Poorly managed technology can destroy a company according to the document. It lists 10 mistakes to avoid: lack of leadership, lack of a technology risk management framework, lack of partner oversight, lack of portfolio management, lack of service management, lack of recoverability plans, lack of data security, lack of system security, lack of physical security, and lack of access controls. Failing to address these areas could result in stolen data being used against customers, negative press, loss of critical assets, fines, and loss of customer trust in the company's brand. Leadership must ensure these risks are properly managed.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
For an organization to function efficiently it is important to have security controls to ensure the protection of confidentiality, integrity and availability of information and systems. Compliance is the process of ensuring all systems in an organization met a set of predefined specific rules.
In this article we will address the need for compliance automation and how SecPod’s Saner provides enterprises the ability to automate compliance while minimizing time spent on non-compliant state.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
For an organization to function efficiently it is important to have security controls to ensure the protection of confidentiality, integrity and availability of information and systems. Compliance is the process of ensuring all systems in an organization met a set of predefined specific rules.
In this article we will address the need for compliance automation and how SecPod’s Saner provides enterprises the ability to automate compliance while minimizing time spent on non-compliant state.
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
As businesses continue to adopt new cloud and mobile functionality rapidly, we find the
edges of the network even more blurred, and our definitions of data ownership and breach
responsibility continue to evolve. Staffing and training continue to be the foremost challenge
of the modern SOC. This is paving the way to hybrid staffing models and hybrid infrastructures
that require less in-house expertise. As a result, highly skilled security team members can then
be utilized for a more specialized hunt and analytics-focused work.
There is no question this year has been both an exciting and challenging time to be in the field
of cyber security. On one hand, it is disheartening to see the continued decline in the maturity
and effectiveness of security operations, while, on the other, I know that we are in the middle
of an exciting and transformative change in our field. You can feel it. We must go where the
data leads us, and we believe that is to widen our definition of security operations to leverage
analytics, data science, Big Data, and shared intelligence to become more effective in protecting
today’s digital enterprise.
8 Reasons Why You Need A Strategy Management SoftwareCorporater
There are many processes available to tackle your strategic plan, and there are a number of things that need to be done in order to achieve your strategy. For successfully executing strategy, you need a comprehensive platform that supports long and short term planning cycles - both strategic and financial.
Here are 8 reasons why you need to automate the strategy management process using specialized strategy management software.
Learn more about strategy management - http://bit.ly/2N2Tu9Z.
Request free demo - https://www.corporater.com
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/3iSww5L
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
CEO / CXO Architecture - The missing piece in your BI&A architectureCorporater
Most CEOs and CXOs are not happy with the BI&A initiatives. There is an apparent gap between what insights/information the top management needs from IT, and what is delivered. In this presentation, you will get critical insights into what a BI&A architecture should contain in order to close this gap.
This presentation will help you understand the specific core building blocks needed to reach business outcomes, and how the BI&A architecture can serve this purpose – all viewed from a CEO/CXO’s perspective.
Today, the delegation of risk decisions to the IT team
cannot be the only solution and has to be a shared
responsibility. The board and business executives are
expected to incorporate the management of cyber risk
as part of their business strategy since they are
accountable to stakeholders, regulators and
customers. For the CROs, CISOs, and Security and Risk
Management Professionals to be on the same page,
there has to be a single source of truth for
communicating the impact that cyber risk has on
business outcomes, in a language that everyone can
understand.
I'm preparing for the CISSP next week and also speaking for ISACA, so created this deck to help my peers with some concepts that appear in CISM/ CISSP and ITIL practitioner exams
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
Did you know that 63% of data breaches are linked to third party access, and this number is on the rise? This presentation explores the increasing priority of Third Party Risk Management (TPRM) in today’s marketplace. Learn why TPRM should play a critical role in your overall Corporate Risk Management Strategy and best practices for how to implement a successful TPRM program in your own organization.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Definition of the current global market for Managed Security Services (MSSPs) and a guide to those looking to purchase a service in the future. The presentation also touches on the implications of GDPR on the MSS market.
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
As businesses continue to adopt new cloud and mobile functionality rapidly, we find the
edges of the network even more blurred, and our definitions of data ownership and breach
responsibility continue to evolve. Staffing and training continue to be the foremost challenge
of the modern SOC. This is paving the way to hybrid staffing models and hybrid infrastructures
that require less in-house expertise. As a result, highly skilled security team members can then
be utilized for a more specialized hunt and analytics-focused work.
There is no question this year has been both an exciting and challenging time to be in the field
of cyber security. On one hand, it is disheartening to see the continued decline in the maturity
and effectiveness of security operations, while, on the other, I know that we are in the middle
of an exciting and transformative change in our field. You can feel it. We must go where the
data leads us, and we believe that is to widen our definition of security operations to leverage
analytics, data science, Big Data, and shared intelligence to become more effective in protecting
today’s digital enterprise.
8 Reasons Why You Need A Strategy Management SoftwareCorporater
There are many processes available to tackle your strategic plan, and there are a number of things that need to be done in order to achieve your strategy. For successfully executing strategy, you need a comprehensive platform that supports long and short term planning cycles - both strategic and financial.
Here are 8 reasons why you need to automate the strategy management process using specialized strategy management software.
Learn more about strategy management - http://bit.ly/2N2Tu9Z.
Request free demo - https://www.corporater.com
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/3iSww5L
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
CEO / CXO Architecture - The missing piece in your BI&A architectureCorporater
Most CEOs and CXOs are not happy with the BI&A initiatives. There is an apparent gap between what insights/information the top management needs from IT, and what is delivered. In this presentation, you will get critical insights into what a BI&A architecture should contain in order to close this gap.
This presentation will help you understand the specific core building blocks needed to reach business outcomes, and how the BI&A architecture can serve this purpose – all viewed from a CEO/CXO’s perspective.
Today, the delegation of risk decisions to the IT team
cannot be the only solution and has to be a shared
responsibility. The board and business executives are
expected to incorporate the management of cyber risk
as part of their business strategy since they are
accountable to stakeholders, regulators and
customers. For the CROs, CISOs, and Security and Risk
Management Professionals to be on the same page,
there has to be a single source of truth for
communicating the impact that cyber risk has on
business outcomes, in a language that everyone can
understand.
I'm preparing for the CISSP next week and also speaking for ISACA, so created this deck to help my peers with some concepts that appear in CISM/ CISSP and ITIL practitioner exams
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
Did you know that 63% of data breaches are linked to third party access, and this number is on the rise? This presentation explores the increasing priority of Third Party Risk Management (TPRM) in today’s marketplace. Learn why TPRM should play a critical role in your overall Corporate Risk Management Strategy and best practices for how to implement a successful TPRM program in your own organization.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Definition of the current global market for Managed Security Services (MSSPs) and a guide to those looking to purchase a service in the future. The presentation also touches on the implications of GDPR on the MSS market.
Funding Your Startup 101 - M.A. Fashion Entrepreneurship & Innovation Lecture...Nina Faulhaber
Lecture on the basics of startup financing: Reasons why, investor types, how investors and specifically VC funds like ourselves think and how to prepare a pitch. Ending with a few slides on trends in Fashion Tech.
www.thisisaday.com
What goes into a useful set of financial projections for a startup? How do you go about building a set of projections that meet your needs and best position you for success?
Tom Schryver, Visiting Lecturer of Management at Cornell University, provides an overview of financial modeling and planning principles for startups. This session includes:
• How different reviewers of these projections look at them, and what they look for
• A high level overview of how to construct a set of projections
• How to break down the components of financial projections into actionable blocks
300 slideshares that entrepreneurs must readEric Tachibana
When you become an entrepreneur, you accept the reality that you will need to have a deep amount of knowledge about a broad range of management and leadership topics (and the most efficient way to empty trash bins too).
There is a vast amount of free and amazing material online to help you (especially on slideshare).
This deck hopes to make your search for that information a bit faster!
Avoid these 10 mistakes in your internal communications strategyVing
An effective internal communications strategy is crucial to your financial bottom line. Effective communicators and increased profits are directly related. Here are 10 mistakes you should avoid so you can stop sabotaging the way you communicate.
Roadmap to SAP® Security and Compliance | SymmetrySymmetry™
Executives often view security and compliance management with a mixture of confusion and dread. The tragedy is that compliance rules are designed to protect your assets, security, clients and reputation. When they use the threat of civil and criminal liability, it’s primarily to get you to do things you should be doing anyway. But to benefit from compliance, you need to understand how it’s structured, and how it fits into your SAP landscape and your business as a whole.
INFRAGARD 2014: Back to basics securityJoel Cardella
This talk focuses on getting Back To Basics with security controls. Too many enterprises are focusing on the wrong threats and spending money in the wrong places. Often overlooked are our basic security controls that require care and feeding, and regular review. This talk focuses on a few of those areas.
CCI training helps IT job applicants develop exceptional analytical, organizational, investigational and problem-solving skills organizations need. https://blog.ccitraining.edu/secure-your-career-shift-with-computer-security-training
5 Steps to an Effective Vulnerability Management ProgramTripwire
Revelations about recent breaches have certainly put the question to security professionals across the world, “What can I do to prevent an attack from happening?” Current threats are complicated and driven by highly motivated adversaries.
You can’t defend what you don’t know. This can be a big challenge when it comes to network visibility. Many organizations don’t have a true sense of all that is on their network. Network situational awareness represents the foundation of comprehensive vulnerability management.
In this informative webcast, Tripwire and Lumeta provide insight on how to:
-Identify and fingerprint more assets in your environment
-Ensure greater coverage for scanning devices on your network, including BYOD
-Compile a proper and complete inventory of assets, even those that are unused
-Intelligently prioritize vulnerabilities
-Effectively reduce risk on critical systems
Link to Youtube video: https://youtu.be/OJMqMWnxlT8
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Threat Modeling(system+ enterprise)
What is Threat Modeling?
Why do we need Threat Modeling?
6 Most Common Threat Modeling Misconceptions
Threat Modelling Overview
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
Threat Modeling Approaches
Threat Modeling Methodologies for IT Purposes
STRIDE
Threat Modelling Detailed Flow
System Characterization
Create an Architecture Overview
Decomposing your Application
Decomposing DFD’s and Threat-Element Relationship
Identify possible attack scenarios mapped to S.T.R.I.D.E. model
Identifying Security Controls
Identify possible threats
Report to Developers and Security team
DREAD Scoring
My Opinion on implementing Threat Modeling at enterprise level
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
An accountant is a valuable asset to any organization. He or she is a professional who performs accounting functions. Accounting is not only confined to tax and financial matters as per what people generally think.
What is Cyber Security
What is Cyber Threat and Threat Landscape
Is Cybersecurity an IT Problem? It’s a human Problem
Role of a CFO
Well accepted Cybersecurity Frameworks and common Themes
SOC (Service Organization Control) and SOC for Cybersecurity
Recommended risk mitigation strategies for the weakest links of the Cybersecurity chain
Key Takeaways
Best Practices
Grow Up! Evaluating and Maturing Your SOC using MITRE ATT&CKMITRE ATT&CK
From ATT&CKcon 4.0
By Lauren Brennan, GuidePoint Security
Evaluating the maturity of your security operations program can be complex and challenging. From choosing the right framework to use, to understanding all aspects of how people, processes, and technologies can cohesively operate to grow your SOC, evaluating your security operations is crucial. This presentation will discuss how to evaluate your security operations program using the MITRE ATT&CK framework and talk about best practices for evaluations. We will explore how to identify gaps in your operations and improve your overall security posture with foundational activities. Attendees can expect to learn practical tips for leveraging the MITRE framework as well as actionable takeaways for evaluating and improving their own security operations.
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
As a CISO, you have been asked why you can't just trust your employees to do the right thing. What benefit to the business comes from technical security controls? You have likely been asked to reduce risk and action every funded project at once. In this session, we will realistically consider which projects can reduce risk most quickly, which layers of security are most important, and how things like privilege management, vulnerability control, over-communicating, and simply reducing the attack surface can bring peace of mind and actual direct improvements to your information security posture.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Similar to Extreme risk - how bad tech mgmt destroys firms (20)
This is the slide deck that goes along with this video: https://www.linkedin.com/pulse/business-idea-validation-7vs-simple-algebra-models-eric-tachibana
Warning: I don't think the slides make much sense without watching the video :)
This was a workshop done for the DBS Hotspot Accelerator program. The intent is to provide guardrails for new accelerator mentors who may have never mentored start-up teams and want to learn from all my many mistakes.
An Intro to the Financial Services IndustryEric Tachibana
The Financial Service Industry is one of the most attractive industries to target if you are a consultant. However, when selling into, or delivering for, Financial Services Institutions (FSIs), it is useful to have some understanding of how FSI business models work, and the unique requirements that drive their IT strategies.This deck is a living document that hopes to act as a primer for consultants who need to support FSI clients, but who may not have prior experience in the sector.
Making the most of your start up mentor workshop - dbs hotspot acceleratorEric Tachibana
This is a workshop for DBS Bank HotSpot Accelerator Program. It was built to help start-up founders select the right program mentor and get them off to an effective start!
Rethinking Annual Performance as WorkshopsEric Tachibana
Each year millions of line managers do performance reviews with each member of their team. Reviews are tricky, risky, and difficult to run as structured conversations, which is how they have always been run. This deck proposes that managers replace conversations with workshops, which are easier to run, generate more insights, and less likely to cause bad feelings as focus turns from attack-defend to collaborative problem solving.
This deck hopes to help workshop facilitators up their game. It argues that presentations are less effective than workshops as a means of teaching adults and gives some ideas of how to convert presentations into workshops
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
3. you might have to stop doing business altogether
stolen data can be used against your customers
the press may have a field day on you
it will be even worse in social media
you could lose critical assets
employees or directors could go to jail
competitors may learn your secrets
you may have to pay fines
the trust you've built into your brand may disappear
IT can be extremely complex & opaque, may require
4. and just cause you’re a
small, nimble start-up does
not give you license to be
sloppy (especially if you
hope to pass exit due
diligence)
5. here are 10 obvious, but
common, mistakes to
avoid…
7. LACK LEADERSHIP
Leadership must
understand the strategic
importance of technology
risk management
They must also be involved
with decision-making and
communicate like crazy
MISTAKE
8. LACK LEADERSHIP
Leadership must put in place a
technology risk management
(TRM) framework that includes
the right culture, policies,
standards (enterprise
requirements), & control
procedures
They must also be responsible
for communications & the
quality of firm wide execution
MISTAKE
13. LACK LEADERSHIP
Line managers must be
engaged & accountable for
TRM
TRM must not be seen as
red tape. It must be seen as
a core job function of a
technology manager (and
disciplined/rewarded as
such)
MISTAKE
15. LACK TRM FRAMEWORK
ATRM Framework must
protect data & IT assets from
unauthorized access or
disclosure, misuse, and
fraudulent modification
MISTAKE
16. LACK TRM FRAMEWORK
ATRM Framework must
ensure data confidentiality,
system security, reliability,
resiliency, & recoverabilityMISTAKE
19. LACK TRM FRAMEWORK
ATRM Framework must
identify & assess impact and
likelihood of operational &
emerging risk including internal
& external networks, hardware,
software, interfaces, operations,
and human resources
The firm must also have a
mechanism to identify risk
trends externally
MISTAKE
20. LACK TRM FRAMEWORK
ATRM Framework must
methodically & regularly
inventory and prioritize risks,
controls, exceptions, and
gaps
MISTAKE
23. LACK PARTNER OVERSIGHT
IT provided or supported by
partners must be in scope &
leadership must fully
understand outsourcing risks
Outsourced IT infrastructure is
still part of your TRM. You
can’t wash your hands of it
* Provision or support includes system development and
support, DC ops, network admin, BCP, hosting / cloud
and can involve one or more parties in or out of country
MISTAKE
24. LACK PARTNER OVERSIGHT
Proper due diligence must
ensure viability, capability,
reliability, & stability of
vendorsMISTAKE
25. LACK PARTNER OVERSIGHT
Written contracts must define
expected risk-related service
levels, roles, obligations, &
control processes in detail
They must also be reviewed
regularly
* For example, performance targets, service levels,
availability, reliability, scalability, compliance, audit,
security, contingency planning, disaster recovery and
backup
MISTAKE
26. LACK PARTNER OVERSIGHT
A Service Level Management
Framework such as the IT
Infrastructure Library (ITIL)
must ensure continuing,
monitored controls
compliance
MISTAKE
27. LACK PARTNER OVERSIGHT
An exit / backup plan must be
in place to switch partners if
required
MISTAKE
29. LACK PORTFOLIO MGMT
The entire technology
portfolio/platform must be
managed through it's
lifecycle
The business must be
engaged with portfolio
strategy as a key
stakeholder
MISTAKE
30. LACK PORTFOLIO MGMT
Enterprise architecture
strategy must be supported
by accurate & accessible
MIS and asset management
data
MISTAKE
32. LACK PORTFOLIO MGMT
A professional Project /
Change Management
Framework like Project
Management Body Of
Knowledge (PMBOK) or ITIL
must guide change from
current to target
MISTAKE
33. LACK PORTFOLIO MGMT
A professional Quality
Management program
should ensure quality of
build and operate
For example, a documented
software development
lifecycle (SDLC) should
effectively guide
development & code quality
MISTAKE
41. LACK RECOVERABILITY
The firm needs a realistic,
business-prioritized,
strategically-aligned & simple
business continuity plan
(BCP) that ensures reliability,
performance, scalability,
availability, and recoverability
MISTAKE
42. LACK RECOVERABILITY
The BCP should identify
critical systems (those that
must not go down) as well as
recovery point objectives
(RPO) and recovery time
objectives (RTO) to guide
restoration service levels
MISTAKE
43. LACK RECOVERABILITY
The disaster recovery plan
should cover multiple
scenarios, expose
dependencies, & be tested
regularly
MISTAKE
44. LACK RECOVERABILITY
Backup management must
ensure that IT assets can be
recovered as soon as
required, depending on
priority & that dependencies
are understood
MISTAKE
47. LACK DATA SECURITY
You must protect data,
hardware, software, and
networks from accidental or
intentional unauthorized
access or tampering by
internal or external parties
MISTAKE
48. LACK DATA SECURITY
You must identify levels of
data sensitivity and ensure
escalating levels of
protection based upon the
significance / priority of risk.
MISTAKE
49. LACK DATA SECURITY
You must have end-to-end
data protection such as
encryption when you are
dealing with confidential data
Your controls / standards
must be in force wherever
your data is stored or
transmitted
MISTAKE
50. LACK DATA SECURITY
You must properly dispose
of assets that hold
confidential data
MISTAKE
51. LACK DATA SECURITY
You must have a
mechanism to monitor
security & react as required
MISTAKE
53. LACK SYSTEM SECURITY
You must protect data,
hardware, software, and
networks from accidental or
intentional unauthorized
access or tampering by
internal or external parties
MISTAKE
54. LACK SYSTEM SECURITY
You must identify levels of
sensitivity & ensure escalating
levels of protection based
upon the significance / priority
of risk
MISTAKE
55. LACK SYSTEM SECURITY
You must ensure that IT
assets are patched as
required
You must ensure that IT
assets are migrated out of
production before End-of-Life
or End-of-Service
MISTAKE
56. LACK SYSTEM SECURITY
You must deploy the right
level of network security
(including anti-virus) across
operating systems, network
devices, databases, and
enterprise mobile devices
MISTAKE
57. LACK SYSTEM SECURITY
Key points in the
infrastructure (perimeter &
internal as required) must be
protected through intrusion
detection & prevention tools
such as firewalls
MISTAKE
58. LACK SYSTEM SECURITY
You must test security using
vulnerability assessment &
penetration testing regularly
MISTAKE
59. LACK SYSTEM SECURITY
You must have a mechanism
to monitor security and react
as required
MISTAKE
61. LACK PHYSICAL SECURITY
You must protect data,
hardware, software, and
networks from accidental or
intentional unauthorized
access or tampering by
internal or external parties
MISTAKE
62. LACK PHYSICAL SECURITY
You must identify levels of
sensitivity & ensure
escalating levels of protection
based upon the significance /
priority of risk
MISTAKE
64. LACK PHYSICAL SECURITY
You must implement
appropriate physical security
such as need-to-access-only
requirements & security /
surveillance systems
MISTAKE
65. LACK PHYSICAL SECURITY
Critical resources such as air,
water, power fire
suppression, &
communications should be
redundant where required
MISTAKE
67. LACK ACCESS CONTROLS
For critical / sensitive systems
an individual must not be
granted access alone (never-
alone principle)
MISTAKE
68. LACK ACCESS CONTROLS
The transaction process
should prevent a single person
from initiating, approving, and
executing by themselves
(segregation of duties)
Job rotation is recommended
for sensitive functions
MISTAKE
70. LACK ACCESS CONTROLS
Access should be logged and
access rights should be easy
to review & modify as access
rights change naturally over
time
MISTAKE
71. LACK ACCESS CONTROLS
There must be separate
environments for
development, testing, and
production with controlled
access to production where
production access is limited
and governed by segregation
of duties
MISTAKE
72. SHARE THIS DECK
& FOLLOW ME(please-oh-please-oh-please-oh-please)
stay up to date with my future
slideshare posts
http://www.slideshare.net/selenasol/presentations
https://twitter.com/eric_tachibana
http://www.linkedin.com/pub/eric-tachibana/0/33/b53
74. CREATIVE COMMONS ATTRIBUTIONS & REFERENCES
Title Slide: http://www.flickr.com/photos/23754017@N08/
Dude Slide: http://www.flickr.com/photos/karen_od/
Ewok Slide: http://www.flickr.com/photos/daviddurantrejo/
Leadership Slide: http://www.flickr.com/photos/daviddurantrejo/
Tech Risk Mgmt Slide: http://www.flickr.com/photos/daviddurantrejo/
Partner Oversight Slide: http://www.flickr.com/photos/daviddurantrejo/
Service Mgmt Slide: http://www.flickr.com/photos/gageskidmore/
Portfolio Mgmt Slide: http://www.flickr.com/photos/fotomaf/
Recoverability Slide: http://www.flickr.com/photos/karen_od/
Data Security Slide: http://www.flickr.com/photos/daviddurantrejo/
System Security Slide: http://www.flickr.com/photos/daviddurantrejo /
Physical Security Slide: http://www.flickr.com/photos/fotomaf/
Access Controls Slide: http://www.flickr.com/photos/daviddurantrejo/
http://www.mas.gov.sg
http://www.isaca.org
http://coso.org/guidance.htm
http://www.itil-officialsite.com
http://www.pmi.org
Please note that all content & opinions expressed in this deck are my own and don’t necessarily
represent the position of my current, or any previous, employers