain how-to integrate with Amazon’s in-app purchasing service.
Code-to-Cloud Visibility: An Essential Framework for DevOps SuccessJadeCampbell13
In DevOps we are used to talking about application velocity. But velocity without a framework is short lived and potentially creates more risk than benefit.
Code-to-Cloud visibility is the practice of making sure engineering teams have visibility across the entire SDLC in depth and breadth. With code-to-cloud visibility organizations understand the impact of application development from feature definition to it running in production.
Join Splunker Chris Riley as he explores:
The importance of aligning application visibility with your application tech stack
How to enable code-to-cloud visibility practices
Deeper understanding of DevSecOps, Pipeline Analytics, and Observability
This covers the infrastructure automation Microsoft Azure. It explains different tool set which are clustered around Puppet, and how we can integrate them to bring an automated environment on demand.
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...RightScale
Many organizations are moving toward continuous integration and delivery in order to streamline the application lifecycle and increase quality. RightScale uses cloud-focused continuous integration (CI) and continuous delivery (CD) processes in our development teams to speed new capabilities to market. In this webinar we explore three case studies on how RightScale does CI and CD in the cloud for our own development processes.
Key Topics:
Decode the differences between CI, CD and DevOps
Combine and connect the tools needed for CI and CD
Leverage cloud infrastructure for CI and CD
Overcome challenges on the path to CI and CD
So, what is DevOps exactly?
DevOps is a term for a group of concepts that, while not all new, have catalyzed into a movement and are rapidly spreading.
Like any new and popular term, people have different and sometimes contradictory perceptions of what it is.
Currently, DevOps is more like a philosophical movement, and not yet a precise collection of practices, descriptive or prescriptive (e.g., CMM-I, ITIL, Agile, etc.).
In his book The Phoenix Project, Gene Kim, an important DevOps influencer, describes a model how an IT organization can transition to a DevOps model to facilitate fast, rapid, reliable flow of features into production and, ultimately, into the hands of users.
His model is called the 3 Ways of DevOps.
The 3 ways describe the values and philosophies that frame the processes, procedures, practices of DevOps.
Microsoft Azure DevOps - The Developers ConferenceLucas Chies
DevOps é uma questão cultural, mas também uma questão de processos que visa a integração do time de Dev com o time de Operações.
Nesta apresentação mostro um pouco de como o DevOps funciona no Azure e como montar um ambiente de trabalho baseado em DevOps com o Visual Studio Online.
As SDN technologies become more mainstream, it is imperative to replicate the success of DevOps techniques from the IT world to bridge the gap that few envisioned in the first place –between the Application/Service and the Network layer.
This presentation made in the DevNet Zone at Cisco Live, San Francisco, 2014.
Presenter - Peter Chestna, Veracode
If you are moving between methodologies, you are probably looking for a roadmap or at least lessons from someone that’s been through it already. Over its 10+ years, Veracode has moved from monolith to microservice and fromwaterfall to DevOps. We have learned a lot along the way and I’m eager to share the story.
As you consider the shift from waterfall to agile, or agile to continuous deployment and eventually DevOps, there is more to think about than just architecture. Peter Chestna, the Director of Developer Engagement at Veracode, led Veracode’s own transition from Waterfall to DevOps and in turn has helped hundreds of customers do the same.
Join us as Peter shares his own case study, how Veracode reengineered its own architecture but more importantly the overall process including team structure, the technologies to build a robust pipeline, security considerations and the cultural shifts required.
The DevOps Playbook: How to Start, Scale, and SucceedPuppet
Over the past few years, Puppet’s annual State of DevOps Report has shown that DevOps practices have a positive impact on business results, improving speed, agility, security, and stability. This link is widely acknowledged; what’s less clear is how to achieve these results.
Our 2018 State of DevOps Report is a prescriptive guide to achieving DevOps success: from building the foundation to scaling across teams. Based on the experiences of over 3,000 survey respondents, we’ve mapped distinct phases of the evolution and the key practices needed to advance to each stage.
In this webinar, the report’s authors discuss findings from the report, the five stages of DevOps evolution, and how they apply to your organization.
Infrastructure as Code Maturity Model v1Gary Stafford
Systematically Evolving an Organization’s Infrastructure . The original version of the IaC Maturity Model. See the latest version here: https://www.slideshare.net/garystafford/how-mature-is-your-infrastructure.
Kubernetes Administration Certification Cost-Register Now(7262008866)Novel Vista
Kubernetes Administration Certification Cost was originally designed by Google and is now maintained by the Cloud Native Computing Foundation. Kubernetes is basically the most popular container orchestration tool available in the market. Classroom training during weekends, Practice tests to make you certification-ready, Virtual & Interactive Training sessions. There is no particular prerequisite for Kubernetes Administrator training as such. Although, a solid understanding of containers, and Docker, in particular, is beneficial.
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...Amazon Web Services
TinyCo is a game studio that powers and monetizes hit titles such as Tiny Village and Tiny Pets. In this session they will share their best practices for developing engaging titles that work across mobile platforms. TinyCo has learned how-to scale their AWS app servers and databases to handle viral demand, and they will talk about what they learned while they were developing their gaming platform and code libraries. Additionally, TinyCo was successful marketing and monetizing their game with the Amazon Appstore and Kindle Fire, and they will explain how-to integrate with Amazon’s in-app purchasing service.
Code-to-Cloud Visibility: An Essential Framework for DevOps SuccessJadeCampbell13
In DevOps we are used to talking about application velocity. But velocity without a framework is short lived and potentially creates more risk than benefit.
Code-to-Cloud visibility is the practice of making sure engineering teams have visibility across the entire SDLC in depth and breadth. With code-to-cloud visibility organizations understand the impact of application development from feature definition to it running in production.
Join Splunker Chris Riley as he explores:
The importance of aligning application visibility with your application tech stack
How to enable code-to-cloud visibility practices
Deeper understanding of DevSecOps, Pipeline Analytics, and Observability
This covers the infrastructure automation Microsoft Azure. It explains different tool set which are clustered around Puppet, and how we can integrate them to bring an automated environment on demand.
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...RightScale
Many organizations are moving toward continuous integration and delivery in order to streamline the application lifecycle and increase quality. RightScale uses cloud-focused continuous integration (CI) and continuous delivery (CD) processes in our development teams to speed new capabilities to market. In this webinar we explore three case studies on how RightScale does CI and CD in the cloud for our own development processes.
Key Topics:
Decode the differences between CI, CD and DevOps
Combine and connect the tools needed for CI and CD
Leverage cloud infrastructure for CI and CD
Overcome challenges on the path to CI and CD
So, what is DevOps exactly?
DevOps is a term for a group of concepts that, while not all new, have catalyzed into a movement and are rapidly spreading.
Like any new and popular term, people have different and sometimes contradictory perceptions of what it is.
Currently, DevOps is more like a philosophical movement, and not yet a precise collection of practices, descriptive or prescriptive (e.g., CMM-I, ITIL, Agile, etc.).
In his book The Phoenix Project, Gene Kim, an important DevOps influencer, describes a model how an IT organization can transition to a DevOps model to facilitate fast, rapid, reliable flow of features into production and, ultimately, into the hands of users.
His model is called the 3 Ways of DevOps.
The 3 ways describe the values and philosophies that frame the processes, procedures, practices of DevOps.
DevSecOps - It can change your life (cycle)Qualitest
QualiTest explains how a secured DevOps (DevSecOps) delivery process can be achieved using automated code scan, enabling significant shift left of issues detection and minimizing the time to fix. Whether you are considering DevSecOps, on the path, or already there, this slide is for you.
For more information, please visit www.QualiTestGroup.com
Continuous Delivery presents a compelling vision of builds that are automatically deployed and tested until ready for production.
Most teams aren't there yet. Some never want to go that far. Others want to push the envelope further.
This deck presents a model for scoring yourself on the continuum and examples of how companies can decide what parts of CD to adopt first, later and not at all.
Application Security Testing for a DevOps Mindset Denim Group
The cultural transition to DevOps is coming to organizations, and security teams must learn to adapt or be marginalized. Forward-thinking security teams will use this transition to their advantage and will reap the benefits of better and more frequent security insight into development cycles. By understanding the goals of development teams, security representatives can help to meaningfully include themselves in the development process and provide value through sensible risk management.
Puppet + Diaxon: Getting to the next stage of DevOps evolutionPuppet
During this webinar, we’ll discuss the “how” to help you get started or unstuck, and scale DevOps success across your business.
Join us to see where you are in your evolution, how to get to the next stage, and to dig deeper into key findings like these:
- In a DevOps evolution, there are many paths to success, but many more to failure.
- Start with the practices that are closest to production; then address processes that happen earlier in the software delivery cycle.
- Automating security policy configurations is mission-critical to reaching the highest levels of DevOps evolution.
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
Stratégie, risques liés à l'adoption de l'open source... Comment un modèle de gouvernance fort peut rendre votre parcours open source le plus efficace.
Take your code and quality to the next level by Serena SoftwareSerena Software
Join us to discuss the merits of static analysis and how you can leverage Kiuwan (powered by Optimyth Software) with Dimensions CM to shift –left, and elevate your code quality to the next level.
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
In this session, we will showcase how to revolutionize automated testing for your software, automation, and QA teams with UiPath Test Suite.
In part 1 of UiPath test automation using UiPath Test Suite – developer series, we will cover,
Software testing overview
What is software testing
Why software testing is required
Typical test types and levels
Continuous testing and challenges
Introduction to UiPath Test Suite
UiPath Test Suite family of products
Speaker:
Atul Trikha, Chief Technologist & Solutions Architect, Peraton and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceitSMF UK
In this session, John provided advice on how to put together
sections of various best practice frameworks and ways of
working to best suit your organisational needs.
Automating it management with Puppet + ServiceNowPuppet
As the leading IT Service Management and IT Operations Management platform in the marketplace, ServiceNow is used by many organizations to address everything from self service IT requests to Change, Incident and Problem Management. The strength of the platform is in the workflows and processes that are built around the shared data model, represented in the CMDB. This provides the ‘single source of truth’ for the organization.
Puppet Enterprise is a leading automation platform focused on the IT Configuration Management and Compliance space. Puppet Enterprise has a unique perspective on the state of systems being managed, constantly being updated and kept accurate as part of the regular Puppet operation. Puppet Enterprise is the automation engine ensuring that the environment stays consistent and in compliance.
In this webinar, we will explore how to maximize the value of both solutions, with Puppet Enterprise automating the actions required to drive a change, and ServiceNow governing the process around that change, from definition to approval. We will introduce and demonstrate several published integration points between the two solutions, in the areas of Self-Service Infrastructure, Enriched Change Management and Automated Incident Registration.
Simplified Patch Management with Puppet - Oct. 2020Puppet
Does your company struggle with patching systems? If so, you’re not alone — most organizations have attempted to solve this issue by cobbling together multiple tools, processes, and different teams, which can make an already complicated issue worse.
Puppet helps keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching solution.
Join this webinar to learn how to do the following with Puppet:
Eliminate manual patching processes with pre-built patching automation for Windows and Linux systems.
Gain visibility into patching status across your estate regardless of OS with new patching solution from the PE console.
Ensure your systems are compliant and patched in a healthy state
How Puppet Enterprise makes patch management easy across your Windows and Linux operating systems.
Presented by: Margaret Lee, Product Manager, Puppet, and Ajay Sridhar, Sr. Sales Engineer, Puppet.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
2. Agenda
1. What are compliance benchmarks?
2. Implementing a benchmark in your environment
3. Common Challenges in Compliance Programs
4. Enforcing Compliance with Model-Driven Automation
5. Closing Thoughts
6. 6
CIS Controls
Prescriptive, Prioritized, and Simplified Set of
Cybersecurity Best Practices
• Implementation Group 1
– Every organization starts here – this is the
definition of basic cyber hygiene
• Implementation Group 2
– Moderate resources and expertise
• Implementation Group 3
– Significant resources and expertise
7. 7
CIS Benchmarks
Consensus-developed Secure Configuration
Guidelines
• 100+ CIS Benchmarks
• Prescriptive guidance
• Covering 25+ vendor product families
– Operating Systems, Server Software, Cloud
Providers, Network Devices, Desktop Software
• Community developed
– CIS members, subject matter experts, security
community experts, and technology vendors
11. 11
Implementing the CIS
Benchmarks
• Manual implementation is time consuming
• Automation is essential
• Tools to succeed:
– Assessment
– Remediation/Enforcement
12. 12
Automation and
Compliance
• Automation and compliance go hand in hand
• A model-driven approach allows for the upfront
definition of how a system should be configured
• Use CIS as your gold standard for compliance
• Keep systems automatically and continually compliant
by leveraging desired-state enforcement
17. 17
1 Codify the policy
2 Manage with source control
3 Automate using CI/CD
Define compliance policy as code
18. What is model-driven automation?
The ability to automate adherence to a set of
rules governing system operation and report
on current state
18
19. 19
Automatically
eliminate drift
Manage compliance drift
by relying on automation
to take corrective actions
Assess against the
model
Understand compliance
status and identify issues
Define the model
Specify the model using
code to create the desired
configuration
with model-driven automation
Enforce compliance
1
3 2
20. 20
Closing Thoughts
• The compliance landscape is changing quickly and
becoming more challenging.
• Infrastructure is increasingly complicated, especially
with hybrid environments becoming the norm.
• It would be unreasonable to expect success without
shifting the way you operate.
• There is no way to do this without automation,
especially at the scale of most infrastructure.
• Use Puppet to get you there!