Each time a new feature is added to a product, developers need to consider the security risk implications, find ways to securely implement the function, and develop tests to confirm that the risk is gone or significantly lowered. Laurie Williams shares a Wideband Delphi practice called Protection Poker she's employed as a collaborative, interactive, and informal agile structure for "misuse case" development and threat modeling. Laurie shares the case study results of a software development team at RedHat that used Protection Poker to identify security risks, find ways to mitigate those risks, and increase security knowledge throughout the team. In this session, Laurie leads an interactive Protection Poker exercise in which you and other participants analyze the security risk of sample new features and learn to collaboratively think like an attacker. Participants will discuss implementation and testing strategies for the sample features to discover first hand the opportunities and challenges a security focus brings to development.
Dr Murari Mandal from NUS presented as part of 3 days OpenPOWER Industry summit about Robustness in Deep learning where he talked about AI Breakthroughs , Performance improments in AI models , Adversarial attacks , Attacks on semantic segmentation , Attacs on object detector , Defending Against adversarial attacks and many other areas.
This is an AI based project which bagged me “Best innovative project” where I built an expert system using JESS (Java expert system shell) , python and embedded it on to Raspberry pi. I used rain, soil moisture sensor to detect precipitation and servo motors to close or open windows. This project was inspired by 2015 IEEE paper “Design and implementation of rule-based uncertainty reasoning in Smart House” which gave me the idea to predict precipitation using Bayesian Network even when one of the sensors fail.
Application of Expert Systems inSystem Analysis & Designfaiza nahin
Design is a field in which a large part of the processes involved is knowledge-based rather than computation-based. Much of this knowledge is experiential and as such lends itself to be encapsulated in an expert system. An analogy is made between analysis and interpretation and between evaluation and comparison of interpretations. Three examples of expert systems carrying out design analysis and evaluation in different domains are described. It is argued that a graphical interface and a model of the elements within the domain are essential parts of any design system.
Dr Murari Mandal from NUS presented as part of 3 days OpenPOWER Industry summit about Robustness in Deep learning where he talked about AI Breakthroughs , Performance improments in AI models , Adversarial attacks , Attacks on semantic segmentation , Attacs on object detector , Defending Against adversarial attacks and many other areas.
This is an AI based project which bagged me “Best innovative project” where I built an expert system using JESS (Java expert system shell) , python and embedded it on to Raspberry pi. I used rain, soil moisture sensor to detect precipitation and servo motors to close or open windows. This project was inspired by 2015 IEEE paper “Design and implementation of rule-based uncertainty reasoning in Smart House” which gave me the idea to predict precipitation using Bayesian Network even when one of the sensors fail.
Application of Expert Systems inSystem Analysis & Designfaiza nahin
Design is a field in which a large part of the processes involved is knowledge-based rather than computation-based. Much of this knowledge is experiential and as such lends itself to be encapsulated in an expert system. An analogy is made between analysis and interpretation and between evaluation and comparison of interpretations. Three examples of expert systems carrying out design analysis and evaluation in different domains are described. It is argued that a graphical interface and a model of the elements within the domain are essential parts of any design system.
An overview of how to structure a threat based assessment of risk that is relevant to the business and which clearly ties risk mitigation to the threats being mitigated in a way that business leaders can easily understand.
Organizations are collecting massive amounts of data from disparate sources. However, they continuously face the challenge of identifying patterns, detecting anomalies, and projecting future trends based on large data sets. Machine learning for anomaly detection provides a promising alternative for the detection and classification of anomalies.
Find out how you can implement machine learning to increase speed and effectiveness in identifying and reporting anomalies.
In this webinar, we will discuss :
How machine learning can help in identifying anomalies
Steps to approach an anomaly detection problem
Various techniques available for anomaly detection
Best algorithms that fit in different situations
Implementing an anomaly detection use case on the StreamAnalytix platform
To view the webinar - https://bit.ly/2IV2ahC
Designing Your Team and Organization for InnovationTechWell
If innovation is not part of your team or organizational DNA, your company risks falling behind its competitors, losing market share, and demoralizing your best talent. And yet, you cannot create an innovative organization by simply saying “Be innovative” or adding it to the company values statement. Innovation requires a solid understanding of what motivates people and a deep examination of organizational structure, culture, and leadership styles—such as top-down project control or directive leadership—that may be barriers to innovation. Jim Elvidge explores a path to changing such an environment by improving team empowerment and creating an environment where it is safe to fail. Leaders championing this approach of “environment design” present people with a wider range of learning experiences, resulting in increased responsiveness to change, unleashed creativity, and greater job satisfaction. Learn how to use thinking and analysis tools—including double-loop learning and current reality trees—to find and remove your impediments to innovation.
Who is responsible for testing on agile teams? The answer is “Everybody”—and yet this is rarely the case. Often the testers write their test cases in isolation and execute them after development is finished. Developers write their code without talking to the testers except to understand how to reproduce the latest discovered defect. Product owners elaborate requirements in isolation and then hand them off to the team only to check back at the end of the sprint. Business analysts spend their time working on documents that have questionable usefulness. Join Cheezy Morgan as he paints a different picture. With the help of volunteers from the audience performing skits, Cheezy demonstrates practices that not only foster collaboration among all team members but also dramatically improve quality. These practices help teams achieve a better flow resulting in a more streamlined development effort. This new picture is a picture of teamwork and quality assurance.
Agile Success with Scrum: It’s All about the PeopleTechWell
Is it possible to be doing everything Scrum says to do and still fail horribly? Unfortunately, the answer is yes—and teams do it every day. To many, Scrum means concentrating on the meetings and artifacts, and making sure the roles all do their jobs. Bob Hartman and Michael Vizdos explore why success with Scrum means understanding the people who do the work and giving them the tools and environment to do their best in a meaningful way. Drawing from their experiences as agile coaches and Certified Scrum Trainers, Bob and Michael help you better understand and practice the people side of Scrum. They explain ways that the Agile Manifesto interlocks with the five key Scrum people values—commitment, focus, openness, respect, and courage—and relates those values to lean software development principles. By focusing on the people side of Scrum and the lean principles they share, you can transform your Scrum teams into the best they can be.
Design for Testability: A Tutorial for Devs and TestersTechWell
Testability is the degree to which a system can be effectively and efficiently tested. This key software attribute indicates whether testing (and subsequent maintenance) will be easy and cheap—or difficult and expensive. In the worst case, a lack of testability means that some components of the system cannot be tested at all. Testability is not free; it must be explicitly designed into the system through adequate design for testability. Peter Zimmerer describes influencing factors (controllability, visibility, operability, stability, simplicity) and constraints (conflicting nonfunctional requirements, legacy code), and shares his experiences implementing and testing highly-testable software. Peter offers practical guidance on the key actions: (1) designing well-defined control and observation points in the architecture, and (2) specifying testability needs for test automation early. He shares creative and innovative approaches to overcome failures caused by deficiencies in testability. Peter presents a new, comprehensive strategy for testability design that can be implemented to gain the benefits in a cost-efficient manner.
Test Managers: How You Can Really Make a DifferenceTechWell
When leading a test team or working in an agile team, becoming a trusted advisor to other stakeholders is paramount. This requires three key skills: earning trust, giving advice, and building relationships. Join Julie Gardiner as she explores each of these skills, describing why and how a trusted advisor develops different “mindsets.” Julie shares a framework of “quick-wins” for test managers and team leaders who need to show the value of testing on projects. To help provide timely, relevant information to stakeholders, she shares seven powerful monitoring and predicting techniques. Julie demonstrates three objective measures showing how testing adds value to organizations. To make sure that everyone is on the same page, Julie urges managers to establish a foundation for testing through well-defined policy statements, agreed to and sanctioned by senior management. Receive a set of spreadsheets and utilities to support your activities as a test manager who really makes a difference.
Software Metrics: Taking the Guesswork Out of Software ProjectsTechWell
Why bother with measurement and metrics? If you never use the data you collect, this is a valid question—and the answer is “Don’t bother, it’s a waste of time.” In that case, you’ll manage with opinions, personalities, and guesses—or even worse, misconceptions and misunderstandings. Based on his more than forty years of software and systems development experience, Ed Weller describes reasons for measurement, key measures in both traditional and agile environments, decisions enabled by measurement, and lessons learned from successful—and not so successful—measurement programs. Find out how to develop and maintain consistent data and valid measures so you can estimate reliably, deliver products with known quality, and have happy users and customers—the ultimate trailing indicator. Learn to manage projects dynamically with the support of current metrics and data from past projects to guide your management planning and control. Join Ed to explore how to invest in measurements that provide leading indicators to help you meet your company and customer goals.
The Google Hacking Database: A Key Resource to Exposing VulnerabilitiesTechWell
We all know the power of Google—or do we? Two types of people use Google: normal users like you and me, and the not-so-normal users—the hackers. What types of information can hackers collect from Google? How severe is the damage they can cause? Is there a way to circumvent this hacking? As a security tester, Kiran Karnad uses the GHDB (Google Hacking Database) to ensure their product will not be the next target for hackers. Kiran describes how to effectively use Google the way hackers do, using advanced operators, locating exploits and finding targets, network mapping, finding user names and passwords, and other secret stuff. Kiran provides a recipe of five simple security searches that work. Learn how to automate the Google Hacking Database using Python so security tests can be incorporated as a part of the SDLC for the next product you develop.
Agile and CMMI: Yes, They Can Work TogetherTechWell
There is a common misconception that agile and CMMI cannot work together. CMMI is viewed as a documentation heavy, slow, process-driven model—the polar opposite of agile principles. The cost of documentation for an appraisal is viewed as another drawback. Join Ed Weller to see why a large organization chose to use the practices in the CMMI to complement agile, and a formal appraisal to improve and evaluate their performance. When mixing approaches that seem contradictory, the first step is to understand the benefits, drawbacks, and cost of each approach and then identify complementary additions. This includes myth busting the misperceptions about both agile and CMMI. The second step, using a formal CMMI appraisal to evaluate organizational performance, requires an understanding of the CMMI model that goes beyond a “checklist approach” requiring extensive documentation. Using lean principles, the appraisal team minimized “appraisal documentation” by using the day-to-day team output. Ed shows that agile and CMMI can be complementary due to executive leadership, lean implementation, and organization training, as demonstrated by a formal appraisal and business results.
Agile Program Management: Networks, Not HierarchiesTechWell
When you think of program management, do you think of big lumbering organizational beasts that add little value, and people demanding “When will you be done?” or “Can we add this feature before the desired release date?” Agile program management encourages small-world networks of collaborative teams that can solve problems and deliver features fast. That requires the entire program be agile and lean—using small batch sizes, integrating continuously, having short iterations, and tracking cycle time so you can coordinate across the organization. Johanna Rothman describes ways to create small-world networks that help your project teams release together and on time. With communities of practice as formal networks you enable people to master their craft or facilitate links to other project teams, allowing people to build their autonomy while collaborating. As a program manager or as a participant in a large program, you have many options—once you start thinking of agile program management as a network.
Agile Redefines Global Economics: What Recent Data RevealsTechWell
Kent Beck, inventor of eXtreme Programming, defined agile success as delivering more useful functionality with fewer defects. Against that definition, early research revealed mixed success. Many organizations did not know how to measure and thus could not have “fact-based” conversations about productivity and cost. Some teams achieved faster delivery, but quality did not improve. Others found both. What factors made the difference? New benchmark analysis by QSM Associates reveals the latest productivity, time-to-market, quality, and cost patterns. As a result, we may be seeing a major shift in software economics made possible by the promises of agile. Michael Mah shares this latest research in the QSM SLIM industry database, which contains more than 10,000 completed projects—waterfall, agile, offshore, onshore—collected worldwide. Michael offers consulting tricks to accelerate your success. Learn how to derive your own measurements to inform your executive teams, quantify your successes, or spotlight areas that need help.
Influence Strategies for Software ProfessionalsTechWell
You’ve tried and tried to convince people of your position. You’ve laid out your logical arguments on impressive PowerPoint slides—but you are still not able to sway them. Cognitive scientists understand that the approach you are taking is rarely successful. Often you must speak to others’ subconscious motivators rather than their rational, analytic side. Linda Rising shares influence strategies that you can use to more effectively convince others to see things your way. These strategies take advantage of a number of hardwired traits: liking—we like people who are like us; reciprocity—we repay in kind; social proof—we follow the lead of others similar to us; consistency—we align ourselves with our previous commitments; authority—we defer to authority figures; and scarcity—we want more of something when there is less to be had. Join Linda to learn how to build on these traits as a way of bringing others to your side. Use this valuable toolkit in addition to the logical left-brain techniques on which we depend.
Tests and Requirements: Like Ham and Eggs, Sugar and Spice, Lucy and DesiTechWell
The practice of agile software development requires a clear understanding of business needs. Misunderstanding requirements causes waste, slipped schedules, and mistrust within the organization. Developers implement their perceived interpretation of requirements; testers test against their perceptions. Disagreement can arise about implementation defects, when the cause is really a disagreement about the requirement. Ken Pugh shows how acceptance tests decrease requirements misunderstandings by both developers and testers. A testable requirement provides a single source that serves as the analysis document, acceptance criteria, regression test suite, and progress tracker for any given feature. Explore the creation, evaluation, and use of testable requirements by the business and developers. Join Ken to examine how to transform requirements into stories, small units of work that have business value, small implementation effort, and easy-to-understand acceptance tests. Learn how testers and requirement elicitors can work together to create acceptance tests prior to implementation.
Governing Agile Teams: Disciplined Strategies to Increase Agile EffectivenessTechWell
Many organizations have successfully adopted agile on a subset of their projects, while, at the same time, struggled to do so across entire departments. A common challenge is the need to overhaul the IT governance strategy so that it will work with agile teams. This is a serious issue for governance bodies with little or no practical agile experience, particularly when experience shows that traditional governance strategies increase the risk of failure on agile projects. Scott Ambler introduces The Disciplined Agile Delivery framework for managing and monitoring enterprise agile teams. This framework goes beyond offering an IT governance strategy to provide advanced strategies such as development intelligence and the goal-question-metric measurement approach. Learn the do’s and don’ts of governing agile teams, how governance fits in and enhances the agile project lifecycle, how to measure agile teams, and most importantly, why teams should demand good governance.
Seven Keys to Navigating Your Agile Testing TransitionTechWell
So you’ve “gone agile” and have been relatively successful for a year or so. But how do you know how well you’re really doing? And how do you continuously improve your practices? And when things get rocky, how do you handle the challenges without reverting to old habits? You realize that the path to high-performance agile testing isn’t easy or quick. It also helps to have a guide. So consider this workshop your guide to ongoing, improved, and sustained high-performance. Join seasoned agile testing coach Bob Galen as he share lessons from his most successful agile testing transitions. You’ll explore actual team case studies for building team skills, embracing agile requirements, fostering customer interaction, building agile automation, driving business value, and testing at-scale stories of agile testing excellence. You’ll examine the mistakes, adjustments, and the successes—so you’ll learn how to react to real-world contexts. Leave with a better view of your team’s strengths, weaknesses, and where you need to focus to improve.
How to Jumpstart Enterprise Agile AdoptionTechWell
Want to get a jumpstart on agile adoption in your organization? Begin by leveraging a roadmap that Intuit has used for rolling out enterprise agile to its business units. While there is no single way to bring enterprise agile into your organization, Alan Padula describes a model that has worked repeatedly. The important first step is to create a vision of what full agile adoption looks like. Once a rich vision is created describing what people will be doing and how they will be doing it, create a roadmap, a time-sequenced plan with milestones. Each milestone has a description of everyone’s job responsibilities, the measurements to take along the way, the personal and business benefit, and the set of activities planned in order to achieve each succeeding milestone. Key transition activities include training, infrastructure, change leadership, planning, and governance. Join Alan for the jumpstart you need to successfully adopt agile in your organization.
An overview of how to structure a threat based assessment of risk that is relevant to the business and which clearly ties risk mitigation to the threats being mitigated in a way that business leaders can easily understand.
Organizations are collecting massive amounts of data from disparate sources. However, they continuously face the challenge of identifying patterns, detecting anomalies, and projecting future trends based on large data sets. Machine learning for anomaly detection provides a promising alternative for the detection and classification of anomalies.
Find out how you can implement machine learning to increase speed and effectiveness in identifying and reporting anomalies.
In this webinar, we will discuss :
How machine learning can help in identifying anomalies
Steps to approach an anomaly detection problem
Various techniques available for anomaly detection
Best algorithms that fit in different situations
Implementing an anomaly detection use case on the StreamAnalytix platform
To view the webinar - https://bit.ly/2IV2ahC
Designing Your Team and Organization for InnovationTechWell
If innovation is not part of your team or organizational DNA, your company risks falling behind its competitors, losing market share, and demoralizing your best talent. And yet, you cannot create an innovative organization by simply saying “Be innovative” or adding it to the company values statement. Innovation requires a solid understanding of what motivates people and a deep examination of organizational structure, culture, and leadership styles—such as top-down project control or directive leadership—that may be barriers to innovation. Jim Elvidge explores a path to changing such an environment by improving team empowerment and creating an environment where it is safe to fail. Leaders championing this approach of “environment design” present people with a wider range of learning experiences, resulting in increased responsiveness to change, unleashed creativity, and greater job satisfaction. Learn how to use thinking and analysis tools—including double-loop learning and current reality trees—to find and remove your impediments to innovation.
Who is responsible for testing on agile teams? The answer is “Everybody”—and yet this is rarely the case. Often the testers write their test cases in isolation and execute them after development is finished. Developers write their code without talking to the testers except to understand how to reproduce the latest discovered defect. Product owners elaborate requirements in isolation and then hand them off to the team only to check back at the end of the sprint. Business analysts spend their time working on documents that have questionable usefulness. Join Cheezy Morgan as he paints a different picture. With the help of volunteers from the audience performing skits, Cheezy demonstrates practices that not only foster collaboration among all team members but also dramatically improve quality. These practices help teams achieve a better flow resulting in a more streamlined development effort. This new picture is a picture of teamwork and quality assurance.
Agile Success with Scrum: It’s All about the PeopleTechWell
Is it possible to be doing everything Scrum says to do and still fail horribly? Unfortunately, the answer is yes—and teams do it every day. To many, Scrum means concentrating on the meetings and artifacts, and making sure the roles all do their jobs. Bob Hartman and Michael Vizdos explore why success with Scrum means understanding the people who do the work and giving them the tools and environment to do their best in a meaningful way. Drawing from their experiences as agile coaches and Certified Scrum Trainers, Bob and Michael help you better understand and practice the people side of Scrum. They explain ways that the Agile Manifesto interlocks with the five key Scrum people values—commitment, focus, openness, respect, and courage—and relates those values to lean software development principles. By focusing on the people side of Scrum and the lean principles they share, you can transform your Scrum teams into the best they can be.
Design for Testability: A Tutorial for Devs and TestersTechWell
Testability is the degree to which a system can be effectively and efficiently tested. This key software attribute indicates whether testing (and subsequent maintenance) will be easy and cheap—or difficult and expensive. In the worst case, a lack of testability means that some components of the system cannot be tested at all. Testability is not free; it must be explicitly designed into the system through adequate design for testability. Peter Zimmerer describes influencing factors (controllability, visibility, operability, stability, simplicity) and constraints (conflicting nonfunctional requirements, legacy code), and shares his experiences implementing and testing highly-testable software. Peter offers practical guidance on the key actions: (1) designing well-defined control and observation points in the architecture, and (2) specifying testability needs for test automation early. He shares creative and innovative approaches to overcome failures caused by deficiencies in testability. Peter presents a new, comprehensive strategy for testability design that can be implemented to gain the benefits in a cost-efficient manner.
Test Managers: How You Can Really Make a DifferenceTechWell
When leading a test team or working in an agile team, becoming a trusted advisor to other stakeholders is paramount. This requires three key skills: earning trust, giving advice, and building relationships. Join Julie Gardiner as she explores each of these skills, describing why and how a trusted advisor develops different “mindsets.” Julie shares a framework of “quick-wins” for test managers and team leaders who need to show the value of testing on projects. To help provide timely, relevant information to stakeholders, she shares seven powerful monitoring and predicting techniques. Julie demonstrates three objective measures showing how testing adds value to organizations. To make sure that everyone is on the same page, Julie urges managers to establish a foundation for testing through well-defined policy statements, agreed to and sanctioned by senior management. Receive a set of spreadsheets and utilities to support your activities as a test manager who really makes a difference.
Software Metrics: Taking the Guesswork Out of Software ProjectsTechWell
Why bother with measurement and metrics? If you never use the data you collect, this is a valid question—and the answer is “Don’t bother, it’s a waste of time.” In that case, you’ll manage with opinions, personalities, and guesses—or even worse, misconceptions and misunderstandings. Based on his more than forty years of software and systems development experience, Ed Weller describes reasons for measurement, key measures in both traditional and agile environments, decisions enabled by measurement, and lessons learned from successful—and not so successful—measurement programs. Find out how to develop and maintain consistent data and valid measures so you can estimate reliably, deliver products with known quality, and have happy users and customers—the ultimate trailing indicator. Learn to manage projects dynamically with the support of current metrics and data from past projects to guide your management planning and control. Join Ed to explore how to invest in measurements that provide leading indicators to help you meet your company and customer goals.
The Google Hacking Database: A Key Resource to Exposing VulnerabilitiesTechWell
We all know the power of Google—or do we? Two types of people use Google: normal users like you and me, and the not-so-normal users—the hackers. What types of information can hackers collect from Google? How severe is the damage they can cause? Is there a way to circumvent this hacking? As a security tester, Kiran Karnad uses the GHDB (Google Hacking Database) to ensure their product will not be the next target for hackers. Kiran describes how to effectively use Google the way hackers do, using advanced operators, locating exploits and finding targets, network mapping, finding user names and passwords, and other secret stuff. Kiran provides a recipe of five simple security searches that work. Learn how to automate the Google Hacking Database using Python so security tests can be incorporated as a part of the SDLC for the next product you develop.
Agile and CMMI: Yes, They Can Work TogetherTechWell
There is a common misconception that agile and CMMI cannot work together. CMMI is viewed as a documentation heavy, slow, process-driven model—the polar opposite of agile principles. The cost of documentation for an appraisal is viewed as another drawback. Join Ed Weller to see why a large organization chose to use the practices in the CMMI to complement agile, and a formal appraisal to improve and evaluate their performance. When mixing approaches that seem contradictory, the first step is to understand the benefits, drawbacks, and cost of each approach and then identify complementary additions. This includes myth busting the misperceptions about both agile and CMMI. The second step, using a formal CMMI appraisal to evaluate organizational performance, requires an understanding of the CMMI model that goes beyond a “checklist approach” requiring extensive documentation. Using lean principles, the appraisal team minimized “appraisal documentation” by using the day-to-day team output. Ed shows that agile and CMMI can be complementary due to executive leadership, lean implementation, and organization training, as demonstrated by a formal appraisal and business results.
Agile Program Management: Networks, Not HierarchiesTechWell
When you think of program management, do you think of big lumbering organizational beasts that add little value, and people demanding “When will you be done?” or “Can we add this feature before the desired release date?” Agile program management encourages small-world networks of collaborative teams that can solve problems and deliver features fast. That requires the entire program be agile and lean—using small batch sizes, integrating continuously, having short iterations, and tracking cycle time so you can coordinate across the organization. Johanna Rothman describes ways to create small-world networks that help your project teams release together and on time. With communities of practice as formal networks you enable people to master their craft or facilitate links to other project teams, allowing people to build their autonomy while collaborating. As a program manager or as a participant in a large program, you have many options—once you start thinking of agile program management as a network.
Agile Redefines Global Economics: What Recent Data RevealsTechWell
Kent Beck, inventor of eXtreme Programming, defined agile success as delivering more useful functionality with fewer defects. Against that definition, early research revealed mixed success. Many organizations did not know how to measure and thus could not have “fact-based” conversations about productivity and cost. Some teams achieved faster delivery, but quality did not improve. Others found both. What factors made the difference? New benchmark analysis by QSM Associates reveals the latest productivity, time-to-market, quality, and cost patterns. As a result, we may be seeing a major shift in software economics made possible by the promises of agile. Michael Mah shares this latest research in the QSM SLIM industry database, which contains more than 10,000 completed projects—waterfall, agile, offshore, onshore—collected worldwide. Michael offers consulting tricks to accelerate your success. Learn how to derive your own measurements to inform your executive teams, quantify your successes, or spotlight areas that need help.
Influence Strategies for Software ProfessionalsTechWell
You’ve tried and tried to convince people of your position. You’ve laid out your logical arguments on impressive PowerPoint slides—but you are still not able to sway them. Cognitive scientists understand that the approach you are taking is rarely successful. Often you must speak to others’ subconscious motivators rather than their rational, analytic side. Linda Rising shares influence strategies that you can use to more effectively convince others to see things your way. These strategies take advantage of a number of hardwired traits: liking—we like people who are like us; reciprocity—we repay in kind; social proof—we follow the lead of others similar to us; consistency—we align ourselves with our previous commitments; authority—we defer to authority figures; and scarcity—we want more of something when there is less to be had. Join Linda to learn how to build on these traits as a way of bringing others to your side. Use this valuable toolkit in addition to the logical left-brain techniques on which we depend.
Tests and Requirements: Like Ham and Eggs, Sugar and Spice, Lucy and DesiTechWell
The practice of agile software development requires a clear understanding of business needs. Misunderstanding requirements causes waste, slipped schedules, and mistrust within the organization. Developers implement their perceived interpretation of requirements; testers test against their perceptions. Disagreement can arise about implementation defects, when the cause is really a disagreement about the requirement. Ken Pugh shows how acceptance tests decrease requirements misunderstandings by both developers and testers. A testable requirement provides a single source that serves as the analysis document, acceptance criteria, regression test suite, and progress tracker for any given feature. Explore the creation, evaluation, and use of testable requirements by the business and developers. Join Ken to examine how to transform requirements into stories, small units of work that have business value, small implementation effort, and easy-to-understand acceptance tests. Learn how testers and requirement elicitors can work together to create acceptance tests prior to implementation.
Governing Agile Teams: Disciplined Strategies to Increase Agile EffectivenessTechWell
Many organizations have successfully adopted agile on a subset of their projects, while, at the same time, struggled to do so across entire departments. A common challenge is the need to overhaul the IT governance strategy so that it will work with agile teams. This is a serious issue for governance bodies with little or no practical agile experience, particularly when experience shows that traditional governance strategies increase the risk of failure on agile projects. Scott Ambler introduces The Disciplined Agile Delivery framework for managing and monitoring enterprise agile teams. This framework goes beyond offering an IT governance strategy to provide advanced strategies such as development intelligence and the goal-question-metric measurement approach. Learn the do’s and don’ts of governing agile teams, how governance fits in and enhances the agile project lifecycle, how to measure agile teams, and most importantly, why teams should demand good governance.
Seven Keys to Navigating Your Agile Testing TransitionTechWell
So you’ve “gone agile” and have been relatively successful for a year or so. But how do you know how well you’re really doing? And how do you continuously improve your practices? And when things get rocky, how do you handle the challenges without reverting to old habits? You realize that the path to high-performance agile testing isn’t easy or quick. It also helps to have a guide. So consider this workshop your guide to ongoing, improved, and sustained high-performance. Join seasoned agile testing coach Bob Galen as he share lessons from his most successful agile testing transitions. You’ll explore actual team case studies for building team skills, embracing agile requirements, fostering customer interaction, building agile automation, driving business value, and testing at-scale stories of agile testing excellence. You’ll examine the mistakes, adjustments, and the successes—so you’ll learn how to react to real-world contexts. Leave with a better view of your team’s strengths, weaknesses, and where you need to focus to improve.
How to Jumpstart Enterprise Agile AdoptionTechWell
Want to get a jumpstart on agile adoption in your organization? Begin by leveraging a roadmap that Intuit has used for rolling out enterprise agile to its business units. While there is no single way to bring enterprise agile into your organization, Alan Padula describes a model that has worked repeatedly. The important first step is to create a vision of what full agile adoption looks like. Once a rich vision is created describing what people will be doing and how they will be doing it, create a roadmap, a time-sequenced plan with milestones. Each milestone has a description of everyone’s job responsibilities, the measurements to take along the way, the personal and business benefit, and the set of activities planned in order to achieve each succeeding milestone. Key transition activities include training, infrastructure, change leadership, planning, and governance. Join Alan for the jumpstart you need to successfully adopt agile in your organization.
Data Warehouse Testing: It’s All about the PlanningTechWell
Today’s data warehouses are complex and contain heterogeneous data from many different sources. Testing these warehouses is complex, requiring exceptional human and technical resources. So how do you achieve the desired testing success? Geoff Horne believes that it is through test planning that includes technical artifacts such as data models, business rules, data mapping documents, and data warehouse loading design logic. Wayne shares planning checklists, a test plan outline, concepts for data profiling, and methods for data verification. He demonstrates how to effectively create a test strategy to discover empty fields, missing records, truncated data, duplicate records, and incorrectly applied business rules—all of which can dramatically impact the usefulness of the data warehouse. Learn common pitfalls, which can cost your business hundreds of thousands of dollars or more, when test planning shortcuts are taken. If you work in an environment that often performs data warehouse testing without proper planning and technical skills, this session is for you.
Defense Report began the process of looking beyond
headline-grabbing breaches and the nth stage in the
evolution of cyberthreats to better understand the
perceptions, concerns, and priorities of the IT security
professionals charged with defending today’s networks.
Representative findings from that first report included
the revelation that one in four security professionals
doubts whether their organization has invested
adequately in cyberthreat defenses, the identification of
mobile devices as IT security’s “weakest link,” and the
expectation that more than three-quarters of businesses
will adopt bring-your-own-device (BYOD) policies by
2016.
Ensuring cyber resilience presents different risk points and many challenges. Not all organizations possess the internal capabilities and expertise necessary to strategize, execute, and safeguard their attack surface. By identifying vulnerabilities, deploying tools, and educating users, cybersecurity services can make the digital environment safer for all.
Our Cyber Resilience FasTrak provides three flexible options for personalized
protection. Select the service that is right for your organization:
- Improve cyber defenses with a Security Health Check
- Uncover hidden threats with AI powered Threat Hunting Service
- Don’t be scared, be prepared with Incident Response Simulation
Presentation at CMSS Conference 2016 - I was recently honored with the opportunity of speaking at the CMSS 2016 Conference. My goal for this engagement was to educate about the importance of innovating and applying exponential technologies in IT Security within the organization. My audience included many professionals in the medical industry, so it was important for me to be able to convey the importance of cybersecurity in that industry.
We need Paper on Risk Assessment for the organization (NASA). Th.docxcelenarouzie
We need Paper on Risk Assessment for the organization (NASA). The risk should be listed in one of the following links.
http://oig.nasa.gov/audits/reports/FY10/IG-10-018-R.pdf
https://oig.nasa.gov/audits/reports/FY14/IG-14-023.pdf
https://oig.nasa.gov/audits/reports/FY17/IG-17-010.pdf
https://oig.nasa.gov/audits/reports/FY17/IG-17-002A.pdf
The following sections are missing:
• Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP?
• Training: specify a training frequency
• Plan testing: How (and how often) will you test the plan?
• Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network.
• Incident Notification: What happens when an incident is detected?
• Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”?
Read about the Final Project, "Inclusive Voices," Instructions
Purpose:
to show how a not-so-well-known person or movements’ emergent truth pushes back against dominant cultures’ non-inclusive or discriminatory narrative through using their voice and actions to disrupt, and create positive change.
Method:
1. Conduct research and write an APA formatted Research Essay using 3-5 sources
2. Then from the content of the Research Essay create your Final Presentation. Your Final Presentation, "Inclusive Voices," will teach your reader/viewer what you discovered from conducting your research through a recorded poster presentation, video presentation, or voice-narrated PowerPoint presentation.
3. Create a Script that you will use to present your Final Presentation
Ultimately, you will use the questions below to write your paper and drive the content and organization of your presentation. Completing your research should be organized in the following way and answer the following questions about your person/movement:
The introduction should briefly introduce and state the issue to be examined. It should start with creative, attention-getting hook then state why you chose the person/movement, show how you will critically evaluate the person or movement you chose, and provide a clear thesis statement.
The body of your paper contains information that explains who the person/movement is, what they did, and then provides a status update. The sub-headers used in APA formatting provide your divisions.
(Sub-header:) Who are/were they?
This sections answers the question who are they? This defines them and their power and limitations in the culture of the time. This section provides any historical information that is relevant about them personally.
(Sub-header:) What was happening in culture of the time?
Here you will give some perspective about events and attitudes of the time and what happened that allowed a space for their voice. What was going on in dominant culture at the time that allowed for their entry point into the cultural narrative?
(Sub-header:) What did they do?
This.
Information systems in the digital age are complex and expansive, with attack vectors coming in from every angle. This makes analyzing risk challenging, but more critical than ever.
There is a need to better understand the dynamics of modern IT systems, security controls that protect them, and best practices for adherence to today’s GRC requirements.
These slides are from our webinar covering topics like:
· Threats, vulnerabilities, weaknesses – why their difference matters
· How vulnerability scanning can help (and hinder) your efforts
· Security engineering and the system development lifecycle
· High impact activities - application risk rating and threat modeling
For more course tutorials visit
www.tutorialrank.com
CYB 610 Project 1 Information Systems and Identity Management
CYB 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CYB 610 Project 3 Assessing Information System Vulnerabilities and Risk
The SOC Analyst training curriculum has been carefully crafted to provide aspiring and present SOC Analysts with a thorough knowledge of SOC operations and processes.
https://www.infosectrain.com/courses/soc-analyst-training/
Do you ever feel you have lost confidence in your own abilities? Why does this happen? Isabel Evans spends a lot of time painting. Someone once commented, “Why are you doing this, when you are not very good at it?” And gradually she stopped drawing and painting, after being intimidated by a conventional vision of what good art should look like. At the same time, she experienced a parallel loss of confidence in her professional abilities. Attempting creative pursuits like drawing and painting is essential to cognitive, emotional, creative abilities and she began to understand the correlation between her creative activities and her confidence. Making errors, being wrong, failing – that is a generous gift we receive when we practice outside our skill level. By staying in a comfort zone and repeating successes, we stagnate. As Isabel started to create again she thought “I don’t feel good at it, I do feel good doing it” The difference was that she was learning, having ideas and the act of re-engaging with failure, together with the comradeship of friends and colleagues, including at Women Who Test, Isabel has regained her confidence in her professional abilities, and been able to reboot her career and joy. Join Isabel to share a journey from self-perceived failure, to recovery and renewed learning.
Instill a DevOps Testing Culture in Your Team and Organization TechWell
The DevOps movement is here. Companies across many industries are breaking down siloed IT departments and federating them into product development teams. Testing and its practices are at the heart of these changes. Traditionally, IT organizations have been staffed with mostly manual testers and a limited number of automation and performance engineers. To keep pace with development in the new “you build it, you own it” environment, testing teams and individuals must develop new technical skills and even embrace coding to stay relevant and add greater value to the business. DevOps really starts with testing. Join Adam Auerbach as he explains what DevOps is and how it relates to testing. He describes how testing must change from top to bottom and how to access your own environment to identify improvement opportunities. Adam dives into practices like service virtualization, test data management, and continuous testing so you can understand where you are now and identify steps needed to instill a DevOps testing culture in your team and organization.
Test Design for Fully Automated Build ArchitectureTechWell
Imagine this … As soon as any developed functionality is submitted into the code repository, it is automatically subjected to the appropriate battery of tests and then released straight into production. Setting up the pipeline capable of doing just that is becoming more and more common and something you need to know about. But most organizations hit the same stumbling block—just what IS the appropriate battery of tests? Automated build architectures don't always lend themselves well to the traditional stages of testing. In this hands-on tutorial, Melissa Benua introduces you to key test design principles—applicable to organizations both large and small—that allow you to take full advantage of the pipeline's capabilities without introducing unnecessary bottlenecks. Learn how to make highly reliable tests that run fast and preserve just enough information to let testers and developers determine exactly what went wrong and how to reproduce the error locally. Explore ways to reduce overlap while still maintaining adequate test coverage. Take back ideas about which test areas could benefit from being combined into a single suite and which areas could benefit most from being broken out altogether.
System-Level Test Automation: Ensuring a Good StartTechWell
Many organizations invest a lot of effort in test automation at the system level but then have serious problems later on. As a leader, how can you ensure that your new automation efforts will get off to a good start? What can you do to ensure that your automation work provides continuing value? This tutorial covers both “theory” and “practice”. Dot Graham explains the critical issues for getting a good start, and Chris Loder describes his experiences in getting good automation started at a number of companies. The tutorial covers the most important management issues you must address for test automation success, particularly when you are new to automation, and how to choose the best approaches for your organization—no matter which automation tools you use. Focusing on system level testing, Dot and Chris explain how automation affects staffing, who should be responsible for which automation tasks, how managers can best support automation efforts to promote success, what you can realistically expect in benefits and how to report them. They explain—for non-techies—the key technical issues that can make or break your automation effort. Come away with your own clarified automation objectives, and a draft test automation strategy to use to plan your own system-level test automation.
Build Your Mobile App Quality and Test StrategyTechWell
Let’s build a mobile app quality and testing strategy together. Whether you have a web, hybrid, or native app, building a quality and testing strategy means (1) knowing what data and tools you have available to make agile decisions, (2) understanding your customers and your competitors, and (3) testing your app under real-world conditions. Jason Arbon guides you through the latest techniques, data, and tools to ensure the awesomeness of your mobile app quality and testing strategy. Leave this interactive session with a strategy for your very own app—or one you pretend to own. The information Jason shares is based on data from Appdiff’s next-gen mobile app testing platform, lessons from Applause/uTest’s crowd, text mining hundreds of millions of app store reviews, and in-depth discussions with top mobile app development teams.
Testing Transformation: The Art and Science for SuccessTechWell
Technologies, testing processes, and the role of the tester have evolved significantly in the past few years with the advent of agile, DevOps, and other new technologies. It is critical that we testing professionals evaluate ourselves and continue to add tangible value to our organizations. In your work, are you focused on the trivial or on real game changers? Jennifer Bonine describes critical elements that help you artfully blend people, process, and technology to create a synergistic relationship that adds value. Jennifer shares ideas on mastering politics, maneuvering core vs. context, and innovating your technology strategies and processes. She explores how new processes can be introduced in an organization, what the role of organizational culture is in determining the success of a project, and how you can know what tools will add value vs. simply adding overhead and complexity. Jennifer reviews critically needed tester skills and discusses a continual learning model to evolve your skills and stay relevant. This discussion can lead you to technologies, processes, and skills you can stake your career on.
We’ve all been there. We work incredibly hard to develop a feature and design tests based on written requirements. We build a detailed test plan that aligns the tests with the software and the documented business needs. And when we put the tests to the software, it all falls apart because the requirements were changed without informing everyone. Mary Thorn says help is at hand. Enter behavior-driven development (BDD), and Cucumber and SpecFlow, tools for running automated acceptance tests and facilitating BDD. Mary explores the nuances of Cucumber and SpecFlow, and shows you how to implement BDD and agile acceptance testing. By fostering collaboration for implementing active requirements via a common language and format, Cucumber and SpecFlow bridge the communication gap between business stakeholders and implementation teams. In this workshop, practice writing feature files with the best practices Mary has discovered over numerous implementations. If you experience developers not coding to requirements, testers not getting requirements updates, or customers who feel out of the loop and don’t get what they ask for, Mary has answers for you.
Develop WebDriver Automated Tests—and Keep Your SanityTechWell
Many teams go crazy because of brittle, high-maintenance automated test suites. Jim Holmes helps you understand how to create a flexible, maintainable, high-value suite of functional tests using Selenium WebDriver. Learn the basics of what to test, what not to test, and how to avoid overlapping with other types of testing. Jim includes both philosophical concepts and hands-on coding. Testers who haven't written code should not be intimidated! We'll pair you up to make sure you're successful. Learn to create practical tests dealing with advanced situations such as input validation, AJAX delays, and working with file downloads. Additionally, discover when you need to work together with developers to create a system that's more easily testable. This tutorial focuses primarily on automating web tests, but many of the same concepts can be applied to other UI environments. Demos and labs will be in C# and Java using WebDriver. Leave this tutorial having learned how to write high-value WebDriver tests—and stay sane while doing so.
DevOps is a cultural shift aimed at streamlining intergroup communication and improving operational efficiency for development and operations groups. Over time, inclusion of other IT groups under the DevOps umbrella has become the norm for many organizations. But even broadening the boundaries of DevOps, the conversation has been largely devoid of the business units’ place at the table. A common mistake organizations make while going through the DevOps transformation is drawing a line at the IT boundary. If that occurs, a larger, more inclusive silo within the organization is created, operating in an informational vacuum and causing operational inefficiency and goal misalignment. Sharing his experiences working on both sides of the fence, Leon Fayer describes the importance of including business units in order to align technology decisions with business goals. Leon discusses inclusion of business units in existing agile processes, benefits of cross-departmental monitoring, and a business-first approach to technology decisions.
Eliminate Cloud Waste with a Holistic DevOps StrategyTechWell
Chris Parlette maintains that renting infrastructure on demand is the most disruptive trend in IT in decades. In 2016, enterprises spent $23B on public cloud IaaS services. By 2020, that figure is expected to reach $65B. The public cloud is now used like a utility, and like any utility, there is waste. Who's responsible for optimizing the infrastructure and reducing wasted expenses? It’s DevOps. The excess expense, known as cloud waste, comprises several interrelated problems: services running when they don't need to be, improperly sized infrastructure, orphaned resources, and shadow IT. There are a few core tenets of DevOps—holistic thinking, no silos, rapid useful feedback, and automation—that can be applied to reducing your cloud waste. Join Chris to learn why you should include continuous cost optimization in your DevOps processes. Automate cost control, reduce your cloud expenses, and make your life easier.
Transform Test Organizations for the New World of DevOpsTechWell
With the recent emergence of DevOps across the industry, testing organizations are being challenged to transform themselves significantly within a short period of time to stay meaningful within their organizations. It’s not easy to plan and approach these changes considering the way testing organizations have remained structured for ages. These challenges start from foundational organizational structures and can cut across leadership influence, competencies, tools strategy, infrastructure, and other dimensions. Sumit Kumar shares his experience assisting various organizations to overcome these challenges using an organized DevOps enablement framework. The framework includes radical restructuring, turning the tools strategy upside down, a multidimensional workforce enablement supported by infrastructure changes, redeveloped collaborations models, and more. From his real world experiences Sumit shares tips for approaching this journey and explains the roadmap for testing organizations to transform themselves to lead the quality in DevOps.
The Fourth Constraint in Project Delivery—LeadershipTechWell
All too often, the triple constraints—time, cost, and quality—are bandied about as if they are the be-all, end-all. While they are important, leadership—the fourth and larger underpinning constraint—influences the first three. Statistics on project success and failure abound, and these measurements are usually taken against the triple constraints. According to the Project Management Institute, only 53 percent of projects are completed within budget, and only 49 percent are completed on time. If so many projects overrun budget and are late, we can’t really say, “Good, fast, or cheap—pick two.” Rob Burkett talks about leadership at every level of a team. He shares his insights and stories gleaned from his years of IT and project management experience. Rob speaks to some of the glaring difficulties in the workplace in general and some specifically related to IT delivery and project management. Leave with a clearer understanding of how to communicate with teams and team members, and gain a better understanding of how you can be a leader—up and down your organization.
Resolve the Contradiction of Specialists within Agile TeamsTechWell
As teams grow, organizations often draw a distinction between feature teams, which deliver the visible business value to the user, and component teams, which manage shared work. Steve Berczuk says that this distinction can help organizations be more productive and scale effectively, but he recognizes that not all shared work fits into this model. Some work is best handled by “specialists,” that is people with unique skills. Although teams composed entirely of T-shaped people is ideal, certain skills are hard to come by and are used irregularly across an organization. Since these specialists often need to work closely with teams, rather than working from their own backlog, they don’t fit into the component team model. The use of shared resources presents challenges to the agile planning model. Steve Berczuk shares how teams such as those providing infrastructure services and specialists can fit into a feature+component team model, and how variations such as embedding specialists in a scrum team can both present process challenges and add significant value to both the team and the larger organization.
Pin the Tail on the Metric: A Field-Tested Agile GameTechWell
Metrics don’t have to be a necessary evil. If done right, metrics can help guide us to make better forward-looking decisions, rather than being used for simply managing or monitoring. They can help us identify trade-offs between options for what to do next versus punitive or worse, purely managerial measures. Steve Martin won’t be giving the Top Ten List of field-tested metrics you should use. Instead, in this interactive mini-workshop, he leads you through the critical thinking necessary for you to determine what is right for you to measure. First, Steve explores why you want to measure something—whether it’s for a team, a portfolio, or even an agile transformation. Next, he provides multiple real-life metrics examples to help drive home concepts behind characteristics of good and bad metrics. Finally, Steve shows how to run his field-tested agile game—Pin the Tail on the Metric. Take back this activity to help you guide metrics conversations at your organization.
Agile Performance Holarchy (APH)—A Model for Scaling Agile TeamsTechWell
A hierarchy is an organizational network that has a top and a bottom, and where position is determined by rank, importance, and value. A holarchy is a network that has no top or bottom and where each person’s value derives from his ability, rather than position. As more companies seek the benefits of agile, leaders need to build and sustain delivery capability while scaling agile without introducing unnecessary process and overhead. The Agile Performance Holarchy (APH) is an empirical model for scaling and sustaining agility while continuing to deliver great products. Jeff Dalton designed the APH by drawing from lessons learned observing and assessing hundreds of agile companies and teams. The APH helps implement a holarchy—a system composed of interacting organizational units called holons—centered on a series of performance circles that embody the behaviors of high performing agile organizations. Jeff describes how APH provides guidelines in the areas of leadership, values, teaming, visioning, governing, building, supporting, and engaging within an all-agile organization. Join Jeff to see what the APH is all about and how you can use it in your team and organization.
A Business-First Approach to DevOps ImplementationTechWell
DevOps is a cultural shift aimed at streamlining intergroup communication and improving operational efficiency for development and operations groups. Over time, inclusion of other IT groups under the DevOps umbrella has become the norm for many organizations. But even broadening the boundaries of DevOps, the conversation has been largely devoid of the business units’ place at the table. A common mistake organizations make while going through the DevOps transformation is drawing a line at the IT boundary. If that occurs, a larger, more inclusive silo within the organization is created, operating in an informational vacuum and causing operational inefficiency and goal misalignment. Sharing his experiences working on both sides of the fence, Leon Fayer describes the importance of including business units in order to align technology decisions with business goals. Leon discusses inclusion of business units in existing agile processes, benefits of cross-departmental monitoring, and a business-first approach to technology decisions.
Databases in a Continuous Integration/Delivery ProcessTechWell
DevOps is transforming software development with many organizations adopting lean development practices, implementing continuous integration (CI), and performing regular continuous deployment (CD) to their production environments. However, the database is largely ignored and often seen as a bottleneck in the DevOps process. Steve Jones discusses the challenges of database development and why many developers find the database to be an impediment to the CD process. Steve shares the techniques you can use to fit a database into the DevOps process. Learn how to store database code in a version control system, and the differences between that and application code. Steve demonstrates a CI process with SQL code and uses automated testing frameworks to check the code. Steve then shows how automated releases with manual gates can reduce the stress and risk of database deployments while ensuring consistent, reliable, repeatable releases to QA, UAT, and production.
Mobile Testing: What—and What Not—to AutomateTechWell
Organizations are moving rapidly into mobile technology, which has significantly increased the demand for testing of mobile applications. David Dangs says testers naturally are turning to automation to help ease the workload, increase potential test coverage, and improve testing efficiency. But should you try to automate all things mobile? Unfortunately, the answer is not always clear. Mobile has its own set of complications, compounded by a wide variety of devices and OS platforms. Join David to learn what mobile testing activities are ripe for automation—and those items best left to manual efforts. He describes the various considerations for automating each type of mobile application: mobile web, native app, and hybrid applications. David also covers device-level testing, types of testing, available automation tools, and recommendations for automation effectiveness. Finally, based on his years of mobile testing experience, David provides some tips and tricks to approach mobile automation. Leave with a clear plan for automating your mobile applications.
Cultural Intelligence: A Key Skill for SuccessTechWell
Diversity is becoming the norm in everyday life. However, introducing global delivery models without a proper understanding of intercultural differences can lead to difficulty, frustration, and reduced productivity. Priyanka Sharma and Thena Barry say that in our diverse world, we need teams with people who can cross these boundaries, communicate effectively, and build the diverse networks necessary to avoid problems. We need to learn about cultural intelligence (CI) and cultural quotient (CQ). CI is the ability to relate and work effectively across cultures. CQ is the cognitive, motivational, and behavioral capacity to understand and respond to beliefs, values, attitudes, and behaviors of individuals and groups. Together, CI and CQ can help us build behavioral capacities that aid motivation, behavior, and productivity in teams as well as individuals. Priyanka and Thena show how to build a more culturally intelligent place with tools and techniques from Leading with Cultural Intelligence, as well as content from the Hofstede cultural model. In addition, they illustrate the model with real-life experiences and demonstrate how they adapted in similar circumstances.
Turn the Lights On: A Power Utility Company's Agile TransformationTechWell
Why would a century-old utility with no direct competitors take on the challenge of transforming its entire IT application organization to an agile methodology? In an increasingly interconnected world, the expectations of customers continue to evolve. From smart meters to smart phones, IoT is creating a crisis point for industries not accustomed to rapid change. Glen Morris explains that pizzas can be tracked by the minute and packages at every stop, and customers now expect this same customer service model should exist for all industries—including power. Glen examines how to create momentum and transform non-IT-focused industries to an agile model. If you are struggling with gaining traction in your pursuit of agile within your business, Glen gives you concrete, practical experiences to leverage in your pursuit. Finally, he communicates how to gain buy-in from business partners who have no idea or concern about agile or its methodologies. If your business partners look at you with amusement when you mention the need for a dedicated Product Owner, join Glen as he walks you through the approaches to overcoming agile skepticism.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
2. Laurie Williams
North Carolina State University
A professor of computer science at North Carolina State University, Laurie Williams has
been researching agile development methodologies and practices for thirteen years and
software security for seven years. She has taught agile courses and coached industrial
agile teams at a number of organizations in a variety of domains for the past five years.
Laurie is the author of Pair Programming Illuminated; sixty refereed papers on agile
software development, test-driven development, and pair programming; and thirty
papers on software security.
.
3. Protection Poker: An Agile
Security Game
Laurie Williams
williams@csc.ncsu.edu
Picture from http://www.thevelvetstore.com
1
Another vote for…
“Everything should
be made as simple
as possible, but not
simpler.”
--Albert Einstein
http://imagecache2.allposters.com/images/pic/CMA
G/956-037~Albert-Einstein-Posters.jpg
1
4. Estimation
Planning Poker
How many engineers?
How long?
What is the security risk?
Protection Poker
Pictures from http://www.doolwind.com , http://news.cnet.com and
http://www.itsablackthang.com/images/Art-Sports/irving-sinclair-the-pokergame.jpg
Effort Estimation: Planning Poker
How many engineers?
How long?
Pictures from http://www.doolwind.com ,
http://www.legendsofamerica.com/photos-oldwest/Faro2-500.jpg
2
5. Coming up with the plan
Desired
Feature
s
5 story points/
iteration
30 story
points
6
iterations
June
10
5
Estimating “dog points”
• Estimate each of the dogs below in dog points, assigning
each dog a minimum of 1 dog point and a maximum of
10 dog points
• A dog point represents the height of a dog at the
shoulder
–
–
–
–
–
–
–
–
Labrador retriever
Terrier
Great Dane
Poodle
Dachshund
German shepherd
St. Bernard
Bulldog
6
3
6. What if?
• Estimate each of the dogs below in dog points, assigning
each dog a minimum of 1 dog point and a maximum of
100 dog points
• A dog point represents the height of a dog at the
shoulder
–
–
–
–
–
–
–
–
Labrador retriever
Terrier
Great Dane
Poodle
Dachshund
German shepherd
St. Bernard
Bulldog
Harder or easier?
More or less accurate?
More or less time consuming?
7
Estimating story points
• Estimate stories relative to each other
–
–
–
–
Twice
T i as big
bi
Half as big
Almost but not quite as big
A little bit bigger
• Only values:
– 0 1, 2, 3, 5, 8, 13, 20 40, 100
0, 1 2 3 5 8 13 20, 40
Near term iteration
“stories”
A few iterations away
“epic”
8
4
7. Diversity of opinion is
essential!
Vote based on:
•Disaggregation
•Analogy
•Expert opinion
(Subjective) Results of Planning Poker
• Explicit result (<20%):
– Effort Estimate
• Side effects/implicit results (80%+):
– Greater understanding of requirement
– Expectation setting
– Implementation hints
– High level design/architecture discussion
– Ownership of estimate
5
8. Security Risk Estimation: Protection
Poker
What is the security risk?
http://news.cnet.com and
http://swamptour.net/images/ST7PokerGame1.gif
http://collaboration.csc.ncsu.edu/laurie/Papers/ProtectionPoker.pdf
Software Security Risk Assessment
via Protection Poker
6
9. Computing Security Risk Exposure
Traditional Risk
Exposure
probability of
occurrence
NIST Security Risk likelihood of threat
threatExposure
source exercising
vulnerability
X
impact of loss
X
impact of adverse event on
organization
enumeration of adversary
types
difficulty
motivation of adversaries
Proposed Security ease of attack
Risk Exposure
Ease points
X
value of asset
- To organization
- To adversary
Value points
Memory Jogger
7
10. Step 1: Calibrate value of database
tables (done once)
• Which database table would be least attractive to an
attacker?
• Which database table would be most attractive to an
attacker?
• Use your planning poker cards to assign relative point
values for the “value” of each database table, giving a 1
to the least attractive.
• Circle the database tables in Table 1 and put the value
points in the appropriate column.
• There are your “value” endpoints.
Step 2: Calibrate ease of attack for
requirements (done once)
•
Which requirement adds functionality that will make an
attack easiest?
• Which requirement adds functionality that will make
attack hardest?
• Use your planning poker cards to assign relative point
values for the “ease” of each requirement.
• There are your “ease” endpoints for the rest of the
exercise.
exercise
8
11. Step 3: Compute security risk of
requirements (each iteration)
• For each requirement:
– Identify database tables used in that requirement For
requirement.
each:
• Table already have a “value”? Use it.
• Table doesn‘t have a “value”? “Poker” a value.
– Record the sum of database table values.
– “Poker” a value for ease points. Discuss changes to
implementation that may reduce the ease.
– Compute security risk by multiplying value by ease.
Security Risk Assessment
Requirement
Ease
Ease
Points
Value Points Security Risk
Ranking
Req 1
1
100
100
3
Req 2
5
1
5
6
Req 3
5
1
5
6
Req 4
20
5
100
3
Req 5
13
13
169
2
Req 6
1
40
40
5
Req 7
40
60
2400
1
Sum of asset value (e.g.
one 20 and one 40)
9
12. Step 4: Risk Ranking and Discussion
(each iteration)
• Rank your risks.
• Any surprises? Satisfied with values you
gave?
• What plans would you put in place now that
you are more aware of the security risk?
“Diversity of ideas is healthy,
and it lends a creativity and
drive to the security field that
we must take advantage of.”
-- Gary McGraw
Informal discussions of:
•Threat models
•Misuse cases
10
13. Attacker mindset
RedHat Case Study
Current software security knowledge
PP help spread software security knowledge
PP learn about software security
Focus on true software security risks
11
14. Discussions
# of contributions
time talking
(Subjective) Results of Protection
Poker
• Explicit result (<20%):
– Relative security risk assessment
• Side effects/implicit results (80%+):
– Greater awareness understanding of security implications
of requirement
• Collaborative threat modeling
• Collaborative misuse case development
– Requirements changed to reduce risk
q
g
– Allocation of time to build security into new functionality
“delivered” at end of iteration (appropriate to relative risk)
– Knowledge sharing and transfer of security information
12
17. Req 1: Emergency Responder
Currently the only roles in iTrust are licensed health care
professional, unlicensed health care professional (a.k.a secretarial
support),
support) administrator and patient The need for another role has
patient.
arisen: emergency responder (ER). An emergency responder is
defined as follows: police, fire, emergency medical technicians
(EMTs), and other medically trained emergency responders who
provide care while at, or in transport from, the site of an
emergency. The only capability provided to an ER is access to an
emergency report for a patient which provides basic but important
information such as: allergies blood type recent short term
allergies,
type,
short-term
diagnoses, long term, chronic illness diagnoses, prescription
history, and immunization history. The patient is sent an email to
notify them of the viewing of their records by an emergency
responder.
Req 2: Find qualified LHCP
A patient has just been diagnosed with a condition and wants to
find the licensed health care professionals (LHCPs) in the area
who h
h have h dl d th t condition. Th patient chooses 'M
handled that
diti
The ti t h
'My
Diagnoses” and is presented with a listing of all their own
diagnoses, sorted by diagnosis date (more recent first). The
patient can select a diagnosis and will be presented with the
LHCPs in the patient's living area (based upon the first three
numbers of their zip code) who have handled this diagnosis in
the last three years. The list is ranked by the quantity of
patients the LHCP has treated for that diagnosis (each patient
is only counted once regardless of the number of office visits).
15
18. Req 3: Update diagnosis code table
The American Medical Association has
decided that beginning January 1 2013 all
1,
diagnoses must be coded with ICD-10
rather than ICD-9CM. These new codes
need to be saved for eventual use by the
iTrust application.
Req 4: View access log
A patient can view a listing of the names of
licensed health care professionals that
viewed or edited their medical records and
the date the viewing/editing occurred is
displayed.
16
19. For each requirement
• Discuss the most sensitive data element involved
(value)
–E d i t
Endpoints
– Relative values
• Discuss whether the new functionality provides
functionality that could make it easier for an attacker to
exploit the system (ease)
– Endpoints
– Relative values
• Using Protection Poker language, which requirement
seems the least and most risky and why
http://www.photosofoldamerica.com/webart/large/254.JPG
http://www.cardcow.com/images/albert-einstein-at-beach1945-celebrities-28954.jpg
17
20. Protection Poker Resources
• Williams, L., Meneely, A., and Shipley, G.,
Protection Poker: The New Software
Security "Game", IEEE Security and
Privacy, Vol. 8, Number 3, May/June 2010,
pp. 14-20.
• http://collaboration.csc.ncsu.edu/laurie/Sec
urity/ProtectionPoker/
18