This document summarizes Shannon Lietz's presentation on the journey to DevSecOps. Some key points include:
- DevOps practices started gaining popularity around 2010 due to influential articles and talks.
- Security decisions are now often made by DevOps teams on a daily basis rather than security teams.
- Compliance alone is not enough for security - there must be continuous improvement through testing, detection, and measurement of progress.
- A blameless culture is important for high performance, as mistakes will happen but can be addressed quickly through collaboration.
Finding Security a Home in a DevOps WorldShannon Lietz
Presented this talk at DevOps Summit in 2015 to a DevOps community. Discovered that security is new to most DevOps teams and this was a very good discussion.
Enabling security at speed and scale requires building security as code which is often provided by software defined networks. The cloud offers software defined networks and some challenges to enabling safe workloads.
Finding Security a Home in a DevOps WorldShannon Lietz
Presented this talk at DevOps Summit in 2015 to a DevOps community. Discovered that security is new to most DevOps teams and this was a very good discussion.
Enabling security at speed and scale requires building security as code which is often provided by software defined networks. The cloud offers software defined networks and some challenges to enabling safe workloads.
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
Designing a secure DevOps workflow is tough: Developers, testers, IT security teams, and managers all have different control points within the software development lifecycle. Additionally, each application in development and production has a unique profile and features. Then you have the different types of organizations which have different maturity levels and needs: Retail has different day-to-day priorities than Finance or Healthcare, although all industries are united by a need to defend against the current threat landscape of data breaches and ransomware.
How do you find the right touch points? How do you build application security into your DevOps workflow successfully, turning the workflow from a process into a program?
Blameless Retrospectives in DevSecOps (at Global Healthcare Giants)DJ Schleen
Join us at Agile+DevOps East's DevSecOps Summit on November 18th to check out our new presentation: https://agiledevopseast.techwell.com/program/devsecops-summit-sessions/blameless-retrospectives-devsecops-global-healthcare-giants-agile-devops-virtual-2020
HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...Aaron Rinehart
The complex ordeal of delivering secure and reliable software in Healthcare will continue to become exponentially more difficult unless we begin approaching the craft differently.
Enter Chaos Engineering, but now also for security. Instead of a focus on resilience against service disruptions, the focus is to identify the truth behind our current state security and determine what “normal” operations actually look like when it's put to the test.
The speed, scale, and complex operations within modern systems make them tremendously difficult for humans to mentally model their behavior. Security Chaos Engineering is an emerging practice that is helping engineers and security professionals realign the actual state of operational security and build confidence that it works the way it was intended to.
Join Aaron Rinehart to learn how he implemented Security Chaos Engineering as a practice at the world’s largest healthcare company to proactively discover system weakness before they were taken advantage of by malicious adversaries. In this session Aaron will share his experience of applying Security Chaos Engineering to create highly secure, performant, and resilient distributed systems.
DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs.
Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program. As Dale Carnegie said, ‘The only way to get anyone to do anything, is to make them want to do it’ - all the tech and process in the world isn’t going to make it successful if the people and culture (and heart) are not in it. So let’s share what we’ve seen from 100s of company interactions, understand better where everyone is coming from, and how to approach a DevSecOps program that can move the needle like Marty McFly playing Doc Brown’s guitar. We’ve love this to be interactive, so bring your stories and questions.
Gary's Bio
Gary Robinson has been working in software and cyber security for 20+ years, as a coder, pen tester, consultant, Security Architect at Citi, Global Board member at OWASP, and heading up Uleska to focus on DevSecOps for the last 5 years. Gary’s focused on the people, process, technology, and culture aspect of DevSecOps – as someone who’s worked in all three spaces during his time – and what drivers, blockers, etc each experience with ‘DevSecOps’, ‘shift-left’, ‘secure by design’, and the rest.
--------
Find out more about us www.uleska.com/
Follow us on LinkedIn https://www.linkedin.com/company/uleska/
Follow us on Twitter https://twitter.com/uleska_sec/
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security.
We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown.
As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
DevOps is a cultural shift for more and more organisations, bringing speed and innovation benefits that surpass other SDLC methods. But some of the principles of DevOps aren’t quite aligned with how companies of all sizes will need to incorporate and embed security into this shift. DevSecOps provides a path forward for the transformation and helps companies to shift security to the left so that everyone can take responsibility for it. While automating security testing is an obvious answer to secure applications in the code pipeline, that does not provide 100% coverage until security risks are fully mitigated. Fabian will talk about his journey in making DevSecOps a reality in an organisation. This talk will focus some of the lessons learnt - which includes implementing open source tools to help security team do their jobs better, hacking the culture, whitelisting services, reporting security defects. and also doing Red Team activities.
In this session Aaron will uncover the importance of using Chaos Engineering in developing a learning culture in a DevSecOps world. Aaron will walk us through how to get started with Chaos Engineering for security and how it can be practically applied to enhance system performance, resilience and security.
Security focused Chaos Engineering allows engineering teams to derive new information about the state of security within their distributed systems that was previously unknown. This new technique of instrumentation attempts to proactively inject security turbulent conditions or faults into our systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain.
During this session we will cover some key concepts in Safety & Resilience Engineering and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive.
At a time when some say users pose the biggest threat, new tools are emerging that give users more freedom than ever.
451 Analyst, Adrian Sanabria speaks on this bold new approach to application control in our latest webinar.
KEY TOPICS
1. Learn from the past: valuing User Experience, IT workload & business/IT relations.
2. Take off the training wheels: it’s possible to trust users to make the right choices, but still have options if they don”t.
3. Drop unreasonable goals: more restrictions ≠ more security.
Security will always be our top priority. Agile deployment methods require a set of dynamic built-in security controls that keep pace with innovation and scale. In this session we will utilise the power of automation with the AWS platform to increase the agility of developers while maintaining a strong security posture.
Speaker: David Faulkner, Senior Technical Account Manager, Amazon Web Services
Thanks to the cloud and open source tools, DevOps teams have access to unprecedented infrastructure and scale. But that also means they can be approached by some of the most nefarious actors on the Internet, as they risk the security of their business with every application deployment. Perimeter-class security is no longer viable in such a distributed environment, so now companies need to adapt to more micro-level security. This merging of DevOps and security operations – a concept called DevSecOps – is one of the most important new developments in security and IT deployment. In this session, our expert will discuss how teams are now collaborating as peers to achieve optimal security.
In the world of DevSecOps as you may predict we have three teams working together. Development, the Security team and Operations.
The “Sec” of DevSecOps introduces changes into the following:
• Engineering
• Operations
• Data Science
• Compliance
DevSecOps is a new way to deliver security as part of the Software Supply Chain. It supports a built-in process and faster security feedback loop for DevOps teams.
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
Designing a secure DevOps workflow is tough: Developers, testers, IT security teams, and managers all have different control points within the software development lifecycle. Additionally, each application in development and production has a unique profile and features. Then you have the different types of organizations which have different maturity levels and needs: Retail has different day-to-day priorities than Finance or Healthcare, although all industries are united by a need to defend against the current threat landscape of data breaches and ransomware.
How do you find the right touch points? How do you build application security into your DevOps workflow successfully, turning the workflow from a process into a program?
Blameless Retrospectives in DevSecOps (at Global Healthcare Giants)DJ Schleen
Join us at Agile+DevOps East's DevSecOps Summit on November 18th to check out our new presentation: https://agiledevopseast.techwell.com/program/devsecops-summit-sessions/blameless-retrospectives-devsecops-global-healthcare-giants-agile-devops-virtual-2020
HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...Aaron Rinehart
The complex ordeal of delivering secure and reliable software in Healthcare will continue to become exponentially more difficult unless we begin approaching the craft differently.
Enter Chaos Engineering, but now also for security. Instead of a focus on resilience against service disruptions, the focus is to identify the truth behind our current state security and determine what “normal” operations actually look like when it's put to the test.
The speed, scale, and complex operations within modern systems make them tremendously difficult for humans to mentally model their behavior. Security Chaos Engineering is an emerging practice that is helping engineers and security professionals realign the actual state of operational security and build confidence that it works the way it was intended to.
Join Aaron Rinehart to learn how he implemented Security Chaos Engineering as a practice at the world’s largest healthcare company to proactively discover system weakness before they were taken advantage of by malicious adversaries. In this session Aaron will share his experience of applying Security Chaos Engineering to create highly secure, performant, and resilient distributed systems.
DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs.
Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program. As Dale Carnegie said, ‘The only way to get anyone to do anything, is to make them want to do it’ - all the tech and process in the world isn’t going to make it successful if the people and culture (and heart) are not in it. So let’s share what we’ve seen from 100s of company interactions, understand better where everyone is coming from, and how to approach a DevSecOps program that can move the needle like Marty McFly playing Doc Brown’s guitar. We’ve love this to be interactive, so bring your stories and questions.
Gary's Bio
Gary Robinson has been working in software and cyber security for 20+ years, as a coder, pen tester, consultant, Security Architect at Citi, Global Board member at OWASP, and heading up Uleska to focus on DevSecOps for the last 5 years. Gary’s focused on the people, process, technology, and culture aspect of DevSecOps – as someone who’s worked in all three spaces during his time – and what drivers, blockers, etc each experience with ‘DevSecOps’, ‘shift-left’, ‘secure by design’, and the rest.
--------
Find out more about us www.uleska.com/
Follow us on LinkedIn https://www.linkedin.com/company/uleska/
Follow us on Twitter https://twitter.com/uleska_sec/
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security.
We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown.
As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
DevOps is a cultural shift for more and more organisations, bringing speed and innovation benefits that surpass other SDLC methods. But some of the principles of DevOps aren’t quite aligned with how companies of all sizes will need to incorporate and embed security into this shift. DevSecOps provides a path forward for the transformation and helps companies to shift security to the left so that everyone can take responsibility for it. While automating security testing is an obvious answer to secure applications in the code pipeline, that does not provide 100% coverage until security risks are fully mitigated. Fabian will talk about his journey in making DevSecOps a reality in an organisation. This talk will focus some of the lessons learnt - which includes implementing open source tools to help security team do their jobs better, hacking the culture, whitelisting services, reporting security defects. and also doing Red Team activities.
In this session Aaron will uncover the importance of using Chaos Engineering in developing a learning culture in a DevSecOps world. Aaron will walk us through how to get started with Chaos Engineering for security and how it can be practically applied to enhance system performance, resilience and security.
Security focused Chaos Engineering allows engineering teams to derive new information about the state of security within their distributed systems that was previously unknown. This new technique of instrumentation attempts to proactively inject security turbulent conditions or faults into our systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain.
During this session we will cover some key concepts in Safety & Resilience Engineering and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive.
At a time when some say users pose the biggest threat, new tools are emerging that give users more freedom than ever.
451 Analyst, Adrian Sanabria speaks on this bold new approach to application control in our latest webinar.
KEY TOPICS
1. Learn from the past: valuing User Experience, IT workload & business/IT relations.
2. Take off the training wheels: it’s possible to trust users to make the right choices, but still have options if they don”t.
3. Drop unreasonable goals: more restrictions ≠ more security.
Security will always be our top priority. Agile deployment methods require a set of dynamic built-in security controls that keep pace with innovation and scale. In this session we will utilise the power of automation with the AWS platform to increase the agility of developers while maintaining a strong security posture.
Speaker: David Faulkner, Senior Technical Account Manager, Amazon Web Services
Thanks to the cloud and open source tools, DevOps teams have access to unprecedented infrastructure and scale. But that also means they can be approached by some of the most nefarious actors on the Internet, as they risk the security of their business with every application deployment. Perimeter-class security is no longer viable in such a distributed environment, so now companies need to adapt to more micro-level security. This merging of DevOps and security operations – a concept called DevSecOps – is one of the most important new developments in security and IT deployment. In this session, our expert will discuss how teams are now collaborating as peers to achieve optimal security.
In the world of DevSecOps as you may predict we have three teams working together. Development, the Security team and Operations.
The “Sec” of DevSecOps introduces changes into the following:
• Engineering
• Operations
• Data Science
• Compliance
DevSecOps is a new way to deliver security as part of the Software Supply Chain. It supports a built-in process and faster security feedback loop for DevOps teams.
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...Amazon Web Services
This session will demonstrate how to embrace DevSecOps to improve your security and compliance agility and posture within the highly regulated HIPAA environment. We will cover compliance frameworks, data decoupling strategies to fully utilize AWS, and best practices learned from the industry most active cloud adopters.
In the movie, RoboCop is given three primary directives: "Serve the public trust, Protect the innocent, and Uphold the law". We built our own RoboCop in order to bring law and order to our CI/CD pipeline. DevOps practices are all about enabling fast and frequent delivery of new software. In order to keep pace in a DevOps culture, application security must be reliably integrated into the CI/CD pipeline.
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)Dominic Tancredi
On May 4, Dom & Tom cofounder Dominic Tancredi spoke to the NYC Healthcare Cloud Meetup group about DevSecOps. Here, he outlines a case study from Dignity Health Group and discusses DevSecOps at D&T.
Continuous Compliance is achievable, provided you leverage the cloud infrastructure APIs and applying Continuous Monitoring to your deployed resources. Here's how Evident.io is doing cloud security right.
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
Security Blind Spots
We need to automatically detect and report on security blind spots, including Sensitive Data that was not found in our initial Discovery and failures of deployed security control systems. Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows that allows attackers to identify a way to compromise the systems and steal sensitive data. This can also impact our real compliance posture.
2016 - Safely Removing the Last Roadblock to Continuous Deliverydevopsdaysaustin
Presentation by Shannon Lietz
Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t?
Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path.
Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t?
Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path.
Outpost24 webinar: Turning DevOps and security into DevSecOpsOutpost24
DevOps is a revolution starting to deliver. The “shift left” security approach is trying to catch up, but challenges remain. We will go over concrete security approaches and real data that overcome these challenges.
It takes more than adding “hard to find” security talent to your DevOps team to reach DevSecOps benefits. Our discussion focuses on the practical side and lessons-learned from helping organizations gear up for this paradigm shift.
Security Training: Making your weakest link the strongest - CircleCityCon 2017Aaron Hnatiw
It is well known among security professionals that the weakest link in any organization's security is the employee- the so-called "human element". While endpoint security controls may mitigate this risk, they are nowhere close to removing it completely. This is where security training becomes essential. This talk will cover how to introduce and improve security training in any organization, along with industry best practices, and methods to keep knowledge retention high. The speaker will provide specific examples from his own experience of cases where a properly trained employee could have easily thwarted a devastating attack immediately. Will your employees be your weakest link, or your strongest asset?
DevOps continues to be a buzzword in the software development and operations world, but is it really a paradigm shift? It depends on what lens you view it through.
Roman Garber, an active software security engineering and software team lead thinks so. Ed Adams, Security Innovation CEO, a 20-year software quality veteran and former mechanical engineer, curmudgeonly disagrees.
Getting your staff to adopt new technology can be a challenge. Attend this session to learn the steps for implementing new technology in your agency and how to get your staff to actually use it.
This talk provides a brief history of how DevOps has enabled tech companies to become unicorns. Furthermore, is Security in DevOps important, who is responsible and what can teams do make security a competitive advantage.
"Running enterprise workloads with sensitive data in AWS is hard and requires an in-depth understanding about software-defined security risks. At re:Invent 2014, Intuit and AWS presented ""Enterprise Cloud Security via DevSecOps"" to help the community understand how to embrace AWS features and a software-defined security model. Since then, we've learned quite a bit more about running sensitive workloads in AWS.
We've evaluated new security features, worked with vendors, and generally explored how to develop security-as-code skills. Come join Intuit and AWS to learn about second-year lessons and see how DevSecOps is evolving. We've built skills in security engineering, compliance operations, security science, and security operations to secure AWS-hosted applications. We will share stories and insights about DevSecOps experiments, and show you how to crawl, walk, and then run into the world of DevSecOps."
Many companies have adopted agile for their software development teams. These teams are doing a great job sprinting and building a lot of potentially shippable product increments. The problem is the software is only potentially shippable. The focus on potentially shippable is leading to a “Potentially shippable product Problem” where teams aren’t actually releasing the value they created and are only focused on maintaining or improving their velocity.
This deck is from a session at Agile Camp 2018 in Dallas where we talked about how using Agile and DevOps practices together can solve the potentially shippable product problem and enable teams to not only sprint but also deliver value faster, with higher quality and in more stable environments.
We have a lot to do on the cybersecurity side, and we are almost always lacking people, or budget, or both. Can we take lessons and approaches from entrepreneurship to apply to our cybersecurity programs? Can we do more with what we have, or for each addition can we make sure it has a large impact?
We’ll explore some entrepreneurship principles and then dive into some ways to improve security without large increases in headcount or budget.
Anyone handling sensitive information in this day and age needs to to have a solid security setup and a plan for when something goes wrong. This webinar aims to get you looking at your security with fresh eyes and give you an outline of an action plan.
This talk provides a brief history of how DevOps has enabled tech companies to become unicorns. Furthermore, is Security in DevOps important, who is responsible and what can teams do make security a competitive advantage.
Culture is very important in DevOps. It is the first thing in every definition of DevOps, but how can you measure it? Culture is intangible, hard to change, and it is of vital importance to your company and your employee’s satisfaction. Everyone agrees that a culture of trust and collaboration is key to a successful DevOps transformation. Having a culture of collaboration where people feel safe to share their views and work across a diverse group is a must for a successful organization. But how do we measure culture?
In this session we will talk about the culture of DevOps and how the culture enable information flow through organizations. We talk about the Westrum Typology of Organizational Culture and how organizational culture predicts the way information flows through an organization. We’ll talk about how to measure your culture based on the Westrum Typology and steps to move to a generative culture of high trust and high collaboration across the organization.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
2. Always an Early Adopter
Google Trends
• DevOps.com was bought in
2004
• Google searches for “DevOps”
started to rise in 2010
• Major influences:
– Saving your Infrastructure from
DevOps / Chicago Tribune
– DevOps: A Culture Shift, Not a
Technology / Information Week
– DevOps: A Sharder’s Tale from
Etsy
– DevOps.com articles
• RuggedSoftware.org was
bought in 2010
https://www.google.com/trends/
5. This is the End of Security as We Know It…
Say what?!??!
6+ years later, it’s hard to believe
we’re still shocked by this quote!
This talk will provide you with a
path forward…
And a survival kit...
-Josh Corman
6. An Ugly Little Secret
• DevOps teams make security
decisions… several times,
everyday!
• Hackers find security issues and
exploit them... several times,
everday!
• Security teams hardly ever make
security decisions... and really only
when risks need to be officially
authorized!
https://www.flickr.com/photos/denise_rowlands
7. In a Deming World…
• Most decisions are made within the
software supply chain by engineering
teams
• Security decisions are usually made as a
result of attempting to balance design
constraints
• Gating processes are not Deming-like; but
it is hard to avoid business catastrophes by
applying measure ahead strategies for
security
• Most security defects are identified during
a major event triggering the equivalent of
a security “recall”
design build deploy operate
How do I
secure my
app?
What
component
is secure
enough?
How do I
secure
secrets for
the app?
Is my app
getting
attacked?
How?
Typical gates for security
checks & balances
Mistakes and drift often happen
after design and build phases
Most costly mistakes
Happen during design
Missing and much-needed feedback loop
8. Hackers have lots of opportunities…
People
• Susceptible to phishing and email scams
• Can be social engineered
Process
• Humans make mistakes, because they are human (6 Sigma)
• Process gaps provide room for fraud
Technology
• Software complexity increases with reusable components
• Technology providers have to do their part, or everyone fails!
9. Get Grounded in Reality
• Secure business is the new black! KTLO!
• Everyone must be responsible for security!
• Perfection is over-rated… Mistakes are
inevitable.
• Reacting can be costly… build security in.
• Compliance is important but it’s not security!
• A blaming culture is dangerous, avoid it!
• Continuously test, detect, measure and
incrementally improve.
10. Keep The Lights On!
• Keeping the Lights on includes
Security…
• 66% of companies adopting
DevOps
• DevOps teams need guardrails
and guidelines to move fast
• Security decisions that haven’t
been made before likely
require escalation
https://www.flickr.com/photos/darwinbell
http://www.rightscale.com/blog/cloud-industry-insights/cloud-
computing-trends-2015-state-cloud-survey
11. Enlist Everyone!
• Common ratio for Dev, Ops
and Sec => 100, 10, 1
• Numbers matter against
attackers!
• Skills help, but anyone can
identify an anomaly.
• Everyone needs to help
with security; everyone has
a role to play. And this is hard to find...
12. Mistakes happen…
• DevOps utilize customer-driven
development processes with
incremental changes…Mistakes
just happen.
• But because of frequent
changes, teams have more
opportunities to correct
defects, on average 30x more
• Teams need help deciphering
how to self-correct
https://www.flickr.com/photos/doobybrain
13. Protection is ideal; Detection is a must!
• The faster a defect is
discovered, the faster it can
be dealt with.
• DevOps has 50% faster MTTR
• Transforming security events
into incidents and problems
helps with resolution rates https://www.flickr.com/photos/daoro
14. Compliance Programs won’t stop a breach
• Point in time assessments
don’t go far enough
• 0 companies (in 10 years)
have been found compliant
after a breach
• Compliance needs to be
paired with rugged security
http://www.slideshare.net/VerizonEnterpriseSolutions/webinar-new-
insights-to-simplify-pci-compliance-and-manage-risk
15. High Performing is where it’s at!
• High performing teams that
focus on a blameless culture
improve on average 50% better
• Blaming cultures create less
engagement, 30% less efficient
• MTTR is 5x faster in blameless
teams that focus on
opportunities first
#1
16. Continuous Improvement
• Continuous improvement has
been a goal for an endless
amount of years
• Teams that focus on testing,
early detection, and measuring
progress have 30% fewer
defects in production
• Tests are often added to
continuous delivery to achieve
better results throughout the
continuous delivery pipeline
https://www.flickr.com/photos/deniscollette
17. Great! What does this look like in practice for a
security professional?
Leaning in over Always Saying “No”
Data & Security Science over Fear, Uncertainty and Doubt
Open Contribution & Collaboration over Security-Only Requirements
Consumable Security Services with APIs over Mandated Security Controls & Paperwork
Business Driven Security Scores over Rubber Stamp Security
Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities
24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident
Shared Threat Intelligence over Keeping Info to Ourselves
Compliance Operations over Clipboards & Checklists
20. Get Involved and Join the Community
• devsecops.org
• @devsecops on Twitter
• DevSecOps on LinkedIn
• DevSecOps on Github
• RuggedSoftware.org
• Compliance at Velocity
• Join Us !!!
• Spread the word!!!