Ralph Lloren discusses social engineering and AI chatbots. He defines social engineering as gathering data about a system or framework to find vulnerabilities and then exploiting or healing gaps. He explains how biases, emotions, and behaviors can be manipulated in social engineering. Ralph also discusses how communication with chatbots, like ChatGPT, requires understanding human patterns of intellect, emotions, and behaviors to have effective conversations.
Lessons Learned in Automated Decision Making / How to Delay Building SkynetSounil Yu
There is much talk of topics like artificial intelligence, machine learning, and automation within the security industry. We are led to believe that these capabilities will revolutionize our security practices. However, we need to be conscious of the limits of these capabilities before we entrust them with matters of importance. To understand the limits, we need to understand what each of these capabilities really mean and how they fit together. Unfortunately, most people combine these capabilities and use the terms almost interchangeably. Doing so is dangerous and can create unintended consequences.
Presentation discusses scientific method, common pitfalls of social media experiments. Defines some terms, shows neat tools, tries to move discussion forward.
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
The weakest link in the security chain is often between the keyboard and the chair. People are a problem. We have a natural instinct as humans to trust someone's word. Although various technical means have been developed to cope with security threats, human factors have been comparatively neglected.
Once you put a human in a security chain, you have a weakness. That problem should be addressed by security practitioners, not every member of an organization. Very few would disagree that social engineering is the the most common and least challenging way to compromise an organization, but most accept the notion that there isn't much they can do about it. False!
This talk will focus on the psychological, technical, and physical involvement of social engineering, and also look at how we can remove the human element of the human problem. We will explore what organizations are doing wrong, also the processes and technical controls that can be put in place to achieve a strong social engineering defense.
We'll template a solution that can be customized. What will really help? What is the truth? What if we don't want to surrender our organization to social engineers?
Almost 70 years since the first computer bug was discovered, there has been decades of research done on Information Security theory and practice. Yet, despite vast amounts of money being spent, innumerable academic papers, mainstream media obsession, and entire industries being formed, we are left with the impression that the risk is growing, not receding. Why? Some argue a lack of data, but data clearly exists. We’re likely generating it, in some areas, faster than humans will ever be able to process it. Perhaps, after all of this effort, we’ve managed to box ourselves into metaphors and first principles that might be inappropriately constraining how we think about “Information Security Risk”. In fact, it’s worth noting that we can’t even agree if there is a space between “Cyber” and “Security” when it’s written out. This talk will take an anecdotal look at “Information Security Risk”, “What IS Cyber Security?”, and use that perspective to suggest areas of research that are either lacking or should be made more accessible to the markets, industries, and individuals driving risk management change. In an industry filled with data, perhaps an examination of empty space might be helpful.
All systems fail; there is no system without flaw. Each connection and dependency exposes the flaws to potential accidents and adversaries, resulting in system failure. Unknown flaws represent potential risks to public safety and human lives. Security research explores new systems reveal these flaws. But research alone does not deliver safer systems.
Recent stunt hacks have left us with a hangover. As the media hype dies down, the publicity bubble is replaced by a vacuum that calls for action. In the absence of a clear, technically literate direction, this vacuum is exposed to opportunists with an agenda, push a product, or perpetuate the situation. That is not the result this research deserves.
This presentation will pick up where most security research leaves off, and sketch a roadmap to resolution. We consider the road forward to be our group of volunteers, "I am the Cavalry", working together to promote and encourage not repeating the same mistakes that we've been making in enterprise security the last 30 odd years. I am the Cavalry is about collaboration between researchers, thinkers, lawyers, lawmakers and vendors/producers of connected devices to make devices worthy of our trust
Bio:
Claus Cramon Houmann
I am the Cavalry member
Former Head of IT at a small Bank in Luxembourg
Community Manager at Peerlyst
Independent Consultant in IT / Information Security
Addicted to Infosec
Lessons Learned in Automated Decision Making / How to Delay Building SkynetSounil Yu
There is much talk of topics like artificial intelligence, machine learning, and automation within the security industry. We are led to believe that these capabilities will revolutionize our security practices. However, we need to be conscious of the limits of these capabilities before we entrust them with matters of importance. To understand the limits, we need to understand what each of these capabilities really mean and how they fit together. Unfortunately, most people combine these capabilities and use the terms almost interchangeably. Doing so is dangerous and can create unintended consequences.
Presentation discusses scientific method, common pitfalls of social media experiments. Defines some terms, shows neat tools, tries to move discussion forward.
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
The weakest link in the security chain is often between the keyboard and the chair. People are a problem. We have a natural instinct as humans to trust someone's word. Although various technical means have been developed to cope with security threats, human factors have been comparatively neglected.
Once you put a human in a security chain, you have a weakness. That problem should be addressed by security practitioners, not every member of an organization. Very few would disagree that social engineering is the the most common and least challenging way to compromise an organization, but most accept the notion that there isn't much they can do about it. False!
This talk will focus on the psychological, technical, and physical involvement of social engineering, and also look at how we can remove the human element of the human problem. We will explore what organizations are doing wrong, also the processes and technical controls that can be put in place to achieve a strong social engineering defense.
We'll template a solution that can be customized. What will really help? What is the truth? What if we don't want to surrender our organization to social engineers?
Almost 70 years since the first computer bug was discovered, there has been decades of research done on Information Security theory and practice. Yet, despite vast amounts of money being spent, innumerable academic papers, mainstream media obsession, and entire industries being formed, we are left with the impression that the risk is growing, not receding. Why? Some argue a lack of data, but data clearly exists. We’re likely generating it, in some areas, faster than humans will ever be able to process it. Perhaps, after all of this effort, we’ve managed to box ourselves into metaphors and first principles that might be inappropriately constraining how we think about “Information Security Risk”. In fact, it’s worth noting that we can’t even agree if there is a space between “Cyber” and “Security” when it’s written out. This talk will take an anecdotal look at “Information Security Risk”, “What IS Cyber Security?”, and use that perspective to suggest areas of research that are either lacking or should be made more accessible to the markets, industries, and individuals driving risk management change. In an industry filled with data, perhaps an examination of empty space might be helpful.
All systems fail; there is no system without flaw. Each connection and dependency exposes the flaws to potential accidents and adversaries, resulting in system failure. Unknown flaws represent potential risks to public safety and human lives. Security research explores new systems reveal these flaws. But research alone does not deliver safer systems.
Recent stunt hacks have left us with a hangover. As the media hype dies down, the publicity bubble is replaced by a vacuum that calls for action. In the absence of a clear, technically literate direction, this vacuum is exposed to opportunists with an agenda, push a product, or perpetuate the situation. That is not the result this research deserves.
This presentation will pick up where most security research leaves off, and sketch a roadmap to resolution. We consider the road forward to be our group of volunteers, "I am the Cavalry", working together to promote and encourage not repeating the same mistakes that we've been making in enterprise security the last 30 odd years. I am the Cavalry is about collaboration between researchers, thinkers, lawyers, lawmakers and vendors/producers of connected devices to make devices worthy of our trust
Bio:
Claus Cramon Houmann
I am the Cavalry member
Former Head of IT at a small Bank in Luxembourg
Community Manager at Peerlyst
Independent Consultant in IT / Information Security
Addicted to Infosec
Using big data and implementing hadoop is a trend that people jump all to quickly to. Instead understanding the run time complexity of one's algorithms, reducing said complexity and managing the process from start to finish in a lean and agile way can yield massive cost savings - or save your organization.
My public presentation as delivered to the Public Interest Declassification Board (PIDB) trying to determine the best way to declassify and release over 400M classified documents.
Common themes in cyber attacks and what they mean for defenders' presentation...APNIC
Common themes in cyber attacks and what they mean for defenders' presentation by Adli Wahid for Cyberdefcon Bangladesh held on 21 January in Lakeshore Gulshan, Bangladesh.
Slides from International Journalism Festival 2023, AI and Disinformation panel. Here the video https://www.journalismfestival.com/programme/2023/ai-and-disinformation
An Introduction To IT Security And Privacy In LibrariesBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library
I’ve Been Hacked The Essential Steps to Take NextBrian Pichman
Description: It happens. A place you shop at frequently gets its data stolen. Someone was able to get access to one of your accounts. Or a system you manage gets compromised. Either way, it is important to be prepared ahead of time before the worst happens. Join Brian Pichman as he helps you put a proactive plan in place and what to do after you or your organization has been hacked.
Principles of Health Informatics: Informatics skills - searching and making d...Martin Chapman
Principles of Health Informatics: Informatics skills - searching and making decisions. Last delivered in 2023. All educational material listed or linked to on these pages in relation to King's College London may be provided for reference only, and therefore does not necessarily reflect the current course content.
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docxmonicafrancis71118
CIS490 Lab 1: Social Engineering Audit
Social engineering attacks are the most prevalent types of attacks against IT systems. This is primarily due to the fact that they directly attack the weakest link in any IT system…the users. While there are many ways to lock down, or secure data residing on a computer or other device, securing data held in the brains of users is difficult to secure for a number of reasons. People have the ability to reason and even redefine rules, while computers do not. If you tell a computer to not allow access to a particular file by a particular user, the computer will do just that. However, a human can be tricked into giving up all sorts of information, often without even knowing that they have done so.
For this lab, you will conduct a social engineering audit on various social media websites. Almost every social engineering attack begins with the collection of data. The aim of collecting this data is to discover ways in which the target of the attack can be tricked into giving up potentially valuable information. This initial data can take many forms: birth dates, addresses, user names, pictures, phone numbers, names of co-workers or relatives, and much more. Often times this seemingly innocent data can be used to either directly impersonate someone the target trusts, or to build a collection of data which can be used to know more about the movements, personality, or general life of the target.
This lab has two parts, as described below:Part 1: Gathering data
To accomplish this part of the lab, you will access some social media sites of your choice. Obviously Facebook is a veritable treasure trove of personal data. However, there are many others like Flickr, Twitter, YouTube, LinkedIn, and Instagram, which you might also consider. Locate data posted by or about users (they could be friends and family, or people you don’t know) which you feel could be exploited in a social engineering attack. This data can consist of many different things, but should pose a potential security risk for the user, or others. For example, my sister-in-law recently posted a baby shower invitation on Facebook to all her friends. Since my sister-in-law is a heavy Facebook user, the invitation was undoubtedly viewed by many people my sister-in-law does not even know. A baby shower invitation might not seem like a big deal, but think about what it contained. My sister-in-law’s home address for sending gifts for non-attenders. A time frame when she will not be home (because she will be away at the shower), and the address of where she will be during that time. Do you see the potential security problem here? This is only one of many examples I see on social media sites all the time.Part 2: The analysis
After you have gathered data from various social media sites which you feel could be used in an attack, you will conduct an analysis of your OWN social media accounts. Look at the types of data you felt were potentially d.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
More Related Content
Similar to GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
Using big data and implementing hadoop is a trend that people jump all to quickly to. Instead understanding the run time complexity of one's algorithms, reducing said complexity and managing the process from start to finish in a lean and agile way can yield massive cost savings - or save your organization.
My public presentation as delivered to the Public Interest Declassification Board (PIDB) trying to determine the best way to declassify and release over 400M classified documents.
Common themes in cyber attacks and what they mean for defenders' presentation...APNIC
Common themes in cyber attacks and what they mean for defenders' presentation by Adli Wahid for Cyberdefcon Bangladesh held on 21 January in Lakeshore Gulshan, Bangladesh.
Slides from International Journalism Festival 2023, AI and Disinformation panel. Here the video https://www.journalismfestival.com/programme/2023/ai-and-disinformation
An Introduction To IT Security And Privacy In LibrariesBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library
I’ve Been Hacked The Essential Steps to Take NextBrian Pichman
Description: It happens. A place you shop at frequently gets its data stolen. Someone was able to get access to one of your accounts. Or a system you manage gets compromised. Either way, it is important to be prepared ahead of time before the worst happens. Join Brian Pichman as he helps you put a proactive plan in place and what to do after you or your organization has been hacked.
Principles of Health Informatics: Informatics skills - searching and making d...Martin Chapman
Principles of Health Informatics: Informatics skills - searching and making decisions. Last delivered in 2023. All educational material listed or linked to on these pages in relation to King's College London may be provided for reference only, and therefore does not necessarily reflect the current course content.
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docxmonicafrancis71118
CIS490 Lab 1: Social Engineering Audit
Social engineering attacks are the most prevalent types of attacks against IT systems. This is primarily due to the fact that they directly attack the weakest link in any IT system…the users. While there are many ways to lock down, or secure data residing on a computer or other device, securing data held in the brains of users is difficult to secure for a number of reasons. People have the ability to reason and even redefine rules, while computers do not. If you tell a computer to not allow access to a particular file by a particular user, the computer will do just that. However, a human can be tricked into giving up all sorts of information, often without even knowing that they have done so.
For this lab, you will conduct a social engineering audit on various social media websites. Almost every social engineering attack begins with the collection of data. The aim of collecting this data is to discover ways in which the target of the attack can be tricked into giving up potentially valuable information. This initial data can take many forms: birth dates, addresses, user names, pictures, phone numbers, names of co-workers or relatives, and much more. Often times this seemingly innocent data can be used to either directly impersonate someone the target trusts, or to build a collection of data which can be used to know more about the movements, personality, or general life of the target.
This lab has two parts, as described below:Part 1: Gathering data
To accomplish this part of the lab, you will access some social media sites of your choice. Obviously Facebook is a veritable treasure trove of personal data. However, there are many others like Flickr, Twitter, YouTube, LinkedIn, and Instagram, which you might also consider. Locate data posted by or about users (they could be friends and family, or people you don’t know) which you feel could be exploited in a social engineering attack. This data can consist of many different things, but should pose a potential security risk for the user, or others. For example, my sister-in-law recently posted a baby shower invitation on Facebook to all her friends. Since my sister-in-law is a heavy Facebook user, the invitation was undoubtedly viewed by many people my sister-in-law does not even know. A baby shower invitation might not seem like a big deal, but think about what it contained. My sister-in-law’s home address for sending gifts for non-attenders. A time frame when she will not be home (because she will be away at the shower), and the address of where she will be during that time. Do you see the potential security problem here? This is only one of many examples I see on social media sites all the time.Part 2: The analysis
After you have gathered data from various social media sites which you feel could be used in an attack, you will conduct an analysis of your OWN social media accounts. Look at the types of data you felt were potentially d.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
It's important to remember that accessing the dark web can be risky and requires specialized skills and tools. Many organizations leverage threat intelligence companies that have a safe and legal way to monitor these areas and extract valuable information.
Let's shine some light on the Dark Web.
Kyle Hettinger from Recorded Future's Dark Web research team joins GDG Cloud Southlake joins to Demystify the Dark Web.
Kyle has been doing cybercrime investigations for over 10 years, and has collaborated with both public and private sector partners to identify, mitigate, and neutralize cybercriminals.
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...James Anderson
GDG Cloud Southlake #31: Santosh Chennuri and Festus Yeboah: Empowering Developers: Gen AI's Impact on Productivity
In this interactive presentation and demo, we'll explore how Generative AI is revolutionizing the entire software development lifecycle (SDLC), empowering developers to work smarter, innovate faster, and deliver cutting-edge features to the market with unprecedented speed.
Santosh is the Lead Customer Engineer passionate about exploring the potential of Gen AI for enterprise clients. With a background in cloud migrations, DevOps, and application modernization, Santosh is committed to finding new ways to leverage generative AI for increased efficiency and problem-solving.
Festus is a Customer Engineer at Google Cloud, specializing in data and AI. He advises organizations on harnessing the potential of generative AI for innovation and enhanced customer experiences. With a strong background in data engineering and machine learning, Festus offers a unique perspective on improving developer productivity using GenAI solutions. Outside of work, he enjoys spending time with his family and is an avid fan of the Marvel Cinematic Universe.
#gdg #gdgcloudsouthlake #gdgcloud #google #genai #duetai #DeveloperProductivity #SDLC
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...James Anderson
Breeding 10x Developers with Developer Productivity Engineering
Sasquatch. Yeti. The Loch Ness Monster. The 10x Developer. You may think of these as mythical creatures that can’t possibly exist, but the 10x Organization is very real. In this session, Gradle’s Brian Demers will explain how a dedicated Developer Productivity Engineering (DPE) organization can breed 10x Developers. By reducing the toil, friction, and frustration of slow builds, flaky tests, and other avoidable failures, a DPE team enables a level of developer productivity that you may have thought impossible. Brian will help you explore DPE technologies, including build and test acceleration, failure analytics, and easily analyzed build records to show how to create an environment in which 10x Developers not only exist, but thrive.
Brian Demers is a Java Champion, Developer Advocate at Gradle and a PMC member for the Apache Shiro project. He spends much of his day contributing to OSS projects in the form of writing code, tutorials, blogs, and answering questions. Along with typical software development, Brian also has a passion for fast builds and automation. You can see the various topics he speaks on here.
Away from the keyboard, Brian is a beekeeper and can likely be found playing board games. You can find him on Twitter at @BrianDemers and most other places as ‘bdemers’.
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesJames Anderson
Given the growth and adoption of Kubernetes, a number of projects have been published in the OWASP community to help practitioners assess and secure the security of their containerized infrastructure including the recently released Top 10 for Kubernetes (https://owasp.org/www-project-kubernetes-top-ten/) led by KSOC CTO & Co-Founder, Jimmy Mesta. When adopting Kubernetes, we introduce new risks to our applications and infrastructure. The OWASP Kubernetes Top 10 is aimed at helping security practitioners, system administrators, and software developers prioritize risks around the Kubernetes ecosystem. The Top 10 is a prioritized list of these risks. In the future, we hope for this to be backed by data collected from organizations varying in maturity and complexity. This session will discuss the project in detail, examples for each of the risks in the list, and how you can get involved.
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...James Anderson
GDG Cloud Southlake #28: Brad Taylor and Shawn Augenstein: Old Problems in the New Frontiers of AI
• Brad discusses how decades-old laws and expanding regulation have new implications in the ML and Large Model age, and will touch on:
• Legal and Regulatory: Data usage rights, cautionary tale of stability.ai and Getty Images, EU's planned expansion of GDPR re models
• How Neural Networks, zero and one-shot learning, and LLMs have increased the need for better data governance, lineage management
• Shawn speaks on the coming "Data Renaissance"
• The New IP: Prompts and Internatl Interaction Data
• Where GenAI can be used right now and where it maybe shouldn't be used yet
• The Power of the Diversity of Insight
• What is making the future look bright!
Brad has been an intrapreneur and entrepreneur in data, AI, and IoT and has led teams in the creation of NLP, data products and predictive analytics for retention, churn, driver safety, traffic, CX and fleet risk. He has built solutions on global hyperscalers GCP, AWS, Azure, and IBM. Brad is a former founding partner at Tech Wildcatters, and worked with dozens of mobile, SaaS and AI start-ups, many of which became both job creators and profitable exits for TW investors. He is currently a Senior Manager in Pepsico's global Strategy and Transformation group, where he focuses on delivering AI/ML driven solutions.
Shawn Augenstein is a dynamic and highly experienced professional, who is driven by educating, providing equal access to technology and equitable access to information. Currently, Shawn serves as Principal Data & AI Consultant at CDW, where he develops the curriculum and architectures for understanding and furthering the use of AI, as well as developing solutions for both partners and clients. In his spare time, he enjoys exploring new frontiers of Diffusers, capturing moments through photography, and listening to music as a passionate melophile.
GDG SLK - Why should devs care about container security.pdfJames Anderson
Title: Why should developers care about container security?
Abstract: Container scanning tools, industry publications, and application security experts are constantly telling us about best practices for how to build our images and run our containers. Often these non-functional requirements seem abstract and are not described well enough for those of us that don’t have an appsec background to fully understand why they are important. In this session, we will go over several of the most common practices, show examples of how your workloads can be exploited if not followed and, most importantly, how to easily find and fix your Dockerfiles and deployment manifests (i.e. Kubernetes config's) before you commit your code.
Speaker: Eric is a 30+ year enterprise software developer, architect, and consultant with a focus on CI/CD, DevOps, and container-based solutions over the last decade. He is a Docker Captain, is certified in Kubernetes (CKA, CKAD, CKS), and has been a Docker user since 2013. As a Senior Developer Advocate at Snyk, Eric helps developers implement proactive and scalable security practices with a focus on container and cloud-native technologies.
Catch the video: https://youtu.be/lBNcUBdY-VM
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdfJames Anderson
GraphQL - Industry insights on the rise of the supergraph
Exploring what we’ve learned from hundreds of organizations transforming their business and customer experiences with GraphQL & the supergraph.
In his talk and Q&A session, Dan Boerner will share insights and best practices from his experience working with hundreds of companies working to unblock their teams and backlogs with the supergraph—a new layer of the stack. He’ll share real-world examples to explore why GraphQL and its architectural advantages must be coupled with leadership, vision, team empowerment, and mindset shifts to truly transform the way enterprises build, deliver and organize themselves to create digital products. As Apollo’s Graph Champion, Dan leads Apollo’s community of 800+ GraphQL leaders from 350 companies. Before joining Apollo, Dan led Expedia Group’s effort to radically accelerate the delivery of improved customer experiences with a company-wide supergraph.
Dan is passionate about helping graph champions harness the transformative power of the supergraph to improve product development and digital customer experiences. At Apollo, he leads a community of hundreds of GraphQL champions working to drive transformation within their organizations. He joined Apollo after a long tenure at Expedia Group where he led the effort to create a company-wide supergraph transforming product development and delivery, and enabling the organization to roll out their new trips platform in 1 year instead of 3.
https://youtu.be/0Vucl1qVecM
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...James Anderson
GDG Cloud Southlake #25: Ostrowski/Browne: Sabre's Journey to the Cloud
Brief overview of Sabre's journey from private datacenters, through multi-cloud to mono-cloud and beyond. Review of the drivers, expectations, and results with plenty of time for Q&A.
Jacek Ostrowski
Sabre
Sr Director Platform Engineering
In 1998 Jacek received MS in Computer Science from Jagiellonian University, Poland and started a developer career.
From 2001 to 2007 he honed his java and architecture skills while building systems supporting data warehouses with Asseco Poland.
In 2007 joined Sabre as a senior java engineer, and a few years later moved to enterprise architecture. After a few years as an EA, he started championing platform product management and took the platform product manager position. In 2018 took a leadership position over a team of platform product managers.
From 2020 Jacek leads Platform Engineering and uses his developer experience and product mindset to make Sabre's developers happier and more productive.
David Browne
Sabre
Senior Principal SRE Architecture
Graduated from the University of Waterloo with Joint degrees in Computer Science and Actuarial Science. Has spent 20 years doing software development and Enterprise Architecture work with IBM, Travelocity, and Sabre.
Experienced in implementing enterprise DevOps solutions to deploy software into on-prem and cloud-based environments such as AWS, Azure and GCP.
Currently working as an SRE architect with Sabre where he is an advocate for designing and implementing enterprise DevOps solutions that can run at scale. Enabling hundreds of teams to get their software products to market faster and more efficiently while meeting today’s current reliability regulatory and security requirements.
https://gdg.community.dev/events/details/google-gdg-cloud-southlake-presents-gdg-cloud-southlake-25-ostrowskibrowne-sabres-journey-to-the-cloud/cohost-gdg-cloud-southlake
This is the white paper behind the GDG Cloud Southlake #24 presentation by Arty Starr:
Enabling Powerful Software Insights by Visualizing Friction and Flow
In an Agile software development process, a software team will typically meet on a regular basis in a “retrospective meeting” to reflect on the challenges faced by the team and opportunities for improvement. On the surface, this challenge might seem straight-forward, but modern software projects are complex endeavors, and developers are human – identifying what’s most important in a complex sociotechnical system is a task humans struggle to do well. What if developers had tools that recorded and helped them explore their historical experiences with the code, and they could identify hotspots of team friction, worthy of discussion, based on empirical data? This talk will explore the possibility and impact of such tools through a design fiction and working prototype of an Augmented Reality (AR) Code Planetarium powered by FlowInsight developer tools.
Arty Starr, PhD student, University of Victoria & Founder, FlowInsight
Arty is a recognized Flow Experience expert, researcher, speaker and thought leader, and the author of Idea Flow. This expertise, along with her experience as a former CTO and software engineer inspired Arty’s mission to improve the efficiency and morale of engineering teams, culminating in her founding FlowInsight.
Arty teaches system models for better understanding the Flow Experience of software development, and the practice of using Flow Metrics to systematically optimize programming flow. “Flow as a practice” is the art of getting in and staying in flow state to optimize productivity.
The company she founded, FlowInsight, is on a mission to bring back joy to our everyday work.
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...James Anderson
Enabling Powerful Software Insights by Visualizing Friction and Flow
In an Agile software development process, a software team will typically meet on a regular basis in a “retrospective meeting” to reflect on the challenges faced by the team and opportunities for improvement. On the surface, this challenge might seem straight-forward, but modern software projects are complex endeavors, and developers are human – identifying what’s most important in a complex sociotechnical system is a task humans struggle to do well. What if developers had tools that recorded and helped them explore their historical experiences with the code, and they could identify hotspots of team friction, worthy of discussion, based on empirical data? This talk will explore the possibility and impact of such tools through a design fiction and working prototype of an Augmented Reality (AR) Code Planetarium powered by FlowInsight developer tools.
Arty Starr, PhD student, University of Victoria & Founder, FlowInsight
Arty is a recognized Flow Experience expert, researcher, speaker and thought leader, and the author of Idea Flow. This expertise, along with her experience as a former CTO and software engineer inspired Arty’s mission to improve the efficiency and morale of engineering teams, culminating in her founding FlowInsight.
Arty teaches system models for better understanding the Flow Experience of software development, and the practice of using Flow Metrics to systematically optimize programming flow. “Flow as a practice” is the art of getting in and staying in flow state to optimize productivity.
The company she founded, FlowInsight, is on a mission to bring back joy to our everyday work.
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...James Anderson
GCP Terraform Modules: Scaling Your Infrastructure the easy way
With GCP Terraform Modules, you can take advantage of pre-built modules that simplify the process of creating and managing GCP resources, such as virtual machines, load balancers, databases, and more. These modules are designed to be reusable, scalable, and customizable, allowing you to quickly and easily deploy complex infrastructure configurations with just a few lines of code.
Whether you're just getting started with GCP or you're looking for a more efficient way to manage your infrastructure, GCP Terraform Modules are a great way to streamline your operations and scale your infrastructure with ease. Join us as we cover details on why to use modules, how to use and where to find more helpful resources.
Anita Gutta is Cloud Infrastructure Engineer in Google Cloud Professional Services Organization (PSO). She provides technical guidance to customers adopting Google Cloud Platform services. She works closely with clients to understand their business needs and recommends the best cloud solutions to meet those needs. She has hands-on terraform experience and leads the SME TF Community in Google Cloud. Prior to Google Anita worked in the IT industry for 25 years, the majority focused in the finance sector.
Imran Nayer is a Senior Technical Solutions Consultant at Google Cloud Professional Services. He has been working on Google Cloud since 2019. Helped companies in the healthcare, financial, and retail sectors with projects including cloud foundation, migration, and automation. He is a regular contributor to the official GCP Terraform module, aka the Cloud Foundation Toolkit. He developed the Cloud Armor Security Module and several other CFT submodules.
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...James Anderson
Mastering Continuous Resiliency in Cloud: Chaos Engineering
No one likes downtime. It can be detrimental in today’s competitive environment. It isn’t cheap either. Many companies have been using traditional DR strategies. However, their testing is costly, limited, and complex. In the modern agile environment, the latest DR exercise becomes invalid not long after it is done and there’s a greater variety of disruptions that can occur. In this demo, we’ll explore how to use chaos engineering techniques to: quantify reliability and resiliency, gain valuable insights, and build systems that can withstand the unexpected. By applying these practices, you can gain confidence, prove resiliency, and be sure you are ready to face the unexpected.
Our speaker is Alexander Snegovoy, Lead of DevOps & Cloud Center of Competence at DataArt.
Alex spearheads DataArt’s drive toward innovation, with more than 10 years of professional experience across the financial services, healthcare, travel, and IoT industries. After joining DataArt as a software engineer in 2016, he became a leading member of the DevOps & Cloud Center of Competence. His role also includes identifying and communicating technology trends, cementing alliances and strategic partnerships with other companies, and coaching and mentoring new talent.
There is a “dark side” to Kubernetes that makes it difficult to ensure the desired performance and resilience of cloud-native applications, while also keeping their costs under control. Indeed, the combined effect of Kubernetes resource management mechanisms and application runtime heuristics may cause serious performance and resilience risks. See Akamas' AI-powered optimizations solve this!
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...James Anderson
Brian Sullivan and J Schuh GDG Cloud Southlake #19: Design Thinking Primer: How to Build Better Ideas
Video and other items from the event are here: https://gdg.community.dev/events/details/google-gdg-cloud-southlake-presents-gdg-cloud-southlake-19-sullivan-and-schuh-design-thinking-primer-how-to-build-better-ideas/
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...James Anderson
Crawl, Walk, Run. An exciting journey from 0 to fully certified on Google Cloud. A story of inspiration, entertainment, and struggle. You don't want to miss it.
@YujunLiang is an Associate Director at Accenture. He started his Google Cloud journey in 2017 and had been on many challenging projects including leading roles on some of them. His expertise spans Cloud Infrastructure and Data analytics. Currently, Yujun works as the cloud architect on a Data Analytics Platform and helps the team remove roadblocks in networking and security.
He is also known as the certification king on LinkedIn. He holds all 11 Google Cloud certifications and all 14 AWS certifications. His dedication to learning has created a sensation.
Yujun is a Google Cloud Champion Innovator with a specialization in Data Analytics, Databases, Security, and Networking.
Video on YouTube: https://youtu.be/RkMCn6ukfZg
Check out past and future GDG Cloud Southlake events: https://gdg.community.dev/gdg-cloud-s...
#cloud #gdg #gdgcloudsouthlake #sabre #google #careerjourney
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for EveryoneJames Anderson
If Artificial Intelligence (AI) is a black-box, how can a human comprehend and trust the results of Machine Learning (ML) alogrithms? Explainable AI (XAI) tries to shed light into that AI black-box so humans can trust what is going on. Our speaker Meg Dickey-Kurdziolek is currently a UX Researcher for Google Cloud AI and Industry Solutions, where she focuses her research on Explainable AI and Model Understanding. Recording of the presentation: https://youtu.be/6N2DNN_HDWU
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...James Anderson
Do you know The Cloud Girl? She makes the cloud come alive with pictures and storytelling.
The Cloud Girl, Priyanka Vergadia, Chief Content Officer @Google, joins us to tell us about Scaleable Data Analytics in Google Cloud.
Maybe, with her explanation, we'll finally understand it!
Priyanka is a technical storyteller and content creator who has created over 300 videos, articles, podcasts, courses and tutorials which help developers learn Google Cloud fundamentals, solve their business challenges and pass certifications! Checkout her content on Google Cloud Tech Youtube channel.
Priyanka enjoys drawing and painting which she tries to bring to her advocacy.
Check out her website The Cloud Girl: https://thecloudgirl.dev/ and her new book: https://www.amazon.com/Visualizing-Google-Cloud-Illustrated-References/dp/1119816327
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...James Anderson
Addressing Cybersecurity and Data Privacy concerns in the evolving world of AR, VR and Metaverse.
Mihir Mistry is a leader in Strategy, Governance, Risk and Compliance. Leads the delivery service lines for Controls & Compliance, Risk & Advisory, Cloud and Architecture. Takes a very programmatic approach to solving and delivering security based projects. Proven business and entrepreneurial skills to deliver custom, highly visible projects in front of the C-suite and Board of Directors. Diverse knowledge base and framework expertise that includes NIST, HIPAA, HITRUST, CIS, GLBA, ISO, GDPR, CLOUD, PCI and others. Global experience across North America, Europe, Asia and Australia.
https://gdg.community.dev/events/details/google-gdg-cloud-southlake-presents-gdg-cloud-southlake-15-mihir-mistry-cybersecurity-and-data-privacy-in-an-arvr-metaverse-world/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. Agenda
1 – whoami
2 - Social Engineering
3 – AI LLMs (ChatGPT)
4 - Question and Answer
FIRST
3. $ whoami
Ralph Lloren
127.0.0.1: Austin, Texas
Masters in Science in Cybersecurity
Undergrads:
- Organizational Leadership
- Criminal Justice
- Nursing
- Ex-US Securities Series Licensed Stockbroker
- Licensed Registered Nurse
- 6 Years USAF Law Enforcement Officer
- Freelance Cyber Instructor [Divergence
Academy]
- OSINT CTF Human Trafficking/Missing
Persons
- Information is a new form of matter.
6. Ralph’s 3 Steps:
SE – Cyber Kill Chain
1. Gather Data to get intimate with
its pattern (system/framework).
2. Find gaps of
vulnerabilities/areas of
improvement.
3. Exploit or Heal that Gap
11. SE: Real World Fix
For the time being, the one act of
enabling MFA will render simple
attacks useless.
Not all MFA is the same however, IF
you have the ability to turn on
“Context”. This is my advice. Layer on
Geofencing as well. The more layers =
hard to exploit.
Humans can either be the strongest link…. Or the weakest….
12. SE: Society Today
We live in a world of big data. Never before have we been bombarded with so
data and it’s likely to keep increasing. We are either improperly processing data
and/or we’re information overloaded.
Even IF we get the above done correctly, we STILL regularly find ourselves
unable to align our actions consistent with our knowledge and beliefs…..
13. SE: Heart vs Mind?
1.Cognitive (Biases)
2.Emotions
3.Behaviors
19. LLMs:
Communication/Prompts
When having a conversation/interrogation:
1. Open Ended vs Closed Ended Questions
2. Loaded Questions
A few goals:
- Find or Create a need
- Find the emotional triggers
- Observe their habits/routines
20. LLMs:
Communication/Prompts
We must know our Internal
Patterns:
1) Intellect/Biases
2) Emotions
3) Behavioral Patterns
I thought this was about ChatGPT?
Why focus on the human so much?
21. SE/LLMs: Communication
ChatGPT is a tool.
Just like any other tool, it is the human
behind it that makes the ultimate
difference.
Problem Formulation
- Diagnosis
- Decomposition
- Reframing
- Designing a Solution
I may or may not accidentally or purposefully say not so good things…. Just know that it is just part of the theatrics and that all opinions expressed during the presentation is mine and mine only.
