This document provides an introduction to a presentation by Joshua Corman and Gene Kim on Rugged DevOps. It includes brief biographies of the presenters and outlines some of the key topics to be covered, including how security is evolving from a separate function to an integrated part of rapid software development. The presentation will explore how organizations can adopt practices like DevOps to help break the chronic conflict between rapid innovation and stable operations.
2012 Velocity London: DevOps Patterns DistilledGene Kim
2012 Velocity London,
Presentation by Patrick Debois (@patrickdebois), Damon Edwards (@damonedwards), Gene Kim (@realgenekim), John Willis (@botchagalupe)
2011 06 15 velocity conf from visible ops to dev ops finalGene Kim
My presentation called "Creating the Dev/Test/PM/Ops Supertribe: From Visible Ops To DevOps"
2011 Velocity Conference:
http://velocityconf.com/velocity2011/public/schedule/detail/21123
Ernest Mueller, Karthik Gaekwad, and James Wickett, the Agile Admins (http://theagileadmin.com) delivered this presentation on what's hot in DevOps in 2015 for the BrightTALK Summit. The video is online at https://www.brighttalk.com/webcast/5742/154715
Keeping The Auditor Away: DevOps Audit Compliance Case StudiesGene Kim
GenOrganizations and development teams are moving beyond waterfall models to those embracing a continuous delivery/DevOps-style set of processes. The deployment of doing tens, hundreds, or even thousands of deploys per day as 'normal' does not align to the SDLC, separation of duties, and common controls expected by auditors.
In this presentation, we will describe what auditors look for in a compliance audit, how to develop alternate control procedures that fulfill those reporting requirements, how to avoid “red flags” that indicate inadequate controls, and real world case studies and reporting artifacts.
Gene Kim has been studying high performing IT organizations since 1999 and helped develop the SOX scoping guidelines with the Institute of Internal Auditors in 2005. James DeLuccia IV is the leader for the Ernst & Young Americas Certification Services, James oversees all of the audits against common industry standards, and champions several global program implementation roll-outs. Developing and 'translating' the control environment behaviors of clients, such as Google, Amazon, Workday, and others is difficult. This discussion will bridge the needs of auditors with the community of developers by sharing examples, discussing the assurance expectations, and how to communicate to pass an audit.
When IT Fails: A Business Novel - ITSM Academy WebinarITSM Academy, Inc.
When IT Fails: A Business Novel is the culmination of 10+ years of researching and benchmarking of over 1500 IT organizations. The novel tells the story of Parts Unlimited, a 100 year old, $4B/year company at the brink of failure. To keep the organization in operation, the CEO and team must close the gap with the competition. The two most critical projects have a high reliance on IT and are both years late and way over budget. Bill Palmer, the newly appointed VP of IT Operations, soon becomes the driving force to create a coherent management system that reduces the chaos and unplanned work in IT operations, replacing it with a high-throughput, high-quality, execution-oriented stream of work that delivers value to the business.
Join us for “story time” as Gene Kim reads excerpts from his book. He will then describe what is required for successful transformations.
Mary Poppendieck: The Aware Organization - Lean IT Summit 2014Institut Lean France
We now have a pretty good idea of what Just-in-Time means in software development. With Continuous Delivery moving to the mainstream, rapid flow of value through the development process is becoming routine. However, as software systems get larger and more complex, we may lose sight of what Jidoka has to offer. At the Lean IT Summit 2014, Mary Poppendieck explained what Jidoka, or situational awareness, means for groups developing large software systems.
"The Lean Mindset": Mary & Tom Poppendieck's Keynote at AgileDayChile 2013ChileAgil
Mary & Tom Poppendieck bring to us their analysis of the famouse rescue of the 33 chilean miners through lean glasses, and they propose a Lean Mindset grounded in business & technological success cases around the world.
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security.
We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown.
As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsJames Wickett
DevOps and the subsequent move bring security in under the umbrella of DevSecOps has created a new an ethos for security. This is good, however moving security and devops closer together in many organizations leaves us with questions of how this merge works in practice. What happens to security? To developers? And where does= chaos engineering fit in? This talk highlights security's place in DevOps and how topics ranging from empathy to chaos to system safety fit in organizations today. The hope is to uncover a new playbook for devs, ops, and security to work together.
2012 Velocity London: DevOps Patterns DistilledGene Kim
2012 Velocity London,
Presentation by Patrick Debois (@patrickdebois), Damon Edwards (@damonedwards), Gene Kim (@realgenekim), John Willis (@botchagalupe)
2011 06 15 velocity conf from visible ops to dev ops finalGene Kim
My presentation called "Creating the Dev/Test/PM/Ops Supertribe: From Visible Ops To DevOps"
2011 Velocity Conference:
http://velocityconf.com/velocity2011/public/schedule/detail/21123
Ernest Mueller, Karthik Gaekwad, and James Wickett, the Agile Admins (http://theagileadmin.com) delivered this presentation on what's hot in DevOps in 2015 for the BrightTALK Summit. The video is online at https://www.brighttalk.com/webcast/5742/154715
Keeping The Auditor Away: DevOps Audit Compliance Case StudiesGene Kim
GenOrganizations and development teams are moving beyond waterfall models to those embracing a continuous delivery/DevOps-style set of processes. The deployment of doing tens, hundreds, or even thousands of deploys per day as 'normal' does not align to the SDLC, separation of duties, and common controls expected by auditors.
In this presentation, we will describe what auditors look for in a compliance audit, how to develop alternate control procedures that fulfill those reporting requirements, how to avoid “red flags” that indicate inadequate controls, and real world case studies and reporting artifacts.
Gene Kim has been studying high performing IT organizations since 1999 and helped develop the SOX scoping guidelines with the Institute of Internal Auditors in 2005. James DeLuccia IV is the leader for the Ernst & Young Americas Certification Services, James oversees all of the audits against common industry standards, and champions several global program implementation roll-outs. Developing and 'translating' the control environment behaviors of clients, such as Google, Amazon, Workday, and others is difficult. This discussion will bridge the needs of auditors with the community of developers by sharing examples, discussing the assurance expectations, and how to communicate to pass an audit.
When IT Fails: A Business Novel - ITSM Academy WebinarITSM Academy, Inc.
When IT Fails: A Business Novel is the culmination of 10+ years of researching and benchmarking of over 1500 IT organizations. The novel tells the story of Parts Unlimited, a 100 year old, $4B/year company at the brink of failure. To keep the organization in operation, the CEO and team must close the gap with the competition. The two most critical projects have a high reliance on IT and are both years late and way over budget. Bill Palmer, the newly appointed VP of IT Operations, soon becomes the driving force to create a coherent management system that reduces the chaos and unplanned work in IT operations, replacing it with a high-throughput, high-quality, execution-oriented stream of work that delivers value to the business.
Join us for “story time” as Gene Kim reads excerpts from his book. He will then describe what is required for successful transformations.
Mary Poppendieck: The Aware Organization - Lean IT Summit 2014Institut Lean France
We now have a pretty good idea of what Just-in-Time means in software development. With Continuous Delivery moving to the mainstream, rapid flow of value through the development process is becoming routine. However, as software systems get larger and more complex, we may lose sight of what Jidoka has to offer. At the Lean IT Summit 2014, Mary Poppendieck explained what Jidoka, or situational awareness, means for groups developing large software systems.
"The Lean Mindset": Mary & Tom Poppendieck's Keynote at AgileDayChile 2013ChileAgil
Mary & Tom Poppendieck bring to us their analysis of the famouse rescue of the 33 chilean miners through lean glasses, and they propose a Lean Mindset grounded in business & technological success cases around the world.
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security.
We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown.
As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsJames Wickett
DevOps and the subsequent move bring security in under the umbrella of DevSecOps has created a new an ethos for security. This is good, however moving security and devops closer together in many organizations leaves us with questions of how this merge works in practice. What happens to security? To developers? And where does= chaos engineering fit in? This talk highlights security's place in DevOps and how topics ranging from empathy to chaos to system safety fit in organizations today. The hope is to uncover a new playbook for devs, ops, and security to work together.
Netwerkschool Inspiratiedag @ SintLucas, Boxtel
22-04-2011
Een korte introductie in lifehacking. Wat is het en hoe kunnen docenten het gebruiken. Helaas zonder het verhaal...
a short introduction into lifehacking. What does it mean and how could it be used by teachers. Pictures only...
Яхтенные туры в Греции - сезон 2016
Отдых на яхте, это еще одна степень нашей свободы - как в отеле, только отель ездит за нами куда нам нужно - каждый день новый остров. Если вы любите солнце и море и ветер - Добро Пожаловать!
Вы управляете проектом или проект управляет вами?КоммандКор
Вы управляете проектом или проект управляет Вами? Мы уверены, что мы управляем проектом. И часто то, что происходит во время управления идет своим чередом… А может ли оказаться, что в определенный момент проект начал управлять нами? И все, что мы видим, является лишь отражением и доказательством его независимого поведения?
While some are still recovering from treating security as a second-class citizen, the rise of agile and lean methodologies have opened a door for information security into software development with an opportunity to arrange security along the team's value stream. Teams that write secure software often do so because of the efforts of individuals. This talk dives into the mindset, tools, and ceremonies necessary to systematically create a culture around information security.
7 Things Every Ceo Should Know About Information SecurityCindy Kim
This ebook outlines the changing threat landscape and what CEOs need to understand about the evolving nature of threats in order to take protective measures and stay on top. In this ebook, Pat Clawson, CEO of Lumension, provides straight talk about a topic that can very well impact your bottom line and the ability of your business to deliver its product to customers.
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...David Etue
Control Quotient: Adaptive Strategies For Gracefully Losing Control as presented at RSAC US 2013 by @djetue and @joshcorman
The security community has spent years on failed approaches to Return On Investment (ROI) on security offerings and Return On Security Investment (ROSI). It’s failed as it evaluates from the wrong perspective. This session flips ROI on its head, looking from the adversary’s perspective. We’ll introduce an “Adversary ROI” model, and show how it can change how you evaluate cyber security investment.
In this session Aaron will uncover the importance of using Chaos Engineering in developing a learning culture in a DevSecOps world. Aaron will walk us through how to get started with Chaos Engineering for security and how it can be practically applied to enhance system performance, resilience and security.
Security focused Chaos Engineering allows engineering teams to derive new information about the state of security within their distributed systems that was previously unknown. This new technique of instrumentation attempts to proactively inject security turbulent conditions or faults into our systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain.
During this session we will cover some key concepts in Safety & Resilience Engineering and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive.
Four level teaching approach in Security marketDavide De Bella
How much is it difficult to disseminate a changing about security culture? What is the effect in terms of ROI when people don't change their beliefs, consciousness and mindset?
“Tell us your business rules and we will execute them”. This deceptively simple promise of Business Rules Management Systems underestimates the pain felt by practitioners going through their first project. Turning tacit knowledge into executable business rules is a difficult task.
The famous quote from Michael Polanyi, “we know more than we can tell”, summarizes beautifully the challenges faced by business users, business analysts and rules architects. Although partially documented in regulations and business manuals, knowledge is mostly buried deep in the head of knowledge workers and simply asking for it is easier said than done. Is the resulting body of rules comprehensive enough? Is it specific enough? Is it correct and accurate?
In the 1980-90’s, the Artificial Intelligence community invested heavily on various techniques for expert interviews to tackle this very problem. With the winter of AI, expert systems became less popular and so did those efforts. Experts were too few and their time too valuable to participate in those time-consuming interviews.
More recently, Agile Programming transformed development cycles by, among other things, bringing test cases at the forefront of the effort. Communication between product managers and developers has improved by discussing requirements in the context of use cases well established up-front. This talk presents a new approach to knowledge elicitation that combines Agile and AI concepts for the modern usage in Decision Management systems.
In particular, attendees will learn how to accelerate harvesting time and increase the quality of the extracted business rules at the same time. 100% pragmatic advice.
Cloud, DevOps and the New Security PractitionerAdrian Sanabria
First presented at Cloud Security World in Boston on June 15th, 2016.
Once upon a time, walls were erected between the Linux/UNIX crowd, Windows admins and the mainframers. Each architecture had its place and its experts, and they rarely mixed. This time around, we didn’t just get a new domain, we got a new way of doing IT and running businesses. Cloud has created new opportunities and DevOps has capitalized on them. The result of this combination is so unrecognizable that it isn’t uncommon to see IT organizations split down the middle by the new and old approaches. As DevOps continues to gain in popularity, the same split is occurring in the security workforce. Will the traditional security practitioner be in danger of becoming obsolete?
Similar to SecureWorld: Security is Dead, Rugged DevOps 1f (20)
Speaker Recording Tips For Virtual DevOps Enterprise (And Why We're Pre-Recor...Gene Kim
In this presentation, I describe why we've decided to pre-record our talks for DevOps Enterprise Summit, and some of the top lessons learned for any speaker who needs to record their presentations.
I cover microphones, standing up, elevating your camera, adjusting your lighting, picking a good background, and record!
To learn more about the awesome DevOps Enterprise Summit programming here: https://itrevolution.com/london-virtual-what-to-expect/
The Unicorn Project and The Five Ideals (Updated Dec 2019)Gene Kim
It is impossible to overstate how much I’ve learned since co-authoring The Phoenix Project, DevOps Handbook, and Accelerate. I’m so excited that after years of work, The Unicorn Project will be published later this year.
This book is my attempt to frame what I’ve learned studying technology leaders adopting DevOps principles and patterns in large, complex organizations, often having to fight deeply entrenched orthodoxies. And yet, despite huge obstacles, they create incredibly effective and innovative teams that create beacons of greatness that inspire us all.
In this book, we follow a senior lead developer and architect as she is exiled to the Phoenix Project, to the horror of her friends and colleagues, as punishment for contributing to a payroll outage. She tries to survive in what feels like a heartless and uncaring bureaucracy, forced to work within a system where no one can get anything done without endless committees, paperwork, change requests, and approvals. Decades of technical debt make even small changes difficult or impossible, often causing catastrophic outcomes and fear of punishment.
I get tremendous delight and gratification that this book is not about the bridge crew of the Starship Enterprise -- instead, it is about redshirt engineers, which as it turns out, whose heroic work matters most to the long-term survival of almost every organization.
In my previous books, I’ve focused on principles and practices (e.g., Three Ways, Four Types of Work). However, I’ve always wanted to describe the spectrum of cultural, experiential and value decisions we make that either enable greatness, or create chronic suffering and underperformance. They are currently as follows:
• The First Ideal — Locality and Simplicity
• The Second Ideal — Focus, Flow and Joy
• The Third Ideal — Improvement of Daily Work
• The Fourth Ideal — Psychological Safety
• The Fifth Ideal — Customer Focus
In this talk, I’ll share with you my goals and aspirations for The Unicorn Project, describe in detail the Five Ideals, along with my favorite case studies of both ideal and non-ideal, and why I believe more than ever that DevOps will be one of the most potent economic forces for decades to come.
2019 12 Clojure/conj: Love Letter To Clojure, and A Datomic Experience ReportGene Kim
Talk video: https://www.youtube.com/watch?v=5mbp3SEha38&t=1652s
Blog post: https://itrevolution.com/love-letter-to-clojure-part-1
I will explain how learning the Clojure programming language three years ago changed my life. It led to a series of revelations about all the invisible structures that are required to enable developers to be productive. These concepts show up all over The Unicorn Project, but most prominently in the First Ideal of Locality and Simplicity, and how it can lead to the Second Ideal of Focus, Flow, and Joy.
Without doubt, Clojure was one of the most difficult things I’ve learned professionally, but it has also been one of the most rewarding. It brought the joy of programming back into my life. For the first time in my career, as I’m nearing fifty years old, I’m finally able to write programs that do what I want them to do, and am able to build upon them for years without them collapsing like a house of cards, as has been my normal experience.
The famous French philosopher Claude Lévi-Strauss would say of certain tools, “Is it good to think with?” For reasons that I will try to explain in this post, Clojure embraces a set of design principles and sensibilities that were new to me: functional programming, immutability, an astonishingly strong sense of conservative minimalism (e.g., hardly any breaking changes in ten years!), and much more…
Clojure introduced to me a far better set of tools to think with and to also build with. It’s also led to a set of aha moments that explain why for decades my code would eventually fall apart, becoming more and more difficult to change, as if collapsing under its own weight. Learning Clojure taught me how to prevent myself from constantly self-sabotaging my code in this way.
The Unicorn Project and The Five Ideals (older: see notes for newer version)Gene Kim
Updated version here (Dec 2019): https://www.slideshare.net/realgenekim/the-unicorn-project-and-the-five-ideals-updated-dec-2019
It is impossible to overstate how much I’ve learned since co-authoring The Phoenix Project, DevOps Handbook, and Accelerate. I’m so excited that after years of work, The Unicorn Project will be published later this year.
This book is my attempt to frame what I’ve learned studying technology leaders adopting DevOps principles and patterns in large, complex organizations, often having to fight deeply entrenched orthodoxies. And yet, despite huge obstacles, they create incredibly effective and innovative teams that create beacons of greatness that inspire us all.
In this book, we follow a senior lead developer and architect as she is exiled to the Phoenix Project, to the horror of her friends and colleagues, as punishment for contributing to a payroll outage. She tries to survive in what feels like a heartless and uncaring bureaucracy, forced to work within a system where no one can get anything done without endless committees, paperwork, change requests, and approvals. Decades of technical debt make even small changes difficult or impossible, often causing catastrophic outcomes and fear of punishment.
I get tremendous delight and gratification that this book is not about the bridge crew of the Starship Enterprise -- instead, it is about redshirt engineers, which as it turns out, whose heroic work matters most to the long-term survival of almost every organization.
In my previous books, I’ve focused on principles and practices (e.g., Three Ways, Four Types of Work). However, I’ve always wanted to describe the spectrum of cultural, experiential and value decisions we make that either enable greatness, or create chronic suffering and underperformance. They are currently as follows:
• The First Ideal — Locality and Simplicity
• The Second Ideal — Focus, Flow and Joy
• The Third Ideal — Improvement of Daily Work
• The Fourth Ideal — Psychological Safety
• The Fifth Ideal — Customer Focus
In this talk, I’ll share with you my goals and aspirations for The Unicorn Project, describe in detail the Five Ideals, along with my favorite case studies of both ideal and non-ideal, and why I believe more than ever that DevOps will be one of the most potent economic forces for decades to come.
Why Everyone Needs DevOps Now: 15 Year Study Of High Performing Technology OrgsGene Kim
This presentation describes my interpretation of the Why and How of DevOps, and the key findings from my 15 year study of high-performing IT organizations, and how they simultaneously deliver stellar service levels and rapid implementation of new features into the production environment.
Organizations employing DevOps practices such as Google, Amazon, Facebook, Etsy and Twitter are routinely deploying code into production hundreds, or even thousands, of times per day, while providing world-class availability, reliability and security. In contrast, most organizations struggle to do releases more every nine months.
He will present how these high-performing organizations achieve this fast flow of work through Product Management and Development, through QA and Infosec, and into IT Operations. By doing so, other organizations can now replicate the extraordinary culture and outcomes enabling their organization to win in the marketplace.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
1. Security is Dead.
Long Live Rugged DevOps:
IT at Ludicrous Speed…
Joshua Corman & Gene Kim
SecureWorld Boston
March 28, 2012
Session ID:
2. About Joshua Corman
Director of Security Intelligence for Akamai Technologies
Former Research Director, Enterprise Security [The 451 Group]
Former Principal Security Strategist [IBM ISS]
Industry:
Expert Faculty: The Institute for Applied Network Security (IANS)
2009 NetworkWorld Top 10 Tech People to Know
Co-Founder of “Rugged Software” www.ruggedsoftware.org
BLOG: www.cognitivedissidents.com
Things I’ve been researching:
Compliance vs Security
Disruptive Security for Disruptive Innovations
Chaotic Actors
Espionage
Security Metrics
2
3. About Gene Kim
Researcher, Author
Industry:
Invented and founded Tripwire, CTO (1997-2010)
Co-author: “Visible Ops Handbook”(2006), “Visible Ops Security” (2008)
Co-author: “When IT Fails: The Novel,” “The DevOps Cookbook” (Coming
May 2012)
Things I’ve been researching:
Benchmarked 1300+ IT organizations to test effectiveness of IT controls vs.
IT performance
DevOps, Rugged DevOps
Scoping PCI Cardholder Data Environment
3
5. The Downward Spiral
Operations Sees… Dev Sees…
Fragile applications are prone to More urgent, date-driven projects
failure put into the queue
Long time required to figure out “which Even more fragile code (less
bit got flipped” secure) put into production
Detective control is a salesperson More releases have increasingly
“turbulent installs”
Too much time required to restore
service Release cycles lengthen to
amortize “cost of deployments”
Too much firefighting and unplanned
work Failing bigger deployments more
difficult to diagnose
Urgent security rework and
remediation Most senior and constrained IT
ops resources have less time to
Planned project work cannot complete fix underlying process problems
Frustrated customers leave Ever increasing backlog of work
Market share goes down that cold help the business win
Business misses Wall Street Ever increasing amount of
commitments tension between IT Ops,
Development, Design…
Business makes even larger promises
to Wall Street
These aren’t IT or Infosec problems…
These are business problems!
6. My Mission: Figure Out How Break The IT Core
Chronic Conflict
Every IT organization is pressured to
simultaneously:
Respond more quickly to urgent business needs
Provide stable, secure and predictable IT service
Words often used to describe process improvement:
“hysterical, irrelevant, bureaucratic, bottleneck, difficult to understand, not
aligned with the business, immature, shrill, perpetually focused on irrelevant
technical minutiae…”
Source: The authors acknowledge Dr. Eliyahu Goldratt, creator of the Theory of Constraints and author of The Goal, has
6 written extensively on the theory and practice of identifying and resolving core, chronic conflicts.
7. Good News: It Can Be Done
Bad News: You Can’t Do It Alone
64. The Prescriptive DevOps Cookbook
“DevOps Cookbook” Authors
Patrick DeBois, Mike Orzen,
John Willis
Goals
Codify how to start and finish
DevOps transformations
How does Development, IT
Operations and Infosec
become dependable partners
Describe in detail how to
replicate the transformations
describe in “When IT Fails: The
Novel”
66. The First Way:
Systems Thinking (Left To Right)
Never pass defects to downstream work centers
Never allow local optimization to create global
degradation
Increase flow: elevate bottlenecks, reduce WIP,
throttle release of work, reduce batch sizes
67. Definition: Agile Sprints
The basic unit of development in Agile Scrums,
typically between one week and one month
At the end of each sprint, team should have
potentially deliverable product
Aha Moment: shipping product implies not just code –
it’s the environment, too!
68
68. Help Dev And Ops Build Code And
Environments
Dev and Ops work together in Sprint 0 and 1 to
create code and environments
Create environment that Dev deploys into
Create downstream environments: QA, Staging,
Production
Create testable migration procedures from Dev all the
way to production
Integrate Infosec and QA into daily sprint
activities
69. The First Way:
Systems Thinking: Infosec
Get a seat at the table
DevOps programs are typically led by Dev, QA, IT
Operations and Product Management
Add value at every step in the flow of work
See the end-to-end value flow
Shorten and amplify feedback loops
Help break silos (e.g., server, networking, database)
70. The First Way:
Systems Thinking: Infosec Insurgency
Have infosec attend the daily Agile standups
Gain awareness of what the team is working on
Find the automated infrastructure project team
(e.g., puppet, chef)
Provide hardening guidance
Integrate and extend their production configuration
monitoring
Find where code packaging is performed
Integrate security testing pre- and post-deployment
Integrate into continuous integration and release
process
Add security test scripts to automated test library
71. The First Way:
Outcomes
Determinism in the release process
Continuation of the Agile and CI/CR processes
Creating single repository for code and environments
Packaging responsibility moves to development
Consistent Dev, QA, Int, and Staging environments, all
properly built before deployment begins
Decrease cycle time
Reduce deployment times from 6 hours to 45 minutes
Refactor deployment process that had 1300+ steps
spanning 4 weeks
Faster release cadence
73. The Second Way:
Amplify Feedback Loops (Right to Left)
Protect the integrity of the entire system of work,
versus completion of tasks
Expose visual data so everyone can see how
their decisions affect the entire system
75. Integrate Ops Into Dev
Embed Ops person into Dev structure
Describes non-functional requirements, use cases
and stories from Ops
Responsible for improving “quality at the source”
(e.g., reducing technical debt, fix known problems,
etc.)
Has special responsibility for pulling the Andon cord
76. Integrate Dev Into Ops
MobBrowser case study: “Waking up developers
at 3am is a great feedback loop: defects get
fixed very quickly”
Goal is to get Dev closer to the customer
Infosec can help determine when it’s too close (and
when SOD is a requirement)
77. Keep Shrinking Batch Sizes
Waterfall projects often have cycle time of one
year
Sprints have cycle time of 1 or 2 weeks
When IT Operations work is sufficiently fast and
cheap, we may decide to decouple deployments
from sprint boundaries (e.g., Kanbans)
79. The Second Way:
Amplify Feedback Loops: Infosec Insurgency
Extend criteria of what changes/deploys cannot be
made without triggering full retest
Create reusable Infosec use and abuse stories that
can be added to every project
“Handle peak traffic of 4MM users and constant 4-6
Gb/sec Anonymous DDoS attacks”
Integrate Infosec and IR into the Ops/Dev escalation
processes (e.g., RACI)
Pre-enable, shield streamline successful audits
Document separation of duty and compensating controls
Don’t let them disrupt the work
80. The Second Way:
Outcomes
Andon cords that stop the production line
Kanban to control work
Project freeze to reduce work in process
Eradicating “quick fixes” that circumvent the process
Ops user stories are part of the Agile planning
process
Better build and deployment systems
More stable environment
Happier and more productive staff
82. The Third Way:
Culture Of Continual Experimentation And
Learning
Foster a culture that rewards:
Experimentation (taking risks) and learning from
failure
Repetition is the prerequisite to mastery
Why?
You need a culture that keeps pushing into the danger
zone
And have the habits that enable you to survive in the
danger zone
83. Help IT Operations…
“The best way to avoid failure is
to fail constantly”
Harden the production
environment
Have scheduled drills to “crash
the data center”
Create your “chaos monkeys” to
introduce faults into the system
(e.g., randomly kill processes,
take out servers, etc.)
Rehearse and improve
responding to unplanned work
NetFlix: Hardened AWS service
StackOverflow
Amazon firedrills (Jesse Allspaw)
The Monkey (Mac)
86. The Third Way:
Culture Of Continual Experimentation And
Learning: Infosec
Add Infosec fixes to the Agile backlog
Make technical debt visible
Help prioritize work against features and other non-functional requirements
Weaponize the Security Monkey
Evil/Fuzzy/Chaotic Monkey
Eridicate SQLi and XSS defects in our lifetime
Let loose the Security Monkies and the Simian Army
Eliminate needless complexity
Become the standard bearer: 20% of Dev cycles spent on
non-functional requirements
Take work out of the system
Keep decreasing cycle time: it increases work that the system
can achieve
87. The Third Way:
Outcomes
15 minutes/daily spent on improving daily work
Continual reduction of unplanned work
More cycles for planned work
Projects completed to pay down technical debt and
increase flow
Elimination of needless complexity
More resilient code and environments
Balancing nimbleness and practiced repetition
Enabling wider range of risk/reward balance
91. Case Studies And Early Indicators
Almost every major Internet online services
company
VERACODE Rapid SaaS Fix Blog Post
http://www.veracode.com/blog/2012/01/vulnerability-
response-done-right/
Pervasive Monitoring
Analytics at LinkedIn viewed by CEO daily:
LinkedIn Engineering: “The Birth Of inGraphs: Eric
The Intern”
93. The Downward Spiral
Operations Sees… Dev Sees…
Fragile applications are prone to More urgent, date-driven projects
failure put into the queue
Long time required to figure out “which Even more fragile code (less
bit got flipped” secure) put into production
Detective control is a salesperson More releases have increasingly
“turbulent installs”
Too much time required to restore
service Release cycles lengthen to
amortize “cost of deployments”
Too much firefighting and unplanned
work Failing bigger deployments more
difficult to diagnose
Urgent security rework and
remediation Most senior and constrained IT
ops resources have less time to
Planned project work cannot complete fix underlying process problems
Frustrated customers leave Ever increasing backlog of work
Market share goes down that cold help the business win
Business misses Wall Street Ever increasing amount of
commitments tension between IT Ops,
Development, Design…
Business makes even larger promises
to Wall Street
These aren’t IT or Infosec problems…
These are business problems!
94. When IT Fails: The Novel and The DevOps
Cookbook
Coming in July 2012
“In the tradition of the best MBA case studies, this
book should be mandatory reading for business
and IT graduates alike.” -Paul Muller, VP
Software Marketing, Hewlett-Packard
“The greatest IT management book of our
Gene Kim, Tripwire founder,
generation.” –Branden Williams, CTO
Visible Ops co-author Marketing, RSA
95. When IT Fails: The Novel and The DevOps
Cookbook
Coming in July 2012
If you would like the “Top 10 Things You
Need To Know About DevOps,” sample
chapters and updates on the book:
Sign up at http://itrevolution.com
Gene Kim, Tripwire founder,
Email genek@realgenekim.me
Visible Ops co-author Give me your business card
96. To Join The Movement
Our goal is to affect the lives of one million IT
workers by 2017
If you would like the “Top 10 Things You Need To
Know About DevOps,” sample chapters and
updates on the book:
Sign up at http://itrevolution.com
Email genek@realgenekim.me
Give me your business card
99. Resources
From the IT Process Institute
www.itpi.org
Both Visible Ops Handbooks
ITPI IT Controls Performance Study
Rugged Software by Corman, et al:
http://ruggedsoftware.org
“Continuous Delivery: Reliable Software
Releases through Build, Test, and
Deployment Automation” by
Humble, Farley
Follow us…
@JoshCorman, @RealGeneKim
mailto:genek@realgenekim.me
http://realgenekim.me/blog
100. Common Traits of High Performers
Culture of…
Change management
Integration of IT operations/security via problem/change management
Processes that serve both organizational needs and business objectives
Highest rate of effective change
Causality
Highest service levels (MTTR, MTBF)
Highest first fix rate (unneeded rework)
Compliance and continual reduction of
operational variance
Production configurations
Highest level of pre-production staffing
Effective pre-production controls
Effective pairing of preventive and detective controls
Source: IT Process Institute
101. Visible Ops: Playbook of High Performers
The IT Process Institute has been
studying high-performing
organizations since 1999
What is common to all the high
performers?
What is different between them and
average and low performers?
How did they become great?
Answers have been codified in the
Visible Ops Methodology
The “Visible Ops Handbook” is
available from the ITPI
www.ITPI.org
102. IT Operations Increases Process Rigor
Standardize deployment
Standardize unplanned work: make it repeatable
Modify first response: ensure constrained
resources have all data at hand to diagnose
Elevate preventive activities to reduce incidents
103. Help Development…
Help them see downstream effects
Unplanned work comes at the expense of planned
work
Technical debt retards feature throughput
Environment matters as much as the code
Allocate time for fault modeling, asking “what
could go wrong?” and implementing
countermeasures
104. Help QA…
Ensure test plans cover not only code
functionality, but also:
Suitability of the environment the code runs in
The end-to-end deployment process
Help find variance…
Functionality, performance, configuration
Duration, wait time and handoff errors, rework, …
Editor's Notes
How each side Actively impedes the achievement of each other’s goals.
Who are they auditing? IT operations.I love IT operatoins. Why? Because when the developers screw up, the only people who can save the day are the IT operations people. Memory leak? No problem, we’ll do hourly reboots until you figure that out.Who here is from IT operations?Bad day:Not as prepared for the audit as they thoughtSpending 30% of their time scrambling, generating presentation for auditorsOr an outage, and the developer is adamant that they didn’t make the change – they’re saying, “it must be the security guys – they’re always causing outages”Or, there’s 50 systems behind the load balancer, and six systems are acting funny – what different, and who made them differentOr every server is like a snowflake, each having their own personalityWe as Tripwire practitioners can help them make sure changes are made visible, authorized, deployed completely and accurately, find differencesCreate and enforce a culture of change management and causality
Who’s introducing variance? Well, it’s often these guys. Show me a developer who isn’t causing an outage, I’ll show you one who is on vacation.Primary measurement is deploy features quickly – get to market.I’ve worked with two of the five largest Internet companies (Google, Microsoft, Yahoo, AOL, Amazon), and I now believe that the biggest differentiator to great time to market is great operations:Bad day: We do 6 weeks of testing, but deployment still fails. Why? QA environment doesn’t match productionOr there’s a failure in testing, and no one can agree whether it’s a code failure or an environment failureOr changes are made in QA, but no one wrote them down, so they didn’t get replicated downstream in productionBelieve it or not, we as Tripwire practitioners can even help them – make sure environments are available when we need them, that they’re properly configured correctly the first time, document all the changes, replicate them downstream
So who are all these constituencies that we can help, and increase our relevance as Tripwire practitioners and champions?How many people here are in infosec?Goal: protect critical systems and dataSafeguard organizational commitmentsPrevent security breaches, help quickly detect and recover from themBad day: no security standardsNo one is complyingYes, we’re 3 years behind. “Whaddyagonna do about it?”Vs. we (Tripwire owner) can become more relevant and add value by help infosec by leveraging all the configuration guidance out thereMeasure variance between produciton and those known good statesTrust and verify that when management says, we’ve trued up the configurations, they’ve actually done itWhy? Now, more than ever, there are an ever increasing amount of regulatory and contractual requirements to protect systems and data
Tell story of Amazon, Netflix: they care about, availability, securityIt’s not a push, it’s a pull – they’re looking for our help (#1 concern: fear of disintermediation and being marginalized)
At RSA 2009, Josh Corman, Jeff Williams, and David Rice were chatting at the Greylock cocktail party.
So software not only need
…fast, and…
…agile, but it also needs to be…
…rugged. Capable of withstanding…
…the harshest conditions…
…and most unfriendly environments…
[ text ] My personal goal is to prescriptively define 1) what does Dev need to do to become a reliable partner, 2) what does IT Operations need to do to become a realiable partner, and then 3) how do they work together to deliver unbelievable value to the business.Of course, the goal is more than happy coexistence. It’s to replicate the Etsy and LinkedIn stories:Increase the rate of features that we can put into production, while simultaneously maintaining the reliability, stability, security and survivability of the production environment.
This story is about how Bill, the thoughtful and methodical VP IT Operations, who saves some of the largest problems of the company. It’s a story about a Visible Ops and DevOps style transformation. It’s how Bill saves the company, helping it achieves their project goals, operational goals, security and compliance goals.And Steve the CEO realizes that Bill, the lowly VP of IT Operations, is the person who saved the company.
How each side Actively impedes the achievement of each other’s goals.