Reliability is a engineering discipline that encompasses a broad array of tools and techniques useful for answering durability and robustness type questions. Product development teams often rely on reliability engineering professionals to guide, advise and manage reliability programs. Reliability is facet in nearly every function of an organization. This implies the knowledge and skills required for the reliability engineer is comprehensive. The knowledge breadth may span aspects of material science to design constraints to warranty reverse logistics.
How do engineers become reliability professionals? What are the knowledge transfer options available to the reliability profession. How do we get started and maintain our knowledge? In this short paper, I plan on summarizing what’s available, a couple of common paths taken to become a reliability professional, and highlight the strengths and a few weaknesses concerning reliability education. This is my view of the state of reliability education.
Der Weg zur ersten Million - http://internetmarketingagentur.de/ über den Vortrag von Nedim Sabic auf der SEO Campixx 2014. Der Weg zur ersten Million.
Der Weg zur ersten Million - http://internetmarketingagentur.de/ über den Vortrag von Nedim Sabic auf der SEO Campixx 2014. Der Weg zur ersten Million.
A short paper on the 2012 Status of Reliability Eduction.
Reliability is an engineering discipline that encompasses a broad array of tools and techniques useful for answering durability and robustness type questions. Product development teams often rely on reliability engineering professionals to guide, advise and manage reliability programs. Reliability is a facet in nearly every function of an organization. This implies the knowledge and skills required for the reliability engineer is comprehensive and the knowledge breadth may have to span aspects of material science in design constraint considerations to warranty reverse logistics.
How do engineers become reliability professionals? What are the knowledge transfer options available to the reliability profession? How do we get started and maintain our knowledge? In this short paper, I summarize what’s available, a couple of common paths taken to become a reliability professional, and highlight the strengths and a few weaknesses concerning reliability education. Note: This is my view of the state of reliability education.
Grading for this assignment will be based on answer quality, log.docxwhittemorelucilla
Grading for this assignment will be based on answer quality, logic/organization of the paper, and language and writing skills, using the following rubric.
Points: 80
Assignment 1: Standards Research
Criteria
Unacceptable
Below 70% F
Fair
70-79% C
Proficient
80-89% B
Exemplary
90-100% A
1. Select one (1) of the working groups in the IETF or IEEE and briefly summarize what this group is working on.
Weight: 5%
Did not submit or incompletely selected one (1) of the working groups in the IETF or IEEE and did not submit or incompletely summarized what this group is working on.
Partially selected one (1) of the working groups in the IETF or IEEE and partially summarized what this group is working on.
Satisfactorily selected one (1) of the working groups in the IETF or IEEE and satisfactorily summarized what this group is working on.
Thoroughly selected one (1) of the working groups in the IETF or IEEE and thoroughly summarized what this group is working on.
2. Justify the need of the IEEE 802 standard used in networking.
Weight: 25%
Did not submit or incompletely justified the need of the IEEE 802 standard used in networking.
Partially justified the need of the IEEE 802 standard used in networking.
Satisfactorily justified the need of the IEEE 802 standard used in networking.
Thoroughly justified the need of the IEEE 802 standard used in networking.
3. Evaluate the three (3) standard organizations including IEEE, ISO, and ANSI to determine the most important for communication technology.
Weight: 30%
Did not submit or incompletely evaluated the three (3) standard organizations including IEEE, ISO, and ANSI to determine the most important for communication technology.
Partially evaluated the three (3) standard organizations including IEEE, ISO, and ANSI to determine the most important for communication technology.
Satisfactorily evaluated the three (3) standard organizations including IEEE, ISO, and ANSI to determine the most important for communication technology.
Thoroughly evaluated the three (3) standard organizations including IEEE, ISO, and ANSI to determine the most important for communication technology.
4. Take a position on the need for a federal regulating body of standards such as NIST. Include supporting evidence to justify your opinion.
Weight: 25%
Did not submit or incompletely took a position on the need for a federal regulating body of standards such as NIST. Did not submit or incompletely included supporting evidence to justify your opinion.
Partially took a position on the need for a federal regulating body of standards such as NIST. Partially included supporting evidence to justify your opinion.
Satisfactorily took a position on the need for a federal regulating body of standards such as NIST. Satisfactorily included supporting evidence to justify your opinion.
Thoroughly took a position on the need for a federal regulating body of standards such as NIST. Thoroughly included supporting evidence to justify your opinion.
5. 3 referen ...
The Challenges Of, And Advantages In, Establishing A Consistent Architectural...Tim Eyres
Describes the challenges and benefits of having a consistent enterprise architecture framework within a global pharma research organization with examples from different industries.
Introduction to Reliability and Maintenance Management - PaperAccendo Reliability
Paper for the tutorial presented at the 2014 RAMS conference.
A basic introduction to reliability and maintenance management with a focus on basic tools, approaches and creating value.
We outline a basic structure to move your organization to a proactive program.
2015 engineers' content and online marketing preferences webcastENGINEERING.com
Slides from the September 2015 webcast: Engineer's Content and Online Marketing preferences.
In the webcast, the CEOs of ENGINEERING.com and TREW Marketing will speak to marketers specifically targeting highly technical audiences on the most effective ways to do marketing.
Download the full research report here: http://advertise.engineering.com/research-report-engineers-content-and-online-marketing-preferences
Watch the webcast here: http://advertise.engineering.com/2015-content-and-online-marketing-survey-to-engineers-webcast
One of best features about working in reliability engineering is everything fails, eventually. This fact provides a bit of career stability.
Another aspect I enjoy is the concepts and approaches that create the foundation for reliability engineering knowledge do not change very much over time. The basics of reliability engineering are the same as when the earliest engineers began design structures and products.
Page 1 of 6
[377]
COM7005D
Information Security Strategy
Development
Assignment: Part 1
Date for Submission: Please refer to the timetable on ilearn
(The submission portal on ilearn will close at 14.00 UK time on the date
of submission)
Page 2 of 6
[377]
Assignment Brief
As part of the formal assessment for the programme you are required to submit an
Information Security Strategy Development assignment. Please refer to your Student
Handbook for full details of the programme assessment scheme and general information on
preparing and submitting assignments.
Learning Outcomes:
After completing the module, you should be able to:
1) Evaluate the basic external and internal threats to electronic assets and
countermeasures to thwart such threats by utilising relevant standards and best
practice guidelines.
2) Analyse the legalities of computer forensics phases and the impact of the legal
requirements on the overall information security policy.
3) Critically assess the boundaries between the different service models (SaaS, PaaS,
IaaS) and operational translations (i.e. cloud computing) and to identify the associated
risks.
4) Critically investigate a company information security strategy to provide consultation
and coaching through reporting and communication.
5) Assess, compare and judge computer media for evidentiary purposes and/or root
cause analysis.
6) Apply relevant standards, best practices and legal requirements for information security
to develop information security policies.
7) Lifelong Learning: Manage employability, utilising the skills of personal development
and planning in different contexts to contribute to society and the workplace.
Your assignment should include: a title page containing your student number, the module
name, the submission deadline and a word count; the appendices if relevant; and a
reference list in Arden University (AU) Harvard format. You should address all the elements
of the assignment task listed below. Please note that tutors will use the assessment criteria
set out below in assessing your work.
Maximum word count: 2,500 words
Please note that exceeding the word count will result in a reduction in grade proportionate to
the number of words used in excess of the permitted limit.
You must not include your name in your submission because Arden University operates
anonymous marking, which means that markers should not be aware of the identity of the
student. However, please do not forget to include your STU number.
Page 3 of 6
[377]
Assignment Task: Part 1
This assignment is worth 50% of the total marks for the module.
Using your current or previous workplace1 as the case study, please answer the
following:
1) Critically analyse the different types of software acquisition models and try to relate that
to those systems you are u.
Upskill Yourself With GSDC Site Reliability Engineering Certificationgsdcouncil1
Site Reliability Engineering (SRE) has become a critical skill in the world of IT, as it helps organizations ensure that their systems are reliable, scalable, and efficient. If you're looking to upskill yourself in SRE, obtaining a Site Reliability Engineering Certification from a respected certification body such as GSDC (Global Skill Development Council) can be a valuable investment in your career.
A short paper on the 2012 Status of Reliability Eduction.
Reliability is an engineering discipline that encompasses a broad array of tools and techniques useful for answering durability and robustness type questions. Product development teams often rely on reliability engineering professionals to guide, advise and manage reliability programs. Reliability is a facet in nearly every function of an organization. This implies the knowledge and skills required for the reliability engineer is comprehensive and the knowledge breadth may have to span aspects of material science in design constraint considerations to warranty reverse logistics.
How do engineers become reliability professionals? What are the knowledge transfer options available to the reliability profession? How do we get started and maintain our knowledge? In this short paper, I summarize what’s available, a couple of common paths taken to become a reliability professional, and highlight the strengths and a few weaknesses concerning reliability education. Note: This is my view of the state of reliability education.
Grading for this assignment will be based on answer quality, log.docxwhittemorelucilla
Grading for this assignment will be based on answer quality, logic/organization of the paper, and language and writing skills, using the following rubric.
Points: 80
Assignment 1: Standards Research
Criteria
Unacceptable
Below 70% F
Fair
70-79% C
Proficient
80-89% B
Exemplary
90-100% A
1. Select one (1) of the working groups in the IETF or IEEE and briefly summarize what this group is working on.
Weight: 5%
Did not submit or incompletely selected one (1) of the working groups in the IETF or IEEE and did not submit or incompletely summarized what this group is working on.
Partially selected one (1) of the working groups in the IETF or IEEE and partially summarized what this group is working on.
Satisfactorily selected one (1) of the working groups in the IETF or IEEE and satisfactorily summarized what this group is working on.
Thoroughly selected one (1) of the working groups in the IETF or IEEE and thoroughly summarized what this group is working on.
2. Justify the need of the IEEE 802 standard used in networking.
Weight: 25%
Did not submit or incompletely justified the need of the IEEE 802 standard used in networking.
Partially justified the need of the IEEE 802 standard used in networking.
Satisfactorily justified the need of the IEEE 802 standard used in networking.
Thoroughly justified the need of the IEEE 802 standard used in networking.
3. Evaluate the three (3) standard organizations including IEEE, ISO, and ANSI to determine the most important for communication technology.
Weight: 30%
Did not submit or incompletely evaluated the three (3) standard organizations including IEEE, ISO, and ANSI to determine the most important for communication technology.
Partially evaluated the three (3) standard organizations including IEEE, ISO, and ANSI to determine the most important for communication technology.
Satisfactorily evaluated the three (3) standard organizations including IEEE, ISO, and ANSI to determine the most important for communication technology.
Thoroughly evaluated the three (3) standard organizations including IEEE, ISO, and ANSI to determine the most important for communication technology.
4. Take a position on the need for a federal regulating body of standards such as NIST. Include supporting evidence to justify your opinion.
Weight: 25%
Did not submit or incompletely took a position on the need for a federal regulating body of standards such as NIST. Did not submit or incompletely included supporting evidence to justify your opinion.
Partially took a position on the need for a federal regulating body of standards such as NIST. Partially included supporting evidence to justify your opinion.
Satisfactorily took a position on the need for a federal regulating body of standards such as NIST. Satisfactorily included supporting evidence to justify your opinion.
Thoroughly took a position on the need for a federal regulating body of standards such as NIST. Thoroughly included supporting evidence to justify your opinion.
5. 3 referen ...
The Challenges Of, And Advantages In, Establishing A Consistent Architectural...Tim Eyres
Describes the challenges and benefits of having a consistent enterprise architecture framework within a global pharma research organization with examples from different industries.
Introduction to Reliability and Maintenance Management - PaperAccendo Reliability
Paper for the tutorial presented at the 2014 RAMS conference.
A basic introduction to reliability and maintenance management with a focus on basic tools, approaches and creating value.
We outline a basic structure to move your organization to a proactive program.
2015 engineers' content and online marketing preferences webcastENGINEERING.com
Slides from the September 2015 webcast: Engineer's Content and Online Marketing preferences.
In the webcast, the CEOs of ENGINEERING.com and TREW Marketing will speak to marketers specifically targeting highly technical audiences on the most effective ways to do marketing.
Download the full research report here: http://advertise.engineering.com/research-report-engineers-content-and-online-marketing-preferences
Watch the webcast here: http://advertise.engineering.com/2015-content-and-online-marketing-survey-to-engineers-webcast
One of best features about working in reliability engineering is everything fails, eventually. This fact provides a bit of career stability.
Another aspect I enjoy is the concepts and approaches that create the foundation for reliability engineering knowledge do not change very much over time. The basics of reliability engineering are the same as when the earliest engineers began design structures and products.
Page 1 of 6
[377]
COM7005D
Information Security Strategy
Development
Assignment: Part 1
Date for Submission: Please refer to the timetable on ilearn
(The submission portal on ilearn will close at 14.00 UK time on the date
of submission)
Page 2 of 6
[377]
Assignment Brief
As part of the formal assessment for the programme you are required to submit an
Information Security Strategy Development assignment. Please refer to your Student
Handbook for full details of the programme assessment scheme and general information on
preparing and submitting assignments.
Learning Outcomes:
After completing the module, you should be able to:
1) Evaluate the basic external and internal threats to electronic assets and
countermeasures to thwart such threats by utilising relevant standards and best
practice guidelines.
2) Analyse the legalities of computer forensics phases and the impact of the legal
requirements on the overall information security policy.
3) Critically assess the boundaries between the different service models (SaaS, PaaS,
IaaS) and operational translations (i.e. cloud computing) and to identify the associated
risks.
4) Critically investigate a company information security strategy to provide consultation
and coaching through reporting and communication.
5) Assess, compare and judge computer media for evidentiary purposes and/or root
cause analysis.
6) Apply relevant standards, best practices and legal requirements for information security
to develop information security policies.
7) Lifelong Learning: Manage employability, utilising the skills of personal development
and planning in different contexts to contribute to society and the workplace.
Your assignment should include: a title page containing your student number, the module
name, the submission deadline and a word count; the appendices if relevant; and a
reference list in Arden University (AU) Harvard format. You should address all the elements
of the assignment task listed below. Please note that tutors will use the assessment criteria
set out below in assessing your work.
Maximum word count: 2,500 words
Please note that exceeding the word count will result in a reduction in grade proportionate to
the number of words used in excess of the permitted limit.
You must not include your name in your submission because Arden University operates
anonymous marking, which means that markers should not be aware of the identity of the
student. However, please do not forget to include your STU number.
Page 3 of 6
[377]
Assignment Task: Part 1
This assignment is worth 50% of the total marks for the module.
Using your current or previous workplace1 as the case study, please answer the
following:
1) Critically analyse the different types of software acquisition models and try to relate that
to those systems you are u.
Upskill Yourself With GSDC Site Reliability Engineering Certificationgsdcouncil1
Site Reliability Engineering (SRE) has become a critical skill in the world of IT, as it helps organizations ensure that their systems are reliable, scalable, and efficient. If you're looking to upskill yourself in SRE, obtaining a Site Reliability Engineering Certification from a respected certification body such as GSDC (Global Skill Development Council) can be a valuable investment in your career.
Similar to Status of Reliability Education 2011 (20)
RCM is a process used to identify what Preventive Maintenance or Condition Based Maintenance you need to implement so you get the Reliability you need from your equipment.
Doing Reliability Centered Maintenance (RCM) helps us take care of our equipment. And, taking care of our equipment is very much like taking care of ourselves.
An overview of the basic process to create an ALT using one of 6 different approaches. Slides used for presentation to the ASQ Silicon Valley evening meeting on Nov 15th 2017.
We work on projects to improve reliability. There may not be the field data immediately available. Let’s explore what you can do to improve the overall program while delivering on your project. Specifically, what’s with cost and procurement?
Detailed Information: As a reliability professional we often work with a team focused on improving the reliability of single product or system. We work with the resources and capabilities of the organization. For me a reliability project is one product or line, a program is the entire organization and lifecycle. We bring specific tools and knowledge, yet rely on the overall reliability culture of an organization to be successful
The overall reliability program may or may not have the field data, root cause analysis and other element of information that allow us to effectively solve problems for a specific project. In some cases we have to work to improve the overall program while striving to create a reliable product. Let’s explore what you should do when you are building a reliability model for a new project and would like to use previous reliability history.
If the data is not available what do you do? What are your options? Let’s discuss what happens when the procurement team consistently selects the least expensive and least reliable components. What are your options? You can and should change the way entire departments do business, for the good of the project and the organization. Let’s discuss the scope of your role as a reliability engineer.
This Accendo Reliability webinar originally broadcast on 19 May 2015.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Accelerate your Kubernetes clusters with Varnish Caching
Status of Reliability Education 2011
1. This article is part of the Reliability Society 2010 Annual Technical Report
Status of Reliability Education
Fred Schenkelberg
Email: fms@fmsreliability.com
Reliability is a engineering discipline that encompasses a broad array of tools and techniques
useful for answering durability and robustness type questions. Product development teams often
rely on reliability engineering professionals to guide, advise and manage reliability programs.
Reliability is facet in nearly every function of an organization. This implies the knowledge and
skills required for the reliability engineer is comprehensive. The knowledge breadth may span
aspects of material science to design constraints to warranty reverse logistics.
How do engineers become reliability professionals? What are the knowledge transfer options
available to the reliability profession. How do we get started and maintain our knowledge? In
this short paper, I plan on summarizing what‟s available, a couple of common paths taken to
become a reliability professional, and highlight the strengths and a few weaknesses concerning
reliability eduction. This is my view of the state of reliability education.
What is available?
Quite a bit is available actually, maybe too much, concerning tools, techniques, analysis methods,
and approaches. As a profession we publish and share our knowledge. There are technical
journals, conferences, and books, that capture knowledge in a way we can readily reference.
There are seminars, local meetings, discussion groups, forums, and webinars that permit us to
listen to lectures and to discuss alternative views and options. There are formal education options,
too. Universities and colleges offer seminars, workshops, courses and full degree programs
related to reliability engineering.
University programs
The University of Maryland‟s reliability programs (CALCE and Clark School of Engineering)
continue to offer advance degrees in reliability engineering. University of Arizona has only a few
course with reliability content, since the retirement of Dr. Kececioglu and the declining
enrollment in the reliability engineering program.
Other notable program include Rutgers University, University of Tennessee, Knoxville,
Vanderbilt University, University of Arkansas, Arizona State and UT/Monash University.
Internationally there are also advance degree programs, for example from the Indian Institute of
Technology. Most of these programs have a particular focus, systems or quality engineering,
maintenance or risk management.
There are elements of reliability engineering in many engineering undergraduate programs, yet
there are not degrees, that I know about, in reliability engineering at the under graduate level.
Also, many electrical, mechanical, civil, or software engineering programs may only briefly
discuss or mention reliability as part of the program of study. More than one student has shied
away from the statistical and probability included within reliability engineering after the initial
2. This article is part of the Reliability Society 2010 Annual Technical Report
required probability and statistics class.
An education in reliability engineering may include classes in materials science, design
engineering, process engineering, maintenance engineering, finance and accounting, and a dash
of marketing and sales, to name just a few. An advance degree is a great start for a career in
reliability engineering. Combined with work experience in another engineering discipline makes
for very strong resume.
Journals
Technometrics, IEEE Transaction on Reliability, and Quality Engineering (QE) come
immediately to mind for me. Many of you may recognize the first two. QE has recently agreed to
regularly publish reliability papers and has included a small team of reliability professionals on
the editorial board. Whereas the first two journals listed tend to me more on the academic end of
technical papers; QE expects to publish applied reliability articles.
There are many other journals. Titles like Reliability Engineering & System Safety by Elsevier
or Journal of Machinery Manufacture and Reliability by Springer suggest the focus of the
journal‟s articles. It is safe to say there is a robust peer reviewed technical journal community.
Journals are also published by professional societies, consultancies and businesses. Some of
these journals rival the peer-reviewed technical journals mentioned above, and they tend to focus
on the sponsoring organization‟s focus. For example, the RiAC Journal is published by the
Reliability Information Analysis Center. And, another example is the Journal of Reliability,
Maintainability, Supportability, in Systems Engineering published by the RMS Partnership. Both
of these journals tend to focus on military applications.
Businesses related to reliability engineering have a few journals type publications available. For
example, ReliaSoft‟s Reliability Edge Newsletter and DfR Solution‟s Newsletter both provide
technical information and education and are free to join the subscription list.
Trade journals also publish reliability articles. These tend to be more introductory then the
scholarly or technical journals, yet tend to have a wider audience outside the reliability
profession. The article “Inverter Risk Factors: What to Consider Beyond MTBF Numbers” is in
a recent issue of the Solar Industry trade journal. Circuits Assembly provided me with many
introductory printed circuit assembly reliability articles over the years.
Whether you want to be published or simple keep up with the reliability profession, journals
provide a vibrant, timely and broad spectrum of views across our industry. Most of the technical
articles are written for an audience that is well versed in the discipline discussed. And the trade
journal and newsletters tend to be more introductory and for a broad range of readership.
Conferences
Over the past 20 years I‟ve explored many reliability conferences. At times, as now via the
www.reliabilitycalendar.org site, I‟ve attempted to maintain a calendar of all reliability
3. This article is part of the Reliability Society 2010 Annual Technical Report
conferences. The vast majority of conferences are very focused on a particular industry or
discipline. Building and maintaining the site www.reliabilitycalendar.org over the past year has
been educational in itself. As you may already know, conferences are typically schedule in the
spring or fall and tend not to be located at tropical resorts.
It is almost possible to find at least one conference every week somewhere in the world. A few
years ago two conferences on prognostics with respect to product reliability started: IEEE‟s
International Conference on Prognostics and Health Management and Annual Conference of the
Prognostics and Health Management Society. The solar industry has recently seen a significant
rise in the number of conferences available.
Most professional societies related to reliability have at least one annual conference. Some
businesses are also offering conferences, some have a trade journal affiliation and others as a
service to the reliability community or as a part of their business strategy.
When asked, I tend to recommend three conferences. Keeping in mind that many working
professionals may only attend one conference a year, getting the most for your time is important.
Unless your needs are very specific, for example testing color fastness of polymers, you may
find these three conferences useful to attend on an ongoing basis.
The Annual Reliability and Maintainability Symposium, in 57th year in 2011, is a multi-track 3.5
days conference complete with technical papers, tutorials and vendor trade show. The conference
regularly attacks 400 or more participants, making it a great place for networking. The paper
presentations are typically 20 to 30 minutes, making it possible to learn about a wide range of
topics from many speakers. The tutorails are typcially two hours long and permit time to cover a
lot of material. Ten professional societies sponsor the conference. This conference is held at
various locations in the US, once a year If you can only attend one conference a year, go to
RAMS.
The International Applied Reliability Symposium (ARS) is a three day multi-track conference
with hour long presentations. The longer format provides time for an in-depth treatment of the
topic. The speakers are generally experience reliability professionals and tend to provide applied
or tutorial type presentations. ARS has annual events in the US, Brazil, Singapore, Amsterdam
and Bangalore. Locations vary year to year yet continue to be have a presence around the world.
The Workshop on Accelerated Stress Testing & Reliability (ASTR) focuses on accelerated
testing from Highly Accelerated Life Testing to accelerated degradation testing, including the
equipment, techniques and measurement equipment necessary for successful testing. This a three
day single track conference and tends to include very practical topics.
CARTS, IRPS, and ITSFA would be the next three on my list of recommendations. They focus
on passive electronic components, microelectronics, and failure analysis respectively. Of course,
depending you your interests, industry and budget, you may find many options for participation.
Conference attendance has been down of the past few years mostly due to the recession. There
are signs that attendance will rebound this year, as a reflection of the need for professionals to
4. This article is part of the Reliability Society 2010 Annual Technical Report
continue to learn, network and discuss reliability topics.
Books
To get an idea of how many books are available on the topic of reliability engineering, I searched
Google Books for reliability engineering. Two things to note from this exercise, first Google
returned 615,000 results. And, second, the two books I use and recommend most often were on
the first page.
Ireson, Coombs, and Moss, Handbook of reliability engineering and management, 2nd Edition
and, O‟Conner, Practical reliability engineering, 4th Edition are both texts that address most of
the aspected of reliability engineering. Both discuss the basic approaches to guide professionals
across the product life cycle. Both contain brief discussion on a broad range of tools and
techniques. And, both are on many reliability professional‟s bookshelves.
The options for books include general purpose books, plus many very narrowly focused texts on
specific tools or industries, or both. For example there are books on Failure Modes and Effects
Analysis (FMEA) in a general nature, plus texts on FMEA in the automotive industry or medical
industry. The options for reliability statistics also have a very broad range, from introductory
treatments for any engineer, to highly specialized, narrow branches of the art.
Like the overall book market, ebooks are becoming increasingly available. Unfortunately at a
slow pace. In a few years, it maybe possible to carry a complete library of professional textbooks
on your favorite ereader.
Seminars
Small, local and personal meetings to learn about a topic seem to be thriving. Face to face
meetings are increasingly being supplemented with a growing calendar of teleconferences and
webinars. A broad range of consultants, vendors, laboratories, consortiums, professional
societies provide reliability training via seminars. These can range from an hour local meeting to
discuss a particular topic to a full week long structured instructor lead course.
courses - These face to face instructor lead classes typically range from a half day to a
week in duration. For example, MET Labs offers short seminars on standards based testing
methods. A few organizations only offer courses, like Technology Training, Inc (TTI) on a broad
range of reliability topics. And others offer courses related to using thier primary products, like
Relex‟s or Minitab classes on using their software.
Courses provide by non-academic institutions are increasingly offering certifications.
These are typically based on the successful completion of a series of courses. Examples are
certification programs offered by ReliaSoft and TTI. Not all seminars or courses offer
professional engineers CEU‟s, although many could.
local meetings/discussion groups/forums - in areas with a sufficient number of active
volunteers, local meeting are regularly organized and offered. Most are on a monthly basis and
5. This article is part of the Reliability Society 2010 Annual Technical Report
have invited speakers that cover topics of interest locally. Houston meetings may focus on the oil
industry, Wichita on private jets, San Jose on high tech. This is a traditional means to network,
learn and contribute to the greater discussion concerning the reliability profession. IEEE, ASQ,
and SRE are all active in this area.
online discussion groups and forums - Since the start of the Internet, there have been
newsgroups, discussion boards, email lists and forums available for the reliability professional to
stay in touch with other professionals. The format is great for the occasional question, permitting
possibly hundreds of professionals to address. Often a reasonable response or two is available
within a day or two. Discussion boards such as the IEEE Reliability Society Yahoo Group or the
ASQ Reliability Division Linkedin group are open to any interested party. These forums have
also attracted regular job posting as the audience is primarily working professionals. Discussions,
announcements, and job posting create a fairly light traffic format, yet permits the individual to
tap the collective information of the subscribers.
webinars - The combination of a teleconference with the web enabled broadcast of the
slides with annotations permits a disperse audience to hear a speaker and see their slides. Tools
offered by Webex, GotoMeeting and other others permit seminars to occur via your computer
and phone.
Some organizations charge a fee for high quality webinars by noted presenters. Costs typically
range from $50 to $200 an hour. Hobbs Engineering and Paton Press are two examples. Other
organizations offer free webinars either as service to their customers or their members. The ASQ
Reliability Division is offering monthly webinars in English and Mandarin, plus short courses for
free. These webinars provide a means to receive similar content as attending a conference or
local seminar or meeting, without the travel. Some are also recorded and available online on
demand.
The pricing, content and presentation styles are all in flux and many groups are experimenting
with this relatively new format to provide training. The mix of free or paid, advertising or
training, introductory or advance, and formats, durations, etc are all being explored and adapted
to find what works. We should expect to see this area continue to evolve and grow.
Newsletters
There seem to be two types of newsletter independent of the source. One provide news of events,
products activities and announcements . These newsletters help the professional keep current on
what is happening based on the view of the newsletter editors. The second type provide content
that is educational in some manner. These newsletters provide tutorials, problem solution
approaches, guides, or technical articles. Of course many newsletters combine the two type of
content. As far as I know, all newsletter are either free or a benefit of membership.
Ops A La Carte, RiAC, ReliaSoft, Relex, and many others offer free newsletters. Nearly all
professional organizations offer a newsletter, often electronically, for their members. Two
notable newsletters with great technical content have ceased. It‟s been a few years since I‟ve
received the Society of Reliability Engineers‟ newsletter. And, the ASQ Reliability Division‟s
6. This article is part of the Reliability Society 2010 Annual Technical Report
Reliability Review has just published their last issue. Both found it increasingly difficult to find
suitable technical articles to publish.
Blogs on reliability are available by a few writers, yet it is not a prevalent practice. Ricky
Smith‟s Maintenance and Reliability blog or The Reliable Plant Blog being examples. A Google
search for „reliability blog‟ finds an assorted array of blogs with reliability in the title of the
particular discussion with only a few blogs devoted to reliability topics exclusively.
Mentors
Having a mentor or two during your career provides an accelerated means to gain experience and
guidance. Without a mentor you may learn the „hard way‟, meaning you may make your share of
mistakes. A mentor provides a sounding board, reality check, insightful guidance and possibly
friendship. Some companies provide mentorship as part of the culture. For example an opening
for a Reliability Engineering Group Leader job listing recently included the role of „mentors the
development...‟
In discussions with other reliability professionals, learning from a mentor is often cited as a
major element of their professional development. Courses, seminars and conferences provide the
tools, and the mentor provided wisdom in the selection and application of those tools.
What is missing?
From my own experience, I learn from product failures and an understanding of the root cause
involved. Henry Petroski has written about design engineers that avoid design failures by a
routine of studying failures. A few years ago, the local IEEE Reliability Society chapter meeting
was the day prior to Halloween and the discussion topic was „Reliability Horror Stories‟. The
intent was to share the best failures in story form with each other.
We are too often thwarted from discussing failures. Product failure discussion may reduce
product sales or lead to liability claims. Management or design failures leading to reliability
issues may lead to politically charged discussions and reorganizations. While attempting to focus
on the data and the root cause, reliability failures still invoke a need to assign blame.
Furthermore, discussing failures tends to dwell on the negative aspects of the process. Yes, it
provide a much richer learning atmosphere, yet unless done is a safe environment may be career
limiting.
Likewise, the discussion of very robust and reliable product achievements is equally rarely
discussed. A few products have been notable and marketed accordingly. HP calculators is one
example. Very few product are able to maintain a significant edge int eh market on the basis of
being more reliable. Individual products is even more difficult to identify. The evidence is often
the lack of higher than expected field returns.
In general, what is missing is the ability of our professional to talk opening about reliability
performance, good or bad. We certainly can learn from failures, and we can emulate the
successful achievements, if possible to learn about both.
7. This article is part of the Reliability Society 2010 Annual Technical Report
Failure data and information, not MTBF, is often missing. For a particular design, what is most
likely to fail and how? What is the failure mechanism and associated stresses the will limit the
useful life? Vendors will gladly list the performance specifications and are often very reluctant
(ignorance, embarrassment, perception) to articulate expected failure specifics. Vendors gladly
list testing that only has no-failures, leaving the recipient to wonder if the test and associated
stress was valid to the most likely failure mechanisms.
Value or ROI guidance is generally missing within our training, textbooks and discussions. What
is the value of a well run Design FMEA session? In a culture of tight timelines and budgets the
time to conduct a Design FMEA is readily estimated, yet the value received is difficult to predict.
The same applies to many of the reliability tools in common use. A general set of guidelines or
algorithms is missing to permit the valuation of a specific tool in a specific application.
Where do Reliability Engineers come from?
Other engineering fields provide the majority of reliability professionals. Degrees in physics,
math, statistics, electrical or mechanical engineering and many others are common across our
profession. In my case, and common with a few I asked how they became a reliability engineers,
was by happenstance. The engineering problems the were available and interesting to me were of
a reliability nature. Find the projects both interesting and rewarding, I sought additional projects
in the reliability area. While working as a design for manufacturing engineer, I found that field
reliability improvement often coincided with yield improvements for assembly. And, I found the
cost savings by reducing field failures made a compelling argument for process improvement
investments then simply yield improvements.
This path to become a reliability professional requires the willingness to continue to learn, the
ability to learn quickly and the desire to contribute in the solving of difficult cross discipline
design problems.
A few university programs offer degrees in reliability engineering. These programs provide a
solid grounding in the wide array of tools and techniques in the reliability profession. The
students are a mix of working professionals and students continuing from undergraduate work.
Like the above career development path, a formal education also requires the desire to learn. The
one complaint I‟ve heard and experienced concerning this path is the over-reliance on advanced
tools to address issues. What is missing is the ability to select the appropriate tools and analysis
to economically solve an issue - „Not everything is a thesis‟ - (Anon by choice).
A few reliability professionals have taken a Hybrid approach. A mix of formal courses, a
selection of seminars and conferences, plus self study and experience. If one is lucky then a
mentor also.
All three approaches produce excellent reliability professionals along with the full spectrum of
performance abilities. Those that continue to take advantage of learning opportunities tend to
continue to advance their career.
8. This article is part of the Reliability Society 2010 Annual Technical Report
Summary
The reliability profession is rich in learning opportunities. Books, websites, books, conferences,
etc. all provide a mix of introductory and advanced materials. As all fields of engineering and
design continue to invent new materials and novel assemblies, the reliability professional will
have to continue to learn how to best apply the appropriate tools and techniques to solve
problems.
Despite the barriers to freely sharing failure information, we do readily share approaches,
algorithms, techniques and tools. We share our experience and our wisdom as we enrich our
professional community.
In general our eduction permits us to address two questions of value: What will fail, and when
will it fail? It is in the details of providing answers that we provide value. Our profession‟s rich
eduction opportunities permit us to effectively and efficiently answer these two questions on an
ongoing basis.