Creating a Smart Alarm System with Raspberry Pi and Google Cloud Pub/SubXinYingLim12
A talk on how to use create an alarm system by setting Raspberry Pi to post a message on Cloud Pub/Sub if alarm is triggered. This is a hands-on workshop where participants build the circuit on the Raspberry Pi and use the free tier of Cloud Pub/Sub to set up the messaging system. This talk was given as part of the Road to DevFest '19 Brunei series, on the 31st October 2019
A short introduction to cryptography. What is public and private key cryptography? What is a Caesar Cipher and how do we decrypt it? How does RSA work?
Next generation image compression standards: JPEG XR and AICTouradj Ebrahimi
Invited talk at Mobile Multimedia/Image Processing, Security, and Applications 2009, SPIE Defense, Security and Sensing Symposium, Orlando, FL, April 13-17, 2009
Scenario 1 (length as needed)You are considering auctioning a L.docxkenjordan97598
Scenario 1 (length: as needed)
You are considering auctioning a Leonardo Da Vinci original sketch. You entice four bidders to come to your auction. The bidders’ valuations of the sketch in decreasing order are $3.0, $2.2, $2.0, and $1.5 (in millions).
· If you used a second-price sealed bid auction, who would win and what would the winning price be?
· If you used a first-price sealed bid auction and the optimal strategy for the participants was to shade their bid by 20% and the participants used this strategy, who would win and what would the winning price be?
· Which auction should you choose to maximize your profit?
Answer the above questions if the valuations of the sketch are $3.0, $2.7, $2.0 and $1.5.
Scenario 2 (length: 0.5 page)
In the auction described above, suppose that you could entice additional bidders to attend your auction. However, none of the new bidders would have a valuation greater than $3.0 million. Despite that fact, you expect the amount that the winning bidder must pay to increase regardless of the type of auction you use (first- or second-price sealed bid). For each auction, explain why you would expect the auction price to increase. If you want, you may assume the valuations of the original four participants are $3.0, $2.2, $2.0 and $1.5 million.
Scenario 3 (length: 0.5 page)
Some recent Super Bowl advertisements have spent very little time mentioning anything about their product--or even the name of the company. In particular, the two-minute long Ram Trucks "Farmer" commercial had only a few brief and almost unidentifiable views of their product until the last ten seconds of the commercial. Further, the name of the company was only mentioned in the last five seconds of that commercial. Explain why this commercial demonstrated the concept of signaling described in the textbook. In other words, why should consumers be convinced that a Ram truck is of high quality because of the airing of that commercial?
Scenario 4 (length: as needed)
Suppose there are two types of people who need health insurance; high-risk and low-risk consumers. High-risk consumers have a relatively high probability of needing expensive medical care and on average incur $2,000 of medical expenses per year. The high-risk consumers would be willing to pay up to $2,500 for insurance that covers all their medical bills. Low-risk consumers would be willing to pay up to $1,500 for full-coverage insurance and on average would incur on average $1,200 in medical bills. Assume 1/3 of all consumers are high-risk and the remaining 2/3 of consumers are low-risk. Consumers know whether they are high-risk or low-risk. The insurance company knows 2/3 of all consumers are low-risk but cannot identify which consumers are low-risk.
1. If all consumers bought insurance, what price must the insurance company charge to break even in expectation? That is, what price must the insurance company charge so that the expected payments equals the premium?
2. Which consumers w.
Creating a Smart Alarm System with Raspberry Pi and Google Cloud Pub/SubXinYingLim12
A talk on how to use create an alarm system by setting Raspberry Pi to post a message on Cloud Pub/Sub if alarm is triggered. This is a hands-on workshop where participants build the circuit on the Raspberry Pi and use the free tier of Cloud Pub/Sub to set up the messaging system. This talk was given as part of the Road to DevFest '19 Brunei series, on the 31st October 2019
A short introduction to cryptography. What is public and private key cryptography? What is a Caesar Cipher and how do we decrypt it? How does RSA work?
Next generation image compression standards: JPEG XR and AICTouradj Ebrahimi
Invited talk at Mobile Multimedia/Image Processing, Security, and Applications 2009, SPIE Defense, Security and Sensing Symposium, Orlando, FL, April 13-17, 2009
Scenario 1 (length as needed)You are considering auctioning a L.docxkenjordan97598
Scenario 1 (length: as needed)
You are considering auctioning a Leonardo Da Vinci original sketch. You entice four bidders to come to your auction. The bidders’ valuations of the sketch in decreasing order are $3.0, $2.2, $2.0, and $1.5 (in millions).
· If you used a second-price sealed bid auction, who would win and what would the winning price be?
· If you used a first-price sealed bid auction and the optimal strategy for the participants was to shade their bid by 20% and the participants used this strategy, who would win and what would the winning price be?
· Which auction should you choose to maximize your profit?
Answer the above questions if the valuations of the sketch are $3.0, $2.7, $2.0 and $1.5.
Scenario 2 (length: 0.5 page)
In the auction described above, suppose that you could entice additional bidders to attend your auction. However, none of the new bidders would have a valuation greater than $3.0 million. Despite that fact, you expect the amount that the winning bidder must pay to increase regardless of the type of auction you use (first- or second-price sealed bid). For each auction, explain why you would expect the auction price to increase. If you want, you may assume the valuations of the original four participants are $3.0, $2.2, $2.0 and $1.5 million.
Scenario 3 (length: 0.5 page)
Some recent Super Bowl advertisements have spent very little time mentioning anything about their product--or even the name of the company. In particular, the two-minute long Ram Trucks "Farmer" commercial had only a few brief and almost unidentifiable views of their product until the last ten seconds of the commercial. Further, the name of the company was only mentioned in the last five seconds of that commercial. Explain why this commercial demonstrated the concept of signaling described in the textbook. In other words, why should consumers be convinced that a Ram truck is of high quality because of the airing of that commercial?
Scenario 4 (length: as needed)
Suppose there are two types of people who need health insurance; high-risk and low-risk consumers. High-risk consumers have a relatively high probability of needing expensive medical care and on average incur $2,000 of medical expenses per year. The high-risk consumers would be willing to pay up to $2,500 for insurance that covers all their medical bills. Low-risk consumers would be willing to pay up to $1,500 for full-coverage insurance and on average would incur on average $1,200 in medical bills. Assume 1/3 of all consumers are high-risk and the remaining 2/3 of consumers are low-risk. Consumers know whether they are high-risk or low-risk. The insurance company knows 2/3 of all consumers are low-risk but cannot identify which consumers are low-risk.
1. If all consumers bought insurance, what price must the insurance company charge to break even in expectation? That is, what price must the insurance company charge so that the expected payments equals the premium?
2. Which consumers w.
PMP - Project Initiation Template for ProfessionalsDaniel_Mccrea
WHAT
--------------
A helpful guide for Project Management Professionals who are at the beginning of their projects in 'Project Initiation'.
FOR
--------------
Written in plain English for use in the real world (not just for study). If you're a professional who's rusty on Initiation or have fallen into bad habits - this guide will remind you what questions to ask,...and why!
BY
--------------
Daniel Mccrea a PRINCE2(R) and PMP(R) certified Project Manager specialising in online Software/ & Content Delivery.
Visit me here:
ie.linkedin.com/in/danielmccrea/
Case study
StoriesOnBoard brought a new era to SolutionStream’s routine project estimating and planning; their teams are now in a great place to start implementing all they planned from a mush stronger position. That resulted in a clear understanding of what needs to be done - agreed with the client, and we provide a tool that helps product teams to create a common understanding of the project itself.
A Proven Software Development Process for the Non Technical FounderFounders Workshop
Are you a non-technical founder with a great software idea? Ready to take the plunge but want the “secret” to successfully managing software development? Well, it's not a "secret" at all - it's a disciplined methodology we are going to share with you. This presentation is designed to provide entrepreneurs with a blueprint for successful software development and technology implementation.
The unfortunate reality is that quality software development and technology implementation is not readily available to most startups and small business entrepreneurs. Great entrepreneurs are met with small thinkers when searching for a development team via online freelancer sites, or the recommendation of a friend’s cousin who may code on weekends. Or they are faced with development companies that impose business models that do not align with the entrepreneurial spirit.
Being entrusted to initiate and plan your company’s new project can be a great responsibility—and it’s something you don’t want to mess up.
Project initiation, the process by which you start a project, and project planning, the process in which you create schedules and plan a project systematically, are integral to the project management process.
Project planning, the most important phase of the project management process, should be executed well, as poor planning may lead to serious problems and setbacks later.
Below, we list the twelve steps of the project management process that can help you get started initiating and planning a successful project.
Step 1: Develop Project Charter
The first step to starting your new project is to develop your project charter. Basically, your charter will serve as your project’s mission statement and serve as your guide throughout the project. In your charter, you should define the scope of your project (what you plan to do) as well as an overview of how it will be done (who will do what).
Successful project charters are prepared from information from three main sources: contracts, Service Level Agreements (SLA), and Letters of Award.
Your contracts are the agreements between you (the service provider) and your client. Your SLA is a special type of contract in which you and your client define and agree to the scope and deliverables of the project, and your Letter of Award states that you’ve won a particular bid for the project.
Within your project charter, be sure to provide a comprehensive overview of the scope and direction of the project. Also known as your project’s content, this information is key to the success and to the professionalism of your charter.
This document signifies to your project manager that (s)he has permission to start work on the tasks, as laid out in the charter. Having a clear direction, purpose, and high-level project description can keep all parties on the same page and help your team to provide a service as agreed to with your client.
In order to do this, your charter should include any and all requirements and key deliverables as well as provide a general milestone schedule. Parties responsible for the project, such as the project manager, the project sponsor, and keyholders, should be listed.
Step 2: Identify Stakeholders
It’s imperative that you identify all stakeholders while developing your project charter. Stakeholders are any individual, group, or organization that will be affected by the outcome of the project.
In order to do this, most organizations run what’s called a stakeholder analysis. This analysis identifies the stakeholders in a project and determines what outcome the project should provide to each one.
A stakeholder register is also made. This register identifies project stakeholders and lists their influence over its outcome.
Keith Schengili-Roberts - DITA Worst PracticesJack Molisani
While people are interested in hearing about successes, we can actually learn more from failure. Not only do we discover what not to do, but also how to avoid the circumstances that led to it. Presenter Keith Schengili-Roberts has seen a lot of good and bad things happen to DITA implementations over the years, and part of his job at IXIASOFT is to investigate what works, what doesn’t, and why. Listen to his stories on the best (worst) DITA practices!
LavaCon 2017 - Developing Your Edge: Getting a Seat at the Customer’s TableJack Molisani
In many businesses, Sales account teams closely guard and regulate contact with customers. I have heard of, and have experienced situations where technical communications staff are refused access to customers unless there is a major issue. Customer engagement is the linchpin to understanding requirements and delivering value. It is the critical factor between celebrating success and wasting cycles. My session explores the idea of getting communications professionals to overcome the trust and perception deficits we often face.
A large part of the problem is the perception of how we communicate and a fear of what we’ll say. This mentality impedes and undermines our value proposition. I’ll share ideas and anecdotes about what can we do to:
LavaCon 2017 - How Modern Analytics Will Turn Your Technical Content Into a R...Jack Molisani
Understanding how product documentation is consumed can fuel your company with data that has the potential to transform operations and impact decisions. To gain this insight, you need to change the way you track and mine the behavior of users when they search, read and interact with your technical content. By combining the latest delivery, text-mining and analytics technologies, you will transform tech content into a sensor and its delivery into a data generator.
After reviewing the flaws of the “old” approaches to content analytics, we will study how to properly capture the interactions of users with content. We will also explore the different levels of value that we can derive from modern delivery, text-mining and analytics. We will see how those new technologies can multiply the value of tech content. And we will learn how tech content can be impactful for many different activities and constituencies of the company, gathering more support and becoming more strategic.
LavaCon 2017 - Agile Localization: Building Bridges Between Translation Quali...Jack Molisani
Staying in sync with the rapid cycles of Agile software development can be a challenge for any technical communicator, and even more so when localization is involved. Localization includes both the technical and linguistic aspects of translating software and documentation into other languages. You can be a hero in your organization by creating a smooth process to build a bridge between the seemingly incompatible processes of agile development and localization.
Content moves around. It passes back and forth between authoring, editing, reviewing, and publishing before ever reaching its intended audience. Each touch point creates change, but often that change is elusive or unknown. In regulated industries such as healthcare, aerospace, and pharmaceuticals, proving that you have control over content change is a vital capability. How can you gain and demonstrate that control and how do you present an audit trail of change to the relevant audiences in an appropriate format?
LavaCon 2017 - Much Ado About Templates: Reduce the Learning Curve and Increa...Jack Molisani
How did our team of five information specialists and 100 SMEs, who provide content for a worldwide audience of 3,500 service technicians in a regulated industry, move from Word to XML? We adapted – and used templates! Since we were used to Word templates, it made sense to mimic that for simplicity in training and transition. Templates provide a built-in structure and allow customization of the user experience. Please join us as we expose our experiences with templates in XML.
LavaCon 2017 - Building an Enterprisewide Content Platform—and Why DITA will ...Jack Molisani
Breaking down content silos requires an enterprise-wide strategy that serves a number of distinct departments, creators, reviewers, and consumers. However, an enterprise-wide strategy that requires an enterprise-wide deployment of DITA will very likely fail. DITA simply is not made for ALL the content types and workflows within an organization, which usually span support, marketing, product documentation, legal, and more. In this session, we’ll focus on why an enterprise-wide content strategy is important, alternatives to DITA, and how to get started.
LavaCon 2017 - Take the Risk, Embrace the Change!Jack Molisani
Hoa Aldous has made many difficult choices throughout her life. From escaping Vietnam to opting out of an arranged marriage, she’s had to risk it all on more than one occasion.
In this keynote, Hoa will share her life experiences, how she assessed the risks she’s faced, and that embracing the resulting changes can often lead to the experience you were looking for all along.
LavaCon 2017 - Structured Content Authoring For All!Jack Molisani
Many say “Structured Content Authoring is too complex.” But organizations have no choice: to keep content consistent, findable and manageable, we simply must write and store in a structured format. Semantic tagging, re-use, targeting, conditions, references, all are essential and valuable features that form the essence of Structured Content schemas. If we simply ‘strip complexity’ –for ‘lightweight authoring’- chances are fair that we lose much of this value. The question is: how to make Structured Content Authoring a mainstream activity?
LavaCon 2017 - Building Catwalks Between Silos: Using Taxonomy to Drive Engag...Jack Molisani
While content marketing can improve brand preference, it’s hard to link it to product information directly while maintaining an authentic voice. Conversely, product documentation is perceived as authentic and trustworthy — a potentially powerful marketing asset itself — but can be hard to find and hard work to read. This live use case shows how content marketing can link customers to docs in a relevant, contextual, and scalable way by combining taxonomy and minimalist structured content.
LavaCon 2017 - Getting Dragged Along? Start Charting Your Team’s Course with ...Jack Molisani
To meet the demand for content, do you take a “peanut butter” approach and spread your resources evenly – but thinly – across the whole product? Or do you grease the squeakiest wheel, which means you neglect a wheel that’s more vital to the business? Either way, outside forces dictate how you’ll use your resources. Soon you’ll have a lot of mediocre content that doesn’t represent your team’s value. And that makes it hard to get headcount and funding.
LavaCon 2017 - DITA: Start Small, Grow Big Using Open Source ToolsJack Molisani
You’re considering using DITA and would like to try it out without incurring significant upfront costs, but also keeping your options open longer-term. Where do you start? How will you approach the challenges of content creation, content management, and publishing your content? There are in fact plenty of options. The good news is that XML and DITA are open standards. This has led to a healthy ecosystem with quality commercial and inter-operable open source tools, that do away with vendor lock-in and keep operating costs down. We will discuss the three challenges, show an example of how end-to-end solutions can be built based upon Git and other open source tools. In fact, the result may be better than you’d expect.
LavaCon 2017 - Feed the Goldfish in 19 Minutes and 52 SecondsJack Molisani
Content consumption patterns have dramatically changed over the last decade. The maximum selective sustained attention span of a human being is about 20 minutes. The length of this talk. Latest research shows that the transient attention span of human beings has even gone down from 12 to 8 seconds over the last decade – even a goldfish has a longer attention span.
To communicate technical content in the future successfully, we need to move from drops to drips, deliver smaller content chunks, improve findability and searchability and tailor content to the content consumer’s role and context automatically.
LavaCon 2017 - How UX and Content Can (and Should) Work TogetherJack Molisani
The Farmer and the Cowhand Should Be Friends, or, How UX and Content Can (and Should) Work Together.
Let’s be frank: If UX designers had their way, the only words you’d ever see on the web are lorem ipsum. And yet, words — from interfaces to microcopy to long narratives — are integral to the usability and delight of any web product. Based on his years of UX experience and love of good content, Dylan will talk about ways to bring the two sides together to make better things on the web.
LavaCon 2017 - Implementing a Customer-driven Transition to DITA Content: A S...Jack Molisani
When customer expectations uproot your documentation processes and PDF content offering, how do you mobilize a team that has used the same tools and processes to create book-based, unstructured content for over two decades? When new demands drive the change for structured content to support a myriad of users and multi-channel publishing, the logical choice is a DITA workflow.
Join Ciena, The Content Era and Adobe Tech Comm at LavaCon 2017 Portland for an immersive workshop that highlights how a DITA workflow is possible with familiar tools, a modest budget, and creative handling of the content.
LavaCon 2017 - Evolving the New Content OrderJack Molisani
We are at a critical moment in history, with knowledge bursting at the seams of our organizations. Many of us still struggle to manage numerous modes of omnichannel content engagement: published, interactive, and automated. The solution requires vision to move towards a new order of content intelligence encompassing our organization’s entire knowledge graph. It requires spanning silos, especially between marcomm and techcomm. Join Cruce Saunders as he explores the new content stack, and how to future proof content assets to meet the demands of ever-evolving customer experiences.
LavaCon 2017 - Managing Stakeholders Across the Content Ecosystem: The Key to...Jack Molisani
Trying to implement an content strategy that supports your customers across their entire journey–or even just sell the idea to decision makers? Having problems getting it to fly? More than any other single aspect, stakeholder management is critical to getting support for and implementing a unified content strategy (or ANY project, for that matter). You need to understand THEIR needs and ensure that you’re communicating continually to quiet objections and move your project forward. And it’s not always easy–especially when you’re leading initiatives across silos and teams with no direct authority. Influencing those stakeholders is key!
In this session, Andrea will discuss the success factors to aim for, and the behaviors that can trip you up, when managing stakeholders to successfully support your clients, solve business problems, and drive revenue and customer loyalty!
LavaCon 2017 - Future-proof Your Content: Beyond Traditional Publishing for S...Jack Molisani
This session delineates why the most common publishing methods in today’s technical space cannot survive into the middle of the next decade. Tools and methodologies are required that are scalable for vast increases of “atomic” content and to dozens of more language targets. Discover what the minimum ingredients are for survival in terms of tools, workflows and content strategies.
LavaCon 2017 - Silos. (And other concepts that make us average)Jack Molisani
Content crosses silos, giving content developers a unique perspective of the good, the bad, and the ugly. Years of experience leads to insight, but can also paralyze innovative ideas.
Has your experience given you tribal knowledge and wisdom, or preconceived notions that are no longer true or helpful?
In this keynote, Megan Gilhooly discusses new ways of thinking that challenge common business trends. She will provide examples highlighting how your ability to think critically and your passion for forging new trends can help you throughout your content career.
LavaCon 2017 - Management Workshop Part 1: Leadership and Management in Techn...Jack Molisani
Some of the unique challenges that Tech Comms managers face are offshoring, outsourcing, vendor management, managing across countries, justification of resources etc. In this workshop we will work with real life scenarios and learn from solutions that have been implemented in organizations to manage and lead effective content management teams. You will be exposed to ideas and and handy tools that we to build your team with a varied set of skills for scalability and longevity.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Monitoring Java Application Security with JDK Tools and JFR Events
How to Write Content Strategy SOWs and Contracts
1. SOWs, Contracts, and the Content
Development Lifecycle
By Jack Molisani
Executive Director
The LavaCon Conference
on Content Strategy
@JackMolisani
@LavaCon
3. Disclaimers
• I am not a lawyer and am not
qualified to give legal advice
• I am just sharing lessons learned
• Check with your own attorney
before acting on any information in
this presentation
• Group participation
• Artists
4. Goal of Presentation
To cover the basics of how to
write statements of work and
contracts for the various stages of
the content development lifecycle
5. Statement of Work
The most successful projects begin
with a written statement of what is
needed and what will be done:
• Statement of Work (SOW)
• Project Plan
• Document Plan
• Called by many names
6. Statement of Work
• Most projects are either too large or
too nebulous (not well defined) to
create one big SOW for the whole
project
• Divide and conquer: Create an
SOW for each phase of the content
development life cycle
8. Needs Analysis
• The first step of any project is
determining what the customer
needs
• Start with a needs analysis
(content inventory + gap analysis)
9. Requirement Definition
Use the results of the Needs
Analysis to define what you or
your company will do to fulfil the
needs identified
10. Content Strategy
Only after you discover what the
customer has and what the
customer wants can you create a
strategy on how to get there
11. When Do You Need an SOW?
For each deliverable
• Phase 1
• Phase 2
• Phase 3
• Phase 4–6
12. The Relationship to Sales
Before each phase is started,
someone in your company (you?)
gave an estimate to the client,
and the client gave their
OK to start.
13. The Relationship to Sales
The SOW is a statement of what
will be done. A contract, in turn,
defines how much your company
will be paid for the work,
by when it should
be done, etc.
14. Why SOWs and Contracts
are Important
• Just saying what you want isn’t
enough because words mean
different things to different people.
• Some people have selective (or no)
memory, or will just plain lie about
what they said.
15. “Palest ink is better than
best memory.”
Chinese Proverb
17. Work to Be Done
• Be specific. State exactly what will
be done.
• “We will perform a content audit.” vs.
• “We will create a content audit for
website www.ACMEwidgets.com as
of 23 Feb 2016 in the style and level
of detail of the sample pages in
Appendix _.”
18. Include a RACI Matrix
For each task to be done, define who is:
Responsible (to do the task)
Accountable (ensure that it will be/
was done correctly)
Consulted (for input or permission)
Informed (regard progress)
20. Define the Deliverables
• Incremental deliveries or just the
final product?
• Prototypes, storyboards, wireframes,
screen mock-ups? In what
development tools?
• How many reviews, how many
deliveries (Alpha, Beta, Final)?
• Are source files deliverable?
25. Contracts
• Repeat: I am not a lawyer and not
qualified to give legal advice, so
consult a good attorney
• Attorneys are expensive but worth
the money
• If you avoid just one law suit or
non-paying client…
26. Definition of “Contract”
An agreement with specific terms between two or
more persons or entities in which there is a promise
to do something in return for a valuable benefit known
as “consideration.”
The existence of a contract requires the following:
a) an offer
b) an acceptance of that offer
c) a promise to perform
d) a valuable consideration
e) a time or event when performance must be made
f) terms and conditions for performance
Law.Com Dictionary
27. Contracts
• “Contract” vs. “Letter of Agreement”
• Call it what you want as long as it is
written and agreed to
• Can be emails back and forth
29. Parties
Specify who the agreement is between
This letter defines the
agreement between ProSpring,
Inc.(ProSpring) and Acme
Consolidated Industries, Inc.
(Client) to produce....
30. What Will Be Done
Reference the Statement of Work
...to create a content strategy
as defined in the XYZ Project
Plan of 12 March 2016...
31. Cost
The cost, and whether it is fixed bid,
hourly/hourly not to exceed, etc.
...for a total fixed bid of $xx,xxx.
32. Billing and Payment Terms
Billing milestones:
20% on authorization to proceed
55% on alpha delivery
20% on beta delivery
05% on final delivery
Terms: Net 10
34. Out-of-Scope Changes
– A content inventory and
audit was performed and the
SOW for what is needed is
included in the 12 March
project plan. Time needed to
create any content not
included in the SOW will be
considered out of scope and
is billable.
35. Out-of-Scope Changes
– ProSpring will send Client a
Change Authorization Form
(Appendix _)showing the
anticipated cost and
schedule impact of the
requested change(s). Client
must approve all Change
Authorization Forms before
ProSpring begins any out-of-
scope changes.
36. What Is and Is Not Included
– The project cost includes
two (2) rounds of strategy
reviews. Any additional
rounds of reviews are
considered out of scope and
are billable at $xx/hour.
– The project does not
include illustrations or
photography.
37. Rush Fees
– Rush charges outside the
scope of the agreement will
be billed at $(1.5X)/hr.
38. Response Time
– Client agrees to respond to
all requests for information
within two business days and
to return all review comments
within five business days.
– Any delays past the above by
Client will cause an equal
number of days slip in the
delivery schedule.
39. Other Terms
– Client will consolidate all
tech review comments and
resolve any conflicting
comments before returning them
to ProSpring.
– Client is responsible for
arranging all travel needed for
this project as identified in the
project plan.
40. Other Terms
Should Client cause production
to stop for more than ten
business days, ProSpring
reserves the right to reassign
the project resources to other
projects.
Once the project becomes active
again, ProSpring will reassign
resources as they become
available or will assign other
resources.
41. Other Terms
Time needed to implement scope
changes, new functionality,
reversing earlier decisions, etc.
are out of scope and will be
billed hourly.
42. “Kill Fees”
Should the project be cancelled
due to no fault of ProSpring,
Client agrees to pay 30% of the
fees for the remaining phases of
the project specified in paragraph
X [billing terms] as compensation
for work ProSpring may have turned
away during the course of the
project.
43. “Kill Fees”
If Client authorizes ProSpring to
start a phase of the project,
Client agrees to pay the billing
milestone for that phase if the
project is cancelled due to no
fault of ProSpring before that
milestone was reached.
45. UCC vs. Common Law
Uniform Commercial Code (UCC) is a
cross-state agreement of how work
can be treated. UCC can enforce
assumptions about how the work will
be performed and what’s included in it,
and arbitration or court rulings may
find that an unstated assumption is
part of the contract.
Common Law is a legal concept that
restrains expectations to those
explicitly stated.
46. UCC vs. Common Law
Signing this agreement, generating
a PO for, or otherwise authorizing
starting work against this
agreement constitutes its
acceptance as a contract under
common law.
47. Indemnification
ProSpring will do its best to
ensure that any content developed
for Client is technically
accurate to the best of our
knowledge; however,
responsibility for the any
content developed belongs
ultimately and solely to Client.
48. Indemnification
Client agrees that it is solely
responsible for the accuracy of
content and indemnifies and holds
harmless ProSpring from any and all
actions, claims, damages, expenses,
and liabilities resulting from
Client’s use, distribution, or
modification of the content.
(Disney Story)
49. Non-Disclosure
ProSpring agrees to not disclose any
Client proprietary information or
intellectual property (that was not
already in the public domain at the
time of this proposal) to any party
not directly involved in the
production of the documentation
identified in this agreement.
50. Non-Disclosure
ProSpring has spent years developing
proprietary processes and procedures
for creating content strategies and
developing content. This information
constitutes the intellectual
property of ProSpring. Client will
not disclose ProSpring intellectual
property not already published in
the public domain.
51. Rights, Use and Ownership
ProSpring retains the right to show
developed content to prospective
clients in sales presentations, to
release an announcement of this
contract to local press once accepted,
to list Client in our published client
list, and to submit the product to
professional competitions as a sample
of ProSpring’s work.
52. Copyright
ProSpring owns the copyright to any
content under development, and will
transfer the copyrights to Client
once the final payment is received.
54. More Legal Stuff
The laws of the State of _____ shall
govern this Agreement.
This Agreement sets forth the entire
Agreement between the parties and
supersedes all contracts, proposals,
oral or written, and all other
communications between the parties with
respect to the subject matter hereof.
This Agreement may be modified only by
a written amendment.
55. More Legal Stuff
If a controversy arises between the
parties concerning or relating to
this Agreement, the parties hereto
agree to submit such controversy to
binding, non-appealable arbitration
in accordance with the rules of the
American Arbitration Association.
Each party will be responsible for
any associated costs or fees.
56. More Legal Stuff
All of the terms, provisions and
agreements herein contained shall
also be binding upon the heirs,
executors, administrators, successors
and assigns of the respective parties
hereto.
If any term contained in this
Agreement shall be determined to be
void or unenforceable, the remaining
terms shall remain in full force and
effect.
57. More Legal Stuff
Any party’s failure to enforce any
provision or provisions of this
Agreement shall not in any way be
construed as a waiver of any such
provision or provisions, nor prevent
that party thereafter from enforcing
each and every other provision of
this Agreement.
58. External Documents
Include copies of external documents,
don’t reference them.
ProSpring agrees to follow Client’s
Code of Conduct: www.client.com/code
vs.
ProSpring agrees to follow Client’s
Code of Conduct listed in Appendix _.
59. Offer Acceptance
Signatories to the agreement have the
authority to commit resources for
their respective organizations.
Agreed by:
____________________ ________
Name Date
For Acme Consolidated
Industries, Inc.
60. Definition of “Contract”
An agreement with specific terms between two or
more persons or entities in which there is a promise
to do something in return for a valuable benefit known
as “consideration.”
The existence of a contract requires the following:
a) an offer
b) an acceptance of that offer
c) a promise to perform
d) a valuable consideration
e) a time or event when performance must be made
f) terms and conditions for performance
Law.Com Dictionary
Note: Nowhere in the above does it say the offer has to be signed to be accepted.
61. Summary
• Get it in Writing
• Define the Project in Explicit Detail
• Prototype, Prototype, Prototype!
• Have a Good Attorney
• Write Good Contracts
62. Contact the Speaker
Jack Molisani
JackMolisani@ProspringStaffing.com
@JackMolisani
Jack@LavaCon.org
LavaCon.org
@LavaCon