Guest speaker presentation on Scaling Security Workflows and how to be hired for a crowd sourcing security team by Goher Mohammad of Photobox Group Security
First debrief of the Outcomes of the Owasp Summit 2017 (with keynote slides and photos)
Full details at https://owaspsummit.org/
Outcomes at https://owaspsummit.org/Outcomes/
DOES SFO 2016 - Paula Thrasher & Kevin Stanley - Building Brilliant Teams Gene Kim
After an initial DevOps transformation as a company, we had to grapple with how to scale and grow the talent and workforce to build a NextGen DevOps-minded company of 18,000+ people. We have built a number of programs to expand awareness, encourage growth mindsets, and drive workforce development. We will share the different ways we are working to "Build Brilliant Teams" to drive our DevOps transformations.
DevOps, Continuous Delivery and Deployment at Hyper ScaleMartinHogg9
The document discusses strategies for scaling development teams, products, and company culture at a large scale. It recommends:
1) Using multiple cross-functional teams rather than large teams, with each team focusing on a small, independent product.
2) Architecting products and systems to be immutable, replace components rather than fix them, and use services to avoid dependencies between teams.
3) Empowering teams to choose their own tools and processes rather than mandating them, and to fully own their product to maintain autonomy as the company scales.
The D Files: Debunking Myths About Distributed TeamsAgileDenver
We can’t do agile – teams need to be co-located!,” we often hear from naysayers about adopting agile in companies with remote workers. We know that distributed teams – be they off-shore, on-shore, near-shore, in-shore, whatever-shore – are the way many businesses operate today. How can we, as agilists in our organizations (as ScrumMasters, Product Owners, consultants, trainers, etc.), resolve the challenges that distributed teams face? This talk will review some of the common issues that distributed teams face and we’ll talk through real-world, practical solutions that I’ve used with my teams; techniques you can take back to your teams immediately.
The document discusses two types of "Agile elephants" - hiding elephants which provide little information and fighting elephants which provide contradictory information. It focuses on how to handle non-functional requirements (NFRs) and technical stories, which are often elephants in Agile projects. It recommends tracking NFRs in acceptance criteria, backlogs, definitions of done, or separate specifications. Technical stories should not be treated as user stories, and the document discusses debates around including them in velocity estimates. It also provides techniques for estimating entire projects by decomposing epics and features into user stories.
The document describes plans for the OWASP Summit 2017 conference to be held in London from June 12-16. It will bring together application security experts, developers, users, and vendors to collaborate on hard problems through workshops and discussions from 8am to late at night. Workshop ideas include mobile security, security scanners, GitHub integrations, and threat modeling. Tickets are £1,200 or £400 and sponsorships are being sought. Leaders are needed for additional workshops. The objective is to focus on collaboration between OWASP projects, developers, security teams, DevOps, and executives.
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...Acquia
The document summarizes Multnomah County's adoption and use of Drupal over 3.5 years to build out their digital presence. It highlights that they launched 5 key sites including their public website and intranet, as well as an apps platform. It then discusses some of the requirements for supporting 15 Drupal sites, including executive buy-in, innovating through pilot projects, hiring and training internal talent, implementing source control and deployment processes, and change management practices.
First debrief of the Outcomes of the Owasp Summit 2017 (with keynote slides and photos)
Full details at https://owaspsummit.org/
Outcomes at https://owaspsummit.org/Outcomes/
DOES SFO 2016 - Paula Thrasher & Kevin Stanley - Building Brilliant Teams Gene Kim
After an initial DevOps transformation as a company, we had to grapple with how to scale and grow the talent and workforce to build a NextGen DevOps-minded company of 18,000+ people. We have built a number of programs to expand awareness, encourage growth mindsets, and drive workforce development. We will share the different ways we are working to "Build Brilliant Teams" to drive our DevOps transformations.
DevOps, Continuous Delivery and Deployment at Hyper ScaleMartinHogg9
The document discusses strategies for scaling development teams, products, and company culture at a large scale. It recommends:
1) Using multiple cross-functional teams rather than large teams, with each team focusing on a small, independent product.
2) Architecting products and systems to be immutable, replace components rather than fix them, and use services to avoid dependencies between teams.
3) Empowering teams to choose their own tools and processes rather than mandating them, and to fully own their product to maintain autonomy as the company scales.
The D Files: Debunking Myths About Distributed TeamsAgileDenver
We can’t do agile – teams need to be co-located!,” we often hear from naysayers about adopting agile in companies with remote workers. We know that distributed teams – be they off-shore, on-shore, near-shore, in-shore, whatever-shore – are the way many businesses operate today. How can we, as agilists in our organizations (as ScrumMasters, Product Owners, consultants, trainers, etc.), resolve the challenges that distributed teams face? This talk will review some of the common issues that distributed teams face and we’ll talk through real-world, practical solutions that I’ve used with my teams; techniques you can take back to your teams immediately.
The document discusses two types of "Agile elephants" - hiding elephants which provide little information and fighting elephants which provide contradictory information. It focuses on how to handle non-functional requirements (NFRs) and technical stories, which are often elephants in Agile projects. It recommends tracking NFRs in acceptance criteria, backlogs, definitions of done, or separate specifications. Technical stories should not be treated as user stories, and the document discusses debates around including them in velocity estimates. It also provides techniques for estimating entire projects by decomposing epics and features into user stories.
The document describes plans for the OWASP Summit 2017 conference to be held in London from June 12-16. It will bring together application security experts, developers, users, and vendors to collaborate on hard problems through workshops and discussions from 8am to late at night. Workshop ideas include mobile security, security scanners, GitHub integrations, and threat modeling. Tickets are £1,200 or £400 and sponsorships are being sought. Leaders are needed for additional workshops. The objective is to focus on collaboration between OWASP projects, developers, security teams, DevOps, and executives.
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...Acquia
The document summarizes Multnomah County's adoption and use of Drupal over 3.5 years to build out their digital presence. It highlights that they launched 5 key sites including their public website and intranet, as well as an apps platform. It then discusses some of the requirements for supporting 15 Drupal sites, including executive buy-in, innovating through pilot projects, hiring and training internal talent, implementing source control and deployment processes, and change management practices.
The Modern Collaboration Hub: Using Slack and Atlassian to Integrate People, ...Cprime
This document discusses using Slack and Atlassian tools to integrate people, processes, data, and technology. It proposes that connecting messaging, workflows, and products through these tools can improve real-time collaboration. Specific solutions presented include using Slack as a central collaboration hub to unify teams and standardize processes. This would address issues like work fragmentation across disconnected tools by bringing context and information into Slack.
My slides from #AppSecUSA 2013. If you want to help, please join the Developer Guide mail list (https://lists.owasp.org/mailman/listinfo/owasp-guide) and say hi. We have a Git Hub Repo which you can find from our project page.
Devops Management is a topic discussed in the halls of conferences and few managers. This talk will focus on the topic of management in a highly collaborative and cooperative environment, specifically one that is rapidly growing with a focus on continuous development/deployment
Like Herding Cats: How to Get Engineers to Update Their StatusAtlassian
Many engineering teams at Akamai Technologies have different software development cycles and unique ways of using Jira. We're working on a critical muli-year, cross-team project, and need to provide frequent updates to senior management. So, how do I get my teams to update a status I can use for reporting?
Learn how our agile engineering teams navigate work with management team with a waterfall mindset and see how we use Jira, Confluence and Structure to streamline the status tracking and reporting process.
Testing in Agile with Coaching Agile Journeys and XBOSoftXBOSoft
Philip Lew joins Coaching Agile Journeys to discuss Testing in Agile. In this webinar, Phil covers the agile process and how agile testing not only fits in, but how software testers can move up and downstream to improve quality throughout.
The 7 Habits of Effective Data Driven CompaniesGoDataDriven
1. Start searching use cases with value & impact: without use cases, nobody will want to draft a data strategy
Where do you want to go? Draft a clear Customer Experience that you want to create and think about the organization & data strategy to get there!
2. Get Tech (data scientists and engineers) and Business (Product Management & Commercial) on the same table: create a solid foundation.
3. Start with communities of practice to learn & experiment together and build the capability.
4. Stop talking about data. Start experimenting and doing.
5. Product Management needs to get real about data. (start training these capabilities)
AvePoint Webinar - Microsoft Office 365 or Windows Azure: Have it Your WayAvePoint
This presentation is from a webinar led by AvePoint Senior Product Manager Shyam Oza, giving attendees a blueprint for navigating which cloud deployment option is best suited to house their respective Microsoft SharePoint infrastructures. The session also explained governance and compliance considerations to help determine whether "all in" cloud, hybrid, or an on-premises approach is best. Best practices for beginning to implement the architecture that best meets organizations' specific business goals are also highlighted in this webinar. For more information, please visit www.avepoint.com/resources/webinars.
Cultivating Content: Designing Wiki Solutions That Scalecolleenfry
The document discusses challenges faced by Opower, a software company, in managing knowledge as it experiences rapid growth. As Opower hires more employees and develops new products, its wiki has become overwhelmed, leading users to feel there is too much or outdated information. The speaker recommends treating the wiki like a product by identifying root causes through stakeholder interviews, metrics, usability testing, and question tracking. Initial findings revealed frustrations with credibility and accessibility of information, as well as critical needs around product limitations. Solving scaling problems requires understanding usage and pain points.
Being a Lean Enterprise : Technology Is Not Enough Barry O'Reilly
Success in today’s business world is dependent on more than technology. Building a fully automated deployment pipeline will certainly help teams deliver their work faster, but it doesn't address the fundamental question of are building the right thing and delivering value to your customers.
It true technology is a strategic capability for any organization. However, many large organizations fail to reap rewards from their investment because their culture and mindset does not enable experimentation and learning.
In this talk Barry and Joanne will share what are the key issues that are holding organizations back from unleashing innovation, giving you examples of large organizations that are trying different ways to do address these issues with success.
Continuous Delivery: Rapid and Reliable Releases with DevOps PracticesTechWell
DevOps is an emerging set of principles, methods, and practices that empower teams and organizations to rapidly deploy systems and application updates while maintaining—and even improving—quality. By lowering barriers between development, testing, and operations, DevOps practices can add tremendous business value to software projects and systems. Bob Aiello explains how to prepare for and implement continuous delivery—in both agile and non-agile environments—employing industry standard processes and automated frameworks. Bob shares DevOps best practices starting with its role early in the application lifecycle through release and application maintenance. He introduces the emerging “Infrastructure as Code” concept that automates server and system provisioning within cloud computing environments. Learn ways to overcome technical, process, and cultural challenges with DevOps. Take back a set of practical and proven practices—for automated application build, automated packaging, and automated deployment—that will put your organization on the path to rapid and reliable releases.
Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...Amazon Web Services
NIB Health Funds is an Australian health insurance provider that migrated its infrastructure to AWS to gain more agility and innovation capabilities. It built a "Red Queen Platform" on AWS with principles of continuous delivery, security, and automation. This has allowed it to deploy over 100 applications to production, reduce costs, and develop new services like a chatbot and machine learning projects. Moving forward, NIB Health Funds aims to further develop services with artificial intelligence and a multi-region presence on AWS.
Moogilu believes in startups as the key force for economics and innovation. We understand that startups cannot afford all the services. We help them use our resources on-tap. We hire the best and make it easy for start-ups to work with us. We act as their extended team and help them out to build great products.
Tests are a good baseline for defining the behavior of a program, but for complicated programs, are tests enough to ensure safe software changes? Software is mission critical and increasingly the backbone of businesses. New applications like automated driving and connected devices continue to increase the risk of changing software.
Fred Galoso, a developer on Trello's growth team, will share some of the techniques Trello uses to safely change and deploy code to millions of Trello users. Part experience report, refactoring discussion, and workshop, this talk will show how data and metrics can be used to drive changes in software. Finally, it will introduce Scientist, a Node.js library for creating and running experiments between old and new pieces of code.
SharePoint Saturday Warsaw 2018 - Modern Collaboration in Teams & Projects wi...Jasper Oosterveld
Office 365 is the collaboration toolkit for businesses. We can choose between SharePoint Team Sites, Outlook Groups, Yammer Groups and Microsoft Teams. Choice can be good but doesn’t necessarily make our lives easier. Jasper Oosterveld, Microsoft MVP & Modern Workplace Consultant, is going to take you on a journey through the Office 365 collaboration landscape. After this session, you have a clear understanding of the different tools and how these connect with each other. Making a choice has become a little bit easier.
John Eccleshare, Head of Compliance and Information Security at bet365, discusses bet365's migration of their Splunk deployment to Splunk Cloud. Some key points:
- bet365 processed 3 TB of data per day in their on-prem Splunk deployment but scaling it for new use cases was challenging.
- Migrating to Splunk Cloud improved performance, enhanced security capabilities, and freed up 4 FTEs by reducing maintenance and upgrade work.
- Lessons learned included needing more business input on requirements and migrating sooner for increased agility. Recommendations included running parallel deployments during migration and using professional services.
The document discusses security best practices across the software development lifecycle (SDLC). It covers:
- The Microsoft Security Development Lifecycle (SDL) methodology which includes activities like threat modeling, security testing, using approved tools and cryptography standards, managing third-party components, and establishing an incident response process.
- Static and dynamic application security testing (SAST and DAST) - SAST analyzes source code for vulnerabilities while DAST tests running applications. Both have tradeoffs in terms of when issues are found, expenses to fix, and what types of vulnerabilities are discovered.
- DevSecOps practices like integrating security activities into each stage of development through techniques like incremental threat modeling, automated testing, and continuous
Get High-Octane Virtual Datacenter PerformanceSolarWinds
Supercharge your datacenter with Virtualization Manager (VMAN). Using VMAN with the Monitoring as a Discipline (MaaD) construct allows you to increase uptime, reduce time spent troubleshooting, and optimize your current workloads. Let SolarWinds Head Geek and vExpert Kong Yang and Product Marketing Manager Jared Hensle show the steps needed to get the full potential out of your virtual environment, and supercharge your datacenter.
Embracing New Normal
Imran Ali - Group Chief Information Security & Technology Officer, Compass Group (United Kingdom)
https://sharedservicesforum.in/digital-leadership-e-summit--2020/
Cloud security: Accelerating cloud adoption Dell World
Organizations now have an opportunity to more rapidly overcome their security concerns by using third-party cloud platforms. In this session, Dell SecureWorks security experts discuss the Shared Security Responsibility model, how organizations need to think about security architecture in the cloud, and new Dell SecureWorks services that are helping organizations plan, architect, manage and respond to threats in the cloud.
Big Data LDN 2018: MICROLISE: USING BIG DATA AND AI IN TRANSPORT AND LOGISTICSMatt Stubbs
Date: 14th November 2018
Location: Data-Driven Ldn Theatre
Time: 11:10 - 11:40
Organisation: Microlise
About: Microlise are a leading provider of technology solutions to the transport and logistics industry worldwide. Discover how, with over 400,000 connected assets generating billions of messages a day, Microlise is evolving its platform to bring real-time analytics to its customers to improve safety, security and efficiency outcomes.
The Modern Collaboration Hub: Using Slack and Atlassian to Integrate People, ...Cprime
This document discusses using Slack and Atlassian tools to integrate people, processes, data, and technology. It proposes that connecting messaging, workflows, and products through these tools can improve real-time collaboration. Specific solutions presented include using Slack as a central collaboration hub to unify teams and standardize processes. This would address issues like work fragmentation across disconnected tools by bringing context and information into Slack.
My slides from #AppSecUSA 2013. If you want to help, please join the Developer Guide mail list (https://lists.owasp.org/mailman/listinfo/owasp-guide) and say hi. We have a Git Hub Repo which you can find from our project page.
Devops Management is a topic discussed in the halls of conferences and few managers. This talk will focus on the topic of management in a highly collaborative and cooperative environment, specifically one that is rapidly growing with a focus on continuous development/deployment
Like Herding Cats: How to Get Engineers to Update Their StatusAtlassian
Many engineering teams at Akamai Technologies have different software development cycles and unique ways of using Jira. We're working on a critical muli-year, cross-team project, and need to provide frequent updates to senior management. So, how do I get my teams to update a status I can use for reporting?
Learn how our agile engineering teams navigate work with management team with a waterfall mindset and see how we use Jira, Confluence and Structure to streamline the status tracking and reporting process.
Testing in Agile with Coaching Agile Journeys and XBOSoftXBOSoft
Philip Lew joins Coaching Agile Journeys to discuss Testing in Agile. In this webinar, Phil covers the agile process and how agile testing not only fits in, but how software testers can move up and downstream to improve quality throughout.
The 7 Habits of Effective Data Driven CompaniesGoDataDriven
1. Start searching use cases with value & impact: without use cases, nobody will want to draft a data strategy
Where do you want to go? Draft a clear Customer Experience that you want to create and think about the organization & data strategy to get there!
2. Get Tech (data scientists and engineers) and Business (Product Management & Commercial) on the same table: create a solid foundation.
3. Start with communities of practice to learn & experiment together and build the capability.
4. Stop talking about data. Start experimenting and doing.
5. Product Management needs to get real about data. (start training these capabilities)
AvePoint Webinar - Microsoft Office 365 or Windows Azure: Have it Your WayAvePoint
This presentation is from a webinar led by AvePoint Senior Product Manager Shyam Oza, giving attendees a blueprint for navigating which cloud deployment option is best suited to house their respective Microsoft SharePoint infrastructures. The session also explained governance and compliance considerations to help determine whether "all in" cloud, hybrid, or an on-premises approach is best. Best practices for beginning to implement the architecture that best meets organizations' specific business goals are also highlighted in this webinar. For more information, please visit www.avepoint.com/resources/webinars.
Cultivating Content: Designing Wiki Solutions That Scalecolleenfry
The document discusses challenges faced by Opower, a software company, in managing knowledge as it experiences rapid growth. As Opower hires more employees and develops new products, its wiki has become overwhelmed, leading users to feel there is too much or outdated information. The speaker recommends treating the wiki like a product by identifying root causes through stakeholder interviews, metrics, usability testing, and question tracking. Initial findings revealed frustrations with credibility and accessibility of information, as well as critical needs around product limitations. Solving scaling problems requires understanding usage and pain points.
Being a Lean Enterprise : Technology Is Not Enough Barry O'Reilly
Success in today’s business world is dependent on more than technology. Building a fully automated deployment pipeline will certainly help teams deliver their work faster, but it doesn't address the fundamental question of are building the right thing and delivering value to your customers.
It true technology is a strategic capability for any organization. However, many large organizations fail to reap rewards from their investment because their culture and mindset does not enable experimentation and learning.
In this talk Barry and Joanne will share what are the key issues that are holding organizations back from unleashing innovation, giving you examples of large organizations that are trying different ways to do address these issues with success.
Continuous Delivery: Rapid and Reliable Releases with DevOps PracticesTechWell
DevOps is an emerging set of principles, methods, and practices that empower teams and organizations to rapidly deploy systems and application updates while maintaining—and even improving—quality. By lowering barriers between development, testing, and operations, DevOps practices can add tremendous business value to software projects and systems. Bob Aiello explains how to prepare for and implement continuous delivery—in both agile and non-agile environments—employing industry standard processes and automated frameworks. Bob shares DevOps best practices starting with its role early in the application lifecycle through release and application maintenance. He introduces the emerging “Infrastructure as Code” concept that automates server and system provisioning within cloud computing environments. Learn ways to overcome technical, process, and cultural challenges with DevOps. Take back a set of practical and proven practices—for automated application build, automated packaging, and automated deployment—that will put your organization on the path to rapid and reliable releases.
Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...Amazon Web Services
NIB Health Funds is an Australian health insurance provider that migrated its infrastructure to AWS to gain more agility and innovation capabilities. It built a "Red Queen Platform" on AWS with principles of continuous delivery, security, and automation. This has allowed it to deploy over 100 applications to production, reduce costs, and develop new services like a chatbot and machine learning projects. Moving forward, NIB Health Funds aims to further develop services with artificial intelligence and a multi-region presence on AWS.
Moogilu believes in startups as the key force for economics and innovation. We understand that startups cannot afford all the services. We help them use our resources on-tap. We hire the best and make it easy for start-ups to work with us. We act as their extended team and help them out to build great products.
Tests are a good baseline for defining the behavior of a program, but for complicated programs, are tests enough to ensure safe software changes? Software is mission critical and increasingly the backbone of businesses. New applications like automated driving and connected devices continue to increase the risk of changing software.
Fred Galoso, a developer on Trello's growth team, will share some of the techniques Trello uses to safely change and deploy code to millions of Trello users. Part experience report, refactoring discussion, and workshop, this talk will show how data and metrics can be used to drive changes in software. Finally, it will introduce Scientist, a Node.js library for creating and running experiments between old and new pieces of code.
SharePoint Saturday Warsaw 2018 - Modern Collaboration in Teams & Projects wi...Jasper Oosterveld
Office 365 is the collaboration toolkit for businesses. We can choose between SharePoint Team Sites, Outlook Groups, Yammer Groups and Microsoft Teams. Choice can be good but doesn’t necessarily make our lives easier. Jasper Oosterveld, Microsoft MVP & Modern Workplace Consultant, is going to take you on a journey through the Office 365 collaboration landscape. After this session, you have a clear understanding of the different tools and how these connect with each other. Making a choice has become a little bit easier.
John Eccleshare, Head of Compliance and Information Security at bet365, discusses bet365's migration of their Splunk deployment to Splunk Cloud. Some key points:
- bet365 processed 3 TB of data per day in their on-prem Splunk deployment but scaling it for new use cases was challenging.
- Migrating to Splunk Cloud improved performance, enhanced security capabilities, and freed up 4 FTEs by reducing maintenance and upgrade work.
- Lessons learned included needing more business input on requirements and migrating sooner for increased agility. Recommendations included running parallel deployments during migration and using professional services.
The document discusses security best practices across the software development lifecycle (SDLC). It covers:
- The Microsoft Security Development Lifecycle (SDL) methodology which includes activities like threat modeling, security testing, using approved tools and cryptography standards, managing third-party components, and establishing an incident response process.
- Static and dynamic application security testing (SAST and DAST) - SAST analyzes source code for vulnerabilities while DAST tests running applications. Both have tradeoffs in terms of when issues are found, expenses to fix, and what types of vulnerabilities are discovered.
- DevSecOps practices like integrating security activities into each stage of development through techniques like incremental threat modeling, automated testing, and continuous
Get High-Octane Virtual Datacenter PerformanceSolarWinds
Supercharge your datacenter with Virtualization Manager (VMAN). Using VMAN with the Monitoring as a Discipline (MaaD) construct allows you to increase uptime, reduce time spent troubleshooting, and optimize your current workloads. Let SolarWinds Head Geek and vExpert Kong Yang and Product Marketing Manager Jared Hensle show the steps needed to get the full potential out of your virtual environment, and supercharge your datacenter.
Embracing New Normal
Imran Ali - Group Chief Information Security & Technology Officer, Compass Group (United Kingdom)
https://sharedservicesforum.in/digital-leadership-e-summit--2020/
Cloud security: Accelerating cloud adoption Dell World
Organizations now have an opportunity to more rapidly overcome their security concerns by using third-party cloud platforms. In this session, Dell SecureWorks security experts discuss the Shared Security Responsibility model, how organizations need to think about security architecture in the cloud, and new Dell SecureWorks services that are helping organizations plan, architect, manage and respond to threats in the cloud.
Big Data LDN 2018: MICROLISE: USING BIG DATA AND AI IN TRANSPORT AND LOGISTICSMatt Stubbs
Date: 14th November 2018
Location: Data-Driven Ldn Theatre
Time: 11:10 - 11:40
Organisation: Microlise
About: Microlise are a leading provider of technology solutions to the transport and logistics industry worldwide. Discover how, with over 400,000 connected assets generating billions of messages a day, Microlise is evolving its platform to bring real-time analytics to its customers to improve safety, security and efficiency outcomes.
Staying Secure When Moving to the Cloud - Dave MillierTriNimbus
Presentation from Toronto's 2016 Canadian Executive Cloud & DevOps Summit on Friday, November 4th.
Speaker: Dave Millier, Chief Executive Officer, Uzado, Inc.
Title: Rogue Development: Staying Secure When Moving to the Cloud
Neo4j + Process Tempo present Plan Your Cloud Migration with ConfidenceNeo4j
This document advertises a webinar about planning cloud migrations with confidence. The webinar will discuss how graph analytics can help intelligently plan, execute, monitor, and optimize cloud migrations. It will feature presentations on graph databases for cloud migration, challenges of migration projects, and how to use a graph-based data warehouse tool to support migration efforts through execution, planning, monitoring and oversight capabilities. The webinar aims to help attendees avoid common pitfalls in migration projects and revolutionize analytics to gain benefits like greater adoption, confidence, reuse, and control of data quality and security.
System Security on Cloud
The document discusses system security when using cloud computing. It begins by describing the speaker's current big data system of over 10,000 users across 4 countries with over 1 billion user profiles and data ingested daily. It then discusses how infrastructure has changed from buying hardware to infrastructure as a service. Security has also changed, with cybercrime flourishing using organized groups. The rest of the document provides best practices for cloud security, such as understanding shared responsibilities and knowing your adversaries. It also promotes the services of Alert Logic for protecting cloud workloads and applications.
[Webinar] Building a Product Security Incident Response Team: Learnings from ...bugcrowd
Kymberlee Price's Black Hat 2016 talk in a live webcast. This presentation will address some best practices and templates to help security teams build or scale their incident response practices.
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon
Threat modeling can be challenging in agile environments where processes need to be lightweight and adaptable. The presentation discusses the OWASP STAYPUFT methodology for integrating threat modeling into agile development. It involves three phases - ascertain threats from user stories, identify threats to components, and select mitigations from common controls. Examples are given for how threat modeling can be incorporated into scrum and kanban processes by updating diagrams and assumptions during planning and reviews. The goal is to perform threat modeling iteratively to keep security risks understood and addressed throughout development.
DevSecOps is a new way to deliver security as part of the Software Supply Chain. It supports a built-in process and faster security feedback loop for DevOps teams.
This document discusses the evolution of security practices to enable secure innovation at speed and scale through a DevSecOps approach. It outlines how traditional security controls can be transformed into self-aware, self-reporting components that integrate seamlessly into the DevOps pipeline. Specific examples are provided for how perimeter testing, configuration management, encrypting sensitive data, access management, and multi-factor authentication can move from annual certifications to continuous monitoring and enforcement. The document advocates for collaboration, experimentation, and a focus on simplicity and automation to evolve security practices for DevOps.
"Running enterprise workloads with sensitive data in AWS is hard and requires an in-depth understanding about software-defined security risks. At re:Invent 2014, Intuit and AWS presented ""Enterprise Cloud Security via DevSecOps"" to help the community understand how to embrace AWS features and a software-defined security model. Since then, we've learned quite a bit more about running sensitive workloads in AWS.
We've evaluated new security features, worked with vendors, and generally explored how to develop security-as-code skills. Come join Intuit and AWS to learn about second-year lessons and see how DevSecOps is evolving. We've built skills in security engineering, compliance operations, security science, and security operations to secure AWS-hosted applications. We will share stories and insights about DevSecOps experiments, and show you how to crawl, walk, and then run into the world of DevSecOps."
The document contains the schedule for today which includes 10 sessions from 10:00-09:30. It also includes details on several presentations including the title, presenter, and content. There is information on integrating security into a portfolio kanban process with 5 stages. Additionally, it discusses recruiting AppSec talent and includes a draft of the AppSec Joel test. It summarizes outcomes from discussions on defining agile security practices, the SAMM model, cloud security behaviors, and securing the CI pipeline.
How to Achieve and Maintain High Quality SaaS Software in the CloudXBOSoft
These are the slide from a webinar that we did together with BlackLine Systems on August 8 2012.
During this webinar, Donna McCollum from Blackline Systems and Philip Lew from XBOSoft discussed lessons learned and best practices on how to set up test automation and performance testing for cloud software that is delivered with a SaaS model.
Key words:
Test Automation, Performance Testing, QA in the cloud, and QA for SaaS models.
Features:
• Learn best practices for QA, and performance, and automation testing for SaaS software
• Hear about particular QA issues for managing financial SaaS software in the cloud
• Understand the QA and testing strategies BlackLine Systems and XBOSoft implements to alleviate these issues
For a recording of this webinar, please visit:
http://blog.xbosoft.com/2012/08/09/performance-testing-and-test-automation-best-practices/
Key words:
Test Automation, Performance Testing, QA in the cloud, and QA for SaaS models.
Features:
• Learn best practices for quality assurance and performance and automation testing for SaaS software
• Hear about particular QA issues for managing financial SaaS software in the cloud
• Understand the QA and testing strategies BlackLine implements to alleviate these issues
For a recording of this webinar, please visit:
http://blog.xbosoft.com/2012/08/09/performance-testing-and-test-automation-best-practices/
[AIIM17] It’s Harvest Time in the Information Garden - Dan AntionAIIM International
We’ve been collecting information for many years, driven by the usual suspects: compliance and fear. Now it’s time to take advantage of the information we’ve gathered by shifting our focus from the people who felt they had to keep it to the people who can actually use it. In short, it’s time to reap the benefits of the hard work we have already done. Learn how American Nuclear Insurers is using their information today, the process that got them there, and the technology it took to make it happen.
Learn about the current state of Information Management in AIIM’s latest report: http://info.aiim.org/2017-state-of-information-management
Similar to Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster (20)
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
1. SCALING SECURITY WORKFLOWS
AND GETTING HIRED BY A
CROWD SOURCING SECURITY
TEAM
GOHER MOHAMMAD
PHOTOBOX GROUP HEAD OF SECURITY AND COMPLIANCE
2. MY BACKGROUND
• Graduated in 2000
• Got my first IT job in 2001 – Very Corporate
• Got my first IT Leader role in 2004 for Omnicom group
• Went back to corporate rigidity 2017
• Now at Photobox Group Security as Acting Head of Risk and
Compliance
3. CHALLENGE
• Have worked in a traditional environment
• Now working in an agile environment
• Both have the pros and cons
9. We have to integrate with
current place of work practices
10. SCALING SECURITY WORKFLOWS
• USE EXISTING IMPLEMENTED SYSTEM
• USE A DATABASE MODEL (Where Possible)
• USE A VISUAL PLATFORM TO BUILD A GRAPH DATABASE (Neo4J,
AnzoGraph)
11. CHALLENGE AT PHOTOBOX
• PCI AUDIT
• BUILD A SCALABLE SOLUTION
• BUILD FOR THE FUTURE, GDPR, ISO 27001 AND MORE
12. Does anyone like compliance?
Does anyone like to be audited?
2 QUESTIONS
21. IN SHORT
• Make use of the tools you have
• It should be ‘templatable’, ‘bolt-onable’ and easy
• It should translate across all levels of staff and people
• It should be or be part of a foundation framework
• It should be logical
• It should be simple
22. HOW TO BE HIRED FOR A CROWD
SOURCING SECURITY TEAM?
23. WHAT IS CROWDSOURCING?
crowd·sourc·ing
ˈkroudˌsôrsiNG/
noun
noun: crowdsourcing; noun: crowd-sourcing
• the practice of obtaining information or input into a task or project
by enlisting the services of a large number of people, either paid or
unpaid, typically via the Internet.
• "crowdsourcing is less expensive than hiring a professional
translator"