Shift Left: Puppet + CloudPassage = New Approach to Securing DevOps
•Download as PPTX, PDF•
0 likes•131 views
Date held: Wednesday, 15 November 2017 It’s time for a new approach to securing DevOps. Puppet and CloudPassage have teamed up to bring you a solution that automates security and compliance in any infrastructure—at any scale—that eliminates the security bottleneck. Join us to learn how the Puppet module for CloudPassage Halo helps your security teams keep pace with the demands of the modern, agile enterprise.
Report
Share
Report
Share
Recommended
Secure your Azure and DevOps in a smart way
Victoria Almazova, Cloud Security Architect, Microsoft
Azure provides a set of security and governance controls to ensure that your environment is secure and complaint. Learn how to implement security on the subscription level, develop your applications securely, securely deploy, periodically scan production for compliance and security, and get a single security dashboard.
DevOps & DevSecOps in Swiss Banking
This document discusses DevSecOps principles for banks and financial institutions. It introduces DevSecOps as an evolution from DevOps that incorporates security practices like risk assessments, security testing, and compliance monitoring directly into the development lifecycle. The presentation outlines key DevSecOps principles like establishing security requirements upfront, implementing controls like access management and logging, and conducting continuous security testing. It provides an example of a Swiss bank that uses Kubernetes, Docker, and security tools from VSHN to operationalize DevSecOps and improve governance.
Microsoft DevOps Forum 2021 – DevOps & Security
This document discusses implementing DevSecOps practices for small teams and organizations. It begins by noting that while DevOps is widely adopted, DevSecOps practices are less well-known and implemented. It then outlines some common security issues seen at clients and provides demos of implementing quick security wins through the DevOps cycle like enabling code scanning and ensuring secure code, runtimes, and monitoring. The document advocates starting small with security and integrating practices throughout the development lifecycle.
Keynote: Puppet camp compliance
This document discusses how organizations can move from a reactive approach to compliance to a proactive approach using automation. It notes that over 50% of CIOs cite security and compliance as a barrier to IT modernization. Puppet offers an end-to-end compliance solution that allows organizations to automatically eliminate configuration drift, enforce compliance at scale across operating systems and environments, and define policy as code. The solution helps organizations improve compliance from 50% to over 90% compliant. The document argues that taking a proactive automation approach to compliance can turn it into a competitive advantage by improving speed and innovation.
Why Serverless is scary without DevSecOps and Observability
This document discusses the security challenges of serverless computing without proper DevSecOps practices and observability. It notes that serverless applications are often seen as more secure since the cloud provider manages the infrastructure, but they can still be vulnerable to events, libraries, and code issues. The document recommends implementing DevSecOps with a focus on permissions, security analysis, public scrutiny of practices, and crowdsourcing security through bug bounties and hackathons. It also stresses the importance of observability tools to monitor serverless applications and catch issues.
Painless DevSecOps: Building Security Into Your DevOps Pipeline
This document discusses building security into DevOps pipelines using Tasktop Integration Hub to connect security vulnerabilities and defects across tools. It introduces the speaker and describes how Tasktop enables bidirectional artifact flow and reporting across lifecycle tools while maintaining relationships. A demo then shows synchronization between a security scanning and test management tool.
Why You Should Implement DevSecOps Approach?
DevSecOps represents development, security, and operation. DevSecOps aims to embed the security process within the DevOps process. The objective of DevSecOps is to embrace a "security as code" culture within the ongoing flexible collaboration between security teams and release engineers.
3 Steps to Expand DevOps and Automation Throughout the Enterprise
For many organizations, the transition to DevOps starts small, often with a single team delivering new innovation — typically writing the tool chain as well as the application. This creates pockets of success, but reaping the full benefits of a DevOps practice means replicating these practices enterprise-wide. Not an easy task.
Through its research, Forrester has identified 3 key steps for breaking down organizational silos and implementing a widespread DevOps initiative. In this on-demand webinar, guest speaker Robert Stroud, principal analyst at Forrester, joins Puppet for a webinar to share these practices and explore:
• Trends in DevOps adoption — how many companies really have it figured out, which industries are leading the charge, and where do you fit in?
• The role of senior leaders in a DevOps initiative, and why transformation is in their best interest.
• How infrastructure automation and configuration management solutions lay the foundation for DevOps practices.
• How to select the right tools to support your DevOps transformation.
Recommended
Secure your Azure and DevOps in a smart way
Victoria Almazova, Cloud Security Architect, Microsoft
Azure provides a set of security and governance controls to ensure that your environment is secure and complaint. Learn how to implement security on the subscription level, develop your applications securely, securely deploy, periodically scan production for compliance and security, and get a single security dashboard.
DevOps & DevSecOps in Swiss Banking
This document discusses DevSecOps principles for banks and financial institutions. It introduces DevSecOps as an evolution from DevOps that incorporates security practices like risk assessments, security testing, and compliance monitoring directly into the development lifecycle. The presentation outlines key DevSecOps principles like establishing security requirements upfront, implementing controls like access management and logging, and conducting continuous security testing. It provides an example of a Swiss bank that uses Kubernetes, Docker, and security tools from VSHN to operationalize DevSecOps and improve governance.
Microsoft DevOps Forum 2021 – DevOps & Security
This document discusses implementing DevSecOps practices for small teams and organizations. It begins by noting that while DevOps is widely adopted, DevSecOps practices are less well-known and implemented. It then outlines some common security issues seen at clients and provides demos of implementing quick security wins through the DevOps cycle like enabling code scanning and ensuring secure code, runtimes, and monitoring. The document advocates starting small with security and integrating practices throughout the development lifecycle.
Keynote: Puppet camp compliance
This document discusses how organizations can move from a reactive approach to compliance to a proactive approach using automation. It notes that over 50% of CIOs cite security and compliance as a barrier to IT modernization. Puppet offers an end-to-end compliance solution that allows organizations to automatically eliminate configuration drift, enforce compliance at scale across operating systems and environments, and define policy as code. The solution helps organizations improve compliance from 50% to over 90% compliant. The document argues that taking a proactive automation approach to compliance can turn it into a competitive advantage by improving speed and innovation.
Why Serverless is scary without DevSecOps and Observability
This document discusses the security challenges of serverless computing without proper DevSecOps practices and observability. It notes that serverless applications are often seen as more secure since the cloud provider manages the infrastructure, but they can still be vulnerable to events, libraries, and code issues. The document recommends implementing DevSecOps with a focus on permissions, security analysis, public scrutiny of practices, and crowdsourcing security through bug bounties and hackathons. It also stresses the importance of observability tools to monitor serverless applications and catch issues.
Painless DevSecOps: Building Security Into Your DevOps Pipeline
This document discusses building security into DevOps pipelines using Tasktop Integration Hub to connect security vulnerabilities and defects across tools. It introduces the speaker and describes how Tasktop enables bidirectional artifact flow and reporting across lifecycle tools while maintaining relationships. A demo then shows synchronization between a security scanning and test management tool.
Why You Should Implement DevSecOps Approach?
DevSecOps represents development, security, and operation. DevSecOps aims to embed the security process within the DevOps process. The objective of DevSecOps is to embrace a "security as code" culture within the ongoing flexible collaboration between security teams and release engineers.
3 Steps to Expand DevOps and Automation Throughout the Enterprise
For many organizations, the transition to DevOps starts small, often with a single team delivering new innovation — typically writing the tool chain as well as the application. This creates pockets of success, but reaping the full benefits of a DevOps practice means replicating these practices enterprise-wide. Not an easy task.
Through its research, Forrester has identified 3 key steps for breaking down organizational silos and implementing a widespread DevOps initiative. In this on-demand webinar, guest speaker Robert Stroud, principal analyst at Forrester, joins Puppet for a webinar to share these practices and explore:
• Trends in DevOps adoption — how many companies really have it figured out, which industries are leading the charge, and where do you fit in?
• The role of senior leaders in a DevOps initiative, and why transformation is in their best interest.
• How infrastructure automation and configuration management solutions lay the foundation for DevOps practices.
• How to select the right tools to support your DevOps transformation.
Why You Should Implement DevSecOps Approach?
DevSecOps aims to embed security processes within DevOps by embracing a culture of "security as code" through ongoing collaboration between security and development teams. It focuses on creating Agile solutions for integrating security best practices into complex software development. The goal is to bridge traditional gaps between security and IT teams to ensure safe and fast code delivery. A DevSecOps approach comprises six components: code analysis, change management, compliance monitoring, threat investigation, vulnerability assessment, and security training.
The Challenges of Scaling DevSecOps
Organizations enjoy the speed that DevOps brings to development and delivery. However, most security and compliance monitoring tools have not been able to keep up, becoming the most significant barrier to continuous delivery.
Now some good news: you can easily integrate security into your existing processes to solve this challenge.
In this session, Shiri Ivtsan, Senior Product Manager at WhiteSource, will discuss:
- Leveraging the DevSecOps approach to help speed up security
- Scaling security into your agile processes
- 5 easy ways to start driving DevSecOps in your organization
Devops
DevOps is a software development approach that aims to shorten the systems development life cycle and provide continuous delivery with high software quality. It focuses on collaboration between development and operations teams. Key aspects of DevOps include automation of the software delivery process through tools like Docker and Jenkins, continuous integration and deployment, and monitoring of applications in production. While DevOps can improve speed and collaboration, security challenges arise from development teams prioritizing speed over security and keeping up with the fast pace of changes. Adopting DevSecOps practices like automation, clear security policies, and vulnerability management can help integrate security into the DevOps process.
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements.
However, taking into consideration the fact that recent years have seen an upsurge in reported open-source vulnerabilities, whose details and exploits are publicly available, it's no wonder that organizations are increasingly directing focus towards ensuring that their open-source components are securely integrated into their software.
Join Guy Bar-Gil, Product Manager at WhiteSource, as he discusses:
1. The four layers of open-source security
2. How to integrate continuous security into your SDLC
3. Best practices for organizations to own and execute the security process
PIACERE - DevSecOps Automated
This document summarizes the PIACERE project, which aims to integrate security into DevSecOps processes. It receives funding from the EU Horizon 2020 program. The project develops tools like the DevSecOps Modeling Language (DOML) and Verification Tool to integrate security principles into infrastructure modeling and deployment. It also includes a Canary Sandbox Environment for testing deployments and an Infrastructure Optimization Platform for optimizing cloud resources. The overall goal is to provide a unified platform for secure, automated deployment to multiple clouds.
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018
Learn about how the Chef Automate platform helps enable security, audit, and compliance staff to become engaged in DevOps activities early on by performing infrastructure compliance validation as part of the initial development cycles.
DevOps Masterclass Bundle
Everything you need to learn about DevOps, automation and cloud computing in one place. From theoretical to practical, this bundle has got your covered!
Benefits of DevSecOps
Brief of benefits of DevSecOps
DevSecOps = Security +DevOps
DevSecOps = New culture + new skills + automation
Kim van Wilgen - Continuous security - Codemotion Rome 2019
Delivering small and fast means we are more frequently introducing new vulnerabilities. We're facing new threats that come from cloud computing and the internet of things.Traditional cycles of pentests and code reviews are not keeping up. DevSecOps focuses on integrating security in our processes and teams. Automate first and fail fast will help build security in, and will also support the growth of awareness in the teams. Kim will show the practical lessons learned from her journey. Get an overview of the current continuous security landscape and the practical insights and pitfalls.
How to choose tools for DevOps
With an ever-increasing array of tools and technologies claiming to 'enable DevOps', how do we know which tools to try or to choose? In-house, open source, or commercial? Ruby or shell? Dedicated or plugins? It transpires that highly collaborative practices such as DevOps and Continuous Delivery require new ways of assessing tools and technologies in order to avoid creating new silos. Matthew Skelton shares his recent experience of helping many different organisations to evaluate and select tools to facilitate DevOps; the recommendations may surprise you.
Slides from Unicom DevOps Summit, 26th June 2014, London
10 things to get right for successful dev secops
This document discusses 10 things that are important to get right for successful DevSecOps implementation. It recommends that security testing be integrated seamlessly into the development process without disrupting developers. It also advises focusing first on identifying and fixing known critical vulnerabilities in libraries and components before custom code, and accepting that not all vulnerabilities can be eliminated. Developers should receive basic secure coding training without being expected to become security experts. The overall goal is to make security processes transparent to developers in order to balance security and speed of development.
Practical DevSecOps Course - Part 1
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
KGI compliance as-code approach
This document discusses Kinney Group's Puppet compliance framework for automating STIG compliance and reporting. It notes that customers often implement compliance Puppet code poorly or lack appropriate Puppet knowledge. The framework aims to standardize compliance modules that are data-driven and customizable. It addresses challenges like conflicting modules and keeping compliance current after implementation. The framework generates automated STIG checklists and plans future integration with Puppet Enterprise and Splunk for continued compliance reporting. Kinney Group cites practical experience implementing the framework for various military and government customers.
DevOps - Why 50 deploys per day is essential
Organizations such as Flickr, Etsy and Amazon are deploying application updates multiple times per day, some even every hour. But why? In this session we will discuss lessons learned by the CD and DevOps leaders, what it takes to accomplish this, how to get started and why enterprises do need to consider a multi-release/day strategy.
DevSecOps 101
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
Making Security Agile - Oleg Gryb
This document discusses challenges with integrating security into agile development processes and proposes solutions. It notes that traditional security approaches like threat modeling and penetration testing don't work well in agile environments with short release cycles. The document recommends automating security scans and tests to run with each code change. It also suggests integrating security findings into existing bug tracking tools to streamline remediation. The overall goal is to make security practices more agile and collaborative to improve cycle times for fixing issues.
Barriers to Container Security and How to Overcome Them
Over the past few years, more and more companies are turning to containerized environments to scale their applications.
However, keeping containers secure throughout the development life cycle presents many challenges to security and development teams. In order to address them, organizations need to adopt a new set of security processes and tools.
This session will focus on the three most vulnerable areas of container security and the best practices to help teams develop and deploy securely.
Join Jeffrey Martin, Senior Director of Product at WhiteSource, as he discusses:
The top challenges to security in containerized environments
How DevSecOps addresses security in containerized environments
Tips and tricks for successfully incorporating security into the container lifecycle
Enterprise DevOps
This document discusses the DevOps lifecycle and practices for improving software development and delivery. It outlines several DevOps models including WebOps, NoOps, and Enterprise DevOps. Key challenges discussed include long release cycles, lack of visibility, inconsistent incident tracking. Solutions proposed are reducing mean time to detect and repair issues through improved monitoring, diagnostics, and integration between development and operations teams. Continuous learning is also emphasized to prioritize investments based on data from customer usage and application health.
ScrumPulse Scaling Professional Scrum with Visual Studio Team Services
The event was recorded, and has been published as “Scaling Professional Scrum with Visual Studio Team Services” on the Scrum.org YouTube channel. We also have published the slides for you as well.
Find out what's new at Puppet - products, programs, and more!
This document provides an overview and agenda for an event on automation for the modern enterprise from Puppet. It discusses Puppet's products like Puppet Discovery, Puppet Enterprise, and Puppet Pipelines which help customers manage infrastructure at scale across development and operations teams. It also mentions new partnerships, integrations, and opportunities for partners through training and increased payouts for registering deals.
Automate Cloud and Application Security Deployments with Barracuda and Puppet...
Automate Cloud and Application Security Deployments with Barracuda and Puppet...Claire Priester Papas
This document discusses automating cloud and application security deployments with Barracuda and Puppet. It provides an agenda that covers DevSecOps, why automation matters, and a Q&A. Barracuda provides security solutions that can be automated with Puppet to provision, configure, and manage infrastructure and applications. The webinar highlights how Puppet supports cloud deployment best practices and security controls to enable DevSecOps workflows that move fast while staying secure.Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...
Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...Claire Priester Papas
Puppet is Talking Tech, and we’re inviting you to join us!
In our new webinar series, we’ll host discussions about exciting technology solutions that are driving the industry forward. Our technology experts will dive deep into topics that matter and will bring customers, partners and other leaders to the table to give you answers to your technology questions. Today - we pres
Delivering Infrastructure and Security Policy as Code with Puppet and CyberArk Conjur
Date: Wednesday, 8 November 2017
Time: 8:00 - 9:00 a.m. PT
Safeguard secrets and deliver applications faster
Puppet empowers organizations to rapidly deliver value by enabling infrastructure-as-code. Learn how CyberArk Conjur delivers security-policy-as-code, enables your organization to provide better security, and increases developer and operations autonomy. Join us and learn how to automatically apply secrets-management best practices to the DevOps toolchain using Puppet Enterprise and CyberArk Conjur.More Related Content
What's hot
Why You Should Implement DevSecOps Approach?
DevSecOps aims to embed security processes within DevOps by embracing a culture of "security as code" through ongoing collaboration between security and development teams. It focuses on creating Agile solutions for integrating security best practices into complex software development. The goal is to bridge traditional gaps between security and IT teams to ensure safe and fast code delivery. A DevSecOps approach comprises six components: code analysis, change management, compliance monitoring, threat investigation, vulnerability assessment, and security training.
The Challenges of Scaling DevSecOps
Organizations enjoy the speed that DevOps brings to development and delivery. However, most security and compliance monitoring tools have not been able to keep up, becoming the most significant barrier to continuous delivery.
Now some good news: you can easily integrate security into your existing processes to solve this challenge.
In this session, Shiri Ivtsan, Senior Product Manager at WhiteSource, will discuss:
- Leveraging the DevSecOps approach to help speed up security
- Scaling security into your agile processes
- 5 easy ways to start driving DevSecOps in your organization
Devops
DevOps is a software development approach that aims to shorten the systems development life cycle and provide continuous delivery with high software quality. It focuses on collaboration between development and operations teams. Key aspects of DevOps include automation of the software delivery process through tools like Docker and Jenkins, continuous integration and deployment, and monitoring of applications in production. While DevOps can improve speed and collaboration, security challenges arise from development teams prioritizing speed over security and keeping up with the fast pace of changes. Adopting DevSecOps practices like automation, clear security policies, and vulnerability management can help integrate security into the DevOps process.
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements.
However, taking into consideration the fact that recent years have seen an upsurge in reported open-source vulnerabilities, whose details and exploits are publicly available, it's no wonder that organizations are increasingly directing focus towards ensuring that their open-source components are securely integrated into their software.
Join Guy Bar-Gil, Product Manager at WhiteSource, as he discusses:
1. The four layers of open-source security
2. How to integrate continuous security into your SDLC
3. Best practices for organizations to own and execute the security process
PIACERE - DevSecOps Automated
This document summarizes the PIACERE project, which aims to integrate security into DevSecOps processes. It receives funding from the EU Horizon 2020 program. The project develops tools like the DevSecOps Modeling Language (DOML) and Verification Tool to integrate security principles into infrastructure modeling and deployment. It also includes a Canary Sandbox Environment for testing deployments and an Infrastructure Optimization Platform for optimizing cloud resources. The overall goal is to provide a unified platform for secure, automated deployment to multiple clouds.
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018
Learn about how the Chef Automate platform helps enable security, audit, and compliance staff to become engaged in DevOps activities early on by performing infrastructure compliance validation as part of the initial development cycles.
DevOps Masterclass Bundle
Everything you need to learn about DevOps, automation and cloud computing in one place. From theoretical to practical, this bundle has got your covered!
Benefits of DevSecOps
Brief of benefits of DevSecOps
DevSecOps = Security +DevOps
DevSecOps = New culture + new skills + automation
Kim van Wilgen - Continuous security - Codemotion Rome 2019
Delivering small and fast means we are more frequently introducing new vulnerabilities. We're facing new threats that come from cloud computing and the internet of things.Traditional cycles of pentests and code reviews are not keeping up. DevSecOps focuses on integrating security in our processes and teams. Automate first and fail fast will help build security in, and will also support the growth of awareness in the teams. Kim will show the practical lessons learned from her journey. Get an overview of the current continuous security landscape and the practical insights and pitfalls.
How to choose tools for DevOps
With an ever-increasing array of tools and technologies claiming to 'enable DevOps', how do we know which tools to try or to choose? In-house, open source, or commercial? Ruby or shell? Dedicated or plugins? It transpires that highly collaborative practices such as DevOps and Continuous Delivery require new ways of assessing tools and technologies in order to avoid creating new silos. Matthew Skelton shares his recent experience of helping many different organisations to evaluate and select tools to facilitate DevOps; the recommendations may surprise you.
Slides from Unicom DevOps Summit, 26th June 2014, London
10 things to get right for successful dev secops
This document discusses 10 things that are important to get right for successful DevSecOps implementation. It recommends that security testing be integrated seamlessly into the development process without disrupting developers. It also advises focusing first on identifying and fixing known critical vulnerabilities in libraries and components before custom code, and accepting that not all vulnerabilities can be eliminated. Developers should receive basic secure coding training without being expected to become security experts. The overall goal is to make security processes transparent to developers in order to balance security and speed of development.
Practical DevSecOps Course - Part 1
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
KGI compliance as-code approach
This document discusses Kinney Group's Puppet compliance framework for automating STIG compliance and reporting. It notes that customers often implement compliance Puppet code poorly or lack appropriate Puppet knowledge. The framework aims to standardize compliance modules that are data-driven and customizable. It addresses challenges like conflicting modules and keeping compliance current after implementation. The framework generates automated STIG checklists and plans future integration with Puppet Enterprise and Splunk for continued compliance reporting. Kinney Group cites practical experience implementing the framework for various military and government customers.
DevOps - Why 50 deploys per day is essential
Organizations such as Flickr, Etsy and Amazon are deploying application updates multiple times per day, some even every hour. But why? In this session we will discuss lessons learned by the CD and DevOps leaders, what it takes to accomplish this, how to get started and why enterprises do need to consider a multi-release/day strategy.
DevSecOps 101
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
Making Security Agile - Oleg Gryb
This document discusses challenges with integrating security into agile development processes and proposes solutions. It notes that traditional security approaches like threat modeling and penetration testing don't work well in agile environments with short release cycles. The document recommends automating security scans and tests to run with each code change. It also suggests integrating security findings into existing bug tracking tools to streamline remediation. The overall goal is to make security practices more agile and collaborative to improve cycle times for fixing issues.
Barriers to Container Security and How to Overcome Them
Over the past few years, more and more companies are turning to containerized environments to scale their applications.
However, keeping containers secure throughout the development life cycle presents many challenges to security and development teams. In order to address them, organizations need to adopt a new set of security processes and tools.
This session will focus on the three most vulnerable areas of container security and the best practices to help teams develop and deploy securely.
Join Jeffrey Martin, Senior Director of Product at WhiteSource, as he discusses:
The top challenges to security in containerized environments
How DevSecOps addresses security in containerized environments
Tips and tricks for successfully incorporating security into the container lifecycle
Enterprise DevOps
This document discusses the DevOps lifecycle and practices for improving software development and delivery. It outlines several DevOps models including WebOps, NoOps, and Enterprise DevOps. Key challenges discussed include long release cycles, lack of visibility, inconsistent incident tracking. Solutions proposed are reducing mean time to detect and repair issues through improved monitoring, diagnostics, and integration between development and operations teams. Continuous learning is also emphasized to prioritize investments based on data from customer usage and application health.
ScrumPulse Scaling Professional Scrum with Visual Studio Team Services
The event was recorded, and has been published as “Scaling Professional Scrum with Visual Studio Team Services” on the Scrum.org YouTube channel. We also have published the slides for you as well.
Find out what's new at Puppet - products, programs, and more!
This document provides an overview and agenda for an event on automation for the modern enterprise from Puppet. It discusses Puppet's products like Puppet Discovery, Puppet Enterprise, and Puppet Pipelines which help customers manage infrastructure at scale across development and operations teams. It also mentions new partnerships, integrations, and opportunities for partners through training and increased payouts for registering deals.
What's hot (20)
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure Culture
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018
Kim van Wilgen - Continuous security - Codemotion Rome 2019
Kim van Wilgen - Continuous security - Codemotion Rome 2019
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
ScrumPulse Scaling Professional Scrum with Visual Studio Team Services
ScrumPulse Scaling Professional Scrum with Visual Studio Team Services
Find out what's new at Puppet - products, programs, and more!
Find out what's new at Puppet - products, programs, and more!
Similar to Shift Left: Puppet + CloudPassage = New Approach to Securing DevOps
Automate Cloud and Application Security Deployments with Barracuda and Puppet...
Automate Cloud and Application Security Deployments with Barracuda and Puppet...Claire Priester Papas
This document discusses automating cloud and application security deployments with Barracuda and Puppet. It provides an agenda that covers DevSecOps, why automation matters, and a Q&A. Barracuda provides security solutions that can be automated with Puppet to provision, configure, and manage infrastructure and applications. The webinar highlights how Puppet supports cloud deployment best practices and security controls to enable DevSecOps workflows that move fast while staying secure.Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...
Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...Claire Priester Papas
Puppet is Talking Tech, and we’re inviting you to join us!
In our new webinar series, we’ll host discussions about exciting technology solutions that are driving the industry forward. Our technology experts will dive deep into topics that matter and will bring customers, partners and other leaders to the table to give you answers to your technology questions. Today - we pres
Delivering Infrastructure and Security Policy as Code with Puppet and CyberArk Conjur
Date: Wednesday, 8 November 2017
Time: 8:00 - 9:00 a.m. PT
Safeguard secrets and deliver applications faster
Puppet empowers organizations to rapidly deliver value by enabling infrastructure-as-code. Learn how CyberArk Conjur delivers security-policy-as-code, enables your organization to provide better security, and increases developer and operations autonomy. Join us and learn how to automatically apply secrets-management best practices to the DevOps toolchain using Puppet Enterprise and CyberArk Conjur.Delivering Enterprise-Grade Cloud Automation with Puppet and AHEAD
Talking Tech: Puppet & AHEAD
Build your DevOps pipelines with speed, flexibility and security
Our Talking Tech webinar with AHEAD has been rescheduled for Thursday, 13 September. We hope you can join us!
In this webinar, we will highlight how to successfully deliver a holistic approach to IT Infrastructure with an emphasis on speed, simplicity and security. Together AHEAD and Puppet will discuss the challenges that arise when transforming how and where you run your infrastructure and applications. With AHEAD’s Enterprise Cloud Delivery Framework, and Puppet’s automation platform that offers greater agility and faster provisioning, customers can feel confident they have the right security and tooling in place for their application and infrastructure deployments.
DevOps for Defenders in the Enterprise
The document discusses how DevOps, security, and information security practices can integrate. It argues that Agile, DevOps, and continuous delivery approaches optimize for delivering value quickly by addressing perceptions of what is probable. Information security has traditionally been separate but can now integrate into the software development pipeline to provide value. Automating security testing and integrating it into build pipelines allows information security to catch up to modern software development practices.
Intro to Puppet Enterprise 06.28.2017
If you're new to Puppet Enterprise, this is the webinar for you.
You'll learn why thousands of companies rely on Puppet to automate the delivery and operation of their software, and see it in action with a live demo.
We cover how to use Puppet Enterprise to:
- Gain situational awareness and drive change with confidence
- Orchestrate changes to infrastructure and applications
- Continually enforce your desired state and remediate any unexpected changes
- Get real-time visibility and reporting to prove compliance
Intro to Puppet Enterprise for a Windows Environment - 08.23
If you're new to Puppet Enterprise, this is the on-demand webinar for you. You'll learn how Puppet helps lay the foundation for your DevOps practices, treat infrastructure as code, and achieve better collaboration between dev, ops, InfoSec, and networking.
You'll see why thousands of companies rely on Puppet to automate the delivery and operation of their software and see it in action with a live demo.
In this recording we will show you the following in a Windows environment:
- Installation of an agent
- Managing resources (packages, files, services, etc.)
- Granular visibility through reporting
- Managing change for more efficient workflows
Api gitlab: configurazione dei progetti as a service
API Gitlab, risparmia tempo nella configurazione dei progetti.
Emerasoft presenta il primo meetup in italiano su Gitlab - 30 minuti - in cui ci focalizzeremo sull'utilizzo delle API per la configurazione dei progetti Gitlab.
Sabrina presenterà l'applicazione Web Gitlab raccontando la nostra esperienza nella configurazione di nuovi progetti utilizzando l'API Gitlab.
Agenda:
- Gitlab Intro
- Funzionalità dell'ultima versione
- Caso d'uso su API Gitlab (Utenti, Gruppi, Progetti)
Vuoi saperne di più?
Unisciti al Gitlab Meetup Milano: https://www.meetup.com/it-IT/Gitlab-Meetup-Milano/ o scrivici all'indirizzo gitlab@emerasoft.com
Introduction to Puppet Enterprise
The document provides an introduction to Puppet Enterprise, an automation platform. It discusses:
- Puppet's workflow using classic and direct modes to define configurations with code and enforce them on nodes
- Modeling server configurations with resources and defining relationships between them
- How Puppet can automate infrastructure provisioning, application deployment, and ensure security and compliance across devices
- Customer examples demonstrating how Puppet allows faster deployment and savings of over $1 million.
Microsoft Skills Bootcamp - The power of GitHub and Azure
In this session, part of the Microsoft Skills Bootcamp, I go through Digital Transformation in the DevOps era, and how to use Azure DevOps and GitHub together to achieve that.
Intro to Puppet Enterprise Webinar 07.27.2017
This document provides an introduction and overview of Puppet Enterprise. It begins with an agenda for the meeting and introductions of the speakers. It then discusses challenges organizations face with digital transformation, DevOps initiatives, and other trends. The core of Puppet Enterprise is to define configurations once and automate them endlessly across all environments. It allows organizations to know what they have, control and enforce consistency, secure and ensure compliance, and modernize infrastructure. Puppet Enterprise provides capabilities for defining and deploying policies, continuously monitoring for drift, and gaining visibility to prove compliance. It delivers significant benefits and results for customers such as increased deployment speed, fewer outages, and reduced security fix time. The document concludes by discussing where to start
we45 SecDevOps Presentation - ISACA Chennai
Abhay Bhargav, the CTO of we45 spoke to ISACA Chennai on how DevOps security practices must be leveraged to secure Hyper-Scale Cloud Applications.
Devops Engineer E-Degree In Just 3 Months
A Specialized Degree to Learn Devops from scratch & become a Master in Just 3 months. 6+ courses, Webinars, Mentors, support & Lot more
Checkpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training designed comprehensive technical course with IT professionals. Get Best Checkpoint Firewall Online course at Global Trainings.
For more details contact us @: +91 40 6050 1418
CHECKPOINT FIREWALL ONLINE TRAINING COURSE CONTENT
INTRODUCTION ABOUT THE CHECKPOINT FIREWALL TRAINING
Introduction to the Checkpoint firewall
Modular nature of the Checkpoint firewall
Functionalities of the Management
The FW-1 & GUI modules
CHECKPOINT INSTALLATION TYPES
The Hardware platform
Checkpoint Rule base concepts – Checkpoint Firewall Training
The IP spoofing
INSTALLATION OF THE CHECKPOINT ON SPLAT
Initial configuration of the Splat
Web access to the Checkpoint-Checkpoint Firewall Training
Download & Installation of smart console
ACCESSING THE CHECKPOINT THROUGH SMARTDASHBOARD
Checkpoint objects description
Anti-spoofing configuration-Checkpoint Firewall Training
NAT Configuration
FILTER CONFIGURATION
The URL Filtering
The Antivirus inspection
Content Analysis
CHECKPOINT FIREWALL TRAINING USER AUTHENTICATION
The User Authentication
The Session Authentication
The Client Authentication
IPSEC VPN
DevOps CTO Masterclass | Webinar Oct. 2020
This DevOps CTO Masterclass covers DevOps tools, methodologies, and principles. The presentation introduces DevOps and its history, then discusses when DevOps is needed through a case study of a company that implemented DevOps to improve their development process. The remainder of the presentation covers DevOps practices for various stages including planning, coding, building, testing, deploying, operating, and monitoring. Key takeaways are to plan and communicate, automate processes, and continuously improve.
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
More details here - https://www.practical-devsecops.com/
Puppet plugin for vRealize Automation (vRA)
By combining VMware vRealize Automation (vRA) with Puppet Enterprise, your timeline for provisioning new production-ready servers or deploying applications can be shrunk down from weeks to minutes!
Watch this live demonstration of the new Puppet plugin for vRealize Automation (vRA) by our Puppet and VMware subject matter expert.
We will explore the importance of how vRA integrates with Puppet Enterprise, so you can use Puppet to build multi-tier stacks with one click deploys from the vRA catalog.
AWS live hack: Atlassian + Snyk OSS on AWS
The document discusses securing modern applications in AWS. It begins with an overview of the risk profile of modern applications, noting that they often incorporate a large amount of open source code and are deployed rapidly using containers and infrastructure as code. It then demonstrates how to "live hack" an application running on AWS. Next, it discusses how Snyk can help prevent such exploits by empowering developers, automating fixes, and providing security throughout the entire codebase. It also outlines additional security practices like minimizing container footprints, using secrets safely, and implementing network policies. Finally, it promotes attending additional security sessions and provides references for further reading.
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
In a joint webinar with Traefik Labs, we show how Traefik Hub, a SaaS-based cloud native networking platform, helps you publish your containers securely in seconds with tunnels, OIDC authentication and automated TLS certificate management. And, how you can combine that with Weave GitOps to achieve continuous application delivery using progressive delivery strategies for risk-free and reliable deployments.
Security is key, so we showcase multi-tenancy for full RBAC across the different deployment stages, and trusted delivery best practices for continuous security and compliance baked in.
Learn how:
- To utilize canary deployments for reliable and risk-free application deployments.
- GitOps lets you automate and secure the publishing of containers at the edge consistently.
- Easy it is to deploy, update and manage your application workloads on Kubernetes.
- To publish containers securely using tunnels, OIDC authentication and TLS certificate management.
DevOps 101 - Moving Fast with Confidence
Since the term “DevOps” was coined nearly a decade ago, organizations have strived to embrace the concept as a way to increase agility and speed. Yet, after years of experiments and pilots, DevOps has often failed to live up to grand expectations. For many organizations, the seemingly simple concepts of collaboration and transparency are challenging in practice.
In this webinar, Donnie Berkholz, DevOps Research Director at 451 Research, shared what successful DevOps looks like and how new collaboration models and technologies can aid in your efforts to adopt this software development methodology.
View the full webinar here: https://newrelic.com/resources/webinar/DevOps-101-170315
Global DevOps BootCamp
This document announces a Global DevOps Bootcamp event with hands-on challenges related to DevOps. It will take place at 73 venues worldwide with 8,000 tickets available. The agenda includes introductions to DevOps, Azure CLI, continuous integration, and demonstrations. DevOps is presented as an approach combining development, testing, and operations to enable continuous delivery. Traditional and modern IT approaches are compared. The document also outlines DevOps principles, practices, automation, containers, and serverless computing.
Similar to Shift Left: Puppet + CloudPassage = New Approach to Securing DevOps (20)
Automate Cloud and Application Security Deployments with Barracuda and Puppet...
Automate Cloud and Application Security Deployments with Barracuda and Puppet...
Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...
Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...
Delivering Enterprise-Grade Cloud Automation with Puppet and AHEAD
Delivering Enterprise-Grade Cloud Automation with Puppet and AHEAD
Intro to Puppet Enterprise for a Windows Environment - 08.23
Intro to Puppet Enterprise for a Windows Environment - 08.23
Api gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a service
Microsoft Skills Bootcamp - The power of GitHub and Azure
Microsoft Skills Bootcamp - The power of GitHub and Azure
Checkpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online Course
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
More from Claire Priester Papas
Critical Considerations for Continuous Delivery 04.09.2018
Get on the path to continuous delivery
While there are plenty of resources and tools to begin tinkering with automated software delivery and application release automation, what makes the difference between delivering software infrequently vs. on-demand? Watch now to learn three key considerations you should make if you’re serious about continuous delivery.
In this webinar, we’ll discuss:
(Finally) moving to an agile practice: More than an industry buzzword, agile development practices are crucial to unlocking the full potential of continuous delivery while offering a means to benchmark progress.
How to get full control and visibility into the software delivery pipeline: When teams spend less time manually pushing software out, they can assess and address process pains and obstacles.
Why standardizing your software delivery process and toolchain is critical: Silos exist across the software delivery lifecycle because of the sheer number of different tools available: it’s time to standardize these to break down the silos.
Presented by: Rahul Singh, VP of Engineering and Michael Olson, Senior Product Marketing Manager.
Easily adapt Puppet Modules with PDK Convert 02/22/2018
The document introduces the Puppet Development Kit (PDK) which provides tools to help developers easily adapt existing Puppet modules and create new modules. It describes how the PDK includes tools to generate module skeletons with tests, convert older modules to integrate validation and testing, and update modules to stay current with PDK best practices through the 'pdk convert' and 'pdk update' commands. The PDK is presented as providing benefits like standardized development workflows, pre-configured tools for linting, syntax and unit testing, and publishing modules to the Puppet Forge in a standardized way.
Automation for the Modern Enterprise_26oct2017
Meet Puppet's new product lineup.
As we enter a new age of automation — where every company needs to be able to deliver better software, faster — our goal is to provide the tools you need to iterate faster, ship sooner and deliver more customer value.
Earlier this month, we announced brand new products, Puppet Tasks™ and Puppet Discovery™, to give you greater control and end-to-end visibility over your software delivery. We also introduced exciting updates to Puppet Enterprise and a new integration with Splunk.
Join Nigel Kersten, Chief Technical Strategist, and Tim Zonca, VP of Marketing, on 26 October from 4:30 - 5:30 p.m. PT for an in-depth look at what’s new:
Puppet Discovery is a new offering that lets you see everything you have in real time across your on-premises, cloud and container infrastructure, and know what you need to automate next.
Puppet Tasks, a new family of offerings that encompass both Puppet Bolt™ and Puppet Enterprise Task Management, makes it simple to automate ad hoc tasks, deploy one-off changes, and execute sequenced actions in an imperative way.
Our new integration with Splunk provides a unified workflow between the intelligence provided by Splunk and the automation provided by Puppet, giving you the power to turn insights into action faster.
With Distelli joining Puppet, we’re uniting the entire software delivery lifecycle, to bring you a platform built for the enterprise, that integrates with a wide variety of tools and helps you avoid vendor lock-in.
Automation for the Modern Enterprise - 18 October 2017
As we enter a new age of automation — where every company needs to be able to deliver better software, faster — our goal is to provide the tools you need to iterate faster, ship sooner and deliver more customer value.
Earlier this month, we announced brand new products, Puppet Tasks and Puppet Discovery, to give you greater control and end-to-end visibility over your software delivery. We also introduced exciting updates to Puppet Enterprise and a new integration with Splunk.
Plus, the continuous delivery automation software company, Distelli, joined the Puppet family!
It’s been a big month, and it’s only getting better. Join Ryan Coleman, Director of Product Management, and Alanna Brown, Director of Product Marketing, on 18 October at 10:00 a.m. PT for an in-depth look at what’s new:
Puppet Discovery™ is a new offering that lets you see everything you have in real time across your on-premises, cloud and container infrastructure, and know what you need to automate next.
Puppet Tasks™, a new family of offerings that encompass both Puppet Bolt™ and Puppet Enterprise Task Management, makes it simple to automate ad hoc tasks, deploy one-off changes, and execute sequenced actions in an imperative way.
Our new integration with Splunk provides a unified workflow between the intelligence provided by Splunk and the automation provided by Puppet, giving you the power to turn insights into action faster.
With Distelli joining Puppet, we’re uniting the entire software delivery lifecycle, to bring you a platform built for the enterprise, that integrates with a wide variety of tools and helps you avoid vendor lock-in.
Apple IT Managing Containers
This document discusses how Puppet fits into a production-ready container environment. It begins by explaining why containers are popular, as they solve issues like application dependency problems and allow flexibility in compute resources. It then describes what such an environment looks like from the perspectives of infrastructure, development, and security teams. Infrastructure teams focus on uptime, configuration, and continuous delivery processes. Development teams focus on application work and deployment. Security teams focus on code analysis and testing. The document explains how tools like Docker, Kubernetes, Puppet, and monitoring tools help meet the needs of these teams. It positions Puppet as helping "ship" applications by aiding in areas like Docker networking and Kubernetes configuration.
Key Findings from the 2017 State of DevOps Report 06.08.2017
- The document provides a brief history of the State of DevOps report from 2012-2017 and introduces the authors of the report.
- It summarizes key findings from the 2017 report including that high-performing teams deploy code 46x more frequently and have 440x faster lead times than low performers. These teams also automate more tasks.
- The document states that loosely coupled architectures and teams best enable continuous delivery and that lean product management drives higher organizational performance. It encourages questions from the audience.
Intro to Puppet Enterprise 05.18.2017
In this webinar, we explore why thousands of companies rely on Puppet to automate the delivery and operation of their software. You'll even get to see it in action with a live demo.
We cover how to use Puppet Enterprise to:
• Gain situational awareness and drive change with
confidence
• Orchestrate changes to infrastructure and applications
• Continually enforce your desired state and remediate
any unexpected changes
• Get real-time visibility and reporting to prove
compliance
More from Claire Priester Papas (7)
Critical Considerations for Continuous Delivery 04.09.2018
Critical Considerations for Continuous Delivery 04.09.2018
Easily adapt Puppet Modules with PDK Convert 02/22/2018
Easily adapt Puppet Modules with PDK Convert 02/22/2018
Automation for the Modern Enterprise - 18 October 2017
Automation for the Modern Enterprise - 18 October 2017
Key Findings from the 2017 State of DevOps Report 06.08.2017
Key Findings from the 2017 State of DevOps Report 06.08.2017
Recently uploaded
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Building RAG with self-deployed Milvus vector database and Snowpark Container...
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.UiPath Test Automation using UiPath Test Suite series, part 5
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications.
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Join us to introduce Milvus Lite, a vector database that can run on notebooks and laptops, share the same API with Milvus, and integrate with every popular GenAI framework. This webinar is perfect for developers seeking easy-to-use, well-integrated vector databases for their GenAI apps.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Mind map of terminologies used in context of Generative AI
Mind map of common terms used in context of Generative AI.
Recently uploaded (20)
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Shift Left: Puppet + CloudPassage = New Approach to Securing DevOps
- 1. Puppet presents “Talking Tech” A new webinar series featuring exciting technology solutions that are driving the industry forward Shift Left: Puppet + CloudPassage = New Approach to Securing DevOps Date: Wednesday, 15 November
- 2. Shift Left: New approach to securing DevOps
- 3. Talking Tech: Puppet Webinar Series Presenters Tim Zonca Vice President Worldwide Marketing and Business Development Puppet Amit Gupta Vice President Product Management CloudPassage
- 4. Talking Tech: Puppet Webinar Series ● DevOps and security: a Puppet perspective ● Automating security with Puppet and CloudPassage What we’re talking about Agenda
- 5. Everyone is transforming to deliver great customer experiences through software
- 6. Talking Tech: Puppet Webinar Series Evolution of DevOps Speed Quality Security
- 7. Talking Tech: Puppet Webinar Series DevOps done right delivers results
- 8. Talking Tech: Puppet Webinar Series Different teams. Different needs. Model desired state Continual enforcement
- 9. Talking Tech: Puppet Webinar Series Benefits of integrating security early and often
- 10. Talking Tech: Puppet Webinar Series CloudPassage and Puppet Automated Security for Agile Enterprise Meets the DevOps Leader
- 11. Talking Tech: Puppet Webinar Series End-to-end, automated security with Puppet and CloudPassage
- 12. Talking Tech: Puppet Webinar Series Traditional security tools don’t work in the cloud Source: Holger Schulze, Cloud Security Spotlight Report / March 2017 Q
- 13. Talking Tech: Puppet Webinar Series Five critical attributes for modern IT security Visibility 2 Speed 1 Integration 4 Portability 3 Scale 5
- 14. Talking Tech: Puppet Webinar Series Key challenges for modern enterprise Ops teams Identifying configuratio n drift in deployed workloads in real-time Running security checks at the end of the dev cycle -slow & expensive Integrating security with automated CI/CD & IT service delivery tools Lacking a single security solution for workloads & containers Applying security checks & controls in highly elastic environments Visibility 2 Speed 1 Integration 4 Portability 3 Scale 5 Goal Rapidly deliver and maintain innovative, reliable, & secure apps & systems to drive growth
- 15. Workload security and compliance automation from development to deployment, across clouds and data centers, servers and containers – at DevOps speed & scale CloudPassage Halo Deliver frictionless security
- 16. Talking Tech: Puppet Webinar Series Security at the speed of the modern enterprise
- 17. Talking Tech: Puppet Webinar Series Orchestrating security & compliance with CloudPassage and Puppet
- 18. Talking Tech: Puppet Webinar Series Example: Automated installation and policy assignment 100100 110111 0 000100 110101 1 POLICY - Firewall - Config - Accounts Tag ABC D 1001 0 8927 Halo agent with tag Policy Telemetry 1 2 3 Amazon EC2 Amazon EC2
- 19. Talking Tech: Puppet Webinar Series Example: Fast feedback to developer Amazon EC2
- 20. Talking Tech: Puppet Webinar Series Example: Automated closed-loop remediation Vulnerability Remediation Integrated Manager 1 2 3 Amazon EC2 4
- 21. Talking Tech: Puppet Webinar Series Solving problems together Puppet automates deployment PE + CloudPassage SolutionChallenge Security tools are friction Built for dynamic cloud environments High cost of disparate point products Multi-environment, containers, VMs Manual updates needed to ensure security and compliance Automatically remediate any changes to security and compliance policies Security tools require maintenance
- 22. Q&A Resources: Install CloudPassage Halo agent: https://forge.puppet.com/cloudpassage Read our solution brief: https://puppet.com/resources/solution-brief/puppet-and-cloudpassage-agile-security-demand