The document discusses integrating compliance into the DevOps process. It recommends starting with a hardened operating system, ensuring development systems are compliant, and including compliance testing at all stages of continuous integration and delivery. Compliance should be automated and tested continuously to ensure security and consistency across development, testing, and production environments. Various tools can help with compliance testing, monitoring, and issue remediation at each stage.
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
Security is in crisis and it needs a new way to move forward. This talk from Nov 2018, Houston ISSA meeting discusses the tooling needed to rise to the demands of devops and devsecops.
Designing a secure software development process with DevOpsMike Long
This talk will describe how to design a secure SDLC for regulated organizations.
By applying techniques from DevOps and security disciplines, you will learn how to design in compliance needs into your process, to provide a provable process and audit trail.
(Ignite) OPEN SOURCE - OPEN CHOICE: HOW TO CHOOSE AN OPEN-SOURCE PROJECT, HIL...DevOpsDays Tel Aviv
Choosing the right Open Source project can be challenging, BUT! Asking yourself the right questions can ease the process
In this talk I'm going to talk about the key indicators of how to choose an open-source project for integration in your environment, as well as set the weight for the specific key indicators based on your needs and specific pain points.
DSC UTeM DevOps Session#1: Intro to DevOps Presentation SlidesDSC UTeM
DevOps has been such a buzzword in the IT field nowadays. If you look into job postings, you might be surprised to find terms like "work with DevOps team", "work in an agile team" etc.
What is DevOps? What is agile? And why all these? 樂
Join us on 24 May 2021, where we have a short session to explore on the events that led to the trend nowadays
We will be exploring on the current trends, tech stacks and the existence of DevOps itself! 朗
Mark this date on your calendar and we'll see you there!
* Note: This is an introductory "brief overview" session that gives you context on our upcoming events.
Slides by KwongTN.
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
Security is in crisis and it needs a new way to move forward. This talk from Nov 2018, Houston ISSA meeting discusses the tooling needed to rise to the demands of devops and devsecops.
Designing a secure software development process with DevOpsMike Long
This talk will describe how to design a secure SDLC for regulated organizations.
By applying techniques from DevOps and security disciplines, you will learn how to design in compliance needs into your process, to provide a provable process and audit trail.
(Ignite) OPEN SOURCE - OPEN CHOICE: HOW TO CHOOSE AN OPEN-SOURCE PROJECT, HIL...DevOpsDays Tel Aviv
Choosing the right Open Source project can be challenging, BUT! Asking yourself the right questions can ease the process
In this talk I'm going to talk about the key indicators of how to choose an open-source project for integration in your environment, as well as set the weight for the specific key indicators based on your needs and specific pain points.
DSC UTeM DevOps Session#1: Intro to DevOps Presentation SlidesDSC UTeM
DevOps has been such a buzzword in the IT field nowadays. If you look into job postings, you might be surprised to find terms like "work with DevOps team", "work in an agile team" etc.
What is DevOps? What is agile? And why all these? 樂
Join us on 24 May 2021, where we have a short session to explore on the events that led to the trend nowadays
We will be exploring on the current trends, tech stacks and the existence of DevOps itself! 朗
Mark this date on your calendar and we'll see you there!
* Note: This is an introductory "brief overview" session that gives you context on our upcoming events.
Slides by KwongTN.
DOES SFO 2016 - Sam Guckenheimer & Ed Blankenship "Moving to One Engineering ...Gene Kim
Microsoft has been on a transformation both culturally as well as technically by consolidating engineering systems to One Engineering System. Along the way, we've had many learnings that we'll share from soup to nuts: adopting Git at scale, realigning our talent competencies, reorganizing, becoming data driven, and delivering continuously through lots of automation & cloud adoption.
How to Decentralise Controls (Hint: BDD on Policies)Ebru Cucen Çüçen
Cloud onboarding journey does bring the challenge of implementing guardrails. This is how we enabled collaboration between central IT teams (control teams such as Security, Networking, Finance) and Application Teams by using BDD on Policies os they could agree on the same ubiquitous language.
Continuous Deployment - The New #1 Security Feature, from BSildesLA 2012Nick Galbreath
First presented at Security BSidesLA, Hermosa Beach, California, August 16, 2012
Continuous deployment is characters by a small and frequent changes to production. Find out why it's my #1 security feature. It's not just about pushing fast!
Bug Bounties and The Path to Secure Software by 451 ResearchHackerOne
Scott Crawford, Research Director of Information Security at 451 Research, shares:
Why having a Vulnerability Disclosure Policy is now “table stakes”
The what, how and why of Vulnerability Disclosure Policy documentation
Tangible benefits and tradeoffs of incorporating bug bounties into software development
How bug bounties make for a more secure software development lifecycle
DevOps continues to be a buzzword in the software development and operations world, but is it really a paradigm shift? It depends on what lens you view it through.
Roman Garber, an active software security engineering and software team lead thinks so. Ed Adams, Security Innovation CEO, a 20-year software quality veteran and former mechanical engineer, curmudgeonly disagrees.
AIPMM Webcast: Lean Product Innovation: How To Use Agile Ideas For Discovery ...AIPMM Administration
Speaker, Greg Gehrich, Author, "Build It Like A Startup: Lean Product Innovation." Greg's Lean Product Innovation website http://www.lean-product-innovation.com blog: http://www.greg-gehrich.com/
About The AIPMM
The Association of International Product Marketing and Management (AIPMM), founded in 1998, promotes worldwide excellence in product management education and provides training, education, certification and professional networking opportunities. With members in 65 countries, the AIPMM is the Worldwide Certifying Body of product team professionals and offers globalized trainings and credentials localized for specific markets designed to meet the challenges of a constantly changing business landscape. As the only professional organization that addresses the entire product lifecycle from inception to obsolescence in any industry, the AIPMM supports strategic partners with offerings in Europe, the Middle East, Australia, and SouthEast Asia, as well as North America.
AIPMM Membership benefits include the national Product Management Educational Conference, regional conferences, the Career Center, peer Forums, tools, templates, publications and eligibility to enroll in the Certification Programs. The Agile Certified Product Manager® (ACPM), Certified Product Manager® (CPM), Certified Product Marketing Manager® (CPMM), Certified Brand Manager® (CBM), and Certified Innovation Leader (CIL) programs allow individual members to demonstrate their level of expertise and provide corporate members an assurance that their product professionals are operating at peak performance.
http://www.AIPMM.com
Subscribe: http://www.aipmm.com/subscribe
LinkedIn: http://www.linkedin.com/company/aipmm
Membership: http://www.aipmm.com/join.php
Certification: http://aipmm.com/html/certification
Webinar Series: http://aipmm.com/aipmm_webinars/
Articles: http://www.aipmm.com/html/newsletter/article.php
Moderated by Cindy F. Solomon, CPM, CPMM
Founder, Global Product Management Talk @ProdMgmtTalk
http://www.prodmgmttalk.com
http://bit.ly/nbw9Yr
DevOpsNorth 2017 "Seven (More) Deadly Sins of Microservices"Daniel Bryant
All is not completely rosy in microservice-land. It is often a sign of an architectural approach’s maturity that in addition to the emergence of well established principles and practices, that anti-patterns also begin to be identified and classified. In this talk Daniel will introduce the 2016 edition of the seven deadly sins that if left unchecked could easily ruin your next microservices project... This talk will take a tour of some of the nastiest anti-patterns in microservices, giving you the tools to not only avoid but also slay these demons before they tie up your project in their own special brand of hell.
Topics covered include:
• Envy - introducing inappropriate intimacy within services by creating a shared domain model, and how many teams deploy and use data stores incorrectly;
• Wrath - failing to deal with the inevitable bad things that occur within a distributed system;
• Sloth - ignoring the importance of NFRs; and
• Lust - embracing the latest and greatest technology without evaluating the impact incurred by these choices.
Everyone wants (someone else) to do it: writing documentation for open source...Jody Garnett
Many people will cite how their adoption of software was based on the quality of documentation, and yet documentation can be one of the largest gaps in quality with an open source project. This talk will discuss why that is, what you (yes you) can do about it, and how the author has so far managed to avoid burnout by learning to accept less-than-perfect grammar.
A FOSS4G 2015 Presentation
From Monolith to Microservices - What Could Go Wrong?Phuong Mai Nguyen
Almost every tech organisation right from start-ups to unimaginably big ones have had monolithic applications in the past and have moved on to nimbler approaches like microservices, making use of powerful cloud technologies. But not every organisation has made this move yet, with most of them still in analysing phase.
If you are part of this or interested in exploring how major players in the industry have managed to convert monoliths to microservices, join us in the talk to get an in-depth knowledge about things that could go wrong and how to make the right choices using AWS services. On top of practical techniques and real-life case studies, we will also be exploring agile methodologies and discuss if microservices are the right choice for your field of work.
Achieving Secure DevOps: Overcoming the Risks of Modern Service DeliveryPerforce
DevOps and Continuous Delivery practices are attracting the attention of many organizations looking to increase the speed of their application delivery, yet doing so the wrong way can risk both quality and security. In this webinar, Forrester analysts Kurt Bittner and Rick Holland will share their insights on how DevOps and Security teams can work better together to meet these challenges, along with best practices for bringing greater security to product development and delivery.
Outpost24 webinar: Turning DevOps and security into DevSecOpsOutpost24
DevOps is a revolution starting to deliver. The “shift left” security approach is trying to catch up, but challenges remain. We will go over concrete security approaches and real data that overcome these challenges.
It takes more than adding “hard to find” security talent to your DevOps team to reach DevSecOps benefits. Our discussion focuses on the practical side and lessons-learned from helping organizations gear up for this paradigm shift.
Microsoft Skills Bootcamp - The power of GitHub and AzureDavide Benvegnù
In this session, part of the Microsoft Skills Bootcamp, I go through Digital Transformation in the DevOps era, and how to use Azure DevOps and GitHub together to achieve that.
In Data Engineer’s Lunch #68, Will Angel, Technical Product Manager at Caribou Financial, will provide an introduction to DevOps practices and tooling including testing, deployment automation, logging, monitoring, and DevOps principles. Additionally, we will discuss some of the ways that DevOps for data engineering is different from conventional application development.
Accompanying Blog: Coming Soon!
Accompanying YouTube: https://youtu.be/eBtrOv_qLHQ
Sign Up For Our Newsletter: http://eepurl.com/grdMkn
Join Data Engineer’s Lunch Weekly at 12 PM EST Every Monday:
https://www.meetup.com/Data-Wranglers-DC/events/
Cassandra.Link:
https://cassandra.link/
Follow Us and Reach Us At:
Anant:
https://www.anant.us/
Awesome Cassandra:
https://github.com/Anant/awesome-cassandra
Email:
solutions@anant.us
LinkedIn:
https://www.linkedin.com/company/anant/
Twitter:
https://twitter.com/anantcorp
Eventbrite:
https://www.eventbrite.com/o/anant-1072927283
Facebook:
https://www.facebook.com/AnantCorp/
Join The Anant Team:
https://www.careers.anant.us
This is a comprehensive dive into how to use Salesforce flows, when and when not to use them, and some super helpful tips and tricks around designing, development, testing, and deploying flows.
This was presented by Josh LeQuire at the Charleston, SC Salesforce admin group on 2/6/20.
DOES SFO 2016 - Sam Guckenheimer & Ed Blankenship "Moving to One Engineering ...Gene Kim
Microsoft has been on a transformation both culturally as well as technically by consolidating engineering systems to One Engineering System. Along the way, we've had many learnings that we'll share from soup to nuts: adopting Git at scale, realigning our talent competencies, reorganizing, becoming data driven, and delivering continuously through lots of automation & cloud adoption.
How to Decentralise Controls (Hint: BDD on Policies)Ebru Cucen Çüçen
Cloud onboarding journey does bring the challenge of implementing guardrails. This is how we enabled collaboration between central IT teams (control teams such as Security, Networking, Finance) and Application Teams by using BDD on Policies os they could agree on the same ubiquitous language.
Continuous Deployment - The New #1 Security Feature, from BSildesLA 2012Nick Galbreath
First presented at Security BSidesLA, Hermosa Beach, California, August 16, 2012
Continuous deployment is characters by a small and frequent changes to production. Find out why it's my #1 security feature. It's not just about pushing fast!
Bug Bounties and The Path to Secure Software by 451 ResearchHackerOne
Scott Crawford, Research Director of Information Security at 451 Research, shares:
Why having a Vulnerability Disclosure Policy is now “table stakes”
The what, how and why of Vulnerability Disclosure Policy documentation
Tangible benefits and tradeoffs of incorporating bug bounties into software development
How bug bounties make for a more secure software development lifecycle
DevOps continues to be a buzzword in the software development and operations world, but is it really a paradigm shift? It depends on what lens you view it through.
Roman Garber, an active software security engineering and software team lead thinks so. Ed Adams, Security Innovation CEO, a 20-year software quality veteran and former mechanical engineer, curmudgeonly disagrees.
AIPMM Webcast: Lean Product Innovation: How To Use Agile Ideas For Discovery ...AIPMM Administration
Speaker, Greg Gehrich, Author, "Build It Like A Startup: Lean Product Innovation." Greg's Lean Product Innovation website http://www.lean-product-innovation.com blog: http://www.greg-gehrich.com/
About The AIPMM
The Association of International Product Marketing and Management (AIPMM), founded in 1998, promotes worldwide excellence in product management education and provides training, education, certification and professional networking opportunities. With members in 65 countries, the AIPMM is the Worldwide Certifying Body of product team professionals and offers globalized trainings and credentials localized for specific markets designed to meet the challenges of a constantly changing business landscape. As the only professional organization that addresses the entire product lifecycle from inception to obsolescence in any industry, the AIPMM supports strategic partners with offerings in Europe, the Middle East, Australia, and SouthEast Asia, as well as North America.
AIPMM Membership benefits include the national Product Management Educational Conference, regional conferences, the Career Center, peer Forums, tools, templates, publications and eligibility to enroll in the Certification Programs. The Agile Certified Product Manager® (ACPM), Certified Product Manager® (CPM), Certified Product Marketing Manager® (CPMM), Certified Brand Manager® (CBM), and Certified Innovation Leader (CIL) programs allow individual members to demonstrate their level of expertise and provide corporate members an assurance that their product professionals are operating at peak performance.
http://www.AIPMM.com
Subscribe: http://www.aipmm.com/subscribe
LinkedIn: http://www.linkedin.com/company/aipmm
Membership: http://www.aipmm.com/join.php
Certification: http://aipmm.com/html/certification
Webinar Series: http://aipmm.com/aipmm_webinars/
Articles: http://www.aipmm.com/html/newsletter/article.php
Moderated by Cindy F. Solomon, CPM, CPMM
Founder, Global Product Management Talk @ProdMgmtTalk
http://www.prodmgmttalk.com
http://bit.ly/nbw9Yr
DevOpsNorth 2017 "Seven (More) Deadly Sins of Microservices"Daniel Bryant
All is not completely rosy in microservice-land. It is often a sign of an architectural approach’s maturity that in addition to the emergence of well established principles and practices, that anti-patterns also begin to be identified and classified. In this talk Daniel will introduce the 2016 edition of the seven deadly sins that if left unchecked could easily ruin your next microservices project... This talk will take a tour of some of the nastiest anti-patterns in microservices, giving you the tools to not only avoid but also slay these demons before they tie up your project in their own special brand of hell.
Topics covered include:
• Envy - introducing inappropriate intimacy within services by creating a shared domain model, and how many teams deploy and use data stores incorrectly;
• Wrath - failing to deal with the inevitable bad things that occur within a distributed system;
• Sloth - ignoring the importance of NFRs; and
• Lust - embracing the latest and greatest technology without evaluating the impact incurred by these choices.
Everyone wants (someone else) to do it: writing documentation for open source...Jody Garnett
Many people will cite how their adoption of software was based on the quality of documentation, and yet documentation can be one of the largest gaps in quality with an open source project. This talk will discuss why that is, what you (yes you) can do about it, and how the author has so far managed to avoid burnout by learning to accept less-than-perfect grammar.
A FOSS4G 2015 Presentation
From Monolith to Microservices - What Could Go Wrong?Phuong Mai Nguyen
Almost every tech organisation right from start-ups to unimaginably big ones have had monolithic applications in the past and have moved on to nimbler approaches like microservices, making use of powerful cloud technologies. But not every organisation has made this move yet, with most of them still in analysing phase.
If you are part of this or interested in exploring how major players in the industry have managed to convert monoliths to microservices, join us in the talk to get an in-depth knowledge about things that could go wrong and how to make the right choices using AWS services. On top of practical techniques and real-life case studies, we will also be exploring agile methodologies and discuss if microservices are the right choice for your field of work.
Achieving Secure DevOps: Overcoming the Risks of Modern Service DeliveryPerforce
DevOps and Continuous Delivery practices are attracting the attention of many organizations looking to increase the speed of their application delivery, yet doing so the wrong way can risk both quality and security. In this webinar, Forrester analysts Kurt Bittner and Rick Holland will share their insights on how DevOps and Security teams can work better together to meet these challenges, along with best practices for bringing greater security to product development and delivery.
Outpost24 webinar: Turning DevOps and security into DevSecOpsOutpost24
DevOps is a revolution starting to deliver. The “shift left” security approach is trying to catch up, but challenges remain. We will go over concrete security approaches and real data that overcome these challenges.
It takes more than adding “hard to find” security talent to your DevOps team to reach DevSecOps benefits. Our discussion focuses on the practical side and lessons-learned from helping organizations gear up for this paradigm shift.
Microsoft Skills Bootcamp - The power of GitHub and AzureDavide Benvegnù
In this session, part of the Microsoft Skills Bootcamp, I go through Digital Transformation in the DevOps era, and how to use Azure DevOps and GitHub together to achieve that.
In Data Engineer’s Lunch #68, Will Angel, Technical Product Manager at Caribou Financial, will provide an introduction to DevOps practices and tooling including testing, deployment automation, logging, monitoring, and DevOps principles. Additionally, we will discuss some of the ways that DevOps for data engineering is different from conventional application development.
Accompanying Blog: Coming Soon!
Accompanying YouTube: https://youtu.be/eBtrOv_qLHQ
Sign Up For Our Newsletter: http://eepurl.com/grdMkn
Join Data Engineer’s Lunch Weekly at 12 PM EST Every Monday:
https://www.meetup.com/Data-Wranglers-DC/events/
Cassandra.Link:
https://cassandra.link/
Follow Us and Reach Us At:
Anant:
https://www.anant.us/
Awesome Cassandra:
https://github.com/Anant/awesome-cassandra
Email:
solutions@anant.us
LinkedIn:
https://www.linkedin.com/company/anant/
Twitter:
https://twitter.com/anantcorp
Eventbrite:
https://www.eventbrite.com/o/anant-1072927283
Facebook:
https://www.facebook.com/AnantCorp/
Join The Anant Team:
https://www.careers.anant.us
This is a comprehensive dive into how to use Salesforce flows, when and when not to use them, and some super helpful tips and tricks around designing, development, testing, and deploying flows.
This was presented by Josh LeQuire at the Charleston, SC Salesforce admin group on 2/6/20.
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security.
We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown.
As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.
PMI Thailand: DevOps / Roles of Project Manager (20-May-2020)Gonzague PATINIER
DevOps seems to be the latest ‘buzzword’ and trend in the IT industry. This is driven by business needs for ever-faster deployment of new functionality and frustrations with the time and effort it takes to get new systems into operations. It is no longer a question of ‘should we adopt DevOps’, but ‘when and how’?
DevOps represents a significant cultural and behavioral change and many organizations fail to address this in their adoption. Gartner defines DevOps as a change in IT culture, focusing on rapid IT service delivery through the adoption of agile, lean practices in the context of a system-oriented approach. These culture changes include organization changes, impacting structure, roles and responsibilities.
What and where is the role of the project manager in organizations that have transitioned towards adopting DevOPs? Join us and let’s discuss DevOps and answer your questions followed by an informative discussion.
This talk will demo one threat modeling methodology and how an engineering team is appending it to their Secure Software Development Life Cycle. The goal is to create a single platform for communicating architectural risk and planning mitigations within sprints. This will not only address security concerns sooner in a product's lifecycle but establish a trusting relationship between engineering and security teams. As an ever-evolving space, to reduce risk and deploy products to market, this is one additional step any software-focused team can quickly adapt to their practices.
More and more businesses are requiring developers to own end to end delivery, including operational ownership. Weaveworks will share with you what GitOps means, and how easy it is to create cloud native applications, CICD pipelines, integrate operations and more, using GitOps.
Inherited from best practices going back 10-15 years, cloud native is making these practices more relevant today. At Weaveworks, they implement these principles in their product, Weave Cloud. This not only helps customers ship apps faster, it also helps them run their own cloud native stack. This presentation will show how Weaveworks does this, identify best practices and tools, and showcase some of Weaveworks’ use cases.
For the video of this presentation at Cloud Native London visit: https://skillsmatter.com/skillscasts/10506-keynote-by-alexis-richardson
To learn more about Weaveworks: www.weave.works
The process of building and deploying software can be tedious, difficult, and problem-prone. Even more challenging is building a continuous integration and delivery platform that can be flexible and adaptive to your agile software teams. Take a sneak peek into how Dude Solutions revamped and replaced their entire continuous integration and delivery process with a brand new environment and toolset in just under 3 months! We will share our experiences: the good, the bad, and the ugly.
DevOps Patterns Distilled: Implementing The Needed Practices In Practical StepsCA Technologies
Learn from Gene Kim, one of the “DevOps Cookbook” authors, how to help accelerate DevOps adoption, increase the success of DevOps initiatives and lower the activation energy required for DevOps transformations to start and finish.
For more information on DevOps solutions from CA Technologies, please visit: http://bit.ly/1wbjjqX
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24
Our experts discuss the key considerations for implementing security training and application security into the SDLC, how to engage with developers through gamified learning and embed security testing without any downtime and costing the earth.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
1. The Science of Compliance
Early Code to Secure your Node
judy johnson
Software Engineer
Onyx Point
@miz_j
2. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Today’s Agenda
● A little about DevOps and a little about baking
● Compliance vs Security
● Why We need Compliance
● Why We need Automation
● How you know you are Compliant
● My ideal DevSecOps Process
● Compliance In Dev, Test, and Production
● Tools
● Recipe!
2
3. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
● Programming since middle school when my Dad brought home a PDP-8
● Software engineer for [many] years
● Various job titles: Software Engineer, Systems Engineer, Project
Manager, ScrumMaster, and a CD Store Clerk
● Working at Onyx Point since 2015 (note: opinions here are my own)
● Interests - baking, hockey, rock concerts, reading, volunteering
(especially in events that promote diversity in tech)
● Greatest Accomplishment - two amazing daughters - both engineers
About the Speaker
3
5. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
● Fun activity with family and friends
● Stress relief
● Enables creativity
● Makes people happy
● “Practice makes perfect”
● Makes a great analogy to continue through
this talk...
...and why is baking so important to me?
5
6. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
The DevOps Cycle
6
7. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
The Baking Cycle
7
8. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
“DevSecOps means thinking about application
and infrastructure security from the start. It also
means automating some security gates to keep
the DevOps workflow from slowing down.
However, effective DevOps security requires
more than new tools—it builds on the cultural
changes of DevOps to integrate the work of
security teams sooner rather than later.”
(from Red Hat)
What is DevSecOps?
8
9. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
...what does the “Sec” in the middle mean to me?
● “In high-performing organizations, everyone within the team shares a
common goal - quality, availability, and security aren’t the responsibility of
individual departments, but are a part of everyone’s job, every day.” - Gene
Kim
● Of course security should be part of continuous improvement
● But is the “Sec” necessary, or implied?
DevSecCodeTestRunDeployMLEtcOps
9
10. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Security vs Compliance (wiki)
Security is freedom from, or resilience against, potential harm (or other unwanted coercive change)
caused by others. Beneficiaries (technically referents) of security may be of persons and social groups,
objects and institutions, ecosystems or any other entity or phenomenon vulnerable to unwanted change.
In general, compliance means conforming to a rule, such as a specification, policy, standard or law.
Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure
that they are aware of and take steps to comply with relevant laws, policies, and regulations.[1]
Due to the
increasing number of regulations and need for operational transparency, organizations are increasingly
adopting the use of consolidated and harmonized sets of compliance controls.[2]
This approach is used to
ensure that all necessary governance requirements can be met without the unnecessary duplication of
effort and activity from resources.
10
11. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
PROVABLE DISPROVABLE
SECURITY X ✔
COMPLIANCE ✔ ✔
● Compliance - enforcing a defined/testable set of rules
● Security - ensuring that your system is not vulnerable
● Both are attempts to minimize risk
Security vs Compliance
11
13. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
● Compliance is following the recipe
● Correct controls (temperature, measurement, etc),
create consistent, predictable product
● A “typo” or incident could ruin your product
● Substitutions - are they valid?
● Mistake? Learn and document
● Minimizing Risk - Follow instructions, Document
anomalies
Baking and Compliance
13
14. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
● Improve Security
● Implement security concepts in a provable way
● Maintain Trust/Integrity
● Add transparency
● Maintain Consistency (process management)
● Maintain Control
● Risk Management
Why do we need compliance?
14
15. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Reasons we need to start compliance earlier
● Doing work up-front saves time later
● Awareness of compliance early-on
● Creates a culture of security
● Early insertion of tools allows for continuous monitoring even during
development, shortening the feedback loop
● Compliance resources are available earlier in the process
● Fixes and updates can be made earlier and cheaper
● Reduces the risk of problems when adding new code/tools
● Have you ever tried to put the chocolate chips in the cookies when they were
done?
15
16. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
...and baking…
● Know the requirements
○ Read the recipe first
○ Ensure you have all the ingredients
before you start
● Consistent infrastructure
○ Preheated oven ensures
temperature stability
○ Ensure you have appropriate
measuring devices
16
17. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Reasons we need to Automate Compliance
● An compliant infrastructure allows for simpler development and
maintenance
● Compliance is consistently applied
● Modularizing code increases ability and speed of updating
● Code is easily shareable - tools can be put into CM (Git, etc) and
reused in multiple places (with access to the most current tools)
● Reporting is more accurate and more timely (audit trail)
● Open collaboration creates continued transparency
● “Simplify and Optimize”
17
18. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Reasons people are hesitant (and replies)
● People believe that it is a huge time investment (it is, but will be worth it
later)
● Making large changes in processes is risky (no more risky than using a
non-compliant system)
● People feel that it is not necessary to train application developers on security
and compliance (of course it is!)
● “We’ve always done it that way…” (sigh.)
18
20. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Ideal Process
● Code and Compliance Requirements Created
● Compliance & Code Written simultaneously
● Compliance code shared/reused
● Compliance tickets reside with target (application) code tickets
● ALL Code Reviewed and Tested Continuously
● ALL Code is rewritten/re-reviewed/re-tested
20
21. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
How do you know you are Compliant?
● Out-of-the-box testing tools based on a specific set of rules (e.g.Nessus,
OpenScap, OVAL)
● Toolkits to test compliance status - more flexible (e.g. InSpec, ServerSpec)
● Manual tests
● Compliance tests from scratch
● Logs!
21
23. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
How we bake it in...
23
24. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Hardening your O/S
● Hardening begins with O/S
● Non-compliant code will be exposed early
● Dev/Test platforms have the same rules as target platforms
● Compliance issues and fixes are found early and shared early
● Using an automated provisioning system such as Puppet, Ansible, Chef, or
SaltStack will allow you to start immediately
● Items such as disk and data encryption, which are hard to add later, are set early
● Customize and standardize features such as open ports, ciphers, allowable tools
24
25. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Ensuring your Dev systems are Compliant
● Eliminate some of the threats immediately via O/S
○ e.g. ports, encryption
○ Keep up with O/S patches
● Ensure development and test tools are known to be compliant
● Do not change O/S settings as you develop (or clean up after yourself)
● Create a compliance baseline
25
26. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Ensuring Compliance is part of Testing
● Testing framework and platform (CI)
○ Test under varying conditions
○ Test all components together
● Last chance to catch issues before code goes live
● Read Logs!
26
27. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Adding Compliance to Testing
● Acceptance tests - Beaker (Litmus)/VM/Container tests
● Chef’s Inspec
● Manual testing
● Static code analysis tools
● Dynamic code analysis tools
● Use the tools you have!
27
29. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Check out this video - applies to both CI and cooking!
( https://www.youtube.com/watch?v=rfROcNPsb3w )
29
Continuous testing of your recipe
30. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
30
31. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Ensuring your Production Systems Stay Compliant
● Your production environment is open
to threats
● “Chaos Monkey”-like tools randomly
test for various issues
● Canary deployments and feature flags
(start with a small sample)
● Logs! Logs! Logs!
31
32. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
What to look out for
● Ensure that the “definition of done” or goals of the compliance code are
defined up front (a “single source of truth”)
● Ensure developers/security/sysadmins are communicating goals and
practices to avoid redundancy and allow for reuse
32
33. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Tools
● Many tools are available, and it is important that your organization evaluates
the tools they already have, and do thorough “analysis of alternatives” to
ensure that tools are selected and used appropriately
33
36. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Other types of tools
● Infrastructure Vulnerability Management – Tenable, Qualys, Rapid7, OpenVAS
● Container – Clair, Trivy, Aqua, Twistlock
● Cloud - Prowler (AWS assessment tool)
● Database scanner - SQLmap (open source SQL Injection and db takeover tool),
(tool listings thanks to
Thaddeus @thaddeuswalsh)
36
37. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
● Puppet
○ Ensures your setup remains solid by running every
30 minutes (or predetermined)
● Cron job or CI tool
○ Can recheck and reset if there is an issue
● Ensure that reoccurring issues are documented and
addressed
OK, it’s passed all the tests, and I’ve deployed...
37
38. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
My baking slide (1)
Carrot Cake
● 1 1/2 cups corn oil
● 2 cups sugar (not salt :) )
● 3 eggs
● 2 cups flour
● 1 1/2 teaspoons cinnamon
● 2 teaspoons baking soda
● 2 teaspoons vanilla
● 1/2 teaspoon salt (not sugar :) )
● 2 cups grated carrots
● 1 cup chopped walnuts
Combine all ingredients.
Pour in greased 13" x 9" pan.
Bake at 350 for 45 minutes.
Cool, frost.
● Carrot cake is one of my favorites!
● Vegetables and security - necessary evils
to some
● Carrot - a vegetable and unexpected - are
baked in, yet the cake is sweet and moist
38
39. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
● Imagine the frosting as your app.
● Solid base - add your personal touch
● Ensure that you do not alter the
foundation that the cake has created
when you personalize it
Cream Cheese Frosting
● 3 oz cream cheese
● 1 2/3 cups confectioners sugar
● 1/8 teaspoon salt
● 1 teaspoon vanilla
Combine all ingredients. Beat until creamy.
Spread on cake.
My baking slide (2)
39
40. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
● A secure O/S on development and all other platforms allows you to start with an advantage
● Compliance testing can - and should - be done at all stages of your CI
● Watch your test tool - there can be false positives as well as false negatives
● A tool such as Puppet or Cron can run (or run scripts) at regular time increments to check
your compliance, and alert you if something needs correction
● Correction can be done with an automated tool or manually
● Ensure that security is integrated into your team and process
● Create a Culture of Security
● No matter what you are creating, remember to bake in the goodness!
Summary...
40
41. The Science of Compliance judy johnson Twitter: @miz_j GitHub: judyj Agile + DevOps Virtual Summit
Thanks!
To co-workers who teach me every day, and
peer review my code, documents, and
cookies… to family and friends who inspire
me daily… to the friends who helped me put
this together and make it pretty
Never stop learning – and make sure you
have time to spend on things you enjoy!
https://unsplash.com/ and
https://www.123rf.com/ (for photos)
Thanks!
41