Some websites are too vast, decentralized, or resource constrained to migrate content in one step. This Drupal GovCon session presents practical ideas for managing a program of incremental migrations, one bite at a time.
The most important thing for any organization is DATA. There can be 100 of front end applications which utilizing the same data for different purpose. Data plays an important role for any CMS application. This presentation touches different viewpoint while migrating data from external database to Sitecore CMS.
By using these details we able to successfully migrate over 5,00,000+ records in Sitecore.
Looking to the cloud to serve Bitbucket (formerly Stash) to a horde of hungry developers? Netflix has the recipe for you! Take one part fresh open source platforms, two parts juicy deployment pipelines, and add a dash of gooey-rich custom bakes. Join this session to find out how Netflix used this unique combination of technologies to move Stash from their data center to the cloud and what they burned (yes, burned) along the way.
How Atlassian Scales Bitbucket Data Center on AWSAtlassian
Join a couple DevOps gurus for a deep dive into AWS configuration for Bitbucket Data Center and learn how Atlassian keeps our own developers happy with speedy clone times and better availability. Specifically we'll cover:
How Smart Mirrors can provide lightning fast Git access for teams all over the globe.
How to use AWS auto-scaling with Bitbucket Data Center for better performance.
How to provide continuous availability using an HA cluster in multiple AWS zones.
How to start using Git large file support (Git LFS) to dramatically reduce clone and build times.
Products covered:
Bitbucket
Forced Evolution: Shopify's Journey to KubernetesC4Media
Niko Kurtti talks about the challenges Shopify saw in moving from a traditional host-based infrastructure to a cloud native one, moving not only their core app to Kubernetes but also hundreds of other apps at the same time. He focuses on the cluster tooling solutions they've built, such as controllers, cluster creators, and deploy tools. Filmed at qconnewyork.com.
Niko Kurtti is a production engineer at Shopify. He started out as a software developer doing web apps with Java, but since then fell in love with container technologies. He was part of the effort to roll out Docker in production at Shopify in 2014 and is still working around the same domain, but today the focus is on Shopify’s internal PaaS based on k8s.
The most important thing for any organization is DATA. There can be 100 of front end applications which utilizing the same data for different purpose. Data plays an important role for any CMS application. This presentation touches different viewpoint while migrating data from external database to Sitecore CMS.
By using these details we able to successfully migrate over 5,00,000+ records in Sitecore.
Looking to the cloud to serve Bitbucket (formerly Stash) to a horde of hungry developers? Netflix has the recipe for you! Take one part fresh open source platforms, two parts juicy deployment pipelines, and add a dash of gooey-rich custom bakes. Join this session to find out how Netflix used this unique combination of technologies to move Stash from their data center to the cloud and what they burned (yes, burned) along the way.
How Atlassian Scales Bitbucket Data Center on AWSAtlassian
Join a couple DevOps gurus for a deep dive into AWS configuration for Bitbucket Data Center and learn how Atlassian keeps our own developers happy with speedy clone times and better availability. Specifically we'll cover:
How Smart Mirrors can provide lightning fast Git access for teams all over the globe.
How to use AWS auto-scaling with Bitbucket Data Center for better performance.
How to provide continuous availability using an HA cluster in multiple AWS zones.
How to start using Git large file support (Git LFS) to dramatically reduce clone and build times.
Products covered:
Bitbucket
Forced Evolution: Shopify's Journey to KubernetesC4Media
Niko Kurtti talks about the challenges Shopify saw in moving from a traditional host-based infrastructure to a cloud native one, moving not only their core app to Kubernetes but also hundreds of other apps at the same time. He focuses on the cluster tooling solutions they've built, such as controllers, cluster creators, and deploy tools. Filmed at qconnewyork.com.
Niko Kurtti is a production engineer at Shopify. He started out as a software developer doing web apps with Java, but since then fell in love with container technologies. He was part of the effort to roll out Docker in production at Shopify in 2014 and is still working around the same domain, but today the focus is on Shopify’s internal PaaS based on k8s.
Ariel Partners has developed a comprehensive program for governance and oversight of large-scale agile projects in the US federal government. This program is structured as a set of eleven major focus areas. Within each focus area, there are specific oversight objectives, activities, and metrics. The output is captured in an excel spreadsheet that calculates a set of quantitative measures, which are then aggregated to automatically produce a composite score, using a similar scoring strategy to FITARA. The program is comprehensive, but it is based on a set of simple principles. We have prepared a presentation that summarizes the program’s key points.
20211007 PMI LIC Chapter Agile Tool Celebrity Death Match Kanbanize vs Jira C...Craeg Strong
Covid-19 changed the game, making remote work and distributed team members the norm. I think we all sense that something fundamental has changed in the nature of work, and many of these changes will persist even after the pandemic. Like it or not, whiteboards and sticky notes can no longer cut it. We have to use Agile tools. So... which one?
In this talk Craeg will do an in-depth walkthrough of two leading Agile tools: Atlassian Jira and Kanbanize. He will review the philosophy of each tool, and then walk through a fully featured simulation, complete with sample projects, plugins, and project configurations, that show off the best that each tool has to offer.
Craeg will explore the areas of overlap and the unique strengths of each tool.
Both tools are highly capable, flexible, and powerful enough to support even the largest of organizations. But...in the end there can be only one. Come to see the results of this legendary battle!
Microservices with Apache Camel, DDD, and KubernetesChristian Posta
Building microservices requires more than just infrastructure, but infrastructure does have a role. In this talk we look at microservices from an enterprise perspective and talk about DDD, Docker, Kubernetes and how established open-source projects in the integration space fits a microservices architecture
FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...Vadym Kazulkin
When we talk about prices, we often only talk about Lambda costs. In our applications, however, we rarely use only Lambda. Usually we have other building blocks like API Gateway, data sources like SNS, SQS or Kinesis. We also store our data either in S3 or in serverless databases like DynamoDB or recently in Aurora Serverless. All of these AWS services have their own pricing models to look out for. In this talk, we will draw a complete picture of the total cost of ownership in serverless applications and present a decision-making list for determining if and whether to rely on serverless paradigm in your project. In doing so, we look at the cost aspects as well as other aspects such as understanding application lifecycle, software architecture, platform limitations, organizational knowledge and plattform and tooling maturity. We will also discuss current challenges adopting serverless such as lack of high latency ephemeral storage, unsufficient network performance and missing security features.
An introduction to the concept of BDD and its implementation using the JGiven framework.
Presentation for the Java User Group Freiburg meetup on October 24, 2017.
Parse was a bold offering in the burgeoning space of Backend-as-a-Service, and we’re sorry to see them wind down.
If your application runs on Parse you’ll need to migrate your data from from the hosted service to your own database. Fortunately, MongoDB Cloud Manager makes running your own deployment easy. In this webinar we’ll use Cloud Manager to create and manage a new replica set, and detail the steps required to migrate from the Parse platform to your own deployment of MongoDB on Amazon Web Services.
Use Cases of #Grails in Web Applications
- Type of applications most appropriate to be developed in Grails
- Type of applications where Grails may not be the best choice
- Experiences with Grails during several web application development projects
Scaling Marketplace to 10,000 Add-Ons - Arun BhallaAtlassian
In two years, we've transformed Atlassian Marketplace from a simple Rails application to a highly available SaaS service with thousands of add-ons and millions of dollars in transactions. Marketplace team lead Arun Bhalla will guide you through lessons learned building Scala web applications that scale.
Automated Duplicate Content Consolidation with Google Cloud FunctionsWeLoveSEO
Avoid duplicate content and don’t leave money on the table with unoptimized groups of pages linked by canonical declarations! Particularly in ecommerce, you can increase Google's confidence by making sure your groups of product URLs are perfectly canonicalized and clear to search engines.
In this keynote, we will use Python in Google Cloud Functions to reorganize canonical clusters automatically and maximize SEO performance.
1. We will use OnCrawl to find duplicate product cluster by SKU
2. Then we will pull production variant search traffic using SEMrush (color, size, etc)
3. We will use an algorithm to regroup the clusters based on search demand
4. We will automate the whole process using Cloud Functions and Pub/sub queues
Join Hamlet Batista to look at ways to automate canonicals for ecommerce sites in order to improve product visibility.
Accelerating Add-on Development From Concept to LaunchAtlassian
In this session you'll learn how Arijea uses react, redux and webpack to rapidly and reliably develop Atlassian add-ons. Dave Elkan, Co-Founder of Arijea, will detail the challenges he faced and the techniques he employs to build JIRA Software add-ons in record time.
Products covered:
JIRA Software
Enterprises are increasingly looking for new ways to simplify and optimize their current development, orchestration, automation and deployment pipelines through the use of hybrid IT and the public cloud. In this session we will explore architecture patterns and integration approaches in the context of both new and existing AWS devops-focused services, with the goal of helping enterprises better iterate and reduce cost through the entire software development lifecycle.
An introductory workshop on React. React is a JavaScript library maintained by Facebook, that is used to build interactive user interfaces.
What we'll cover:
• React.js basics
• React ecosystem
• create-react-app
Enterprises are increasingly looking for new ways to simplify and optimize their current development, orchestration, automation and deployment pipelines through the use of hybrid IT and the public cloud. In this session we will explore architecture patterns and integration approaches in the context of both new and existing AWS devops-focused services, with the goal of helping enterprises better iterate and reduce cost through the entire software development lifecycle.
Docker right now provides great value in the enterprise but the value proposition is more about developer productivity than scale-out.
Docker benefits include resource management, environment management, continuous delivery, developer and operations collaboration, and hybrid workloads.
Take care in its introduction. Consider Docker as just part of an overall toolkit and you don't need to go "full stack" to gain value.
Enterprise WordPress - Performance, Scalability and RedundancyJohn Giaconia
Slides on how to build your WordPress site so that it performs like an enterprise application.
Associated video: http://wordpress.tv/2014/06/25/john-giaconia-enterprise-wordpress-performance-scalability-and-redundancy/
BrightonSEO 2019 - Edge SEO - Using CDNs To Perform SEO On The EdgeDan Taylor
My talk from #BrightonSEO 2019, the twentieth edition. Building on my talk from TechSEO Boost 2018, my talk at Brighton explores the changes in #EdgeSEO and the future possibilities given the advent of Akamai Edge Workers, AWS Lambda capabilities and the prospect of Fastly's WASM solution.
Ariel Partners has developed a comprehensive program for governance and oversight of large-scale agile projects in the US federal government. This program is structured as a set of eleven major focus areas. Within each focus area, there are specific oversight objectives, activities, and metrics. The output is captured in an excel spreadsheet that calculates a set of quantitative measures, which are then aggregated to automatically produce a composite score, using a similar scoring strategy to FITARA. The program is comprehensive, but it is based on a set of simple principles. We have prepared a presentation that summarizes the program’s key points.
20211007 PMI LIC Chapter Agile Tool Celebrity Death Match Kanbanize vs Jira C...Craeg Strong
Covid-19 changed the game, making remote work and distributed team members the norm. I think we all sense that something fundamental has changed in the nature of work, and many of these changes will persist even after the pandemic. Like it or not, whiteboards and sticky notes can no longer cut it. We have to use Agile tools. So... which one?
In this talk Craeg will do an in-depth walkthrough of two leading Agile tools: Atlassian Jira and Kanbanize. He will review the philosophy of each tool, and then walk through a fully featured simulation, complete with sample projects, plugins, and project configurations, that show off the best that each tool has to offer.
Craeg will explore the areas of overlap and the unique strengths of each tool.
Both tools are highly capable, flexible, and powerful enough to support even the largest of organizations. But...in the end there can be only one. Come to see the results of this legendary battle!
Microservices with Apache Camel, DDD, and KubernetesChristian Posta
Building microservices requires more than just infrastructure, but infrastructure does have a role. In this talk we look at microservices from an enterprise perspective and talk about DDD, Docker, Kubernetes and how established open-source projects in the integration space fits a microservices architecture
FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...Vadym Kazulkin
When we talk about prices, we often only talk about Lambda costs. In our applications, however, we rarely use only Lambda. Usually we have other building blocks like API Gateway, data sources like SNS, SQS or Kinesis. We also store our data either in S3 or in serverless databases like DynamoDB or recently in Aurora Serverless. All of these AWS services have their own pricing models to look out for. In this talk, we will draw a complete picture of the total cost of ownership in serverless applications and present a decision-making list for determining if and whether to rely on serverless paradigm in your project. In doing so, we look at the cost aspects as well as other aspects such as understanding application lifecycle, software architecture, platform limitations, organizational knowledge and plattform and tooling maturity. We will also discuss current challenges adopting serverless such as lack of high latency ephemeral storage, unsufficient network performance and missing security features.
An introduction to the concept of BDD and its implementation using the JGiven framework.
Presentation for the Java User Group Freiburg meetup on October 24, 2017.
Parse was a bold offering in the burgeoning space of Backend-as-a-Service, and we’re sorry to see them wind down.
If your application runs on Parse you’ll need to migrate your data from from the hosted service to your own database. Fortunately, MongoDB Cloud Manager makes running your own deployment easy. In this webinar we’ll use Cloud Manager to create and manage a new replica set, and detail the steps required to migrate from the Parse platform to your own deployment of MongoDB on Amazon Web Services.
Use Cases of #Grails in Web Applications
- Type of applications most appropriate to be developed in Grails
- Type of applications where Grails may not be the best choice
- Experiences with Grails during several web application development projects
Scaling Marketplace to 10,000 Add-Ons - Arun BhallaAtlassian
In two years, we've transformed Atlassian Marketplace from a simple Rails application to a highly available SaaS service with thousands of add-ons and millions of dollars in transactions. Marketplace team lead Arun Bhalla will guide you through lessons learned building Scala web applications that scale.
Automated Duplicate Content Consolidation with Google Cloud FunctionsWeLoveSEO
Avoid duplicate content and don’t leave money on the table with unoptimized groups of pages linked by canonical declarations! Particularly in ecommerce, you can increase Google's confidence by making sure your groups of product URLs are perfectly canonicalized and clear to search engines.
In this keynote, we will use Python in Google Cloud Functions to reorganize canonical clusters automatically and maximize SEO performance.
1. We will use OnCrawl to find duplicate product cluster by SKU
2. Then we will pull production variant search traffic using SEMrush (color, size, etc)
3. We will use an algorithm to regroup the clusters based on search demand
4. We will automate the whole process using Cloud Functions and Pub/sub queues
Join Hamlet Batista to look at ways to automate canonicals for ecommerce sites in order to improve product visibility.
Accelerating Add-on Development From Concept to LaunchAtlassian
In this session you'll learn how Arijea uses react, redux and webpack to rapidly and reliably develop Atlassian add-ons. Dave Elkan, Co-Founder of Arijea, will detail the challenges he faced and the techniques he employs to build JIRA Software add-ons in record time.
Products covered:
JIRA Software
Enterprises are increasingly looking for new ways to simplify and optimize their current development, orchestration, automation and deployment pipelines through the use of hybrid IT and the public cloud. In this session we will explore architecture patterns and integration approaches in the context of both new and existing AWS devops-focused services, with the goal of helping enterprises better iterate and reduce cost through the entire software development lifecycle.
An introductory workshop on React. React is a JavaScript library maintained by Facebook, that is used to build interactive user interfaces.
What we'll cover:
• React.js basics
• React ecosystem
• create-react-app
Enterprises are increasingly looking for new ways to simplify and optimize their current development, orchestration, automation and deployment pipelines through the use of hybrid IT and the public cloud. In this session we will explore architecture patterns and integration approaches in the context of both new and existing AWS devops-focused services, with the goal of helping enterprises better iterate and reduce cost through the entire software development lifecycle.
Docker right now provides great value in the enterprise but the value proposition is more about developer productivity than scale-out.
Docker benefits include resource management, environment management, continuous delivery, developer and operations collaboration, and hybrid workloads.
Take care in its introduction. Consider Docker as just part of an overall toolkit and you don't need to go "full stack" to gain value.
Enterprise WordPress - Performance, Scalability and RedundancyJohn Giaconia
Slides on how to build your WordPress site so that it performs like an enterprise application.
Associated video: http://wordpress.tv/2014/06/25/john-giaconia-enterprise-wordpress-performance-scalability-and-redundancy/
BrightonSEO 2019 - Edge SEO - Using CDNs To Perform SEO On The EdgeDan Taylor
My talk from #BrightonSEO 2019, the twentieth edition. Building on my talk from TechSEO Boost 2018, my talk at Brighton explores the changes in #EdgeSEO and the future possibilities given the advent of Akamai Edge Workers, AWS Lambda capabilities and the prospect of Fastly's WASM solution.
Navigating SAP’s Integration Options (Mastering SAP Technologies 2013)Sascha Wenninger
Provides an overview of popular integration approaches, maps them to SAP's integration tools and concludes with some lessons learnt in their application.
WinOps Conf 2016 - Michael Greene - Release PipelinesWinOps Conf
There are benefits to be gained when patterns and practices from developer techniques are applied to operations. Notably, a fully automated solution where infrastructure is managed as code and all changes are automatically validated before reaching production. This is a process shift that is recognized among industry innovators. For organizations already leveraging these processes, it should be clear how to leverage Microsoft platforms. For organizations that are new to the topic, it should be clear how to bring this process to your environment and what it means to your organizational culture. This presentation explains the components of a Release Pipeline for configuration as code, the value to operations, and solutions that are used when designing a new Release Pipeline architecture.
20211028 ADDO Adapting to Covid with Serverless Craeg Strong Ariel PartnersCraeg Strong
This case study describes how we leveraged serverless technology and the AWS serverless application model (SAM) to support the needs of virtual training classes for a major US Federal agency. Our firm was excited to be selected as the main training partner to help a major US Federal government agency roll out Agile and DevOps processes across an organization comprising more than 1500 people. And then the pandemic hit—and what was to have been a series of in-person classes turned 100% virtual! We created a set of fully populated docker images containing all of the test data, plugins, and scenarios required for the student exercises. For our initial implementation, we simply pre-loaded our docker images into elastic beanstalk and then replicated them as many times as needed to provide the necessary number of instances for a given class. While this worked out fine at first, we found a number of shortcomings as we scaled up to more students and more classes. Eventually we came up with a much easier solution using serverless technology: we stood up a single page application that could kickoff tasks using AWS step functions to run docker images in elastic container service, all running under AWS Fargate. This application is a perfect fit for serverless technology and describing our evolution to serverless and SAM may help you gain insights into how these technologies may be beneficial in your situation.
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice.
Level: 200
Speaker: Nick Brandaleone - Solutions Architect, AWS
Dart Past Your Competition by Getting Your Digital Experience into Market Fas...Perficient, Inc.
During the 2015 IBM Digital Experience, Mark Polly, Perficient Director, Strategic Advisors for Portal, Social, Web Content, demonstrated how you can dart past your competition by getting your digital experience into market faster than ever before.
Make Drupal Run Fast - increase page load speedPromet Source
What does it mean when someone says “My Site is slow now”? What is page speed? How do you measure it? How can you make it faster? We’ll try to answer these questions, provide you with a set of tools to use and explain how this relates to your server load.
We will cover:
- What is page load speed? – Tools used to measure performance of your pages and site – Six Key Improvements to make Drupal “run fast”
++ Performance Module settings and how they work
++ Caching – biggest gainer and how to implement Boost
++ Other quick hits: off loading search, tweaking settings & why running crons is important
++ Ask your host about APC and how to make sure its set up correctly
++ Dare we look at the database? Easy changes that will help a lot!
- Monitoring Best practices – what to set up to make sure you know what is going on with your server – What if you get slashdoted? Recommendation on how to quickly take cover from a rhino.
20211202 NADOG Adapting to Covid with Serverless Craeg Strong Ariel PartnersCraeg Strong
This case study describes how we leveraged serverless technology and the AWS serverless application model (SAM) to support the needs of virtual training classes for a major US Federal agency. Our firm was excited to be selected as the main training partner to help a major US Federal government agency roll out Agile and DevOps processes across an organization comprising more than 1500 people. And then the pandemic hit—and what was to have been a series of in-person classes turned 100% virtual! We created a set of fully populated docker images containing all of the test data, plugins, and scenarios required for the student exercises. For our initial implementation, we simply pre-loaded our docker images into elastic beanstalk and then replicated them as many times as needed to provide the necessary number of instances for a given class. While this worked out fine at first, we found a number of shortcomings as we scaled up to more students and more classes. Eventually we came up with a much easier solution using serverless technology: we stood up a single page application that could kickoff tasks using AWS step functions to run docker images in elastic container service, all running under AWS Fargate. This application is a perfect fit for serverless technology and describing our evolution to serverless and SAM may help you gain insights into how these technologies may be beneficial in your situation.
After this presentation you will know how to:
- sell Drupal 8 to business on large enterprise
- plan migration of code and content
- technically migrate a lot of custom code and data
- automate migration process
- test migration and regression
- overcome migration challenges, based on a JYSK case
https://drupalcampkyiv.org/node/55
Web Performance tuning presentation given at http://www.chippewavalleycodecamp.com/
Covers basic http flow, measuring performance, common changes to improve performance now, and several tools and techniques you can use now.
Why does DevOps matter? How can you use continuous integration to build your product faster, make it more highly available, and be able to recover from bugs quickly? Let one of our solutions architects walk you through continuous integration and continuous delivery on AWS. This session includes live demos of our tools AWS CodeCommit, AWS CodePipeline, and AWS CodeDeploy.
Speaker: Leo Zhandovsky, Solutions Architect, Amazon Web services
recordings to the Canberra Summit can be found here
https://aws.amazon.com/events/anz/on-demand/canberra-summit/
Similar to Drupal GovCon 2015 - Managing Incremental Migrations (20)
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
1. How to Eat an Elephant:
Managing Incremental Migrations
Presentation Slides: http://tiny.cc/govcon-elephant
2. What is this session about?
ABOUT WHY HOW LESSONS QUESTIONS
3. This session is about…
• Unique aspects of incremental migrations
• Lessons learned from experience
• Focus on project management aspects
• Case study examples from Justice.gov
4. Justice.gov Case Study: the Challenge
Migration
Sources
• 80% Hand
curated
HTML
• Custom CMS
• RedDot CMS
• Wordpress
• PHP + DB
Migration
Assets
• 250k pages
• 200k PDFs
• Images
• Videos
Migration
Stakeholders
• Content
owned by
120 offices
across DOJ
• Project
managed by
the OCIO
5. Justice.gov Case Study: the Results
Justice.gov
on Drupal!
200,000
nodes
120,000 file
entities
5,476 git
commits
750 content
managers
188 code
releases
163
migration
classes
189 organic
groups
18 months
6. Why would I consider
incremental migration?
ABOUT WHY HOW LESSONS QUESTIONS
7. Typical site migration project
Discover
Design
Develop
Migrate Training Cleanup Launch
Reference: http://www.acquia.com/blog/taking-migrations-madness-gladness
8. Typical site migration project doesn’t always work
• Feature re-engineering process potentially leads to
endless discovery phase
• Imbalance of training needs and resources
• Expectation of significant migration cleanup
• Benefits of agile approach: quick wins, stakeholder
engagement, risk mitigation
Discover
Design
Develop
Migrate Training Cleanup Launch
9. Good candidates for incremental migration
• Not planning a major visual redesign
• Decentralized management of a large site
• Many website content managers and few
project team resources
• Website can be divided into logical sections
10. How do I migrate incrementally?
ABOUT WHY HOW LESSONS QUESTIONS
11. Determine the migration sequence
Schedule Sequence Dependencies
Big picture: discovery meetings, follow-up meetings
Quick wins: visible change to energize stakeholders
Related content: data flows, common migration sources
Organizational needs: deadlines, high traffic periods
12. Establish a repeatable process for onboarding
• ROT analysis (redundant, outdated, trivial)
• Stakeholder communications
• Flexibility
13. Establish a reverse proxy layer or CDN
www.example.com/section1 legacy website IP address
www.example.com/section2 new Drupal website IP address
Create a reverse proxy layer with Apache or Varnish configs
Content delivery network (CDN) enables this IP routing, plus
performance and security benefits. Additional cost.
Reference: https://www.acquia.com/blog/dont-wait-migrate-drupal-continuous-migration
14. Add new content without modifying existing content
Deploy to Production Migrate to Production
How it
works
Migrate to staging environment.
Content cleanup in staging.
Deploy from staging to prod.
Go-live by changing proxy rules.
Migrate to prod environment.
Content cleanup in prod.
Go-live by changing proxy rules.
Pros Content cleanup “safer” in stage. Less complexity.
Cons Must patch Deploy to integrate
with some contributed modules.
Justice.gov
Experience
Tried it and gave up. Did it 150 times.
15. What should I watch out for?
ABOUT WHY HOW LESSONS QUESTIONS
16. Content review and cleanup can cause delays
1. Set accurate expectations for content cleanup
2. Define migration acceptance criteria in advance
3. Define the process for prioritizing bugs
4. Prepare project champions to unblock you when
the time comes
Reference: http://www.acquia.com/blog/10-tips-streamline-migration-review
17. Many artifacts can be slight variations of a template
• Kickoff meeting handouts
• Training materials and curriculum
• Tickets in the PM tracking software
• Base migration classes + extension classes for
each site section and content type
18. Effects of the experience curve are real
Reasons for the effect: labor efficiency, standardization,
specialization, methods improvements, optimizing the
resource mix, network effects, shared experience effects
19. Sync pace of development, content, and stakeholder work
Gail
Large amount of content to migrate
Large number of people to coordinate with
Decentralized management and lack of formal authority
Gail
It is done, but it was a lot of work.
Only could have been done incrementally.
Josh
Josh
Josh
Josh
Gail
Gail
Must understand enough detail to get the sequence right
Several types of dependencies that will affect sequence
Gail
Structure a repeatable process for additional migrations
Create template instructions and slightly customize for each migration
Update an intranet project site as new information becomes available
Ongoing tasks are ROT analysis and stakeholder communications like advisory group, email newsletter, etc.
Easier to be flexible when starting with a structure
Josh
Get the right people involved in this early (infrastructure, network ops, security)
Josh
Gail
Gail
1- Discuss tips for working with different personalities
5- Story about OARM wanting to take the new site down immediately because it wasn’t perfect. Vijay pushed back and mobilized the team to quickly solve the issues.
Gail / Josh
With templates it’s less work than it seems.
Josh
Specialization: team members naturally fell into roles (search, UAT, kickoff, etc)
Methods improvement: Developers got bored of writing similar migration classes over and over. Built a script to write the classes for them. First release included 2 migrations. Eleventh release included 21 migrations.
Josh
Much of the schedule in a project like this is spent with stakeholders: clarifying requirements, training, content cleanup
Increasing the pace of development won’t make the project go faster
Focus on optimizing project staffing to synchronize the pace of dev and content work
Josh
Vendor / Client handoff is hard. One bad approach. Another bad approach. Incremental allows a good approach.
Incremental migration allowed the project to stay steady through many staffing transitions. CIO transition, 2 ADs retired, Only 1 remaining from initial migration team.