The document discusses Aetna's journey towards implementing DevOps practices in a regulated environment. It describes Aetna's traditional "waterfall" development process and how it is evolving to integrate security practices into its continuous integration/delivery (CI/CD) process. This includes automating static code analysis, container vulnerability scanning, and identifying and remediating AWS security risks. The benefits of DevSecOps include more consistent security controls, reduced defects, increased security and speed to market. Challenges include evolving culture across 3,500+ developers and integrating security tools in a way that provides continuous feedback.
DevSecOps, An Organizational Primer - AWS Security Week at the SF LoftAmazon Web Services
DevSecOps, An Organizational Primer - AWS Security Week at the San Francisco Loft
We examine building DevSecOps culture for you or your customers, which includes foundational practices and scaling functions to instantiate and resiliently operate a DevSecOps model. To achieve this shift, we analyze common success patterns, such as how to use a secure CI/CD pipeline. You’ll learn key points such as building security owners, integrating continuous compliance and security, and removing people from the data to vastly improve your security posture over traditional operating models. Takeaways include a blueprint for building a DevSecOps operating model in your organization; an understanding the security practitioners' point of view and embracing it to drive innovation; and ways to identify operating characteristics in your organization and use them to drive a strategy for DevSecOps.
Level: 100
Speaker: Tim Anderson - Tech Industry Specialist, AWS Security
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
DevSecOps, An Organizational Primer - AWS Security Week at the SF LoftAmazon Web Services
DevSecOps, An Organizational Primer - AWS Security Week at the San Francisco Loft
We examine building DevSecOps culture for you or your customers, which includes foundational practices and scaling functions to instantiate and resiliently operate a DevSecOps model. To achieve this shift, we analyze common success patterns, such as how to use a secure CI/CD pipeline. You’ll learn key points such as building security owners, integrating continuous compliance and security, and removing people from the data to vastly improve your security posture over traditional operating models. Takeaways include a blueprint for building a DevSecOps operating model in your organization; an understanding the security practitioners' point of view and embracing it to drive innovation; and ways to identify operating characteristics in your organization and use them to drive a strategy for DevSecOps.
Level: 100
Speaker: Tim Anderson - Tech Industry Specialist, AWS Security
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
This talk is from DevSecOps Singapore, June 29th, 2017.
Continuous Delivery and Security are traveling companions if we want them to be. This talk highlights how to make that happen in three areas of the delivery pipeline.
DevOps Friendly Doc Publishing for APIs & MicroservicesSonatype
Mandy Whaley, CISCO
Microservices create an explosion of internal and external APIs. These APIs need great docs. Many organizations end up with a jungle of wiki pages, swagger docs and api consoles, and maybe just a few secret documents trapped in chat room somewhere… Keeping docs updated and in sync with code can be a challenge.
We’ve been working on a project at Cisco DevNet to help solve this problem for engineering teams across Cisco. The goal is to create a forward looking developer and API doc publishing pipeline that:
Has a developer friendly editing flow
Accepts many API spec formats (Swagger, RAML, etc)
Supports long form documentation in markdown
Is CI/CD pipeline friendly so that code and docs stay in sync
Flexible enough to be used by a wide scope of teams and technologies
We have many interesting lessons learned about tooling and how to solve documentation challenges for internal and external facing APIs. We have found that solving this doc publishing flow is a key component of a building modern infrastructure. This is most definitely a culture + tech + ops + dev story, we look forward to sharing with the DevOps Days community.
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
Discussion of how security is in crisis but DevSecOps offers a new playbook and gives security a path to influence. Taking a look at the WAF space, we look at how Signal Sciences has created feedback between Dev and Ops and Security to create new value.
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
Barriers to Container Security and How to Overcome ThemWhiteSource
Over the past few years, more and more companies are turning to containerized environments to scale their applications.
However, keeping containers secure throughout the development life cycle presents many challenges to security and development teams. In order to address them, organizations need to adopt a new set of security processes and tools.
This session will focus on the three most vulnerable areas of container security and the best practices to help teams develop and deploy securely.
Join Jeffrey Martin, Senior Director of Product at WhiteSource, as he discusses:
The top challenges to security in containerized environments
How DevSecOps addresses security in containerized environments
Tips and tricks for successfully incorporating security into the container lifecycle
DevSecOps - It can change your life (cycle)Qualitest
QualiTest explains how a secured DevOps (DevSecOps) delivery process can be achieved using automated code scan, enabling significant shift left of issues detection and minimizing the time to fix. Whether you are considering DevSecOps, on the path, or already there, this slide is for you.
For more information, please visit www.QualiTestGroup.com
Maturing DevSecOps: From Easy to High ImpactSBWebinars
Digital Transformation and DevSecOps are the buzzwords du jour. Increasingly, organizations embrace the notion that if you implement DevOps, you must transform security as well. Failing to do so would either leave you insecure or make your security controls negate the speed you aimed to achieve in the first place.
So doing DevSecOps is good... but what does it actually mean? This talk unravels what it looks like with practical, good (and bad) examples of companies who are:
Securing DevOps technologies - by either adapting or building new solutions that address the new security concerns
Securing DevOps methodologies - changing when and how security controls interact with the application and the development process
Adapting to a DevOps philosophy of shared ownership for security
In the end, you'll have the tools you need to plan your interpretation of DevSecOps, choose the practices and tooling you need to support it, and ensure that Security leadership is playing an important role in making it a real thing in your organization.
In 2009 Patrick Dubois coined the term "DevOps" when he organised the first "DevOpsDays" In Ghent, Belgium. Since then the term has become a term to explain the collaboration between all organisational stakeholders in IT projects (developers, operations, QA, marketing, security, legal, …) to deliver high quality, reliable solutions where issues are tackled early on in the value stream.
But reality shows that many businesses that implement "DevOps" are actually talking about a collaboration between development, QA and operations (DQO). Solutions are being provided but lack the security and/or legal regulations causing hard-to-fix problems in production environments.
In this talk I will explain how the original idea of Patrick to include all stakeholders got reduced to development, QA and operations and why it's so difficult to apply security or compliance improvements in this model. I will also talk about ways to make the DQO model welcoming for security experts and legal teams and why "DevSecOps" is now the term to be used to ensure security is no longer omitted from the value process.
Finally we'll have a vote if we keep the term "DevOps" as an all-inclusive representation for all stakeholders or if we need to start using "DevSecOps" to ensure the business understands can no longer ignore the importance of security.
*** DevSecOps: The Evolution of DevOps ***
Have you ever asked yourself the following questions:
What does DevSecOps means?
How is this different from DevOps?
What can we learn from the DevOps movement?
Presentation by James Betteley who shares his experience of shaping DevOps and what he foresees will happen with DevSecOps.
Scale DevSecOps with your Continuous Integration PipelineDevOps.com
Hear from AppSec and Development leaders on how they apply the principles of DevOps to deliver secure products and services to customers. Learn how you can scale your DevSecOps initiatives to reduce time-to-deployment and lower costs as you deliver secure software. During this webinar, you will learn about the latest tools and techniques that will enable your development teams to embed security scanning into your IDE as you are coding, returning most scans in seconds – all while integrating into your CI pipeline. Our speaker will provide:
An overview of Veracode Greenlight and its integrations with developer tools;
A summary of recent Greenlight use cases and successes;
Examples of how Greenlight integrates into your CI pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
This talk is from DevSecOps Singapore, June 29th, 2017.
Continuous Delivery and Security are traveling companions if we want them to be. This talk highlights how to make that happen in three areas of the delivery pipeline.
DevOps Friendly Doc Publishing for APIs & MicroservicesSonatype
Mandy Whaley, CISCO
Microservices create an explosion of internal and external APIs. These APIs need great docs. Many organizations end up with a jungle of wiki pages, swagger docs and api consoles, and maybe just a few secret documents trapped in chat room somewhere… Keeping docs updated and in sync with code can be a challenge.
We’ve been working on a project at Cisco DevNet to help solve this problem for engineering teams across Cisco. The goal is to create a forward looking developer and API doc publishing pipeline that:
Has a developer friendly editing flow
Accepts many API spec formats (Swagger, RAML, etc)
Supports long form documentation in markdown
Is CI/CD pipeline friendly so that code and docs stay in sync
Flexible enough to be used by a wide scope of teams and technologies
We have many interesting lessons learned about tooling and how to solve documentation challenges for internal and external facing APIs. We have found that solving this doc publishing flow is a key component of a building modern infrastructure. This is most definitely a culture + tech + ops + dev story, we look forward to sharing with the DevOps Days community.
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
Discussion of how security is in crisis but DevSecOps offers a new playbook and gives security a path to influence. Taking a look at the WAF space, we look at how Signal Sciences has created feedback between Dev and Ops and Security to create new value.
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
Barriers to Container Security and How to Overcome ThemWhiteSource
Over the past few years, more and more companies are turning to containerized environments to scale their applications.
However, keeping containers secure throughout the development life cycle presents many challenges to security and development teams. In order to address them, organizations need to adopt a new set of security processes and tools.
This session will focus on the three most vulnerable areas of container security and the best practices to help teams develop and deploy securely.
Join Jeffrey Martin, Senior Director of Product at WhiteSource, as he discusses:
The top challenges to security in containerized environments
How DevSecOps addresses security in containerized environments
Tips and tricks for successfully incorporating security into the container lifecycle
DevSecOps - It can change your life (cycle)Qualitest
QualiTest explains how a secured DevOps (DevSecOps) delivery process can be achieved using automated code scan, enabling significant shift left of issues detection and minimizing the time to fix. Whether you are considering DevSecOps, on the path, or already there, this slide is for you.
For more information, please visit www.QualiTestGroup.com
Maturing DevSecOps: From Easy to High ImpactSBWebinars
Digital Transformation and DevSecOps are the buzzwords du jour. Increasingly, organizations embrace the notion that if you implement DevOps, you must transform security as well. Failing to do so would either leave you insecure or make your security controls negate the speed you aimed to achieve in the first place.
So doing DevSecOps is good... but what does it actually mean? This talk unravels what it looks like with practical, good (and bad) examples of companies who are:
Securing DevOps technologies - by either adapting or building new solutions that address the new security concerns
Securing DevOps methodologies - changing when and how security controls interact with the application and the development process
Adapting to a DevOps philosophy of shared ownership for security
In the end, you'll have the tools you need to plan your interpretation of DevSecOps, choose the practices and tooling you need to support it, and ensure that Security leadership is playing an important role in making it a real thing in your organization.
In 2009 Patrick Dubois coined the term "DevOps" when he organised the first "DevOpsDays" In Ghent, Belgium. Since then the term has become a term to explain the collaboration between all organisational stakeholders in IT projects (developers, operations, QA, marketing, security, legal, …) to deliver high quality, reliable solutions where issues are tackled early on in the value stream.
But reality shows that many businesses that implement "DevOps" are actually talking about a collaboration between development, QA and operations (DQO). Solutions are being provided but lack the security and/or legal regulations causing hard-to-fix problems in production environments.
In this talk I will explain how the original idea of Patrick to include all stakeholders got reduced to development, QA and operations and why it's so difficult to apply security or compliance improvements in this model. I will also talk about ways to make the DQO model welcoming for security experts and legal teams and why "DevSecOps" is now the term to be used to ensure security is no longer omitted from the value process.
Finally we'll have a vote if we keep the term "DevOps" as an all-inclusive representation for all stakeholders or if we need to start using "DevSecOps" to ensure the business understands can no longer ignore the importance of security.
*** DevSecOps: The Evolution of DevOps ***
Have you ever asked yourself the following questions:
What does DevSecOps means?
How is this different from DevOps?
What can we learn from the DevOps movement?
Presentation by James Betteley who shares his experience of shaping DevOps and what he foresees will happen with DevSecOps.
Scale DevSecOps with your Continuous Integration PipelineDevOps.com
Hear from AppSec and Development leaders on how they apply the principles of DevOps to deliver secure products and services to customers. Learn how you can scale your DevSecOps initiatives to reduce time-to-deployment and lower costs as you deliver secure software. During this webinar, you will learn about the latest tools and techniques that will enable your development teams to embed security scanning into your IDE as you are coding, returning most scans in seconds – all while integrating into your CI pipeline. Our speaker will provide:
An overview of Veracode Greenlight and its integrations with developer tools;
A summary of recent Greenlight use cases and successes;
Examples of how Greenlight integrates into your CI pipeline
DevOps in a Regulated and Embedded Environment (AgileDC)Arjun Comar
Embedded environments greatly restrict the tools available for a DevOps pipeline. A regulated environment changes the processes a development team can use to deliver software. The combination results in a highly restricted environment that forces the team back to first principles, finding what can actually work. In this talk, we'll consider the options, develop a set of helpful tools and discuss the challenges facing any team working on DevOps in unfavorable environments.
Together, we'll examine my experiences with a medical device company, where I built a DevOps pipeline for software controlling a heart pump. I would like to discuss the tools that worked as well as the principles that lead our team to success.
Empowering Application Security Protection in the World of DevOpsIBM Security
Watch on-demand now: https://securityintelligence.com/events/application-security-protection-world-of-devops/
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Development teams are aware of the shifting security challenges they face. However, they're by no means security experts, nor do they have spare time on their hands to learn new tools.
What can development teams do to keep pace with rapidly-evolving application security threats?
The answer lies in automation. By making application security part of the continuous build processes, organizations can protect against these major risks.
In this session, you will learn:
- New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments.
- Best practices for designing and incorporating an automated approach to application security into your existing development environment.
- Future development and application security challenges organizations will face and what they can do to prepare.
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
DevOps is a cultural shift for more and more organisations, bringing speed and innovation benefits that surpass other SDLC methods. But some of the principles of DevOps aren’t quite aligned with how companies of all sizes will need to incorporate and embed security into this shift. DevSecOps provides a path forward for the transformation and helps companies to shift security to the left so that everyone can take responsibility for it. While automating security testing is an obvious answer to secure applications in the code pipeline, that does not provide 100% coverage until security risks are fully mitigated. Fabian will talk about his journey in making DevSecOps a reality in an organisation. This talk will focus some of the lessons learnt - which includes implementing open source tools to help security team do their jobs better, hacking the culture, whitelisting services, reporting security defects. and also doing Red Team activities.
On November 4th, 2016 some 300+ IT decision makers gathered in the Amsterdam ArenA for a game-changing DevOps Masterclass: Better, Faster, Smarter with DevOps. Dutch thought leader and subject matter expert Rik Farenhorst illustrated the five key DevOps building blocks. Attendees also attended the famed Phoenix Project game zone, where they simulated organizational silos / key unit all the while trying to gain momentum in digital transformation. Several attendees got a hold of a golden ticket, earning them a seat with one of our local DevOps Experts. Xebia can guide you through any stage you are at while gaining momentum with the DevOps journey.
7 habits for success with enterprise/IT architecture [in Dutch]Rik Farenhorst
inspearit launched on Nov. 27 2013 at the Dutch Architecture Conference (LAC2013) its renewed vision on architecture. It is time to stop fooling ourselves with even more methods, tools and complicated models. Architecting essentially equals effective communication, at least if you'd like to have a proper impact. inspearit presents 7 habits for architects to become successful in practice.
Git in the Enterprise: How to succeed at DevOps using Git and a monorepo Perforce
Join GitLab VP of Product Job van der Voort and Perforce VP of Community Matt Attaway to hear lessons learned from their customers on how to succeed with DevOps using Git and a monorepo.
In this webinar we'll discuss:
- Approaches for managing teams and projects using Git
- Techniques for handling issue tracking across dependent projects
- Methods for automating testing and deployment
- Strategies for bringing enterprise scale, cross-project visibility and security to teams using Git
Ignite Presentation by Derek E. Weeks
Pictures help describe how we work, how our work flows, and what’s actually flowing where. I'll share insights from 31 DevOps and Continuous Delivery real-world reference architectures that have been key to building DevOps empathy -- when it’s not about people and who screwed up...it’s about a picture of a system that works great or needs improvement.
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...Amazon Web Services
In this session, we provide insights into the new AWS C2S offering and DevOps best practices so you can be the game changer and help your customers innovate faster and transform their speed-to-mission. Topics include: changes to C2S, C2S practices for DevOps, and tools and integrated security for DevSecOps.
Scale Continuous Deployment to Production with DeployHub and CloudBeesDeborah Schalm
Moving from a simple Jenkins CI workflow to Continuous Delivery requires a focus on Continuous Deployment. Join us for a discussion on how to integrate DeployHub, an open source application release automation solution, into your CloudBees pipeline to support automated deployments across dev, test and production. You will see how to create a Continuous Feedback loop, track change request and support rollback and version jumping all orchestrated via the CloudBees platform. Maturing your CD process to support continuous deployment using ARA has always been possible, but extremely expensive. DeployHub OSS solves the budget problem, integrated into CloudBees - and it is agentless for fast easy implementation.
Scale Continuous Deployment to Production with DeployHub and CloudBeesDevOps.com
Moving from a simple Jenkins CI workflow to Continuous Delivery requires a focus on Continuous Deployment. Join us for a discussion on how to integrate DeployHub, an open source application release automation solution, into your CloudBees pipeline to support automated deployments across dev, test and production. You will see how to create a Continuous Feedback loop, track change request and support rollback and version jumping all orchestrated via the CloudBees platform. Maturing your CD process to support continuous deployment using ARA has always been possible, but extremely expensive. DeployHub OSS solves the budget problem, integrated into CloudBees - and it is agentless for fast easy implementation.
Dev secops indonesia-devsecops as a service-Amien HarisenNadira Bajrei
DevSecOps is gaining popularity to recent years, thanks to the rapid expansion and adoptions of DevOps. The traditional penetration testing is considered a blocker in a rapid CI/CD deployment. So integrating security in a seamless manner is considered an important upgrade to the DevOps environment.
However, the traditional DevSecOps require huge amount of time, money and effort to implement. Traditional and DevSecOps principle is a culture that depends on teamwork between, the Dev ,Sec, and Ops team, which in real life situation its pretty difficult to realize.
This talk is about how to minimize the whole effort to implement DevSecOps in the current DevOps environment.
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017Amazon Web Services
Learn how to take your organization from manually tweaking and deploying servers and applications to automating the process, all the way from infrastructure to application code. In this session, we discuss how to structure teams to use DevOps, Service-Oriented Architecture, and Microservices. We evaluate the skill sets that are required for this and ways to attain or train employees to be sure that they have these skill sets. Customers who have gone through a transition to DevOps will discuss what the journey was like and lessons learned along the way. https://aws.amazon.com/government-education/
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1
DevSecOps is a development methodology that combines security measures at every stage of the software development lifecycle in order to provide reliable and secure systems. DevSecOps, in general, increases the benefits of a DevOps service.
DevOps vs DevSecOps: How to Balance Speed and Security in Software DevelopmentDev Software
DevOps vs DevSecOps are not mutually exclusive but complementary practices. They both aim to deliver software faster and more efficiently but they take different approaches to security.
DevOps focuses on automating the process of software delivery while DevSecOps puts security at the forefront of the process. DevSecOps builds upon DevOps to address vulnerability in the cloud, which requires following specific security guidelines and practices.
We already seen the important and start to transform our organization to DevSecOps Culture to prepare response for quickly change in business.
This session will explain how you can scale DevSecOps on Enterprise Organization from pilot team and project to org-wide adoption with 5 techniques.
Youtube Recorded: https://youtu.be/7s-evWxFSIQ
TechTalkThai Conference 2021: Enterprise Software Development on July 16, 2021
In 1993 the Telecommunications Information Networking Architecture Consortium (TINA-C) defined a Model of a Service Lifecycle that combined software development with (telecom) service operations.[7]
In 2009, the first conference named devopsdays was held in Ghent, Belgium. The conference was founded by Belgian consultant, project manager and agile practitioner Patrick Debois.[8][9] The conference has now spread to other countries.[10]
In 2012, the State of DevOps report was conceived and launched by Alanna Brown at Puppet.[11][12]
As of 2014, the annual State of DevOps report was published by Nicole Forsgren, Gene Kim, Jez Humble and others. They stated that the adoption of DevOps was accelerating.[13][14] Also in 2014, Lisa Crispin and Janet Gregory wrote the book More Agile Testing, containing a chapter on testing and DevOps.[15][16]
In 2016 the DORA metrics for throughput (deployment frequency, lead time for changes), and stability (mean time to recover, change failure rate) were published in the State of DevOps report.
The motivations for what has become modern DevOps and several standard DevOps practices such as automated build and test, continuous integration, and continuous delivery originated in the Agile world, which dates (informally) to the 1990s, and formally to 2001. Agile development teams using methods such as extreme programming couldn't "satisfy the customer through early and continuous delivery of valuable software"[19] unless they subsumed the operations / infrastructure responsibilities associated with their applications, many of which they automated. Because Scrum emerged as the dominant Agile framework in the early 2000s and it omitted the engineering practices that were part of many Agile teams, the movement to automate operations / infrastructure functions splintered from Agile and expanded into what has become modern DevOps. Today, DevOps focuses on the deployment of developed software, whether it is developed using Agile oriented methodologies or other methodologies.
DevSecOps is an augmentation of DevOps to allow for security practices to be integrated into the DevOps approach. Contrary to a traditional centralized security team model, each delivery team is empowered to factor in the correct security controls into their software delivery. Security practices and testing are performed earlier in the development lifecycle, hence the term "shift left" can be used. Security is tested in three main areas: static, software composition, and dynamic.
Checking the code statically via static application security testing (SAST) is white-box testing with special focus on security. Depending on the programming language, different tools are needed to do such static code analysis. The software composition is analyzed, especially libraries and their versions are checked against vulnerability lists published by CERT and other expert groups. When giving software to clients, licenses and its match to the one of the software distribute
In this iteration of Cloud Meetup, Our speakers will show you how it is possible to combine the planning, development and deployment of applications with a good “layering” of security, and, therefore, they will give you some important key points which you have to bring away to have an efficient and reliable development & deployment process, without limiting your security.
DevOps and Security are the current topics on the internet, due to their huge impact on productivity and service provisioning. A lot of cases are registered, in Asia as in the rest of the world, and according to the experts, a secure way to plan and develop the application starts from the beginning of the projects / products, and cannot be applied later or on-going.
Nicolas dive deep into DevSecOps with Azure & Migration with EF6. Security has always been a topic to address in the application that we are building, let’s discover together how to enhance your current DevOps processes and how Security can add an important value to your project.
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!DevOps.com
As security and privacy permeate companies’ business practices, DevOps is leading a transformation in the way software is built and delivered. And despite its substantial organizational, cultural and technological requirements, DevOps continues to grow in popularity. Companies that are adopting continuous delivery disciplines demonstrate better IT and organizational performance.
To achieve this level of performance, IT organizations must embrace a new way of thinking about application security. It is critical to understand how DevOps and continuous integration/continuous deployment (CI/CD) differ from agile development and how this changes the requirements for your application security. In this webinar, one of CA Veracode’s product and development experts will provide the latest update to the "Five Principles of Secure DevOps." Much has evolved in this space, and CA Veracode continues to share examples and best practices on how organizations can make the transition to DevSecOps to gain a competitive advantage.
Large-Scale Enterprise Platform Transformation with Microservices, DevOps, an...VMware Tanzu
SpringOne Platform 2016
Speakers: Christopher Tretina; Director, Comcast & Vipul Savjani; Director of PaaS, Accenture
Comcast is embarking on a multi-year application modernization and transformation journey to achieve application resiliency, velocity and cost optimization at enterprise scale. We will discuss how we are addressing significant technical architecture, engineering, and delivery challenges faced in transformation of Comcast’s Enterprise Services Platform (ESP) from SOA architecture to Cloud-Native architecture using Microservices, DevOps, and PaaS.
DevOps culture creates an opportunity for us to improve application security. Since developers are the ones producing code, integrating components and creating the innovations that fuel our digital economy, they are also the ones who will determine whether or not security is part of development or not. Security professionals must therefore learn to how to talk to developers about how to create a security program that will accelerate development and not slow it down.
Similar to Implementing DevOps in a Regulated Environment - DJ Schleen (20)
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.