OSBot - Data transformation workflow (from GSheet to Jupyter)
•
1 like•745 views
Example of workflows created by the OWASP SBot (Security Bot) https://github.com/owasp-sbot See also https://www.slideshare.net/DinisCruz/osbot-jira-data-import-from-gsheet-to-jira-via-jupyter-v09
Report
Share
Report
Share
Download to read offline
Recommended
Manage Data Like Code (sf analytics meetup) (1)
Quilt is a tool for managing data like code by enabling versioning, packaging, and testing of datasets. It addresses common problems with data pipelines such as inconsistent data, schema mismatches, and missing data. Quilt packages data with metadata, versions, and schemas to ensure reproducibility and catch errors early. It aims to bring software engineering principles like testing to data management to facilitate collaboration and catch problems before running expensive pipelines.
PRIVACY PRESERVING DATA MINING BASED ON VECTOR QUANTIZATION
Huge Volumes of detailed personal data is continuously collected and analyzed by different types of
applications using data mining, analysing such data is beneficial to the application users. It is an important
asset to application users like business organizations, governments for taking effective decisions. But
analysing such data opens treats to privacy if not done properly. This work aims to reveal the information
by protecting sensitive data. Various methods including Randomization, k-anonymity and data hiding have
been suggested for the same. In this work, a novel technique is suggested that makes use of LBG design
algorithm to preserve the privacy of data along with compression of data. Quantization will be performed
on training data it will produce transformed data set. It provides individual privacy while allowing
extraction of useful knowledge from data, Hence privacy is preserved. Distortion measures are used to
analyze the accuracy of transformed data.
Active Data: Managing Data-Life Cycle on Heterogeneous Systems and Infrastruc...
Active Data : Managing Data-Life Cycle on Heterogeneous Systems and Infrastructures
The Big Data challenge consists in managing, storing, analyzing and visualizing these huge and ever growing data sets to extract sense and knowledge. As the volume of data grows exponentially, the management of these data becomes more complex in proportion.
A key point is to handle the complexity of the 'Data Life Cycle', i.e. the various operations performed on data: transfer, archiving, replication, deletion, etc. Indeed, data-intensive applications span over a large variety of devices and e-infrastructures which implies that many systems are involved in data management and processing.
''Active Data'' is new approach to automate and improve the expressiveness of data management applications. It consists of
* a 'formal model' for Data Life Cycle, based on Petri Net, that allows to describe and expose data life cycle across heterogeneous systems and infrastructures.
* a 'programming model' allows code execution at each stage of the data life cycle: routines provided by programmers are executed when a set of events (creation, replication, transfer, deletion) happen to any data.
EGit 3.0 and beyond
The document summarizes new features and improvements in recent versions of EGit, the Eclipse Git integration plugin. Key updates include performance improvements and recursive merging in 3.0, a staging view and usability enhancements in 3.1, and wizards for pushing branches and interactive rebasing in 3.2. It also discusses using JGit for faster Git operations and serving repositories, as well as upcoming planned features like merge drivers.
Questions On The Code And Core Module
The document proposes an IT infrastructure for Shiv LLC, a company with locations in Los Angeles, Dallas, and Houston. It recommends implementing an Active Directory domain to enable communication and file sharing across the three locations. A centralized file server would store common files and applications. Each location would have its own local area network, connected to the other sites and to the internet via VPN. Firewalls, antivirus software, and regular backups would help secure the network and protect company data. The design allows for future growth and expansion as the company scales up.
Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)
The document discusses using threat models and Wardley maps as a case study for the Glasswall Proxy product. It introduces the Glasswall workflow and architecture, then shifts to discussing threat models and improving an initial threat model diagram. The document suggests threat models are works of art and moves the example threat model to the PlantUML diagramming language. It explores if threat models are maps, refers to Simon Wardley's definition of maps, and how mapping can help decide what to build, buy, or outsource based on maturity and risk.
Glasswall - Safety and Integrity Through Trusted Files
The document discusses cybersecurity threats facing organizations and how traditional antivirus solutions are often unable to stop advanced malware. It introduces Glasswall's Content Disarm and Reconstruction (CDR) technology, which regenerates files to remove risks like malware while preserving file contents. CDR analyzes files at the visual, functional, and structural layers to sanitize them according to policy. This allows Glasswall to stay ahead of evolving threats unlike antivirus solutions.
Glasswall - How to Prevent, Detect and React to Ransomware incidents
The document provides guidance on how to prevent, detect, and react to ransomware incidents. For detection, it recommends techniques to gain advantage over malicious behavior during an attack, including reducing the blast radius through network segmentation, blocking propagation and detonation with endpoint protection, reducing payloads activated through user education, and preparing and rehearsing response with incident response playbooks. It also stresses the importance of incident response, situational awareness, and using incidents to improve security capabilities.
Recommended
Manage Data Like Code (sf analytics meetup) (1)
Quilt is a tool for managing data like code by enabling versioning, packaging, and testing of datasets. It addresses common problems with data pipelines such as inconsistent data, schema mismatches, and missing data. Quilt packages data with metadata, versions, and schemas to ensure reproducibility and catch errors early. It aims to bring software engineering principles like testing to data management to facilitate collaboration and catch problems before running expensive pipelines.
PRIVACY PRESERVING DATA MINING BASED ON VECTOR QUANTIZATION
Huge Volumes of detailed personal data is continuously collected and analyzed by different types of
applications using data mining, analysing such data is beneficial to the application users. It is an important
asset to application users like business organizations, governments for taking effective decisions. But
analysing such data opens treats to privacy if not done properly. This work aims to reveal the information
by protecting sensitive data. Various methods including Randomization, k-anonymity and data hiding have
been suggested for the same. In this work, a novel technique is suggested that makes use of LBG design
algorithm to preserve the privacy of data along with compression of data. Quantization will be performed
on training data it will produce transformed data set. It provides individual privacy while allowing
extraction of useful knowledge from data, Hence privacy is preserved. Distortion measures are used to
analyze the accuracy of transformed data.
Active Data: Managing Data-Life Cycle on Heterogeneous Systems and Infrastruc...
Active Data : Managing Data-Life Cycle on Heterogeneous Systems and Infrastructures
The Big Data challenge consists in managing, storing, analyzing and visualizing these huge and ever growing data sets to extract sense and knowledge. As the volume of data grows exponentially, the management of these data becomes more complex in proportion.
A key point is to handle the complexity of the 'Data Life Cycle', i.e. the various operations performed on data: transfer, archiving, replication, deletion, etc. Indeed, data-intensive applications span over a large variety of devices and e-infrastructures which implies that many systems are involved in data management and processing.
''Active Data'' is new approach to automate and improve the expressiveness of data management applications. It consists of
* a 'formal model' for Data Life Cycle, based on Petri Net, that allows to describe and expose data life cycle across heterogeneous systems and infrastructures.
* a 'programming model' allows code execution at each stage of the data life cycle: routines provided by programmers are executed when a set of events (creation, replication, transfer, deletion) happen to any data.
EGit 3.0 and beyond
The document summarizes new features and improvements in recent versions of EGit, the Eclipse Git integration plugin. Key updates include performance improvements and recursive merging in 3.0, a staging view and usability enhancements in 3.1, and wizards for pushing branches and interactive rebasing in 3.2. It also discusses using JGit for faster Git operations and serving repositories, as well as upcoming planned features like merge drivers.
Questions On The Code And Core Module
The document proposes an IT infrastructure for Shiv LLC, a company with locations in Los Angeles, Dallas, and Houston. It recommends implementing an Active Directory domain to enable communication and file sharing across the three locations. A centralized file server would store common files and applications. Each location would have its own local area network, connected to the other sites and to the internet via VPN. Firewalls, antivirus software, and regular backups would help secure the network and protect company data. The design allows for future growth and expansion as the company scales up.
Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)
The document discusses using threat models and Wardley maps as a case study for the Glasswall Proxy product. It introduces the Glasswall workflow and architecture, then shifts to discussing threat models and improving an initial threat model diagram. The document suggests threat models are works of art and moves the example threat model to the PlantUML diagramming language. It explores if threat models are maps, refers to Simon Wardley's definition of maps, and how mapping can help decide what to build, buy, or outsource based on maturity and risk.
Glasswall - Safety and Integrity Through Trusted Files
The document discusses cybersecurity threats facing organizations and how traditional antivirus solutions are often unable to stop advanced malware. It introduces Glasswall's Content Disarm and Reconstruction (CDR) technology, which regenerates files to remove risks like malware while preserving file contents. CDR analyzes files at the visual, functional, and structural layers to sanitize them according to policy. This allows Glasswall to stay ahead of evolving threats unlike antivirus solutions.
Glasswall - How to Prevent, Detect and React to Ransomware incidents
The document provides guidance on how to prevent, detect, and react to ransomware incidents. For detection, it recommends techniques to gain advantage over malicious behavior during an attack, including reducing the blast radius through network segmentation, blocking propagation and detonation with endpoint protection, reducing payloads activated through user education, and preparing and rehearsing response with incident response playbooks. It also stresses the importance of incident response, situational awareness, and using incidents to improve security capabilities.
The benefits of police and industry investigation - NPCC Conference
The document discusses the benefits of collaboration between police and industry on security issues. It notes that organizations with a history of attacks have more budget and focus on security, while those without see it as more of a marketing exercise. The key areas of security, automation, data science, and cloud services are mapped. Building relationships and sharing knowledge is emphasized over buying or outsourcing. Thinking in graphs, APIs, data science, and transparency are presented as important modern approaches to security.
Serverless Security Workflows - cyber talks - 19th nov 2019
The document discusses how serverless technologies can help security teams scale their operations through automated workflows. It advocates that security teams adopt serverless approaches to build workflows that are event-driven and leverage services like AWS Lambda, Azure Functions, and Google Cloud Functions. By taking a serverless approach, security activities like incident response, threat modeling, and risk analysis can be automated and scaled more easily. The document also discusses using technologies like Jira, Slack, property graphs and Jupyter notebooks to capture security data and build automated workflows and dashboards.
Modern security using graphs, automation and data science
Presented by Dinis cruz at https://www.inspiredbusinessmedia.com/event/ciso-conference-november-2019/
Using Wardley Maps to Understand Security's Landscape and Strategy
This document provides an overview of Wardley Maps, which are used to understand an organization's security landscape and strategy. It describes how to create Wardley Maps by starting with user needs, adding capabilities, and mapping evolution over time. Various examples are given of mapping security topics like threat landscapes, compliance, and cyber attacks. Community resources for collaborating and learning more about Wardley Mapping are also provided.
Dinis Cruz (CV) - CISO and Transformation Agent v1.2
Here is my CV (this format is much easier to consume than documents)
You can reach me on LinkedIn (https://www.linkedin.com/in/diniscruz/) , twitter (https://twitter.com/diniscruz) or email (dinis.cruz@owasp.org)
Created on 30 Oct 2019
Making fact based decisions and 4 board decisions (Oct 2019)
The document discusses using data science and visualization techniques to connect security data sources and policies to risks and vulnerabilities in a graph database. This allows creating fact-based security decisions and risk dashboards. Workflows can then automate security incident handling and scale the approach. The approach aims to prevent crises rather than just incidents and make organizations safe rather than just secure.
CISO Application presentation - Babylon health security
This is the presentation that I created while applying for the CISO position at Babylon Health (note that I ended up taking up the CISO role at Revolut)
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
OSBot is a security bot that can help automate security tasks and decisions using data. It can generate graphs of data from tools like Jira to help understand security issues and their relationships. It uses a serverless architecture with components like Jira, Elastic, Slack, and Jupyter notebooks. The bot can create schemas to map real world data, generate workflows, and link together related information like policies, vulnerabilities, and risks for context-specific security projects. This allows for fact-based security decisions and global dashboards. Presentations and the code for OSBot are available to learn more.
GSBot Commands (Slack Bot used to access Jira data)
Here is an introduction to the Slack Bot we created at Photobox Group Security
This bot is based on the OWASP Security Bot project (https://github.com/owasp-sbot)
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
NOTE: See https://www.slideshare.net/DinisCruz/dinis-cruz-cv-ciso-and-transformation-agent-v12 for the latest version of my CV
Presentation with CV for Dinis Cruz
Created on 12 aug 2019
Jira schemas - Open Security Summit (Working Session 21th May 2019)
The document discusses using Jira to map an organization's security landscape. It describes how Photobox has created issue types and links in Jira to represent different security program elements. Examples are provided of how issues, projects, risks, roles, assets, services, and people can be linked to build the security framework in Jira.
Template for "Sharing anonymised risk theme dashboards v0.8"
This document discusses sharing anonymized risk dashboards to visualize an organization's risk posture. It prompts the reader to anonymously share a risk dashboard for a past or current business by listing risk themes in six risk areas and scoring each area's risk level. Dashboards allow risk landscapes to be easily communicated over time and help understand the risk impact of decisions. The reader is instructed to anonymously provide industry, business size, revenue, and security team size details to populate an example dashboard.
Owasp and summits (may 2019)
The document discusses the OWASP Open Security Summits, which are conferences that have been held since 2008. They provide a place for OWASP leaders to meet, collaborate, and build relationships. The summits feature working sessions on security topics and have resulted in the incubation of future OWASP leaders. In 2018, the name was changed to the Open Security Summit. The document requests that OWASP sponsor attendance at the 2019 summit by buying tickets for OWASP leaders, as they have done in previous years.
Creating a graph based security organisation - Apr 2019 (OWASP London chapter...
This document discusses creating a graph-based security organization. It outlines security's objectives like allowing business operations while managing risk. Security is a driver of change and sits at the center of organizational data. The only effective way to manage and understand this relational data is as a graph. The presenter's organization refactored their risk workflow and JIRA implementation to represent data as a graph stored in a queryable database. They use tools like ELK, Slack bots, and plantUML diagrams to visualize and interact with the security graph. This empower's data-driven security decisions and risk management. The presenter provides examples of risk dashboards and encourages collaboration to further develop these graph-based approaches.
Open security summit 2019 owasp london 25th feb
The document advertises the Open Security Summit 2019 conference happening in London from June 3-7. It will bring together security experts, developers, users, government agencies and vendors to collaborate on solving hard security problems. Participants will have the opportunity to engage in working sessions from 8am to 2am focused on 12 tracks, including outcomes from last year's summit. Individuals can purchase tickets, seek sponsorship, or have their company sponsor the event. The goal is to create a collaborative environment for maximum productivity and synergies between attendees.
Owasp summit 2019 - OWASP London 25th feb
This document does not contain any substantive content to summarize. It appears to be blank or contain only formatting characters with no meaningful text. In 3 sentences or less, a summary cannot be provided as there is no information within the given document to summarize.
Evolving challenges for modern enterprise architectures in the age of APIs
As presented at https://www.prnewswire.com/news-releases/forum-systems-and-infosecurity-magazine-to-host-api-security-best-practices-briefing-and-ai-workshop-300709787.html on 20 Sep 2018
How to not fail at security data analytics (by CxOSidekick)
1. The document discusses the challenges of obtaining security-related data from different sources and transporting it to a central platform for analysis. It addresses questions about data volume, collection methods, filtering and formatting.
2. Setting up a security data pipeline involves determining what data to collect from various host systems, networks, and applications. Data must then be forwarded from collectors to a central platform while managing bandwidth, latency, and failures.
3. Collecting the right security-related data is vital for detecting threats and being able to investigate incidents. The document argues for collecting most available data by default and filtering out exceptions, rather than only collecting predefined types of data.
Thinking in graphs v1.0
This document discusses how graphs can be used as a framework for problem solving and provides examples of how many different domains can be modeled as graphs, including security threat models, ideas, source code, Git repositories, the web, and Jira workflows. It also discusses how the speaker's company uses Neo4j and Jira as graph databases to model security projects and incidents.
Open Security Summit - April 2018
The document announces the Open Security Summit 2018 to be held in London from June 4th to 8th. It will follow the 2017 edition of the summit and focus on collaboration around open security at a rate of 16 times per day for 5 days. The summit website is https://open-security-summit.org.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
Session 1 - Intro to Robotic Process Automation.pdf
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
More Related Content
More from Dinis Cruz
The benefits of police and industry investigation - NPCC Conference
The document discusses the benefits of collaboration between police and industry on security issues. It notes that organizations with a history of attacks have more budget and focus on security, while those without see it as more of a marketing exercise. The key areas of security, automation, data science, and cloud services are mapped. Building relationships and sharing knowledge is emphasized over buying or outsourcing. Thinking in graphs, APIs, data science, and transparency are presented as important modern approaches to security.
Serverless Security Workflows - cyber talks - 19th nov 2019
The document discusses how serverless technologies can help security teams scale their operations through automated workflows. It advocates that security teams adopt serverless approaches to build workflows that are event-driven and leverage services like AWS Lambda, Azure Functions, and Google Cloud Functions. By taking a serverless approach, security activities like incident response, threat modeling, and risk analysis can be automated and scaled more easily. The document also discusses using technologies like Jira, Slack, property graphs and Jupyter notebooks to capture security data and build automated workflows and dashboards.
Modern security using graphs, automation and data science
Presented by Dinis cruz at https://www.inspiredbusinessmedia.com/event/ciso-conference-november-2019/
Using Wardley Maps to Understand Security's Landscape and Strategy
This document provides an overview of Wardley Maps, which are used to understand an organization's security landscape and strategy. It describes how to create Wardley Maps by starting with user needs, adding capabilities, and mapping evolution over time. Various examples are given of mapping security topics like threat landscapes, compliance, and cyber attacks. Community resources for collaborating and learning more about Wardley Mapping are also provided.
Dinis Cruz (CV) - CISO and Transformation Agent v1.2
Here is my CV (this format is much easier to consume than documents)
You can reach me on LinkedIn (https://www.linkedin.com/in/diniscruz/) , twitter (https://twitter.com/diniscruz) or email (dinis.cruz@owasp.org)
Created on 30 Oct 2019
Making fact based decisions and 4 board decisions (Oct 2019)
The document discusses using data science and visualization techniques to connect security data sources and policies to risks and vulnerabilities in a graph database. This allows creating fact-based security decisions and risk dashboards. Workflows can then automate security incident handling and scale the approach. The approach aims to prevent crises rather than just incidents and make organizations safe rather than just secure.
CISO Application presentation - Babylon health security
This is the presentation that I created while applying for the CISO position at Babylon Health (note that I ended up taking up the CISO role at Revolut)
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
OSBot is a security bot that can help automate security tasks and decisions using data. It can generate graphs of data from tools like Jira to help understand security issues and their relationships. It uses a serverless architecture with components like Jira, Elastic, Slack, and Jupyter notebooks. The bot can create schemas to map real world data, generate workflows, and link together related information like policies, vulnerabilities, and risks for context-specific security projects. This allows for fact-based security decisions and global dashboards. Presentations and the code for OSBot are available to learn more.
GSBot Commands (Slack Bot used to access Jira data)
Here is an introduction to the Slack Bot we created at Photobox Group Security
This bot is based on the OWASP Security Bot project (https://github.com/owasp-sbot)
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
NOTE: See https://www.slideshare.net/DinisCruz/dinis-cruz-cv-ciso-and-transformation-agent-v12 for the latest version of my CV
Presentation with CV for Dinis Cruz
Created on 12 aug 2019
Jira schemas - Open Security Summit (Working Session 21th May 2019)
The document discusses using Jira to map an organization's security landscape. It describes how Photobox has created issue types and links in Jira to represent different security program elements. Examples are provided of how issues, projects, risks, roles, assets, services, and people can be linked to build the security framework in Jira.
Template for "Sharing anonymised risk theme dashboards v0.8"
This document discusses sharing anonymized risk dashboards to visualize an organization's risk posture. It prompts the reader to anonymously share a risk dashboard for a past or current business by listing risk themes in six risk areas and scoring each area's risk level. Dashboards allow risk landscapes to be easily communicated over time and help understand the risk impact of decisions. The reader is instructed to anonymously provide industry, business size, revenue, and security team size details to populate an example dashboard.
Owasp and summits (may 2019)
The document discusses the OWASP Open Security Summits, which are conferences that have been held since 2008. They provide a place for OWASP leaders to meet, collaborate, and build relationships. The summits feature working sessions on security topics and have resulted in the incubation of future OWASP leaders. In 2018, the name was changed to the Open Security Summit. The document requests that OWASP sponsor attendance at the 2019 summit by buying tickets for OWASP leaders, as they have done in previous years.
Creating a graph based security organisation - Apr 2019 (OWASP London chapter...
This document discusses creating a graph-based security organization. It outlines security's objectives like allowing business operations while managing risk. Security is a driver of change and sits at the center of organizational data. The only effective way to manage and understand this relational data is as a graph. The presenter's organization refactored their risk workflow and JIRA implementation to represent data as a graph stored in a queryable database. They use tools like ELK, Slack bots, and plantUML diagrams to visualize and interact with the security graph. This empower's data-driven security decisions and risk management. The presenter provides examples of risk dashboards and encourages collaboration to further develop these graph-based approaches.
Open security summit 2019 owasp london 25th feb
The document advertises the Open Security Summit 2019 conference happening in London from June 3-7. It will bring together security experts, developers, users, government agencies and vendors to collaborate on solving hard security problems. Participants will have the opportunity to engage in working sessions from 8am to 2am focused on 12 tracks, including outcomes from last year's summit. Individuals can purchase tickets, seek sponsorship, or have their company sponsor the event. The goal is to create a collaborative environment for maximum productivity and synergies between attendees.
Owasp summit 2019 - OWASP London 25th feb
This document does not contain any substantive content to summarize. It appears to be blank or contain only formatting characters with no meaningful text. In 3 sentences or less, a summary cannot be provided as there is no information within the given document to summarize.
Evolving challenges for modern enterprise architectures in the age of APIs
As presented at https://www.prnewswire.com/news-releases/forum-systems-and-infosecurity-magazine-to-host-api-security-best-practices-briefing-and-ai-workshop-300709787.html on 20 Sep 2018
How to not fail at security data analytics (by CxOSidekick)
1. The document discusses the challenges of obtaining security-related data from different sources and transporting it to a central platform for analysis. It addresses questions about data volume, collection methods, filtering and formatting.
2. Setting up a security data pipeline involves determining what data to collect from various host systems, networks, and applications. Data must then be forwarded from collectors to a central platform while managing bandwidth, latency, and failures.
3. Collecting the right security-related data is vital for detecting threats and being able to investigate incidents. The document argues for collecting most available data by default and filtering out exceptions, rather than only collecting predefined types of data.
Thinking in graphs v1.0
This document discusses how graphs can be used as a framework for problem solving and provides examples of how many different domains can be modeled as graphs, including security threat models, ideas, source code, Git repositories, the web, and Jira workflows. It also discusses how the speaker's company uses Neo4j and Jira as graph databases to model security projects and incidents.
Open Security Summit - April 2018
The document announces the Open Security Summit 2018 to be held in London from June 4th to 8th. It will follow the 2017 edition of the summit and focus on collaboration around open security at a rate of 16 times per day for 5 days. The summit website is https://open-security-summit.org.
More from Dinis Cruz (20)
The benefits of police and industry investigation - NPCC Conference
The benefits of police and industry investigation - NPCC Conference
Serverless Security Workflows - cyber talks - 19th nov 2019
Serverless Security Workflows - cyber talks - 19th nov 2019
Modern security using graphs, automation and data science
Modern security using graphs, automation and data science
Using Wardley Maps to Understand Security's Landscape and Strategy
Using Wardley Maps to Understand Security's Landscape and Strategy
Dinis Cruz (CV) - CISO and Transformation Agent v1.2
Dinis Cruz (CV) - CISO and Transformation Agent v1.2
Making fact based decisions and 4 board decisions (Oct 2019)
Making fact based decisions and 4 board decisions (Oct 2019)
CISO Application presentation - Babylon health security
CISO Application presentation - Babylon health security
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
GSBot Commands (Slack Bot used to access Jira data)
GSBot Commands (Slack Bot used to access Jira data)
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
Jira schemas - Open Security Summit (Working Session 21th May 2019)
Jira schemas - Open Security Summit (Working Session 21th May 2019)
Template for "Sharing anonymised risk theme dashboards v0.8"
Template for "Sharing anonymised risk theme dashboards v0.8"
Creating a graph based security organisation - Apr 2019 (OWASP London chapter...
Creating a graph based security organisation - Apr 2019 (OWASP London chapter...
Evolving challenges for modern enterprise architectures in the age of APIs
Evolving challenges for modern enterprise architectures in the age of APIs
How to not fail at security data analytics (by CxOSidekick)
How to not fail at security data analytics (by CxOSidekick)
Recently uploaded
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
Session 1 - Intro to Robotic Process Automation.pdf
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
Essentials of Automations: Exploring Attributes & Automation Parameters
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
The Microsoft 365 Migration Tutorial For Beginner.pptx
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Northern Engraving | Nameplate Manufacturing Process - 2024
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More - https://bit.ly/3VKly70
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
This is a session that details how PostgreSQL's features and Azure AI Services can be effectively used to significantly enhance the search functionality in any application.
In this session, we'll share insights on how we used PostgreSQL to facilitate precise searches across multiple fields in our mobile application. The techniques include using LIKE and ILIKE operators and integrating a trigram-based search to handle potential misspellings, thereby increasing the search accuracy.
We'll also discuss how the azure_ai extension on PostgreSQL databases in Azure and Azure AI Services were utilized to create vectors from user input, a feature beneficial when users wish to find specific items based on text prompts. While our application's case study involves a drug search, the techniques and principles shared in this session can be adapted to improve search functionality in a wide range of applications. Join us to learn how PostgreSQL and Azure AI can be harnessed to enhance your application's search capability.
Day 2 - Intro to UiPath Studio Fundamentals
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
ScyllaDB monitoring provides a lot of useful information. But sometimes it’s not easy to find the root of the problem if something is wrong or even estimate the remaining capacity by the load on the cluster. This talk shares our team's practical tips on: 1) How to find the root of the problem by metrics if ScyllaDB is slow 2) How to interpret the load and plan capacity for the future 3) Compaction strategies and how to choose the right one 4) Important metrics which aren’t available in the default monitoring setup.
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Dmitrii Kamaev, PhD
Senior Product Owner - QIAGEN
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
Discover the Unseen: Tailored Recommendation of Unwatched Content
The session shares how JioCinema approaches ""watch discounting."" This capability ensures that if a user watched a certain amount of a show/movie, the platform no longer recommends that particular content to the user. Flawless operation of this feature promotes the discover of new content, improving the overall user experience.
JioCinema is an Indian over-the-top media streaming service owned by Viacom18.
Principle of conventional tomography-Bibash Shahi ppt..pptx
before the computed tomography, it had been widely used.
Leveraging the Graph for Clinical Trials and Standards
Katja Glaß
OpenStudyBuilder Community Manager - Katja Glaß Consulting
Marius Conjeaud
Principal Consultant - Neo4j
What is an RPA CoE? Session 1 – CoE Vision
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
GNSS spoofing via SDR (Criptored Talks 2024)
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Recently uploaded (20)
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
OSBot - Data transformation workflow (from GSheet to Jupyter)
- 1. Data Transformation Workflow (from gsheet to jupyter) July 2019, @DinisCruz OSBOT (OWASP Security Bot)
- 3. Jupyter Lab Dev Environment
- 4. Step 1 Loading Data from GSheet
- 6. Viewing Data in Slack
- 7. Viewing data in Jupyter Pandas DataFrame Jupyter QGrid
- 8. All code and data is auto-saved in Git
- 10. Explaining what we are doing in an Jupyter Notebook
- 12. Starting refactoring code into methods
- 13. Get 3 datasets as separate DataFrames
- 14. Helper function to transform raw data into objects
- 15. Refactored code that extracts data into 3 DataFrames
- 16. 3 DataFrames with data
- 18. Example 1 - Merge 3 datasets All fields from all 3 data sets (in this case there was only one exact match on email)
- 19. Example 2 - Merging data loses user with different email When Merging DF_1 with DF_3 we lose `Alan Lee` due to different email
- 20. Example 3 - Fixing data before merge (version 1)
- 21. Lost user due to bad data in Name Lost `Bruno Lyon` User Because `Name` value is wrong
- 22. Example 4 - Fixing data before merge (version 2) The merge of the two DataFrames now successfully finds all 4 users (including Alan who has two emails) By using email to find the first and last names values