The document discusses the principles and practices of DevSecOps. It begins with an agenda that covers DevSecOps prerequisites, foundations, roles and responsibilities, and practical tips. It discusses concepts like shifting security left, continuous integration/delivery pipelines, and the importance of collaboration across roles. It provides overviews of risk management, static and dynamic testing, feature toggles, and recommends DevSecOps training and tools from Cprime. The presentation aims to help organizations adopt DevSecOps practices to improve security and deployment processes.
DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
In this Practical DevSecOps's DevSecOps Live online meetup, you’ll learn DevSecOps Challenges and Opportunities.
Join Mohan Yelnadu, head of application security at Prudential Insurance on his DevSecOps Journey.
He will cover DevSecOps challenges he has faced and how he converted them into opportunities.
He will cover the following as part of the session.
DevSecOps Challenges.
DevSecOps Opportunities.
Converting Challenges into Opportunities.
Quick wins and lessons learned.
… and more useful takeaways!
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
In this Practical DevSecOps's DevSecOps Live online meetup, you’ll learn DevSecOps Challenges and Opportunities.
Join Mohan Yelnadu, head of application security at Prudential Insurance on his DevSecOps Journey.
He will cover DevSecOps challenges he has faced and how he converted them into opportunities.
He will cover the following as part of the session.
DevSecOps Challenges.
DevSecOps Opportunities.
Converting Challenges into Opportunities.
Quick wins and lessons learned.
… and more useful takeaways!
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
More organisations are embracing DevOps and automation to realise compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery.
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at OWASP NoVA, Sept 25th, 2018
In the world of DevSecOps as you may predict we have three teams working together. Development, the Security team and Operations.
The “Sec” of DevSecOps introduces changes into the following:
• Engineering
• Operations
• Data Science
• Compliance
Awareness and Guide to a Practical Implementation.
Discover how to automate security testing, and ensure every bit of code is scanned before it leaves the developer’s hands
https://bsidesdc2018.busyconf.com/schedule#day_5acff470ec4a15f24e000036
DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. DevSecOps is beyond the automatizing security testing and there are common misconceptions and roadblocks on how you can establish it successfully.
Learning Objectives:
1: Identify key principles of DevSecOps and see how it relates to DevOps principles.
2: Analyze common pitfalls and see where integration security takes part in DevSecOps.
3: Demonstrate how to do “Continuous Security” by using a lifecycle approach.
(Source: RSA Conference USA 2018)
Link to Youtube video: https://youtu.be/-awH_CC4DLo
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Basic Introduction to DevSecOps concept
Why What and How for DevSecOps
Basic intro for Threat Modeling
Basic Intro for Security Champions
3 pillars of DevSecOps
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
How to integrate security in CI/CD pipeline
How to build security into the DevOps environment. Introduction to DevSecOps for DevOps / Agile enthusiasts and practitioners. Presented on Czech DevOps meet-up.
When DevOps talks meet DevOps tactics, companies find that Continuous Integration is the make or break point. And implementing CI is one thing, but sustainable CI takes a little bit more consideration. CI is not all about releases, it is also about knowing more about how your software delivery pipeline works, it's weak points, and how you are doing over time.
Join CloudBees and cPrime as we discuss best practices for facilitating DevOps pipelines with Jenkins Workflow and reveal how the workflow engine of Jenkins CI and “Agilecentric” Devops practices together, support complex control structures, shortens the development cycle, stabilizes environments and reduces defects.
Security will always be our top priority. Agile deployment methods require a set of dynamic built-in security controls that keep pace with innovation and scale. In this session we will utilise the power of automation with the AWS platform to increase the agility of developers while maintaining a strong security posture.
Speaker: David Faulkner, Senior Technical Account Manager, Amazon Web Services
In this session we will take an introduction look to Continuous Integration and Continuous Delivery workflow.
This is an introduction session to CI/CD and is best for people new to the CI/CD concepts, or looking to brush up on benefits of using these approaches.
* What CI & CD actually are
* What good looks like
* A method for tracking confidence
* The business value from CI/CD
In the ever-evolving, fast-paced Agile development world, application security has not scaled well. Incorporating application security and testing into the current development process is difficult, leading to incomplete tooling or unorthodox stoppages due to the required manual security assessments. Development teams are working with a backlog of stories—stories that are typically focused on features and functionality instead of security. Traditionally, security was viewed as a prevention of progress, but there are ways to incorporate security activities without hindering development. There are many types of security activities you can bake into your current development lifecycles—tooling, assessments, stories, scrums, iterative reviews, repo and bug tracking integrations—every organization has a unique solution and there are positives and negatives to each of them. In this slide deck, we go through the various solutions to help build security into the development process.
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
More organisations are embracing DevOps and automation to realise compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery.
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at OWASP NoVA, Sept 25th, 2018
In the world of DevSecOps as you may predict we have three teams working together. Development, the Security team and Operations.
The “Sec” of DevSecOps introduces changes into the following:
• Engineering
• Operations
• Data Science
• Compliance
Awareness and Guide to a Practical Implementation.
Discover how to automate security testing, and ensure every bit of code is scanned before it leaves the developer’s hands
https://bsidesdc2018.busyconf.com/schedule#day_5acff470ec4a15f24e000036
DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. DevSecOps is beyond the automatizing security testing and there are common misconceptions and roadblocks on how you can establish it successfully.
Learning Objectives:
1: Identify key principles of DevSecOps and see how it relates to DevOps principles.
2: Analyze common pitfalls and see where integration security takes part in DevSecOps.
3: Demonstrate how to do “Continuous Security” by using a lifecycle approach.
(Source: RSA Conference USA 2018)
Link to Youtube video: https://youtu.be/-awH_CC4DLo
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Basic Introduction to DevSecOps concept
Why What and How for DevSecOps
Basic intro for Threat Modeling
Basic Intro for Security Champions
3 pillars of DevSecOps
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
How to integrate security in CI/CD pipeline
How to build security into the DevOps environment. Introduction to DevSecOps for DevOps / Agile enthusiasts and practitioners. Presented on Czech DevOps meet-up.
When DevOps talks meet DevOps tactics, companies find that Continuous Integration is the make or break point. And implementing CI is one thing, but sustainable CI takes a little bit more consideration. CI is not all about releases, it is also about knowing more about how your software delivery pipeline works, it's weak points, and how you are doing over time.
Join CloudBees and cPrime as we discuss best practices for facilitating DevOps pipelines with Jenkins Workflow and reveal how the workflow engine of Jenkins CI and “Agilecentric” Devops practices together, support complex control structures, shortens the development cycle, stabilizes environments and reduces defects.
Security will always be our top priority. Agile deployment methods require a set of dynamic built-in security controls that keep pace with innovation and scale. In this session we will utilise the power of automation with the AWS platform to increase the agility of developers while maintaining a strong security posture.
Speaker: David Faulkner, Senior Technical Account Manager, Amazon Web Services
In this session we will take an introduction look to Continuous Integration and Continuous Delivery workflow.
This is an introduction session to CI/CD and is best for people new to the CI/CD concepts, or looking to brush up on benefits of using these approaches.
* What CI & CD actually are
* What good looks like
* A method for tracking confidence
* The business value from CI/CD
In the ever-evolving, fast-paced Agile development world, application security has not scaled well. Incorporating application security and testing into the current development process is difficult, leading to incomplete tooling or unorthodox stoppages due to the required manual security assessments. Development teams are working with a backlog of stories—stories that are typically focused on features and functionality instead of security. Traditionally, security was viewed as a prevention of progress, but there are ways to incorporate security activities without hindering development. There are many types of security activities you can bake into your current development lifecycles—tooling, assessments, stories, scrums, iterative reviews, repo and bug tracking integrations—every organization has a unique solution and there are positives and negatives to each of them. In this slide deck, we go through the various solutions to help build security into the development process.
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
Software security is best built in. This presentation introduces three essential things to help you design more secure software. In order to have a secure foundation, you can create and select security requirements for your applications using evil user stories and utilizing existing material for example from OWASP.
Another useful skill is threat modeling which helps you to assess security already in the design phase. Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus penetration testing to the most risky parts of the system. The presentation covers various methods, such as the STRIDE model, for finding security and privacy threats.
You will also learn what kind of security related testing you can do without having any infosec background.
"Running enterprise workloads with sensitive data in AWS is hard and requires an in-depth understanding about software-defined security risks. At re:Invent 2014, Intuit and AWS presented ""Enterprise Cloud Security via DevSecOps"" to help the community understand how to embrace AWS features and a software-defined security model. Since then, we've learned quite a bit more about running sensitive workloads in AWS.
We've evaluated new security features, worked with vendors, and generally explored how to develop security-as-code skills. Come join Intuit and AWS to learn about second-year lessons and see how DevSecOps is evolving. We've built skills in security engineering, compliance operations, security science, and security operations to secure AWS-hosted applications. We will share stories and insights about DevSecOps experiments, and show you how to crawl, walk, and then run into the world of DevSecOps."
DevSecOps is a new way to deliver security as part of the Software Supply Chain. It supports a built-in process and faster security feedback loop for DevOps teams.
Cyber Scotland Connect: What is Security Engineering?Harry McLaren
What is Security Engineering?: Thoughts on the definition, placement, role and job of working within security engineering. Then a scenario of the activities a Security Engineer might do throughout a project. Finally, some resources and thoughts on skills for 2018.
Slides by: Harry McLaren
Website: https://cyberscotlandconnect.com/
For Business's Sake, Let's focus on AppSecLalit Kale
Slide-Deck for session on Application Security at Limerick DotNet-Azure User Group on 15th Feb, 2018
Event URL: https://www.meetup.com/Limerick-DotNet/events/hzctdpyxdbtb/
This talk will demo one threat modeling methodology and how an engineering team is appending it to their Secure Software Development Life Cycle. The goal is to create a single platform for communicating architectural risk and planning mitigations within sprints. This will not only address security concerns sooner in a product's lifecycle but establish a trusting relationship between engineering and security teams. As an ever-evolving space, to reduce risk and deploy products to market, this is one additional step any software-focused team can quickly adapt to their practices.
• How Software Development Methodologies may increase the security level
• Detecting and handling vulnerabilities in dependencies in a pragmatic way
• High-level principles that ~always increase the security level
-Microsoft Security Development Lifecycle practices
-What is Dev SecOps
-Static and Dynamic Application Security Testing
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
Whether you're a huge enterprise or a small start-up, you can't escape global digitalization. As digital technologies like machine-2-machine communication, device-2-device telematics, connected cars, and the Internet of Things become more integral in today’s world, more threats will appear as hackers use new ways to exploit weaknesses in your organization and products.
During SoftServe’s free security webinar, Nazar Tymoshyk will explore the reasons why recent victims of digital attacks couldn’t withstand a threat to their security and share how you can build secure and compliant software with the help of security experts. A real-life case study will demonstrate how SoftServe assessed and mitigated security threats for a top organization.
Achieving Sustainable Growth in the Digital AgeCprime
Key Learnings:
- Discover strategies for successfully navigating the digital landscape by leveraging innovative tools, methodologies, and data analytics to maintain a competitive edge.
- Learn how aligning resource allocation with iterative product delivery can enhance the visibility of customer value and establish a clear link between expenses and value generation.
- Gain insights into the significance of evaluating non-traditional performance indicators to comprehend the intricate relationships between customer perceived worth, product launch strategies, and financial outcomes for sound business choices.
Mastering an Integrated Atlassian Tooling Ecosystem: Strategies, Success Stor...Cprime
Are you ready to take your Atlassian tooling ecosystem to the next level? Join our panel of renowned Atlassian experts as they dive deep into the strategies, best practices, and real-world success stories that can help you maximize the value of your technology investments, streamline workflows, and drive innovation across your organization.
In this must-attend panel session, our experts will share stories from the trenches, highlighting the challenges, successes, and lessons learned from their extensive experience working with organizations of all sizes and industries. You'll gain valuable insights into the best practices and strategies that have proven successful in maximizing the benefits of Atlassian tooling ecosystems.
Learning Objectives:
- Align tools, processes, and business objectives to mitigate escalating technology costs and boost efficiency
- Leverage automation and best practices in tool selection to enhance operability, collaboration, and productivity
- Develop a comprehensive tech stack strategy that empowers your teams with the visibility to optimize, adapt, and innovate
- Navigate common challenges and pitfalls in implementing and managing an integrated Atlassian tooling ecosystem
By harnessing custom-crafted AI solutions, teams can expect improved efficiency, enhanced creativity, and better alignment with Agile principles. We'll explore how this powerful collection of technologies and solutions turbocharges delivery and enhances developer experience.
Learn more as we introduce a turnkey framework that empowers Agile development and efficiency in the AI era. Cprime’s CodeBoost™ and AgileSME AI solutions offer a groundbreaking approach that delivers a complete framework for development in the AI age.
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...Cprime
Learn how integrating Enterprise Architecture Management capabilities as part of your IT Finance and Agile Planning processes can help you to:
- Calculate TCO across your entire portfolio of applications, infrastructure and labor
- Drive more informed IT investment decisions and reliably measure results
- Improve business outcomes and accelerate your strategic digital journey
Harnessing Atlassian's Power Through Cloud Transformation and AdoptionCprime
Transitioning to Atlassian Cloud unlocks a new realm of possibilities. Organizations that have recently migrated to Cloud report a 47% boost in team collaboration, and a 44% increase in rapid, insight-driven decisions. And, Forrester reports a 20% developer productivity increase and a strategic 50% IT time reallocation to high-value work for organizations moving to a cloud environment.
Our webinar, "Harnessing Atlassian's Power Through Cloud Transformation and Adoption", will guide you through maximizing cloud adoption, and leveraging Cloud-specific AI and analytics. We’ll also Explore cutting-edge tools like Atlas, Compass, and JPD that extend beyond Data Center capabilities, further enhancing the Cloud experience.
Key takeaways:
- How to boost adoption and make the transition as smooth as possible.
- Strategies to harness unique cloud features for shorter time-to-value, and data-driven decision making.
- Insights into exclusive cloud tools that drive innovation and productivity.
- Understanding the enterprise value and IT efficiency gains from cloud transformation and adoption.
AI-powered Service Management: Streamlining Incident Management in JSM using ...Cprime
Sound incident management operations encompass activities ranging from logging and prioritization to escalation, documentation, and reporting. What could your employees do with all that extra time if you automated these operations with AI?
In this webinar, we will showcase:
- How to streamline incident management and post-incident reviews by harnessing no-touch resolution and triage with 3rd party tools like Atlassian Jira Service Management
- How to use incident management to improve your customer’s experience while incorporating an added layer of efficiency with custom AI co-pilots
- How to empower human agents to resolve issues faster and drive continuous improvement and enhanced knowledge management for incident escalations
Enterprise Migration from Data Center to Atlassian Cloud: Start with an Asses...Cprime
Large enterprises have unique needs and complexity when migrating Atlassian tools from Data Center to the Cloud. Whether you’re exploring the Cloud or planning a migration from Data Center, our Atlassian Cloud Migration Impact Assessment identifies migration obstacles and charts the optimal path. With assessment in hand, enterprise leaders can make informed decisions on moving core business platforms to the cloud.
Learn:
- Benefits of Cloud for large orgs and how to evaluate if it’s the right fit
- Factors like integrations, data migration, security, compliance, and performance at scale
- Tools and methods for analyzing complex on-prem environments
Preparation best practices for enterprise infrastructure and applications
- How assessment provides a detailed transition plan and strategy
- Insights needed to minimize disruption and downtime
AI for Everyone: Demystifying Large Language Models (LLMs) Like ChatGPTCprime
We’ve only scratched the surface of realizing the full potential of ChatGPT and other Large Language Models (LLMs) in a strategic business context. Here’s another game-changer: Incorporating your unique enterprise data with LLMs to tailor a private model that learns, retains, and utilizes your business’s unique information. It can deliver contextualized value and efficiency to enhance processes and better achieve strategic outcomes.
In this webinar, we’ll explore how these custom models are revolutionizing the business landscape with the added context of invaluable proprietary business knowledge. Join us to learn the power and practical applications of secure, private LLMs and catch live demonstrations to tangibly enforce how to tackle significant business challenges such as Agile Adoption and Service Management.
Learning Objectives
- Introduction to AI and LLMs: Understand the basics of Artificial Intelligence (AI) and how widely available Large Language Models (LLMs) are a key advancement in this field.
- Practical Applications of LLMs: Learn how LLMs can enhance operational processes and contribute to business growth in real-world scenarios, and how they can be customized to meet specific business needs.
- Benefits of Customization: Discover the advantages of tailoring AI solutions like LLMs to understand and support unique business requirements.
- Relevance and Precision: Learn how LLMs adapt to specific business contexts, ensuring that interactions are accurate and aligned with organizational objectives.
From Project to Product - The Need for SpeedCprime
As we look to enhance our ways of working and shift from project-based methodologies to product thinking, it's easy to overlook the technical aspects of this change. Let's not make that mistake.
In this webinar, Cprime's Ken Robinson, and Anne, Chief Product Coach, delve into the technical aspects of switching from project to product. What does this mean for our engineers, testers, and product teams? Equally important, what does this mean to the health, resilience, and maneuverability of our codebases and environments?
We'll approach these topics across the following dimensions:
-Development - new product development as well as maintenance and enhancements
-Testing
-Delivery Lifecycle
Lastly, we'll bring it all together to illustrate how engineering for speed + quality and the concept of "total product ownership" reduces time to market, enhances product quality, and fuels maneuverability.
We Need a Hero — How to Find and Support Your Next Superstar Product OwnerCprime
A Product Owner serves as the bridge between the development team and stakeholders, steering the product's vision and driving its success. An excellent product owner can elevate the entire product team. But how do you find the right person to take on this vital role?
Hiring external candidates with Product Owner expertise is an option, but many organizations overlook an often easier and more effective opportunity: to train or develop their internal employees for these crucial roles.
Upskilling your existing product professionals can be the most time- and cost-effective option. Plus, they offer in-depth domain knowledge—specific to your unique organization—no outside hire can match.
By the end of the webinar you will know:
-How to identify existing employees that have the mindset and institutional knowledge to successfully fill the Product Owner role
-How to determine what skills the new Product Owner needs to learn through a focused gap analysis
-How to create an environment that encourages continuous learning so that they can grow into the role and help you and your team deliver great products over time
How to Unlock Productivity and Innovation with Generative AI and ChatGPTCprime
Doing more with less has become the mantra for success. Yet monotonous tasks and manual processes put undue strain on productivity and innovation. What if you could automate time-consuming workflows and enable your team to focus on high-impact work?
Discover how Generative AI (GenAI), specifically ChatGPT, is transforming workflows across industries. We will provide real-world examples of how leading organizations leverage GenAI to eliminate repetitive tasks, deliver insights instantly, and create content intelligently.
You will learn:
- How GenAI, specifically ChatGPT, works and its key capabilities
- High-impact use cases of GenAI-powered automation
- Steps for identifying and prioritizing processes to automate
- Best practices for change management when implementing GenAI
- Forecasted evolution of GenAI and its future applications
Whether you are an executive seeking a competitive edge, or a manager looking to boost team productivity, this webinar will equip you with actionable strategies to drive efficiency and innovation with Generative AI.
Modern Learning for Enterprises: How to Empower Your TeamsCprime
Today’s complex technology organizations need to deliver learning at the right time, to the right people, and on the right topic, continuously. A unique concept—Learning Pathways—blends on-demand bite-sized self-paced learning, more traditional instructor-led learning, and on-the-job learning through assignments reviewed by a skilled facilitator.
Cprime has been experimenting with this new learning delivery format with some of our most demanding customers, and we’re eager to share what we’ve learned.
Join Cprime’s Directors of Learning for the U.S. and EMEA to explore the range of learning tools your organization can leverage to equip and empower your people with the latest technology and team practice skills.
You will learn about:
-What’s required to future-proof your organization’s learning initiatives
-How to get the most bang for your buck by maximizing knowledge retention and application
-The value of expert learning help and where to get it to meet your organization’s unique needs
Enterprise Service Management for Finance, HR, and MarketingCprime
Enterprise Service Management (ESM) is an optimized combination of the right software solution, well-thought-out processes and workflows, and customized automation that effectively supports a customer-centric approach to each service an internal business unit undertakes.
In this three-part webinar series, we will be focusing on those building blocks to provide a well-rounded understanding of ESM and how it can effectively uplevel your internal and external customer service processes.
In Part Three, Putting it All Together: ESM for HR, Finance, Marketing, and More, you will learn:
-How an ESM implementation looks in each of the major business units
-Why ESM can and should permeate the whole organization… eventually
-Examples of successful implementations you can use as models for your own
ESM Webinar Series Part 2 | The Keys to Optimal ESM are Automation and Integr...Cprime
Enterprise Service Management (ESM) is an optimized combination of the right software solution, well-thought-out processes and workflows, and customized automation that effectively supports a customer-centric approach to each service an internal business unit undertakes.
In this three-part webinar series, we focus on those building blocks to provide a well-rounded understanding of ESM and how it can effectively uplevel your internal and external customer service processes.
In Part Two, The Keys to Optimal ESM are Automation and Integration, you will learn:
- The power of automation to streamline and optimize your ESM practice
- Examples of apps, workflows, and integrations that have proven successful
- How to map out your own workflows to optimize your unique ESM experience
Perfecting Customer Management Using Jira Service ManagementCprime
An optimized ITSM practice using Atlassian Jira Service Management (JSM) has brought tremendous benefits to organizations seeking to cement a customer-centric approach to their service management processes.
In the first two parts of this webinar series, we discussed an introduction to change management, service catalogs, and CMDB, and how they can all be applied and optimized using JSM. In this third installment, we cover the vital topic of customer management. You will learn:
- The importance of understanding the customer's perspective and requirements
- How to best use JSM for customer management—from portal design to automation and beyond
- How to use JSM to empower your Shift Left—an integrated knowledge base, dynamic forms, intelligent queues, and more
- How to measure customer management for reporting and data-driven decision making
From Project to Product: Leaders, Here's What It Means to YouCprime
Project to product is all the rage these days. You, your boss, or your company are already talking about this. Heck, your group has been "agile" for years now, but this next phase seems to just be a repackaging of that.
In this webinar, Anne Steiner, Chief Product Coach at Cprime, gets into Project to Product from the leader's perspective. We explore "why we should care" and "what this really means". Then, we deep dive into the following keys to leadership success in driving this change:
1) Your help, involvement, and willingness to influence change is critical. Team-level change isn't enough and will yield limited benefits.
2) You need more than just engineering/IT buy-in to be successful. It takes the whole enterprise.
3) Product management is a thing. We'll learn what it is, how it is different from project management, and why it is critical to market domination and product success.
Lastly, we'll leave you with some tips for success that will guide you in driving change whether you sit at the manager, director, VP, or C-level.
Using a Service Catalog and CMDB to Standardize Change Management in Jira Ser...Cprime
A streamlined and optimized ITSM practice offers tremendous benefits to your IT teams and your entire organization. But, the vital ITSM practice of change management can still be challenging for many.
In this webinar, we take those ideas a step further by incorporating a service catalog and configuration management database as tools to help standardize the change management process and further minimize disruptions.
When you log off, you’ll understand:
-The role of a Service Catalog in ITSM
-How to create and curate an effective Service Catalog
-How to build and manage a Configuration Management Database (CMDB)
-How to best leverage CMDB for service improvement
6 Common Challenges RTEs Face & How to Solve ThemCprime
Release Train Engineers (RTEs) have tremendous responsibility in a scaled Agile environment. After all Agile Release Trains (ARTs) can’t steer themselves.
But, RTEs also face significant challenges along the way. Learn common challenges RTEs face and how they can be overcome using SAFe® and Agile best practices, best-in-class tooling like Jira Align, and focused effort.
Learn how to solve these problems in your own organization:
- Lack of visibility into the full book of work
- Lack of visibility into how work being done by teams is contributing to strategic goals
- Lack of understanding of how much an ART can deliver over the course of a planning increment
- Visibility into the Risks and Dependencies affecting an ART
- Constant need to create and update roadmaps
- Limited availability and customizability of progress report
Enterprise Service Management Webinar Series Part 1Cprime
Enterprise Service Management (ESM) is an optimized combination of the right software solution, well-thought-out processes and workflows, and customized automation that effectively supports a customer-centric approach to each service an internal business unit undertakes.
In this three-part webinar series, we focus on those building blocks to provide a well-rounded understanding of ESM and how it can effectively uplevel your internal and external customer service processes.
In Part One of this webinar series you will learn:
- The vital importance of cultivating a customer-first mindset
- How to adjust your mindset to view your services as products
- The power of a product/service roadmap
How to Enable Change Management with Jira Service ManagementCprime
Improve your agility by moving towards automation and streamlined processes between your IT and dev teams. ITSM with Jira Service Management (JSM) can help optimize your processes and significantly reduce manual touch points, while change management minimizes risks and disruptions to your IT services.
This is the first part in a series where we cover change management with Jira Service Management in depth. Join our ITIL-certified experts to learn how to manage changes to your software or infrastructure using Jira Service Management so that you accurately understand the impact and scope of changes up and downstream.
Explore:
• How to get started with change management
• A demo of change management features in JSM
• Change management best practices and tips
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
4. 01 DevSecOps Prerequisites
02 Why DevSecOps? Foundations
03 Who is Responsible for DevSecOps?
04 Practical Tips for Getting Started
05 Keep the Conversation Going/Q&A
Agenda
6. • Leadership buy-in
• Commitment to cultural change
• Literacy and progress with DevOps
• Collaboration across design roles, work intake processes, testing,
security, development, and IT production staff
DevSecOps Prerequisites
12. • Traditional systems and IT
service development has relied
on a plan-driven, phase-gated
style of enterprise workflow.
• This style of managing projects
and products can work well for
physical, mission-critical work,
but doesn’t work well with
software and IT systems.
Agility
13. • Furthermore, plan-driven
work with a focus on
requirements and
documentation fails to take
advantage of a few of
software engineering’s
greatest strengths.
• Agility means quick,
adaptive, responsive cycles
of work…including a
welcoming attitude towards
changing requirements,
emergent needs, and real-
time customer feedback.
Agility
15. • Fundamentally, the DevOps
movement is about
understanding competing
incentives
• A lack of “systems thinking”
means that goals tend to get
optimized according to local,
departmental goals
• This dynamic has big
implications for security,
especially application security
DevOps
16. Originally defined in Continuous Delivery by Jez Humble and David Farley
• CI/CD pipelines usually
represent the practical
execution of DevOps
and technical agility
concepts
• The idea is to set up
progressive layers of
automation which force
software/system
features to “prove
themselves” before
progressing to the next
step towards
deployment
Software
Development
Pipelines
23. …of movement
…of actions
…of decisions
…protection against risk
…safety (of job, of employer, of money, etc.)
…defensibility against attack
Security Freedom
Security is fundamentally about understanding and managing risk
24. Condition White
• Most people live in this condition
• You are in a relaxed state and are unaware of your surroundings
• Avoid condition white!
Condition Yellow
• Still in a relaxed state, but are aware of what’s going on around you
• Be cautious (not paranoid)
• Learn to live in condition yellow!
25. • More than 6,000 online criminal marketplaces sell ransomware products
and services.
(Source: McAfee)
• 444,259 ransomware attacks took place worldwide in 2018.
(Source: Statista)
• As of 2020, Hackers create 300,000 new pieces of malware daily.
(Source: McAfee)
Important Data Points
26. The bottom line:
• Observe the growth since
2016
• $3.2 million – the average
cost of a data breach in 2019
• $12 billion – the cost of
business email compromise
(BEC) in 2019
The World’s
Biggest Data
Breaches, as of
2020
27. YOU, the user, are the weakest link in
any enterprise’s security.
33. Risk identification and classification
Factors and their probabilities
Impact estimation
Risk severity
What should be fixed and when
Five places where you should look
for risk:
1. Encryption
2. Authentication
3. Logging
4. Asset management
5. Zoning and containment
Risk Review
38. OWASP Projects for SAST
• SonarQube (code quality)
• PHP, Java, JavaScript
• O2 (.NET and Windows)
• OWASP Web Application
Protection (PHP)
• Input validation
• SQLI, XSS, RFI, LFI, DT/PT, SCD,
OSC
Open Source SAST
• Bandit (Python)
• Brakeman and Codesake Dawn (Ruby)
• PMD, SpotBugs, and FindSecBugs
(Java)
• Flawfinder (C, C++,)
• LGTM (C, C++, Java, JS, TypeScrypt,
Python)
• Google CodeSearchDiggity (cloud)
• .NET Security Guard
• RIPS and phpcs (PHP)
• SonarQube & VisualCodeGrepper
(VCG)
Static Analysis Security Testing (SAST)
39. • Xray & Jira Test Management - Xray helps you manage your tests in an
organized way. It lets you create tests, group them into test sets, and
create test plans.
• Snyk - Snyk is a developer security platform. Integrating directly into
development tools, workflows, and automation pipelines.
Others We Like (Cprime Partners!)
40. • Validate ALL inputs
• Encode and Standardize Outputs
• Implement Authentication &
Authorization
• Manage Sessions Inside Trust
Boundaries
• Zero Trust?
• Enforce Access Control
• Implement updated Cryptography
• Handle Errors and Logs
• Protect Data
• Secure Communication Channels
• Update Systems, Secure by Default
• Secure Database Access
• Strict File Access
• Secure Memory Management
Secure Code & Secure Development Flyover
41. IAM Frameworks & Standards:
• Security Assertion Markup
Language (SAML 2.0)
• OpenID
• OAuth
• WS-Trust
• WS-Federation
IAM Vendors:
• Okta
• OneLogin
• Ping
• IBM IAA
• Microsoft Azure
• Oracle Identity CS
• Amazon
IAM
Should be used as a development building block, and a component of automation
42. • Repository access
• Artifacts signing
• Encrypt everywhere
• DB role provisioning
• Granular net access
• Storage assignment
• Monitoring & alerts
How Does IAM Enable Automation?
43. • Introduce changes that can be switched
on/off without a new release
• Validate hypothesis, testing in production
• Implement A/B Testing
• Watch relevant metrics
• Disable feature if it’s disruptive
Type of toggles:
• Toggle points: Breakpoints to switch
on/off
• Toggle router: Code that chooses what
code path is active for each runtime
thread.
• Toggle configuration: Provide context,
define expectation on what it does.
Requests might be an outcome from:
• Threat modeling
• Dependency check
• CVE publication
• Security incident
• Alarm triggered by logs or events
Favorite DevOps Deployment Patterns – Feature Toggles
44. • Usually implemented with
feature toggles
• Deploy to a reduced set of
users without notification
• Watch relevant metrics and
evaluate user behavior
Favorite DevOps Deployment Patterns – Dark Launches
45. • Data flows
• Trust boundaries
• Technical debt
• Refactoring monolithic
architecture
• Application security
testing
• Testing in parallel
• Mutation testing
• Staging
• Packages
• Infrastructure as secure
code
• Incident response
• Emergency drills
• Chaos engineering
• Game days
• Blue/green deployments
• Reliability engineering
• Monitoring and
observability
• Intelligent alerts
• AIOps
• Log management
• Policy, governance and
audit
• Coding for compliance
• Change management
• Segregation of duties
• Automating change
management
And So Much More…
46. • Checkbox compliance
• Security as gatekeeper of prod
• Hundreds or thousands of checks sent
back to dev teams
• 1 InfoSec expert per 10 Ops
• 1 InfoSec expert per 100 Devs
• Shift left
• Automate testing
• Self-service tools
• Quick feedback loops
• Security training
• Security by design
Key Takeaways
DevOps
Traditional Security
47. DevSecOps Training from Cprime
• DevSecOps Boot Camp
• Application Security with Snyk
• Fundamentals of Secure Application Development
• Enterprise Test Management with Xray
Custom Coding and Integration by Cprime Studios
Cprime Studios is the software product development division of Cprime. Using
agile working methods, we team up with businesses who want to turn ideas into
reality, from the design of the software product to development, infrastructure,
and scaling.
Key Takeaways
48. DevSecOps Tooling
Cprime can help you select the right tools for:
• Automated dependency checks
• Static application security testing
• Dynamic application security testing
• Fuzz testing
• Penetration testing
• Automated security attacks
Key Takeaways
49. Connect with our
speakers on LinkedIn
Check out Cprime
upcoming webinars,
read our blog,
download
whitepapers/case
studies & more:
cprime.com/resources
Share with us what
topics you are
interested in, ask us
questions or give us
feedback!
learn@cprime.com
Keep the Conversation Going…
50. Share in the conversation & keep updated on
thought leadership, events & more!
on LinkedIn, Twitter, Facebook, & YouTube
Follow Us on Social Media