You are *not* an idiot ~ or maybe we're all idiots.
Keynote at NorthSec 2021.
Talking about school, failure, success, diploma, impostor syndrom, manipulators, burn out, suicide, and how to deal with them.
The talk delivery was more personal, the slides are kept generic.
The recording is available @ https://youtu.be/Iu70J49bPlE?t=20869 (starts at 5:47:49)
Beyond your studies ~ You studied X at Y. now what?
HackPra, July 2018
A student's life ago, the author somehow managed to graduate.
On the way, he made a lot of mistakes -- and he still does.
A few people since called him 'successful', but LOL, if only they knew....
And now, the author will do another (big!) mistake:
instead of hiding in shame as he probably should,
he'll share his mistakes with anyone bored enough to attend,
in the hope that he's the last person to ever look that dumb to commit such mistakes.
If you're a genius and you know what to do in life, please skip this. Seriously.
If, like the author at the time, you wonder WTF is going on with graduation, professional work and life, then hopefully you learn a few things. Maybe.
Btw the author is 42 (WTF - old!).
Maybe that will help to provide a few answers.
authoring a hero's journey: finding meaning through storyJoyce Hostyn
We live, learn, and remember through story. Our brains weave each experience into the overall narrative that shapes who we are. Yet seldom do we step back to examine or consciously shape the overall story of our lives. As designers, many of us have a desire to change the world. And yet, as Leo Tolstoy said, “Everyone thinks of changing the world, but no one thinks of changing himself.” If design is change, if we want to use design to effect change, shouldn’t we first think about changing ourselves by designing our own story? For the stories we tell ourselves can change the way we see the world and, by extension, change the world itself.
Ten ways to turn your learners into zombiesCammy Bean
Want to build a zombie army? Want to make sure you turn your employees and learners into mindless beasts, with drooling lips and glazed eyes? Then turn them into zombies with elearning that's truly horrifying! Ten tips for making horrendous elearning, followed by some silver bullets of design if your real aim is to keep them human and alive.
You are *not* an idiot ~ or maybe we're all idiots.
Keynote at NorthSec 2021.
Talking about school, failure, success, diploma, impostor syndrom, manipulators, burn out, suicide, and how to deal with them.
The talk delivery was more personal, the slides are kept generic.
The recording is available @ https://youtu.be/Iu70J49bPlE?t=20869 (starts at 5:47:49)
Beyond your studies ~ You studied X at Y. now what?
HackPra, July 2018
A student's life ago, the author somehow managed to graduate.
On the way, he made a lot of mistakes -- and he still does.
A few people since called him 'successful', but LOL, if only they knew....
And now, the author will do another (big!) mistake:
instead of hiding in shame as he probably should,
he'll share his mistakes with anyone bored enough to attend,
in the hope that he's the last person to ever look that dumb to commit such mistakes.
If you're a genius and you know what to do in life, please skip this. Seriously.
If, like the author at the time, you wonder WTF is going on with graduation, professional work and life, then hopefully you learn a few things. Maybe.
Btw the author is 42 (WTF - old!).
Maybe that will help to provide a few answers.
authoring a hero's journey: finding meaning through storyJoyce Hostyn
We live, learn, and remember through story. Our brains weave each experience into the overall narrative that shapes who we are. Yet seldom do we step back to examine or consciously shape the overall story of our lives. As designers, many of us have a desire to change the world. And yet, as Leo Tolstoy said, “Everyone thinks of changing the world, but no one thinks of changing himself.” If design is change, if we want to use design to effect change, shouldn’t we first think about changing ourselves by designing our own story? For the stories we tell ourselves can change the way we see the world and, by extension, change the world itself.
Ten ways to turn your learners into zombiesCammy Bean
Want to build a zombie army? Want to make sure you turn your employees and learners into mindless beasts, with drooling lips and glazed eyes? Then turn them into zombies with elearning that's truly horrifying! Ten tips for making horrendous elearning, followed by some silver bullets of design if your real aim is to keep them human and alive.
How To Create Your Very Own Info
Product In 5 Days Or Less!
Also, see the new search engine better than google accesses the link https://bit.ly/entiremoney
Workshop slide deck for iPadpalooza 2016. Please note the videos will not play but they are all in the G+ community https://plus.google.com/u/0/communities/101416752034019971438
Design for dreams not needs: who do you want your customers to become?Joyce Hostyn
Who do you want your customer to become? Who do you want your coworkers, your organization, your employees, your children, your community, your country, the world to become? What gifts do you have? What gifts do they (those you are designing for) have? To answer these questions well is to discover your own dream. To answer these questions well is to uncover the dreams of those you are designing for.
Who do I want you to become? Someone who dreams beautiful dreams. Someone who helps others dream beautiful dreams. Someone who designs for dreams.
For it is through beautiful dreams that we will create more beautiful organizations, communities, and the more beautiful world our hearts know is possible.
These slides were playing as people were seating for the Dangerous Ideas presentation at the 2008 PLA. They were accompanied by \"Revolution #9\" by The Beatles (White Album).
Cognitive Rehab - David McRaney and John Romano from SXSW 2015David McRaney
These are the slides from David McRaney and John Romano's presentation at SXSW 2015 all about how to improve design through understanding the science of judgments and decision making.
In this workshop we explored the essence of creativity and how to cultivate a creative creative climate in the classroom. We explored low barrier entry ways to get students thinking and working more creatively on a daily basis, using both digital and analog tools and strategies.
***please note the videos embedded are not enabled
Feel free to join the open G+ community here: https://plus.google.com/u/0/communities/101416752034019971438
Everyone sells, even you. Learn a simple, easy way to sell by thinking like a buyer, not a seller. Every sales cycle has four phases, but learn why the second one – educating your buyer – can make or break the deal. I’ll teach you the 5 step CM!(tm) process, set you up with a toolbox full of ideas, and get you started on how to become a convincing expert.
For audio and slides, go to http://theideamechanic.com/convince-me-indieconf-2010-soundslides
A really short introduction to the basic elements of different thinking. Why is it import and how to do this. 33 pages with minimal text and a lots of examples.
How to Create an INSANELY GREAT Presentation or PitchMartafy!
Learn the simple process used by the world's most successful executives and entrepreneurs to craft and deliver exceptionally effective presentations that get results. Then go to bit.ly/APCYes to access a free video training that delves even deeper into the art of persuasive communication.
Testing in the Age of Distraction: Flow, Focus, and Defocus in TestingTechWell
We live in interesting times. Knowledge is available at our fingertips, no matter where we are. Social networks enable communication around the world. However, along with these marvels of the information age come weapons of mass distraction. With so many things competing for our attention—and so little time to focus on real work—it’s a wonder we get anything done at all. What does this mean for testers? A common belief is that only focused concentration leads to productive work—and conversely, that distraction causes procrastination and stifles creativity. While it is important that testers find flow and maintain focus, Zeger Van Hese believes that a state of defocus—guilt-free play—can also be helpful in testing. Zeger shares tips, tricks, and tools that have helped him focus and defocus while testing. He explains not only how to benefit from distraction but also how to return to flow and focus when needed. Learn to make the most of these techniques in your testing.
A talk for Melbourne Award School 2012 on how to come up with solutions and not ads for your clients marketing problems.
And some techniques to generate ideas
Just a sample of how to approach slide design. The real key is to be certain that the speaker and his/her presentation are congruent. At the end of the day, the presentation should never replace the presenter.
Imposter Syndrome is a condition in which one feels like they aren't qualified to do what they've been tasked to do or have gotten to where they are through sheer luck. Not only have I personally experienced this and continue to almost 20 years into my career, but almost every developer I've ever met has dealt with it.
When developing/designing/managing/cooking, do you ever feel like:
- You are faking your skills
- You are only where you are due to circumstances and/or luck
- Anyone could do what you're doing
- You don't understand why you're being trusted with the task
- At any moment, someone is going to discover how bad you are at your job
If you answered yes to any of these questions, then you may be suffering from Imposter Syndrome. Congratulations. Acceptance is the first step to recovery.
In my presentation, I'll talk about common ways that Imposter Syndrome expresses itself and some concrete tips & tricks on how to deal with it, both for yourself and coworkers or employees.
A few weeks ago, I had the privilege of attending SXSW Interactive. In a nutshell, SXSWi is where all the geeks converge and talk about everything and anything digital. Surprisingly, me, my iPhone and my Mac laptop fit in well there. Who would've thought?
Anyway, this was my first year to go, so there was definitely a learning curve. There were so many speakers and topics to cover, it was quite overwhelming. But all in all, I had a blast and even learned a thing or two.
So here it goes, the thing or two I learned. Most of the stuff you might already have heard before, but it serves as a good reminder of how we should approach marketing, especially in the digital space. I've also conveniently left out all the things I learned from 5pm on (man, can geeks party).
- Kevin Botfeld, Associate Creative Director and Writer, 22squared
How to Deliver a Great Presentation
10 tips aganist stagefright, how to prepare a presentation and how to deliver.
Also see youtube "Ever presentation ever: FAIL"
Dirk Hannemann, Berlin
Trainer Kommunikation
www.hannemann-training.de
How To Create Your Very Own Info
Product In 5 Days Or Less!
Also, see the new search engine better than google accesses the link https://bit.ly/entiremoney
Workshop slide deck for iPadpalooza 2016. Please note the videos will not play but they are all in the G+ community https://plus.google.com/u/0/communities/101416752034019971438
Design for dreams not needs: who do you want your customers to become?Joyce Hostyn
Who do you want your customer to become? Who do you want your coworkers, your organization, your employees, your children, your community, your country, the world to become? What gifts do you have? What gifts do they (those you are designing for) have? To answer these questions well is to discover your own dream. To answer these questions well is to uncover the dreams of those you are designing for.
Who do I want you to become? Someone who dreams beautiful dreams. Someone who helps others dream beautiful dreams. Someone who designs for dreams.
For it is through beautiful dreams that we will create more beautiful organizations, communities, and the more beautiful world our hearts know is possible.
These slides were playing as people were seating for the Dangerous Ideas presentation at the 2008 PLA. They were accompanied by \"Revolution #9\" by The Beatles (White Album).
Cognitive Rehab - David McRaney and John Romano from SXSW 2015David McRaney
These are the slides from David McRaney and John Romano's presentation at SXSW 2015 all about how to improve design through understanding the science of judgments and decision making.
In this workshop we explored the essence of creativity and how to cultivate a creative creative climate in the classroom. We explored low barrier entry ways to get students thinking and working more creatively on a daily basis, using both digital and analog tools and strategies.
***please note the videos embedded are not enabled
Feel free to join the open G+ community here: https://plus.google.com/u/0/communities/101416752034019971438
Everyone sells, even you. Learn a simple, easy way to sell by thinking like a buyer, not a seller. Every sales cycle has four phases, but learn why the second one – educating your buyer – can make or break the deal. I’ll teach you the 5 step CM!(tm) process, set you up with a toolbox full of ideas, and get you started on how to become a convincing expert.
For audio and slides, go to http://theideamechanic.com/convince-me-indieconf-2010-soundslides
A really short introduction to the basic elements of different thinking. Why is it import and how to do this. 33 pages with minimal text and a lots of examples.
How to Create an INSANELY GREAT Presentation or PitchMartafy!
Learn the simple process used by the world's most successful executives and entrepreneurs to craft and deliver exceptionally effective presentations that get results. Then go to bit.ly/APCYes to access a free video training that delves even deeper into the art of persuasive communication.
Testing in the Age of Distraction: Flow, Focus, and Defocus in TestingTechWell
We live in interesting times. Knowledge is available at our fingertips, no matter where we are. Social networks enable communication around the world. However, along with these marvels of the information age come weapons of mass distraction. With so many things competing for our attention—and so little time to focus on real work—it’s a wonder we get anything done at all. What does this mean for testers? A common belief is that only focused concentration leads to productive work—and conversely, that distraction causes procrastination and stifles creativity. While it is important that testers find flow and maintain focus, Zeger Van Hese believes that a state of defocus—guilt-free play—can also be helpful in testing. Zeger shares tips, tricks, and tools that have helped him focus and defocus while testing. He explains not only how to benefit from distraction but also how to return to flow and focus when needed. Learn to make the most of these techniques in your testing.
A talk for Melbourne Award School 2012 on how to come up with solutions and not ads for your clients marketing problems.
And some techniques to generate ideas
Just a sample of how to approach slide design. The real key is to be certain that the speaker and his/her presentation are congruent. At the end of the day, the presentation should never replace the presenter.
Imposter Syndrome is a condition in which one feels like they aren't qualified to do what they've been tasked to do or have gotten to where they are through sheer luck. Not only have I personally experienced this and continue to almost 20 years into my career, but almost every developer I've ever met has dealt with it.
When developing/designing/managing/cooking, do you ever feel like:
- You are faking your skills
- You are only where you are due to circumstances and/or luck
- Anyone could do what you're doing
- You don't understand why you're being trusted with the task
- At any moment, someone is going to discover how bad you are at your job
If you answered yes to any of these questions, then you may be suffering from Imposter Syndrome. Congratulations. Acceptance is the first step to recovery.
In my presentation, I'll talk about common ways that Imposter Syndrome expresses itself and some concrete tips & tricks on how to deal with it, both for yourself and coworkers or employees.
A few weeks ago, I had the privilege of attending SXSW Interactive. In a nutshell, SXSWi is where all the geeks converge and talk about everything and anything digital. Surprisingly, me, my iPhone and my Mac laptop fit in well there. Who would've thought?
Anyway, this was my first year to go, so there was definitely a learning curve. There were so many speakers and topics to cover, it was quite overwhelming. But all in all, I had a blast and even learned a thing or two.
So here it goes, the thing or two I learned. Most of the stuff you might already have heard before, but it serves as a good reminder of how we should approach marketing, especially in the digital space. I've also conveniently left out all the things I learned from 5pm on (man, can geeks party).
- Kevin Botfeld, Associate Creative Director and Writer, 22squared
How to Deliver a Great Presentation
10 tips aganist stagefright, how to prepare a presentation and how to deliver.
Also see youtube "Ever presentation ever: FAIL"
Dirk Hannemann, Berlin
Trainer Kommunikation
www.hannemann-training.de
How to defeat impostor syndrome: confessions of a developerMatteo Bruno
Do you feel like you don't belong, you don't deserve what you achieved, everyone in your office is more talented than you? Do you have imposter syndrome... too?
Imposter syndrome is common across all industries, but the increasing pressure to be successful in IT is taking its toll on employees, affecting more than half workers, me included :)
After many years working in tech for a lot of companies (from startups to big corporations) in many business fields, I found a way to overcome self-doubt and turn this weird feeling in a booster for greater achievements... and I want to share it with you!
"Technical challenges"? More like horrors!
Let's explore first the technical debt of old file formats,
with the evolution of the "MP3" format.
Then we go through more recent forms of file format abuses and tools:
polyglots, polymocks, and crypto-polyglots.
Last, an overview of recent collisions and other forms of art with MD5.
They say that with file formats, "specs are enough".
Should we laugh, cry or run away screaming?
Presented at Digital Preservation Coalition's CyberSec & DigiPres event.
Demystifying hash collisions.
Pass the Salt, 1st July 2019.
video @ https://passthesalt.ubicast.tv/videos/kill-md5-demystifying-hash-collisions/
Hack.Lu, 22 October 2019.
video @ https://www.youtube.com/watch?v=JXazRQ0APpI
Presented at Troopers 2016.
When Infosec and Digipres share interests...
TL;DR
- Attack surface with file formats is too big.
- Specs are useless (just a nice ‘guide’), not representing reality.
- We can’t deprecate formats because we can’t preserve and we can’t define how they really work
- We need open good libraries to simplify landscape, and create a corpus to express the reality of file format, which gives us real “documentation”.
- Then we can preserve and deprecate older format, which reduces attack surface.
- From then on, we can focus on making the present more secure.
- We don't need new formats: reality will diverge from the specs anyway - we need 'alive' (up to date, traceable) specs.
AKA "How people can create better video games via hacks"
Presented at Hack.Lu's Cryptoparty4kids 2015
Fallback slides: this was actually presented with videos and sound
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
2. This talk is not about
"funny" failures .
...not about making fun of people failing to understand
or unable to take measures.
That's patronizing at best, and often bullying.
http://gunshowcomic.com/648
4. Infosec is typically
about winning
A series of "Success stories" to impress/motivate you.
They present their wins, but you don’t see their numerous failures.
Stars waste their energy to become big and create hot air, black holes naturally attract others.
5. There's a lot to learn
from others' failures
- tune down your impostor syndrome.
- the grass is not that green on the other side…
6. the presenter
Instructions to manually remove a boot sector virus
With a hex editor In a french magazine in 1989.
- Interested in Infosec since 1989
- Video games preservation since 1999
- Drawing since 2012
All opinions expressed during this presentation are mine
and not of my employer(s), present or past.
http://fr.1001mags.com/parution/svm/numero-66-novembre-1989/page-146-147-texte-integral
7. As you probably just noticed,
I'm not a
psychologist.
No complex concepts, no latin words.
I can't parse their format anyway.
*
8. the talk
- another enumeration of <worked for me>?
- I've been already told that I'm "successful".
But according to what?
- behind each of my "successes", so many failures my head hurts.
- There's plenty of stuff I'd like to have been told before.
So here they are - they might sound obvious, or not.
http://owlturd.com/post/166478439794
10. I keep seeing the same repeated recipe
with the same baseless hope for change.
You can't find anything new if you keep trying the same way.
I've seen too many people burning out.
And many people don't understand the difficulties of infosec.
12. Infosec feels like
an oral tradition.
To study a new topic, you have to jump
from talks to article to blog posts.
It looks ok, but nothing happens when a link dies.
14. Preserve knowledge
Just rely on the Internet Archive and VirusTotal ?
Knowledge preservation is about content preservation,
not file structure - actual PoC crafting
15. We can't even replay old exploits
and learn from them.
Retrogaming was weird/awesome
when it started, now it's mainstream.
How long before RetroPwning is a thing?
How long before we store a Vm snapshot - not just a PoC - per working exploit?
16. We can't even re-use
our own knowledge.
Yet we blame others for 'not knowing' or not listening to us.
So many… conferences, talks, FUD, snake oil, buzzwords…
So much noise…
17. So many talks, then what...? Too much noise!
Up to each of us to sort everything ourselves…
(and it's tiring)
18. There's no trail of
knowledge to follow.
Too few experts. too few milestones to refer to.
And many broken links. Only Academia preserves.
Is the model of free slides bound to fail?
21. ...is overrated!
It's not because you can't present that you can't be amazing.
(and too often, a presentation is not the most useful way to share your findings)
Presenting is full of arbitrary standards
- "5 ideas per slides. 1 min per idea. 15 secs between slides" -
which can be a huge waste of energy.
PRESENTING
*
22. You were selected! Ask how many talks were rejected!
You know your topic, and you even improved since you submitted!
Be honest, be yourself, use your style:
Infosec needs moar diversity.
Worried about your talk?
*
23. It's just normal!
It's just that you're focused on the important things.
It won't disappear with experience, you'll just get used to it.
It just helps you to tone down little disturbing things
- such as lack of sleep, hunger... - before your talk.
Pre-talk anxiety
*
24. Just be careful of Q&A!
The bigger the crowd, the more stupid the questions,
(shameless people can hide more easily)
=> Politely redirect them to /dev/null
Speaking in front of a
bigger crowd is easier !
*
25. Imagine speaking in front of:
your employer, your parents [in laws], your banker,
the top 10 experts in the industry, and your worst enemy…
OMG my life is doomed!
Now imagine if they're all hidden in a huge crowd!
Pfew! Now they're much less likely to even reach the mike :)
*
26. A shot of non-fuzzy alcohol,
Strike a victory pose,
your favorite music - YMMV!
It could improve your mood,
and consequently the whole talk.
Give yourself one last push
before the talk
*
27. More efficient than your next talk?
- Gather materials.
- Write notes.
- Prettify (optional)
- share / sell
You can even do it
for someone else's content. =>
https://archive.org/details/4amthology
29. Not enough responsibility?
Laws to back your claims?
Branded vulnerability? Crappy specs? Snake oil?
We know they're wrong,
But the culprits are still at large!
30. The Infosec crash is coming.
Like the video game crash of 1983?
Too much noise and hype
=> loss of trust/interest
31. Short-sighted goals
are addictive.
Wait for measurable badness, fix, show impact.
Prevent an entire attack class… no measurable impact.
Guess which ones make your shareholders happy?
32. Short-sighted goals
are here to stay.
Even breaches don’t make so much financial impact.
Nothing will change until a breakpoint hits.
Insurances will eventually make a difference?
(they associate money with restrictions)
33. We’re just at
the start of a cycle...
Computer infosec is still very new.
I'm just trying to be realist,
but please prove me wrong :D
35. You are the most important
person in infosec.
Because nothing will matter anymore
if you’re broken/burnt out.
36. Infosec makes it easy
to burn out.
Bullsh*t bingo, Snake oil, drama…
It's seen as a gold mine by many opportunists.
37. listen!
Since broken people
can't easily speak anymore.
If you're fine people often look happy right before taking action:
they have already taken their decision,
so they feel "relieved".
39. Infosec is about failure.
Accepting, embracing, avoiding…
It doesn’t mean we want to fail!
But we need to accept the state of failure.
The knowledge will come. The more the better.
My most important advice
41. The Shadoks mentality:
1 chance in a million?
Fail 999,999 times ASAP!
My motto:
let's fail! And learn why!
https://en.wikipedia.org/wiki/Les_Shadoks
44. It's ok to...
- Have no idea what do to next
- To have taken the "wrong" path
- To have taken "too much" time
45. Loosing hope?
Find yourself a sub-quest:
- to keep the engine running.
- to bring extra knowledge, in a playful way.
Letting the dough rest is not a cooking failure.
Keep that fidget spinning around your fingers.
Can’t beat the stage boss?
Get more XP in side quests!
46. How good you think you are
How good you are
Impostor syndrome
(conscientious expert)
Dunning-Kruger effect
(shameless ignorant)
Which one is the best? PS: I have 2 I.S. feeding each other
(for reversing and for drawing).
http://chainsawsuit.com/comic/archive/2014/09/02/impostors-revealed/
47. What I know
What I think
other people know.
What I know
What other
people know.
48. All you need is the right challenge.
Turn your daily routine in fun challenges.
InfoSec can be veeeery boring...
Start
Playful path
BOOORING TASK
FUN GOAL
50. What doesn't kill you make you stronger:
choose your archenemy wisely.
Don't spend too much energy
with the minions.
51. Blame the game, not the players!
Be careful of power dissipators!http://dilbert.com/strip/2017-10-02
52. Forgive
You'll spare some energy for yourself.
Try walking in their shoes before blaming.
Do not forget
That's nitro for your willpower.
*
53. TBH you don’t need an archenemy.
Finding a mentor / soulmate
Can change your world.
anyway, just ignore the players.
Most of them don't deserve to be your enemy.
54. Diversity is good!
For your brain, for your skills.
People outside your speciality or even infosec
can really make a difference in your work/life.
Go and speak to people. Outside your team, outside your comfort zone.
55. Out of fuel?
Take a break!
(I know, it’s hard sometimes)
Your friend can't take a break?
Insist! "Force them"!
Break their phone! Kidnap them (j/k)
56. Ultimately…
you don't owe Infosec anything!
Feel free to leave
(some awesome people in Infosec are "just" hobbyists)
Come back if you wish, as you are.
57. Others can't always share your perspective.
No, not even your closest friends.
Follow your convictions - and try!
time
critics
Progress
"Weird" "New"
58. if I'd listened everything that they said to me,
I wouldn't be here!
and if I took the time to bleed
from all the tiny little arrows shot my way,
I wouldn't be here!
the ones who don't do anything
are always the ones who try to put you down
and you could spend your entire life walking around
in the nowhere land of self doubt
Henry Rollins - Shine
59. Can’t make big plans?
Just be a lemming!
just one. single. tiny. step at a time.
repeat
60. There's no useless step.
A tiny weird gear now
could be the missing piece
in a whole engine later.
*
61. Can’t get motivated?
Set a deadline w/ a 3rd party
Just make a tiny bet with a friend,
And imagine their grin if you fail.
Deadline as a Service ? :)
62. It has to start somewhere
It has to start sometime
What better place than here,
What better time than now?
RATM - Guerilla Radio
If we don’t take action now,
We settle for nothing later
RATM - Settle for Nothing
63. Cherish your little flame
Keep some daily time for yourself
To do your own personal stuff.
Maybe do it right at the start of the day!
Whatever rocks your boat, really!
Your shadow is for Plato's cave - keep the flame for yourself!
64. You can't take care of anything/-one
if you can't take care of yourself first!
And your body too,
there's no health credit!
65. You're not ugly,
You're just
not your type.
You were born with a specific body,
but your brain later decided
to prefer a different kind.
*
Appreciate your body,
it's your best supporter.
66. Data is addictive:
we can't help judging arbitrarily.
=> Drop some tables
and give people more air.
Linux/Windows, IDA/Radare, Vi/Emacs, Tab/Spaces, Intel/At&t, Certifications...
Diploms?
Where we're going,
We don't need diploms.
67. Don’t worship
Everyone makes mistake,
(and everyone eventually gets replaced)
so anyone could be proved wrong.
Listen, but also try.
Best answer to feedback: “what did you try?”
68. Need ideas?
You probably have great ideas - There’s no jungle in Finland ;)
Disconnect: all devices off, out of reach, out of view.
Isolate: noise cancelling, background noise, shower, bar...
Pen & paper: to not forget without being disturbed.
Or a laptop with a single open editor window at best.
Speak out loud: put your brain at rest.
10 mins of purge your daily misery, 10 mins of cold boot.
Uninteresting people makes excellent whitenoise generator :p
69. Keeping ideas
They go away too fast, really!
Keep a notebook with you, next to your bed.
And yes, wake up at night to write them down.
You'll be grateful the next day.
*
70. If you don’t even try,
your idea is worth nothing.
If you don’t try your own idea,
you can’t convince anyone else to.
Your ideas are born in their most favorable ecosystem: you.
71. If you feel out of place
in this world,
then you were born
to create your own.
*
75. (Wow, that was gloomy)
Don’t take all this too seriously,
I’m only sharing opinions!
I even fail at writing proper conclusions.
Don't mind me, I'm just an impostor ;)
76. Fixing the world's systems
starts by fixing infosec.
Fixing infosec starts
by taking care of yourself.
Iwishyouhappywins...
...andmanyconstructivefails;)
78. *
"Cry me a river" ?
No privilege prevents your brain
to mess you up.
(color, religion, gender, orientation, health, wealth...)
Yes, I probably have it easy.