What does ‘secure’ mean? Many security professionals work in information security for a large portion of their careers without ever being able to contextualize what they contribute to the businesses they work for - a crying shame. Being able to make sense of all the security-related process changes, widgets, technology and testing is critical to not only being successful at changing the mindset and culture of your business - but to actually making a lasting long-term impression. The only way to do this is to find ways to add business-context to security metrics - creating pseudo-business/security KPIs. This talk focuses not on how to ‘hack’ but how to effectively protect… and to make it relevant to your business so that it matters.
Ultimate Hack! Layers 8 & 9 of the OSI ModelRafal Los
The vast chasm between business and Information Security must be bridged. In this talk from AtlSecCon in Halifax (Mar 2011) I discuss how Information Security professionals can 'hack' the management and budget layers of their daily work to get things done more effectively.
Developing Metrics to Evaluate HRs Contribution to the Achievement of Organiz...Human Capital Media
When deployed properly, the human resources function should be a driver of organizational success. The measures and methods of tracking and managing HR activities are equally important as the activities themselves. Learn to develop and use the right metrics to prove HR’s impact on the bottom line and how technology makes this process easier to manage, and take a strategic approach to work to ensure that the HR activities are having their intended impact.
Join this webinar and discover how to:
Define various measures, methods, metrics and evaluation protocols.
Compare and contrast HR metrics and business metrics (HR metrics with a strategic linkage) to demonstrate the difference in how the value of HR activities can lead to productivity and profitability.
Use ROI/cost benefit protocols to determine the effectiveness of HR interventions.
Design and use technology tools to virtually automate data collection and analysis activities.
Utilize strategic management principles when developing and implementing HR activities to ensure organizational effectives by design.
The document discusses Oracle Business Intelligence Foundation and its key benefits. It addresses challenges with existing business intelligence solutions, such as the disconnect between analytics and action, expensive analytic silos, and continually evolving BI requirements. The solution overview describes how Oracle BI Foundation aims to improve business performance by linking insights to action, deliver the lowest cost of ownership through reusable analytic assets, and help manage risk with a single analytic framework that can evolve over time. Customer success stories are also highlighted.
What's this thing called "pull" - Mary PoppendieckAGILEMinds
This document discusses the transition from a push to a pull model of production. It summarizes the experience of a video cassette plant that was struggling until it switched from an MRP push system to a just-in-time pull system. The plant went from reliably shipping 60% of its weekly plan under MRP to shipping 95% after adopting pull and filling orders in 2 weeks instead of 6 with no expediting needed. It also discusses how pull systems create strategic inflection points that change how businesses operate.
"Lean software development: discovering waste" by Mary PoppendieckOperae Partners
The document discusses lean principles for software development. It notes that standard lean tools designed for operations may not be appropriate for application development. Lean principles for development focus on building the right thing, building it right, and delivering fast through techniques like designing based on customer needs, reducing waste from extra features and handoffs, embedding quality through testing, and minimizing technical debt.
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
The document discusses operationalizing security intelligence for mid-market companies. It defines security intelligence as the collective activities and artifacts that enable intelligence-driven security decisions. It outlines the key requirements for security intelligence as high-quality internal and external data, well-defined internal processes, qualified personnel, and integrated technology solutions. The goal is to help mid-market companies develop the capabilities to more effectively detect, respond to, and resolve security incidents.
The document is an announcement from Instituto Educativo Cambridge de Mexico about their nursery and pre-school programs for the 2010-2011 school year. It introduces a new educational approach based on Howard Gardner's Theory of Multiple Intelligences that recognizes each child's unique intellectual strengths and needs. The program aims to maximize each child's potential through individualized education in areas like language development, music, yoga, and computers science at their own pace in a bilingual English-Spanish environment.
Ultimate Hack! Layers 8 & 9 of the OSI ModelRafal Los
The vast chasm between business and Information Security must be bridged. In this talk from AtlSecCon in Halifax (Mar 2011) I discuss how Information Security professionals can 'hack' the management and budget layers of their daily work to get things done more effectively.
Developing Metrics to Evaluate HRs Contribution to the Achievement of Organiz...Human Capital Media
When deployed properly, the human resources function should be a driver of organizational success. The measures and methods of tracking and managing HR activities are equally important as the activities themselves. Learn to develop and use the right metrics to prove HR’s impact on the bottom line and how technology makes this process easier to manage, and take a strategic approach to work to ensure that the HR activities are having their intended impact.
Join this webinar and discover how to:
Define various measures, methods, metrics and evaluation protocols.
Compare and contrast HR metrics and business metrics (HR metrics with a strategic linkage) to demonstrate the difference in how the value of HR activities can lead to productivity and profitability.
Use ROI/cost benefit protocols to determine the effectiveness of HR interventions.
Design and use technology tools to virtually automate data collection and analysis activities.
Utilize strategic management principles when developing and implementing HR activities to ensure organizational effectives by design.
The document discusses Oracle Business Intelligence Foundation and its key benefits. It addresses challenges with existing business intelligence solutions, such as the disconnect between analytics and action, expensive analytic silos, and continually evolving BI requirements. The solution overview describes how Oracle BI Foundation aims to improve business performance by linking insights to action, deliver the lowest cost of ownership through reusable analytic assets, and help manage risk with a single analytic framework that can evolve over time. Customer success stories are also highlighted.
What's this thing called "pull" - Mary PoppendieckAGILEMinds
This document discusses the transition from a push to a pull model of production. It summarizes the experience of a video cassette plant that was struggling until it switched from an MRP push system to a just-in-time pull system. The plant went from reliably shipping 60% of its weekly plan under MRP to shipping 95% after adopting pull and filling orders in 2 weeks instead of 6 with no expediting needed. It also discusses how pull systems create strategic inflection points that change how businesses operate.
"Lean software development: discovering waste" by Mary PoppendieckOperae Partners
The document discusses lean principles for software development. It notes that standard lean tools designed for operations may not be appropriate for application development. Lean principles for development focus on building the right thing, building it right, and delivering fast through techniques like designing based on customer needs, reducing waste from extra features and handoffs, embedding quality through testing, and minimizing technical debt.
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
The document discusses operationalizing security intelligence for mid-market companies. It defines security intelligence as the collective activities and artifacts that enable intelligence-driven security decisions. It outlines the key requirements for security intelligence as high-quality internal and external data, well-defined internal processes, qualified personnel, and integrated technology solutions. The goal is to help mid-market companies develop the capabilities to more effectively detect, respond to, and resolve security incidents.
The document is an announcement from Instituto Educativo Cambridge de Mexico about their nursery and pre-school programs for the 2010-2011 school year. It introduces a new educational approach based on Howard Gardner's Theory of Multiple Intelligences that recognizes each child's unique intellectual strengths and needs. The program aims to maximize each child's potential through individualized education in areas like language development, music, yoga, and computers science at their own pace in a bilingual English-Spanish environment.
Security BSides Atlanta - "The Business Doesn't Care..."Rafal Los
This is my talk from Security BSides Atlanta ... the talk discusses how the disconnect between security and business keeps getting wider, why, and what to do about it.
The document is a presentation by Rafal Los on manipulating layers 8 and 9 (management and budget) of the OSI model. It discusses 7 secrets to success: 1) align information security goals to the business, 2) understand other roles like business analysts by working in them, 3) use both rewards and consequences, 4) separate advisory and operational security functions, 5) partner with risk, compliance, and legal, 6) allow the business to conclude it needs security assistance, and 7) leverage accountability by having business owners acknowledge risks. The presentation provides advice on influencing management and budgets to achieve information security objectives.
Ian Yip has given this 'Do Security Like a Start-up or Get Fired' presentation twice. The first time was at AusCERT this year. The second was at the Banking, Finance and Technology Forum in Mumbai back in June.
In his travels speaking with and consulting for organisations across the world, he has observed the good and bad things that organisations do when it comes to security. He won't dwell on the bad. Instead, he picked out 10 considerations that agile companies tend to focus on in dealing with IT security. Ian uses the term "agile" here purposely as it is appropriate when describing companies that are dealing with the current, external pressures: cloud, mobility, consumerisation of IT, etc. better than most. Many of the points highlighted should be Security101 for many security professionals. But in limiting the list of 10, Ian aims to focus on what is important in today's enterprise in being better placed to deal with the pressures organisations are facing.
In the spirit of sharing and hopefully getting your thoughts, Ian has turned this presentation into a series of blog posts - '10 IT Security Considerations Successful Agile Companies Use': http://bit.ly/SecureOrFired
DevOps es una estrategia organizacional de TI donde se hace énfasis en la comunicación y colaboración e integración entre las áreas responsables de desarrollar software (Dev) y las áreas responsables de operar la infraestructura (Ops).
En esta sesión conoceremos los principales puntos a considerar al implantar una estrategia de DevOps.
Dirigido a: Departamento de Calidad y Desarrollo de software
Software Security Assurance - Bruce JenkinsIT-oLogy
The document is a presentation by Bruce Jenkins from Hewlett-Packard on managing software security risks in the face of digital transformation. It discusses how software security has become increasingly challenging due to factors such as a growing number of applications, different development models, and developers not being trained in security. It emphasizes the importance of obtaining stakeholder alignment around a common security vision and goals tied to the organization's overall mission to create a strong foundation for managing security risks.
Pinpointing the source and scope of data theft is often hard to quantify, especially since your largest internal threat may actually be one of your most loyal employees. This presentation presents the findings of the first-ever global insider threat study that catalogs common practices used by leading organizations across numerous verticals. This presentation will define the insider threat, quantify the prevalence of the problem, and uncover controls that have proven most effective at minimizing the risk of insider threats.
The Agile Stakeholder Management Framework for Teams, Programs, and PortfoliosDrew Jemilo
Stakeholder management is one of the most important responsibilities of a Product Owner. It can also be one of the biggest land mines if you don't continuously inspect and adapt your planning and communication. How do you interact with your stakeholders based on their level of interest and the degree of influence they have over your team's success or failure? In this session, you will learn how to apply the stakeholder management framework to:
1. Identify, analyze, prioritize, and engage your stakeholders
2. Manage expectations through the continuous process of setting expectations, acting on them, reviewing them, and resetting them
3. Build your communication plan using the stakeholder mapping technique and the Net Promoter Score (NPS) to plot your sponsors, major stakeholders, minor stakeholders, and subject matter experts
4. Gain consensus with your stakeholders regarding their rights and responsibilities
5. Scale to the program and portfolio levels
Originally presented at Agile2012
http://agile2012.agilealliance.org/program/schedule/
How do you fund your security program?
Here are simple ways to get management buy-in
How do you enable the business?
Speak in terms of risk.
Show small wins
Saar Gillai
VP of Advanced Technology/CTO
HP Networking
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
eDevOps in HPSW from buzzword to realityAgileSparks
In recent years we see a major shift toward SaaS solutions. More and more HPSW customers prefer to consume products like Quality Center, Performance Center and Agile Project Management as a Service.
Meeting this increased demand for SaaS triggered a major shift within HP SW development groups and HP SaaS operations group to not only modernize our products and offering but also to modernized the way we develop, test, deploy and operate our software in a SaaS model by moving to DevOps.
In this session we will discuss how HPSW Dev and Ops joined forces to establish the right methodologies, processes and technologies to build a true DevOPs delivery model that is aligned across HP SW, starting with Agile Manager, our first true SaaS product and continuing with traditional products like Quality Center.
Today in SaaS for Agile Manager we have 4 farms located over 3 locations (3 regions – AMS, EMEA, APJ).
We have more than 120 customers and over 6000 of users login each day to our systems with over 1000 active tenants.
We have bi-weekly pushes and Quarterly major releases, comprehensive monitoring processes and extensive implementation of HP monitoring tools.
Over 4000 tickets handled by both Operations and R&D.
This document discusses Hewlett-Packard's Enterprise Security Services which provide consulting, managed security services, and threat intelligence to help organizations address security risks and the growing cyber threat landscape. It summarizes an HP presentation which outlines the retail security breach environment, lessons learned from recent high-profile retail breaches, and HP's portfolio of security services including rapid incident response, perimeter compromise checks, and threat intelligence from HP's global security operations centers and researchers.
ACES Direct - Mobility - Pieter Schouten - HPmrdebondt
Mobility is de nieuwe manier van werken. De nieuwe werkplek is mobiel, connected maar
secure. De medewerker van morgen is op iedere plek verbonden en gebruikt de juiste
oplossing voor die specifieke taak. HP heeft een volledig nieuw mobility portfolio van
producten gelanceerd die specifiek zijn ontworpen voor de zakelijke markt. Met de snelheid
en bruikbaarheid van een consumenten device, maar de security en support voor de zakelijke markt. Maak je huidige werkplek mobiel met HP en ACES Direct.
HP Enterprise Software: Making your applications and information work for youHP Enterprise Italia
The document discusses HP's vision for enterprise IT in 2020 and beyond. It predicts that by 2020 there will be 44x more data requiring automated analysis. It also predicts more internet users, applications, and security threats. HP argues this will require new approaches to managing information and applications across cloud, mobile, and traditional IT environments. The document outlines HP's software and technologies like HAVEn and HP Anywhere that are aimed at helping enterprises develop, operate, secure, govern, and monetize applications and information to address these evolving challenges and opportunities.
Dark Data Discovery & Governance with File AnalysisCraig Adams
Discover and classify your Data Data and deliver Information Govenrance on your unstructured data held in Exhchange, File Shares, SharePoint, Documetum, FileNet, OpentText etc. Make your Digital Landfill a thing of the past.
Action from Insight - Joining the 2 Percent Who are Getting Big Data RightStampedeCon
Today’s world is awash in data, and organizations are rapidly discovering that putting this data to work is the single most important factor in their ability to remain relevant to hyper-connected consumers. In this session, HP will explore the new trends of this appified, thingified, context-rich world and how HP’s Haven platform can give you an edge over your competition.
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
Top 10 tips for effective SOC/NOC collaboration or integration. In 5 years the security operation center and IT operation center will integrate and bring more context to security events and help to search, store, and analyze machine data for operational intelligence
AgileLIVE – Accelerate Enterprise Agile with the Scaled Agile Framework®: Part IVersionOne
Interested in finding out how to scale agile faster, easier and smarter using the Scaled Agile Framework® (SAFe)? If so, make sure you watch this two-part webinar series!
Scrum, XP, Kanban and related methods have been proven to provide step changes in productivity and quality for software teams. However, these methods do not have the native constructs necessary to scale across the enterprise. What the industry desperately needs is a solution that moves from a set of simplistic, disparate, development-centric methods, to a scalable, unified approach that addresses the complex constructs and additional stakeholders in the organization – and accelerates the realization of enterprise-class product or service initiatives via aligned and cooperative solution development.
Part I: Join Dean Leffingwell, software industry veteran and Lean Systems Society Fellow, for an overview of SAFe, a publicly–accessible knowledge base of proven lean and agile practices for enterprise-class software development.
Dean Leffingwell, software industry veteran and Lean Systems Society Fellow, has spent his career helping software teams achieve their goals. A renowned methodologist, author, coach, entrepreneur and executive, Dean's most recent project is the Scaled Agile Framework (scaledagileframework.com), a public-facing website which describes a comprehensive system for scaling lean and agile practices to the largest software enterprises.
Andy Powell is Product Evangelist for VersionOne and Scaled Agile Framework Program Consultant. During his 12-year career in the software development industry, Andy has assisted in numerous 500+ person agile tool rollouts with companies such as Siemens, Adobe, EMC and Sabre, giving him considerable experience in leading major projects. Andy received a Bachelor of Science degree in Mechanical Engineering from the University of Notre Dame and graduated magna cum laude.
Lee Cunningham is an Enterprise Agile Coach for VersionOne focused on agile program and portfolio management. Lee has trained and consulted with hundreds of teams in organizations of all sizes in the US, Canada and the UK. Lee served in the United States Air Force and earned a Bachelor of Business Administration degree from the University of North Florida.
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
Security intelligence is only worthwhile if a relevant piece of information is obtained and analyzed in a timely manner and able to aide a rapid decision-making process to mitigate an imminent threat – this capability is part of the new school security approach of Detect, Respond, Resolve with greater efficiency and speed which all enterprises should be benefiting from.
The SAFe Way to Lean Software Development for AgileNCR - April 5, 2014Colin O'Neill
The document discusses the principles of Lean software development and the Scaled Agile Framework (SAFe). It describes the core Lean principles of respect for people, product development flow, and continuous improvement (Kaizen). It also outlines the eight principles of product development flow according to Don Reinertsen: take an economic view, actively manage queues, understand and exploit variability, reduce batch sizes, apply work-in-process constraints, control flow under uncertainty, get feedback as fast as possible, and decentralize control. The presentation encourages adopting these Lean and SAFe principles to improve speed, quality, and value delivery.
The document discusses how modern applications require modern monitoring and processes to stay performing. It notes that modern applications operate on dynamic cloud infrastructures with constant changes, requiring monitoring of business success, application performance, and customer experience. It emphasizes the importance of managing risk through understanding and mitigating risks rather than removing risks. It also discusses how DevOps is a cultural change involving team-level responsibility and ownership. The presentation aims to explain how instrumentation, infrastructure management, risk management, and DevOps culture can help keep modern applications running effectively.
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
I've been in the field of "Cyber Security" in its many incarnations for about 25 years. In that time I've learned some lessons, some the hard way.
Here are my slides presented at BSides New Orleans in April 2024.
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfRafal Los
Preparedness for cyber security incidents - of all kinds - is formulaic. Unfortunately, many organizations don't follow these five principles, or don't take them seriously enough.
More Related Content
Similar to Making Measurable Gains - Contextualizing 'Secure' in Business
Security BSides Atlanta - "The Business Doesn't Care..."Rafal Los
This is my talk from Security BSides Atlanta ... the talk discusses how the disconnect between security and business keeps getting wider, why, and what to do about it.
The document is a presentation by Rafal Los on manipulating layers 8 and 9 (management and budget) of the OSI model. It discusses 7 secrets to success: 1) align information security goals to the business, 2) understand other roles like business analysts by working in them, 3) use both rewards and consequences, 4) separate advisory and operational security functions, 5) partner with risk, compliance, and legal, 6) allow the business to conclude it needs security assistance, and 7) leverage accountability by having business owners acknowledge risks. The presentation provides advice on influencing management and budgets to achieve information security objectives.
Ian Yip has given this 'Do Security Like a Start-up or Get Fired' presentation twice. The first time was at AusCERT this year. The second was at the Banking, Finance and Technology Forum in Mumbai back in June.
In his travels speaking with and consulting for organisations across the world, he has observed the good and bad things that organisations do when it comes to security. He won't dwell on the bad. Instead, he picked out 10 considerations that agile companies tend to focus on in dealing with IT security. Ian uses the term "agile" here purposely as it is appropriate when describing companies that are dealing with the current, external pressures: cloud, mobility, consumerisation of IT, etc. better than most. Many of the points highlighted should be Security101 for many security professionals. But in limiting the list of 10, Ian aims to focus on what is important in today's enterprise in being better placed to deal with the pressures organisations are facing.
In the spirit of sharing and hopefully getting your thoughts, Ian has turned this presentation into a series of blog posts - '10 IT Security Considerations Successful Agile Companies Use': http://bit.ly/SecureOrFired
DevOps es una estrategia organizacional de TI donde se hace énfasis en la comunicación y colaboración e integración entre las áreas responsables de desarrollar software (Dev) y las áreas responsables de operar la infraestructura (Ops).
En esta sesión conoceremos los principales puntos a considerar al implantar una estrategia de DevOps.
Dirigido a: Departamento de Calidad y Desarrollo de software
Software Security Assurance - Bruce JenkinsIT-oLogy
The document is a presentation by Bruce Jenkins from Hewlett-Packard on managing software security risks in the face of digital transformation. It discusses how software security has become increasingly challenging due to factors such as a growing number of applications, different development models, and developers not being trained in security. It emphasizes the importance of obtaining stakeholder alignment around a common security vision and goals tied to the organization's overall mission to create a strong foundation for managing security risks.
Pinpointing the source and scope of data theft is often hard to quantify, especially since your largest internal threat may actually be one of your most loyal employees. This presentation presents the findings of the first-ever global insider threat study that catalogs common practices used by leading organizations across numerous verticals. This presentation will define the insider threat, quantify the prevalence of the problem, and uncover controls that have proven most effective at minimizing the risk of insider threats.
The Agile Stakeholder Management Framework for Teams, Programs, and PortfoliosDrew Jemilo
Stakeholder management is one of the most important responsibilities of a Product Owner. It can also be one of the biggest land mines if you don't continuously inspect and adapt your planning and communication. How do you interact with your stakeholders based on their level of interest and the degree of influence they have over your team's success or failure? In this session, you will learn how to apply the stakeholder management framework to:
1. Identify, analyze, prioritize, and engage your stakeholders
2. Manage expectations through the continuous process of setting expectations, acting on them, reviewing them, and resetting them
3. Build your communication plan using the stakeholder mapping technique and the Net Promoter Score (NPS) to plot your sponsors, major stakeholders, minor stakeholders, and subject matter experts
4. Gain consensus with your stakeholders regarding their rights and responsibilities
5. Scale to the program and portfolio levels
Originally presented at Agile2012
http://agile2012.agilealliance.org/program/schedule/
How do you fund your security program?
Here are simple ways to get management buy-in
How do you enable the business?
Speak in terms of risk.
Show small wins
Saar Gillai
VP of Advanced Technology/CTO
HP Networking
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
eDevOps in HPSW from buzzword to realityAgileSparks
In recent years we see a major shift toward SaaS solutions. More and more HPSW customers prefer to consume products like Quality Center, Performance Center and Agile Project Management as a Service.
Meeting this increased demand for SaaS triggered a major shift within HP SW development groups and HP SaaS operations group to not only modernize our products and offering but also to modernized the way we develop, test, deploy and operate our software in a SaaS model by moving to DevOps.
In this session we will discuss how HPSW Dev and Ops joined forces to establish the right methodologies, processes and technologies to build a true DevOPs delivery model that is aligned across HP SW, starting with Agile Manager, our first true SaaS product and continuing with traditional products like Quality Center.
Today in SaaS for Agile Manager we have 4 farms located over 3 locations (3 regions – AMS, EMEA, APJ).
We have more than 120 customers and over 6000 of users login each day to our systems with over 1000 active tenants.
We have bi-weekly pushes and Quarterly major releases, comprehensive monitoring processes and extensive implementation of HP monitoring tools.
Over 4000 tickets handled by both Operations and R&D.
This document discusses Hewlett-Packard's Enterprise Security Services which provide consulting, managed security services, and threat intelligence to help organizations address security risks and the growing cyber threat landscape. It summarizes an HP presentation which outlines the retail security breach environment, lessons learned from recent high-profile retail breaches, and HP's portfolio of security services including rapid incident response, perimeter compromise checks, and threat intelligence from HP's global security operations centers and researchers.
ACES Direct - Mobility - Pieter Schouten - HPmrdebondt
Mobility is de nieuwe manier van werken. De nieuwe werkplek is mobiel, connected maar
secure. De medewerker van morgen is op iedere plek verbonden en gebruikt de juiste
oplossing voor die specifieke taak. HP heeft een volledig nieuw mobility portfolio van
producten gelanceerd die specifiek zijn ontworpen voor de zakelijke markt. Met de snelheid
en bruikbaarheid van een consumenten device, maar de security en support voor de zakelijke markt. Maak je huidige werkplek mobiel met HP en ACES Direct.
HP Enterprise Software: Making your applications and information work for youHP Enterprise Italia
The document discusses HP's vision for enterprise IT in 2020 and beyond. It predicts that by 2020 there will be 44x more data requiring automated analysis. It also predicts more internet users, applications, and security threats. HP argues this will require new approaches to managing information and applications across cloud, mobile, and traditional IT environments. The document outlines HP's software and technologies like HAVEn and HP Anywhere that are aimed at helping enterprises develop, operate, secure, govern, and monetize applications and information to address these evolving challenges and opportunities.
Dark Data Discovery & Governance with File AnalysisCraig Adams
Discover and classify your Data Data and deliver Information Govenrance on your unstructured data held in Exhchange, File Shares, SharePoint, Documetum, FileNet, OpentText etc. Make your Digital Landfill a thing of the past.
Action from Insight - Joining the 2 Percent Who are Getting Big Data RightStampedeCon
Today’s world is awash in data, and organizations are rapidly discovering that putting this data to work is the single most important factor in their ability to remain relevant to hyper-connected consumers. In this session, HP will explore the new trends of this appified, thingified, context-rich world and how HP’s Haven platform can give you an edge over your competition.
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
Top 10 tips for effective SOC/NOC collaboration or integration. In 5 years the security operation center and IT operation center will integrate and bring more context to security events and help to search, store, and analyze machine data for operational intelligence
AgileLIVE – Accelerate Enterprise Agile with the Scaled Agile Framework®: Part IVersionOne
Interested in finding out how to scale agile faster, easier and smarter using the Scaled Agile Framework® (SAFe)? If so, make sure you watch this two-part webinar series!
Scrum, XP, Kanban and related methods have been proven to provide step changes in productivity and quality for software teams. However, these methods do not have the native constructs necessary to scale across the enterprise. What the industry desperately needs is a solution that moves from a set of simplistic, disparate, development-centric methods, to a scalable, unified approach that addresses the complex constructs and additional stakeholders in the organization – and accelerates the realization of enterprise-class product or service initiatives via aligned and cooperative solution development.
Part I: Join Dean Leffingwell, software industry veteran and Lean Systems Society Fellow, for an overview of SAFe, a publicly–accessible knowledge base of proven lean and agile practices for enterprise-class software development.
Dean Leffingwell, software industry veteran and Lean Systems Society Fellow, has spent his career helping software teams achieve their goals. A renowned methodologist, author, coach, entrepreneur and executive, Dean's most recent project is the Scaled Agile Framework (scaledagileframework.com), a public-facing website which describes a comprehensive system for scaling lean and agile practices to the largest software enterprises.
Andy Powell is Product Evangelist for VersionOne and Scaled Agile Framework Program Consultant. During his 12-year career in the software development industry, Andy has assisted in numerous 500+ person agile tool rollouts with companies such as Siemens, Adobe, EMC and Sabre, giving him considerable experience in leading major projects. Andy received a Bachelor of Science degree in Mechanical Engineering from the University of Notre Dame and graduated magna cum laude.
Lee Cunningham is an Enterprise Agile Coach for VersionOne focused on agile program and portfolio management. Lee has trained and consulted with hundreds of teams in organizations of all sizes in the US, Canada and the UK. Lee served in the United States Air Force and earned a Bachelor of Business Administration degree from the University of North Florida.
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
Security intelligence is only worthwhile if a relevant piece of information is obtained and analyzed in a timely manner and able to aide a rapid decision-making process to mitigate an imminent threat – this capability is part of the new school security approach of Detect, Respond, Resolve with greater efficiency and speed which all enterprises should be benefiting from.
The SAFe Way to Lean Software Development for AgileNCR - April 5, 2014Colin O'Neill
The document discusses the principles of Lean software development and the Scaled Agile Framework (SAFe). It describes the core Lean principles of respect for people, product development flow, and continuous improvement (Kaizen). It also outlines the eight principles of product development flow according to Don Reinertsen: take an economic view, actively manage queues, understand and exploit variability, reduce batch sizes, apply work-in-process constraints, control flow under uncertainty, get feedback as fast as possible, and decentralize control. The presentation encourages adopting these Lean and SAFe principles to improve speed, quality, and value delivery.
The document discusses how modern applications require modern monitoring and processes to stay performing. It notes that modern applications operate on dynamic cloud infrastructures with constant changes, requiring monitoring of business success, application performance, and customer experience. It emphasizes the importance of managing risk through understanding and mitigating risks rather than removing risks. It also discusses how DevOps is a cultural change involving team-level responsibility and ownership. The presentation aims to explain how instrumentation, infrastructure management, risk management, and DevOps culture can help keep modern applications running effectively.
Similar to Making Measurable Gains - Contextualizing 'Secure' in Business (20)
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
I've been in the field of "Cyber Security" in its many incarnations for about 25 years. In that time I've learned some lessons, some the hard way.
Here are my slides presented at BSides New Orleans in April 2024.
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfRafal Los
Preparedness for cyber security incidents - of all kinds - is formulaic. Unfortunately, many organizations don't follow these five principles, or don't take them seriously enough.
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityRafal Los
It might seem crazy, but as a parent you're more prepared than you think to be a cyber security professional and leader. Check this talk to see what I, with 8yr old twins, can tell you from my experiences.
From management, to leadership, to threat analysis and incident response - it's all related.
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)Rafal Los
The document discusses the history and evolution of vulnerability management over the decades from the 1990s to present. It outlines some unfortunate trends like overreliance on spreadsheets and a focus only on missing patches. The talk recommends taking a lifecycle approach to vulnerability management including identifying vulnerabilities across the entire attack surface, triaging findings, advising on mitigation or deferral, tracking to resolution, and reporting on progress and accountability. Prioritizing this lifecycle approach and moving beyond only patching is key to effectively managing increasing IT complexity.
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Rafal Los
Vulnerability Management is more than patching your systems. A programmatic approach to risk reduction is critical, but often under-performing. This talk provides insight on how to implement a functional program.
When it comes to intrusions and breaches, most security teams take a short-game view. This means that they look at events as discrete and individual and focus efforts on short-term goals. While not universally detrimental, this view does harm the overall security of an organization in the "long game”. Additionally, “active defense” has been hopelessly confused by marketing hype even though its meaning is powerful to security’s operational goals.
This talk focuses on how enterprise security defenders can adjust their mindset, refocus, and beat adversaries by leveraging active defense over the long game. The basis of this talk is the extensive research done in support of the threat intelligence solution blueprint, a comprehensive guide to understanding, architecting, operationalizing and maturing a threat intelligence program.
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013Rafal Los
The Chief Financial Officer (CFO) plays a critical role in Enterprise Security - but rarely gets a direct glimpse at some of the challenges, and no-frills realities of the challenge of defending an enterprise. This talk provides 5 key take-aways for CFOs.
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rafal Los
These are the talk slides from ISSA International - discussing the need to reboot Enterprise Security to facilitate better defensibility, more intelligent security, and better operational capabilities.
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Rafal Los
This document discusses cloud security from the perspectives of both cloud service consumers and providers. For consumers, it examines questions around the security of the cloud provider, assurances and transparency, resilience of services, and compliance. For providers, it considers how to deliver security across infrastructure, platform and software as a service models, provide assurance to customers, determine appropriate security measures, manage liabilities and risks, and address compliance needs. The document also notes challenges that are keeping some enterprises from fully adopting cloud services such as immature security models, migration difficulties, lack of transparency, absence of compliance mechanisms, and fear of vendor lock-in.
Threat modeling the security of the enterpriseRafal Los
Many IT Security professionals simply do not understand "threat modeling" - or how an attack at component A can ultimately affect component B, C, and D ... this example-based (and very, very high-level) talk hopes to get you interested in threat modeling and understanding how things are connected - in orer to give you a chance to build your defenses.
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
This document outlines a 5-step approach to establishing a Software Security Assurance program:
1) Conduct an assessment of capabilities, resources, assets, and organization.
2) Develop a resource strategy and plan based on assessment.
3) Build intelligent processes that leverage existing processes and accommodate business needs.
4) Implement processes strategically and augment with automation technologies.
5) Continuously measure business impact and reassess goals as business priorities change.
The Future of Software Security AssuranceRafal Los
This talk is from ISSA International 2011, reflecting a look out over the horizon of Software Security Assurance for the next 20 years. Fundamentally, we must be able to start with 1 question - "Can you trust your software?" ...and if you can't say "Yes!" for certain, it's time to start somewhere.
Defying Logic - Business Logic Testing with AutomationRafal Los
It proposes a 3-phase framework: 1) Model valid business processes by monitoring normal user behavior. 2) Manipulate workflows by modifying states and transactions. 3) Analyze results to detect deviations from expected behavior, indicating potential logic defects. The goal is to overcome challenges of testing application logic, which is hard to define, domain-specific, and lacks consistent patterns. A demo is provided as a proof of concept for how such a framework could work. Contributions to further the research are welcomed.
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Rafal Los
This talk from the 2010 OWASP AppSec DC talk of the same title is all about better, more evolved web application security testing utilizing automation!
Oh No They Didn't! 7 Web App Security Stories (v1.0)Rafal Los
This is the first iteration of a talk that goes through some of the more ..."interesting" failures in web app security over the 2009-2010 assessment calendar.
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
This talk is geared towards QA Analysts who want to start to understand the mindset of the 'hacker', and start thinking about web application security testing concepts.
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Rafal Los
If you've ever wanted to know how a Software Security Assurance program can have a closer tie-in with a business-level conversation, this is the presentation you can't miss.
Sans Feb 2010 - When Web 2 0 Attacks v3.3Rafal Los
The document discusses security issues related to Web 2.0 technologies. It notes that Web 2.0 has increased the attack surface area by moving more logic to the client-side and allowing richer content. Various attacks are explored like clickjacking, cross-site scripting using social media sites, exploiting functionality in Flash applications, and manipulating client-side logic and data validations. Sensitive information may also be exposed. The document provides examples of real code vulnerabilities and demonstrates live decompiling of Flash to find vulnerabilities. It concludes with an example attack on MapQuest by inserting malicious code.
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsRafal Los
Do you know why your software testing strategy isn't finding many of the "really big" bugs hidden in the web-based software your company churns out? Find out now...
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Things to Consider When Choosing a Website Developer for your Website | FODUUFODUU
Choosing the right website developer is crucial for your business. This article covers essential factors to consider, including experience, portfolio, technical skills, communication, pricing, reputation & reviews, cost and budget considerations and post-launch support. Make an informed decision to ensure your website meets your business goals.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.