Tim-adjusted-ppt-1-1.pptx
•Download as PPTX, PDF•
0 likes•4 views
This document discusses shifting security practices throughout the entire software development lifecycle from development through production. It argues against the traditional view of separating security from development and testing, and instead advocates for a "shift security everywhere" approach where security is integrated at all stages. This includes ensuring security in development through proper access controls and testing, in delivery through immutable infrastructure and automatic rollbacks, and in production through instant mitigation of issues without redeployment and integrated monitoring. The goal is to achieve more seamless security practices across the entire DevSecOps process.
Report
Share
Report
Share
Recommended
Operations: The Last Mile Problem For DevOps
Presented by Damon Edwards, co-founder of Rundeck, at DevOps Enterprise Summit London 2018
View the video here:
https://www.youtube.com/watch?v=dp76E7j0FdQ&t=755s
See a Demo of Rundeck Enterprise :
https://www.rundeck.com/see-demo
--or--
Download Rundeck Open Source here:
https://rundeck.com/open-source
Connect:
Stack Overflow community: https://stackoverflow.com/questions/tagged/rundeck
Github: https://github.com/rundeck/rundeck/issues
Twitter: https://twitter.com/Rundeck
Facebook: https://www.facebook.com/RundeckInc/
LinkedIn: www.linkedin.com › company › rundeck-inc
SysAdmin to SRE: Solving the Last Mile Problem
Presented by Damon Edwards, co-founder of Rundeck, at DevOps Days Dallas on August 20, 2019.
Some DevOps transformations flourish, but others are stalling. Why is that? This talk will make the case that Operations is the most predictable differentiator.
So much of the energy in DevOps has been about activities that start in Dev and move towards Ops — continuous delivery, deployment pipelines, automated testing, and of course, the unofficial mantra of “deploy, deploy, deploy. “However, post-deployment, too many DevOps transformations maintain the status quo and leave questionable Operations practices in place.
Now along comes a new vision for Operations called SRE (a.k.a. Site Reliability Engineering)… But SRE seems almost too good to be true!
SREs are cover much of what systems administrators used to do, but get to spend most of their time doing engineering work that adds enduring value to their company? How is it that SREs’ don’t get caught up in the interruptions, repetitive work, and drudgery that consumes so much of our time? And how do companies use SRE to do so much more with the same or less headcount?
This talk will take a close look at what SRE is, what SRE isn’t, and how SRE avoids the pitfalls that have plagued traditional Ops work. Finally, we’ll break down the principles behind the SRE movement and highlight how early examples are proving that DevOps + SRE = the end-to-end speed and quality promised since the early days of DevOps.
See a Demo of Rundeck Enterprise :
https://www.rundeck.com/see-demo
--or--
Download Rundeck Open Source here:
https://rundeck.com/open-source
Connect:
Stack Overflow community: https://stackoverflow.com/questions/tagged/rundeck
Github: https://github.com/rundeck/rundeck/issues
Twitter: https://twitter.com/Rundeck
Facebook: https://www.facebook.com/RundeckInc/
LinkedIn: www.linkedin.com › company › rundeck-inc
AppSec is Eating Security
This is my keynote for AppSec California 2015. In it I discuss how application security is taking over all areas of security and how we need to change how we build and deploy security tools as a result.
Here is the video of me giving the talk:
https://www.youtube.com/watch?v=-1kZMn1RueI
IT transformation in the world of etsy
The document discusses IT transformation based on lessons from Etsy and Gartner. It advocates for a new approach to IT that is mobile-first, decentralized, focuses on rapid deployment up to 4,000 times per year, and follows a DevOps model. This new IT approach emphasizes a culture that embraces risk and failure, full automation of the IT system, lean and agile principles, and measuring all changes in business terms.
If an Application Fails in the Datacenter and No Users Are On It, Will it Cut...
In this presentation, SolarWinds Head Geek™ Leon Adato will explore the ways in which having a visual representation of data makes it more meaningful, intelligible, and actionable. He shows some examples of how data display techniques can help the IT professional in day to day scenarios.
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...Chakkrit (Kla) Tantithamthavorn
The reliability of a prediction model depends on the quality of the data from which it was trained. Therefore, defect prediction models may be unreliable if they are trained using noisy data. Recent research suggests that randomly-injected noise that changes the classification (label) of software modules from defective to clean (and vice versa) can impact the performance of defect models. Yet, in reality, incorrectly labelled (i.e., mislabelled) issue reports are likely non-random. In this paper, we study whether mislabelling is random, and the impact that realistic mislabelling has on the performance and interpretation of defect models. Through a case study of 3,931 manually-curated issue reports from the Apache Jackrabbit and Lucene systems, we find that: (1) issue report mislabelling is not random; (2) precision is rarely impacted by mislabelled issue reports, suggesting that practitioners can rely on the accuracy of modules labelled as defective by models that are trained using noisy data; (3) however, models trained on noisy data typically achieve 56%-68% of the recall of models trained on clean data; and (4) only the metrics in top influence rank of our defect models are robust to the noise introduced by mislabelling, suggesting that the less influential metrics of models that are trained on noisy data should not be interpreted or used to make decisions.Presentation
The document discusses the impact of mislabelled data on the performance and interpretation of defect prediction models. It finds that mislabelling is non-random, with novice developers more likely to mislabel issues. The study examines two open source projects, finding mislabelling rates up to 43%. Models to predict mislabelling achieve F-measures up to 0.73, outperforming random guessing. Accounting for realistic mislabelling decreases model performance compared to clean data, demonstrating the need to address noisy labels.
Speed with Confidence
1) The document discusses the need for a shift from a "security-only" model to a shared responsibility model of security between developers, operations staff, and security professionals. It advocates for the ideal state being one where security is everyone's responsibility.
2) CIOs surveyed preferred having their whole staff receive security training rather than relying on a few security experts, and dedicating 1% of staff to security curation rather than 40 hours of training for all.
3) Achieving a high level of security confidence through techniques like checking confidence levels in software could help enable faster development speeds while still prioritizing security.
Recommended
Operations: The Last Mile Problem For DevOps
Presented by Damon Edwards, co-founder of Rundeck, at DevOps Enterprise Summit London 2018
View the video here:
https://www.youtube.com/watch?v=dp76E7j0FdQ&t=755s
See a Demo of Rundeck Enterprise :
https://www.rundeck.com/see-demo
--or--
Download Rundeck Open Source here:
https://rundeck.com/open-source
Connect:
Stack Overflow community: https://stackoverflow.com/questions/tagged/rundeck
Github: https://github.com/rundeck/rundeck/issues
Twitter: https://twitter.com/Rundeck
Facebook: https://www.facebook.com/RundeckInc/
LinkedIn: www.linkedin.com › company › rundeck-inc
SysAdmin to SRE: Solving the Last Mile Problem
Presented by Damon Edwards, co-founder of Rundeck, at DevOps Days Dallas on August 20, 2019.
Some DevOps transformations flourish, but others are stalling. Why is that? This talk will make the case that Operations is the most predictable differentiator.
So much of the energy in DevOps has been about activities that start in Dev and move towards Ops — continuous delivery, deployment pipelines, automated testing, and of course, the unofficial mantra of “deploy, deploy, deploy. “However, post-deployment, too many DevOps transformations maintain the status quo and leave questionable Operations practices in place.
Now along comes a new vision for Operations called SRE (a.k.a. Site Reliability Engineering)… But SRE seems almost too good to be true!
SREs are cover much of what systems administrators used to do, but get to spend most of their time doing engineering work that adds enduring value to their company? How is it that SREs’ don’t get caught up in the interruptions, repetitive work, and drudgery that consumes so much of our time? And how do companies use SRE to do so much more with the same or less headcount?
This talk will take a close look at what SRE is, what SRE isn’t, and how SRE avoids the pitfalls that have plagued traditional Ops work. Finally, we’ll break down the principles behind the SRE movement and highlight how early examples are proving that DevOps + SRE = the end-to-end speed and quality promised since the early days of DevOps.
See a Demo of Rundeck Enterprise :
https://www.rundeck.com/see-demo
--or--
Download Rundeck Open Source here:
https://rundeck.com/open-source
Connect:
Stack Overflow community: https://stackoverflow.com/questions/tagged/rundeck
Github: https://github.com/rundeck/rundeck/issues
Twitter: https://twitter.com/Rundeck
Facebook: https://www.facebook.com/RundeckInc/
LinkedIn: www.linkedin.com › company › rundeck-inc
AppSec is Eating Security
This is my keynote for AppSec California 2015. In it I discuss how application security is taking over all areas of security and how we need to change how we build and deploy security tools as a result.
Here is the video of me giving the talk:
https://www.youtube.com/watch?v=-1kZMn1RueI
IT transformation in the world of etsy
The document discusses IT transformation based on lessons from Etsy and Gartner. It advocates for a new approach to IT that is mobile-first, decentralized, focuses on rapid deployment up to 4,000 times per year, and follows a DevOps model. This new IT approach emphasizes a culture that embraces risk and failure, full automation of the IT system, lean and agile principles, and measuring all changes in business terms.
If an Application Fails in the Datacenter and No Users Are On It, Will it Cut...
In this presentation, SolarWinds Head Geek™ Leon Adato will explore the ways in which having a visual representation of data makes it more meaningful, intelligible, and actionable. He shows some examples of how data display techniques can help the IT professional in day to day scenarios.
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...Chakkrit (Kla) Tantithamthavorn
The reliability of a prediction model depends on the quality of the data from which it was trained. Therefore, defect prediction models may be unreliable if they are trained using noisy data. Recent research suggests that randomly-injected noise that changes the classification (label) of software modules from defective to clean (and vice versa) can impact the performance of defect models. Yet, in reality, incorrectly labelled (i.e., mislabelled) issue reports are likely non-random. In this paper, we study whether mislabelling is random, and the impact that realistic mislabelling has on the performance and interpretation of defect models. Through a case study of 3,931 manually-curated issue reports from the Apache Jackrabbit and Lucene systems, we find that: (1) issue report mislabelling is not random; (2) precision is rarely impacted by mislabelled issue reports, suggesting that practitioners can rely on the accuracy of modules labelled as defective by models that are trained using noisy data; (3) however, models trained on noisy data typically achieve 56%-68% of the recall of models trained on clean data; and (4) only the metrics in top influence rank of our defect models are robust to the noise introduced by mislabelling, suggesting that the less influential metrics of models that are trained on noisy data should not be interpreted or used to make decisions.Presentation
The document discusses the impact of mislabelled data on the performance and interpretation of defect prediction models. It finds that mislabelling is non-random, with novice developers more likely to mislabel issues. The study examines two open source projects, finding mislabelling rates up to 43%. Models to predict mislabelling achieve F-measures up to 0.73, outperforming random guessing. Accounting for realistic mislabelling decreases model performance compared to clean data, demonstrating the need to address noisy labels.
Speed with Confidence
1) The document discusses the need for a shift from a "security-only" model to a shared responsibility model of security between developers, operations staff, and security professionals. It advocates for the ideal state being one where security is everyone's responsibility.
2) CIOs surveyed preferred having their whole staff receive security training rather than relying on a few security experts, and dedicating 1% of staff to security curation rather than 40 hours of training for all.
3) Achieving a high level of security confidence through techniques like checking confidence levels in software could help enable faster development speeds while still prioritizing security.
Speed with confidence
1) The document discusses the need for a shift from a "security-only" model to a shared responsibility model of security between developers, operations staff, and security professionals. It advocates for the ideal state being one where security is everyone's responsibility.
2) CIOs surveyed preferred having their whole staff receive security training rather than relying on a few security experts, and dedicating 1% of staff to security curation rather than 40 hours of training for all.
3) There is a journey from security professionals making all decisions to developers being enabled by self-service security capabilities to experiment with more autonomy while still achieving high confidence levels in their work.
Sattose 2020 presentation
This document discusses improving the process of analyzing code differences during legacy code migration projects. It proposes using control flow graphs to provide a higher-level view of where code has changed. It also proposes constructing finite state automata from migration logs to represent the migration process and help explain why code changes were made. Initial results using log differencing show promise in succinctly expressing changes between versions. The overall goal is to help migration companies like Raincode more efficiently explain code changes to clients.
Stress-free Continuous Delivery Using Sensible Information Radiators
My talk at Discuss Agile Chennai 2017 based on excerpts from my book 'Blameless Continuous Integration'
mri-bp2015
Keynote presentation for
Workshop on Methodologies for Robustness Injectioninto Business Processes, May 2015
How to Better Manage Technical Debt While Innovating on DevOps
Forget the “Unicorns.” There is a lot to learn from “DevOps Unicorns” such as Etsy or Facebook, but for enterprises dealing with technical debt in legacy systems developed by teams no longer with the company, copying the unicorns is not an option.
Richard Dominguez, Operations Developer at Prep Sportswear, needed to “keep the lights on” for their legacy systems, while enabling his DevOps teams to launch new features much faster. Today Prep Sportswear releases more updates to their legacy systems than ever before by reducing MTTR (Mean Time To Repair), giving them more time to innovate on DevOps and Continuous Delivery on their new platform. You’ll learn:
• Top metrics for an Ops dashboard to catch potential issues early
• Tips to manage technical debt in legacy code caused by dev teams long gone
• Efficient ways to close loops while providing input to DevOps so they can optimize innovation and releases
JavaOne - Performance Focused DevOps to Improve Cont Delivery
These are the slides of my JavaOne presentation. The abstract goes like this:
How do companies developing business-critical Java enterprise Web applications increase releases from 40 to 300 per year and still remain confident about a spike of 1,800 percent in traffic during key events such as Super Bowl Sunday or Cyber Monday? It takes a fundamental change in culture. Although DevOps is often seen as a mechanism for taming the chaos, adopting an agile methodology across all teams is only the first step. This session explores best practices for continuous delivery with higher quality for improving collaboration between teams by consolidating tools and for reducing overhead to fix issues. It shows how to build a performance-focused culture with tools such as Hudson, Jenkins, Chef, Puppet, Selenium, and Compuware APM/dynaTrace
Testing, Learning and Professionalism — 20171214
Two hours talk about testing, its history, its meaning and propose, a small guide of good practices, and what it is supposed to be a good professional and what is expected from us the professionals.
StarWest 2013 Performance is not an afterthought – make it a part of your Agi...
This presentation was given at StarWest 2013 in Anaheim, CA and also broadcasted through the Virtual Conference.
It shows how important it is to focus on performance throughout continuous delivery in order to avoid the most common performance problem patterns that still cause applications to crash and engineers spending their weekends and nights in a firefighting/war room situation
Modern Operations: Solving DevOps’ Last Mile Problem
Damon Edwards, co-founder of Rundeck, presentation at Nike internal DevOps Day in Beaverton, OR on June 18, 2018.
This talk looks at the forces that fundamentally undermine operations work and what needs to be addressed if enterprises are going to get the most out of their digital transformation and DevOps initiatives.
See a Demo of Rundeck Enterprise :
https://www.rundeck.com/see-demo
--or--
Download Rundeck Open Source here:
https://rundeck.com/open-source
Connect:
Stack Overflow community: https://stackoverflow.com/questions/tagged/rundeck
Github: https://github.com/rundeck/rundeck/issues
Twitter: https://twitter.com/Rundeck
Facebook: https://www.facebook.com/RundeckInc/
LinkedIn: www.linkedin.com › company › rundeck-inc
Devops is a Security Requirement
Devops aims to break down silos between development and operations teams through culture, automation, and continuous integration/delivery. It emphasizes collaboration and automation to allow code to be deployed safely and quickly. Security should be integrated into the devops pipeline through practices like automated security testing on each code change and configuration management to standardize security across environments. Adopting devops and continuous delivery helps improve security by reducing risk through faster issue remediation and increased visibility into systems.
A Big Dashboard of Problems.pdf
The document discusses how default security settings can help improve application security. It provides examples of projects that implemented secure defaults, such as Segment making unsafe destination links opt-in, Go taking over TLS cipher ordering, Google's Tink library making crypto usage safer, and Rails automatically preventing CSRF issues. The document advocates for generating strong random passwords during installation by default rather than letting users pick weak passwords. Overall, it promotes the use of secure defaults in applications to reduce security risks and cognitive burden on developers.
Deepfence.pdf
Vishwas Narayan discusses application security and the need to shift security left in the software development lifecycle. Some key points discussed include:
- Application security professionals deal with vulnerabilities in connections, users, content, files and more. Firewalls, authentication, authorization, and other tools are used to address security.
- As software grows, security becomes more difficult as new vulnerabilities are found daily. Shifting security left to earlier stages makes remediation less costly than fixing issues after deployment.
- However, shifting left is not a perfect strategy as some vulnerabilities may remain, third party components are harder to control, and unknown issues can still be found post-deployment. The ultimate strategy is to both shift left
Continuous Delivery and Automated Operations on k8s with keptn
Slidedeck from Vienna DevOps & Security Meetup. This talk is keptn - an open source event driven control plane for continuous delivery and automated operations for kubernetes
Normal accidents and outpatient surgeries
The document discusses the importance of resilience and adaptability in complex systems. It quotes Sidney Dekker saying safety comes from people's ability to adapt to changes, not just avoiding errors. It then defines terms like continuous integration and resilience. It discusses how maintainability is better measured by MTTR (mean time to repair) than MTBF (mean time between failures). The rest of the document provides advice for operations engineers on building resilience through practices like automation, configuration management, monitoring, and incident response. It emphasizes the value of small, reproducible changes and collecting metrics to continuously improve.
Shift-left SRE: Self-healing on OpenShift with Ansible
Even test-driven development or an automated Jenkins pipeline doesn’t guarantee issue-free production operations. Nothing is immune to spike in traffic or unforeseen infrastructure issues. To increase resilience, we see a trend in applying a shift-left approach to the SRE (Site Reliability Engineering) discipline. SREs are contributing their “auto remediation as code” assets to the code repositories which get automatically built and tested in CI/CD and enable automated problem remediation in production.
In this session we showcase Shift-Left SRE by leveraging Ansible on OpenShift to automate remediation of production issues based on full stack monitoring data.
Failure Happens: Improving Incident Response In Enterprises
Presentation by Damon Edwards, co-founder of Rundeck at USENIX LISA in San Francisco, CA on November 3, 2017
See a Demo of Rundeck Enterprise :
https://www.rundeck.com/see-demo
--or--
Download Rundeck Open Source here:
https://rundeck.com/open-source
Connect:
Stack Overflow community: https://stackoverflow.com/questions/tagged/rundeck
Github: https://github.com/rundeck/rundeck/issues
Twitter: https://twitter.com/Rundeck
Facebook: https://www.facebook.com/RundeckInc/
LinkedIn: www.linkedin.com › company › rundeck-inc
A Machine Learning approach to predict Software Defects
This document describes a project aimed at predicting escalation of defects using data from an incident and change request database. It discusses data cleansing, algorithms used including decision trees and Naive Bayes, and results from text mining the data. Key findings include modules like installation and monitor agent having the most escalations, and customers like Rheinenergie and Hewlett Packard having the most red escalations. The average time to escalation varies by severity. Text mining found words like "please" and "support" indicating likely red escalation.
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
An interactive look at what security research means today and how we got to zero days, bug bounties, and hoodie hackers in the news. What particular skills or talents are most essential to be effective as a security researcher, and how much can we learn from the new digital anthropologist in waiting.
Five Flute Overview
Five Flute is an issues management app that helps engineers develop better products with less effort. You can think of it like Github issues for hardware teams. We help teams of mechanical and electrical engineers reduce the coordination and communication effort during development by giving them one place for tracking and managing design and development issues, and then keeping these issues connected to the parts, assemblies and physical hardware they impact. Teams that use Five Flute keep move faster with fewer mistakes and keep everyone on the same page regarding engineering decisions. Use it for requirements management, design reviews, test planning, bug tracking, and as a hardware specific to-do list. It's super flexible.
Tickets Make Operations Work Unnecessarily Miserable
Presentation by Damon Edwards, co-founder of Rundeck, at Interop ITX 2019 Las Vegas
Ticket-driven request queues have become the default way of working in operations for a long time and are the cornerstone of most operations management and ITSM strategies. But what if ticket queues are actually the source of much of the dysfunction, bottlenecks, and capacity issues that have traditionally plagued our organizations? This session will examine the dark side of ticket queues, including hidden costs and how they undermine DevOps and SRE transformations. Then we’ll explore alternative strategies high-performing operations organizations use to minimize dependence on tickets queues.
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
More Related Content
Similar to Tim-adjusted-ppt-1-1.pptx
Speed with confidence
1) The document discusses the need for a shift from a "security-only" model to a shared responsibility model of security between developers, operations staff, and security professionals. It advocates for the ideal state being one where security is everyone's responsibility.
2) CIOs surveyed preferred having their whole staff receive security training rather than relying on a few security experts, and dedicating 1% of staff to security curation rather than 40 hours of training for all.
3) There is a journey from security professionals making all decisions to developers being enabled by self-service security capabilities to experiment with more autonomy while still achieving high confidence levels in their work.
Sattose 2020 presentation
This document discusses improving the process of analyzing code differences during legacy code migration projects. It proposes using control flow graphs to provide a higher-level view of where code has changed. It also proposes constructing finite state automata from migration logs to represent the migration process and help explain why code changes were made. Initial results using log differencing show promise in succinctly expressing changes between versions. The overall goal is to help migration companies like Raincode more efficiently explain code changes to clients.
Stress-free Continuous Delivery Using Sensible Information Radiators
My talk at Discuss Agile Chennai 2017 based on excerpts from my book 'Blameless Continuous Integration'
mri-bp2015
Keynote presentation for
Workshop on Methodologies for Robustness Injectioninto Business Processes, May 2015
How to Better Manage Technical Debt While Innovating on DevOps
Forget the “Unicorns.” There is a lot to learn from “DevOps Unicorns” such as Etsy or Facebook, but for enterprises dealing with technical debt in legacy systems developed by teams no longer with the company, copying the unicorns is not an option.
Richard Dominguez, Operations Developer at Prep Sportswear, needed to “keep the lights on” for their legacy systems, while enabling his DevOps teams to launch new features much faster. Today Prep Sportswear releases more updates to their legacy systems than ever before by reducing MTTR (Mean Time To Repair), giving them more time to innovate on DevOps and Continuous Delivery on their new platform. You’ll learn:
• Top metrics for an Ops dashboard to catch potential issues early
• Tips to manage technical debt in legacy code caused by dev teams long gone
• Efficient ways to close loops while providing input to DevOps so they can optimize innovation and releases
JavaOne - Performance Focused DevOps to Improve Cont Delivery
These are the slides of my JavaOne presentation. The abstract goes like this:
How do companies developing business-critical Java enterprise Web applications increase releases from 40 to 300 per year and still remain confident about a spike of 1,800 percent in traffic during key events such as Super Bowl Sunday or Cyber Monday? It takes a fundamental change in culture. Although DevOps is often seen as a mechanism for taming the chaos, adopting an agile methodology across all teams is only the first step. This session explores best practices for continuous delivery with higher quality for improving collaboration between teams by consolidating tools and for reducing overhead to fix issues. It shows how to build a performance-focused culture with tools such as Hudson, Jenkins, Chef, Puppet, Selenium, and Compuware APM/dynaTrace
Testing, Learning and Professionalism — 20171214
Two hours talk about testing, its history, its meaning and propose, a small guide of good practices, and what it is supposed to be a good professional and what is expected from us the professionals.
StarWest 2013 Performance is not an afterthought – make it a part of your Agi...
This presentation was given at StarWest 2013 in Anaheim, CA and also broadcasted through the Virtual Conference.
It shows how important it is to focus on performance throughout continuous delivery in order to avoid the most common performance problem patterns that still cause applications to crash and engineers spending their weekends and nights in a firefighting/war room situation
Modern Operations: Solving DevOps’ Last Mile Problem
Damon Edwards, co-founder of Rundeck, presentation at Nike internal DevOps Day in Beaverton, OR on June 18, 2018.
This talk looks at the forces that fundamentally undermine operations work and what needs to be addressed if enterprises are going to get the most out of their digital transformation and DevOps initiatives.
See a Demo of Rundeck Enterprise :
https://www.rundeck.com/see-demo
--or--
Download Rundeck Open Source here:
https://rundeck.com/open-source
Connect:
Stack Overflow community: https://stackoverflow.com/questions/tagged/rundeck
Github: https://github.com/rundeck/rundeck/issues
Twitter: https://twitter.com/Rundeck
Facebook: https://www.facebook.com/RundeckInc/
LinkedIn: www.linkedin.com › company › rundeck-inc
Devops is a Security Requirement
Devops aims to break down silos between development and operations teams through culture, automation, and continuous integration/delivery. It emphasizes collaboration and automation to allow code to be deployed safely and quickly. Security should be integrated into the devops pipeline through practices like automated security testing on each code change and configuration management to standardize security across environments. Adopting devops and continuous delivery helps improve security by reducing risk through faster issue remediation and increased visibility into systems.
A Big Dashboard of Problems.pdf
The document discusses how default security settings can help improve application security. It provides examples of projects that implemented secure defaults, such as Segment making unsafe destination links opt-in, Go taking over TLS cipher ordering, Google's Tink library making crypto usage safer, and Rails automatically preventing CSRF issues. The document advocates for generating strong random passwords during installation by default rather than letting users pick weak passwords. Overall, it promotes the use of secure defaults in applications to reduce security risks and cognitive burden on developers.
Deepfence.pdf
Vishwas Narayan discusses application security and the need to shift security left in the software development lifecycle. Some key points discussed include:
- Application security professionals deal with vulnerabilities in connections, users, content, files and more. Firewalls, authentication, authorization, and other tools are used to address security.
- As software grows, security becomes more difficult as new vulnerabilities are found daily. Shifting security left to earlier stages makes remediation less costly than fixing issues after deployment.
- However, shifting left is not a perfect strategy as some vulnerabilities may remain, third party components are harder to control, and unknown issues can still be found post-deployment. The ultimate strategy is to both shift left
Continuous Delivery and Automated Operations on k8s with keptn
Slidedeck from Vienna DevOps & Security Meetup. This talk is keptn - an open source event driven control plane for continuous delivery and automated operations for kubernetes
Normal accidents and outpatient surgeries
The document discusses the importance of resilience and adaptability in complex systems. It quotes Sidney Dekker saying safety comes from people's ability to adapt to changes, not just avoiding errors. It then defines terms like continuous integration and resilience. It discusses how maintainability is better measured by MTTR (mean time to repair) than MTBF (mean time between failures). The rest of the document provides advice for operations engineers on building resilience through practices like automation, configuration management, monitoring, and incident response. It emphasizes the value of small, reproducible changes and collecting metrics to continuously improve.
Shift-left SRE: Self-healing on OpenShift with Ansible
Even test-driven development or an automated Jenkins pipeline doesn’t guarantee issue-free production operations. Nothing is immune to spike in traffic or unforeseen infrastructure issues. To increase resilience, we see a trend in applying a shift-left approach to the SRE (Site Reliability Engineering) discipline. SREs are contributing their “auto remediation as code” assets to the code repositories which get automatically built and tested in CI/CD and enable automated problem remediation in production.
In this session we showcase Shift-Left SRE by leveraging Ansible on OpenShift to automate remediation of production issues based on full stack monitoring data.
Failure Happens: Improving Incident Response In Enterprises
Presentation by Damon Edwards, co-founder of Rundeck at USENIX LISA in San Francisco, CA on November 3, 2017
See a Demo of Rundeck Enterprise :
https://www.rundeck.com/see-demo
--or--
Download Rundeck Open Source here:
https://rundeck.com/open-source
Connect:
Stack Overflow community: https://stackoverflow.com/questions/tagged/rundeck
Github: https://github.com/rundeck/rundeck/issues
Twitter: https://twitter.com/Rundeck
Facebook: https://www.facebook.com/RundeckInc/
LinkedIn: www.linkedin.com › company › rundeck-inc
A Machine Learning approach to predict Software Defects
This document describes a project aimed at predicting escalation of defects using data from an incident and change request database. It discusses data cleansing, algorithms used including decision trees and Naive Bayes, and results from text mining the data. Key findings include modules like installation and monitor agent having the most escalations, and customers like Rheinenergie and Hewlett Packard having the most red escalations. The average time to escalation varies by severity. Text mining found words like "please" and "support" indicating likely red escalation.
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
An interactive look at what security research means today and how we got to zero days, bug bounties, and hoodie hackers in the news. What particular skills or talents are most essential to be effective as a security researcher, and how much can we learn from the new digital anthropologist in waiting.
Five Flute Overview
Five Flute is an issues management app that helps engineers develop better products with less effort. You can think of it like Github issues for hardware teams. We help teams of mechanical and electrical engineers reduce the coordination and communication effort during development by giving them one place for tracking and managing design and development issues, and then keeping these issues connected to the parts, assemblies and physical hardware they impact. Teams that use Five Flute keep move faster with fewer mistakes and keep everyone on the same page regarding engineering decisions. Use it for requirements management, design reviews, test planning, bug tracking, and as a hardware specific to-do list. It's super flexible.
Tickets Make Operations Work Unnecessarily Miserable
Presentation by Damon Edwards, co-founder of Rundeck, at Interop ITX 2019 Las Vegas
Ticket-driven request queues have become the default way of working in operations for a long time and are the cornerstone of most operations management and ITSM strategies. But what if ticket queues are actually the source of much of the dysfunction, bottlenecks, and capacity issues that have traditionally plagued our organizations? This session will examine the dark side of ticket queues, including hidden costs and how they undermine DevOps and SRE transformations. Then we’ll explore alternative strategies high-performing operations organizations use to minimize dependence on tickets queues.
Similar to Tim-adjusted-ppt-1-1.pptx (20)
Stress-free Continuous Delivery Using Sensible Information Radiators
Stress-free Continuous Delivery Using Sensible Information Radiators
How to Better Manage Technical Debt While Innovating on DevOps
How to Better Manage Technical Debt While Innovating on DevOps
JavaOne - Performance Focused DevOps to Improve Cont Delivery
JavaOne - Performance Focused DevOps to Improve Cont Delivery
StarWest 2013 Performance is not an afterthought – make it a part of your Agi...
StarWest 2013 Performance is not an afterthought – make it a part of your Agi...
Modern Operations: Solving DevOps’ Last Mile Problem
Modern Operations: Solving DevOps’ Last Mile Problem
Continuous Delivery and Automated Operations on k8s with keptn
Continuous Delivery and Automated Operations on k8s with keptn
Shift-left SRE: Self-healing on OpenShift with Ansible
Shift-left SRE: Self-healing on OpenShift with Ansible
Failure Happens: Improving Incident Response In Enterprises
Failure Happens: Improving Incident Response In Enterprises
A Machine Learning approach to predict Software Defects
A Machine Learning approach to predict Software Defects
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Tickets Make Operations Work Unnecessarily Miserable
Tickets Make Operations Work Unnecessarily Miserable
Recently uploaded
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Operating System Used by Users in day-to-day life.pptx
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Azure API Management to expose backend services securely
How to use Azure API Management to expose backend service securely
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
This case study explores designing a scalable e-commerce platform, covering key requirements, system components, and best practices.
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365.
Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Recently uploaded (20)
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Azure API Management to expose backend services securely
Azure API Management to expose backend services securely
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Tim-adjusted-ppt-1-1.pptx
- 1. Shift Security Everywhere DevSecOps SKILup Day 17-September, 2020 Tim Johnson
- 2. 2 Controversial Statement DevSecOps doesn’t exist - or shouldn’t
- 3. 3 The “traditional” view of Security DEV TES T PRE PROD SEC
- 4. 4 The “Shift Left” view of Security DEV TEST PRE PROD SEC
- 5. 5 The Continuous DevOps process
- 6. 6 The “Shift Security Left” Fallacy
- 7. 7 The “Shift Security Left” Fallacy What about this side?
- 9. 9 Delivery Exposures Wrong Thing Released
- 10. 10 Delivery Exposures Wrong Thing Released Unknown Changes
- 11. 11 Delivery Exposures Wrong Thing Released Unknown Changes Manual Steps
- 12. 12 Delivery Exposures Wrong Thing Released Deployment Failure Unknown Changes Manual Steps
- 14. 14 The DORA Metrics MTTD MTTR We found a problem! We fixed the problem!
- 15. 15 The Scary Part MTTD MTTR We found a problem! We fixed the problem! EXPOSURE
- 16. 16 The New Metric - MTTMitigate MTTD MTTR We found a problem! We fixed the problem! MTTM We turned it off - or - Rolled it back
- 17. 17 The Updated DORA Metrics MTTD = MTTM MTTR We found a problem! And We instantly; Turned it off - or - Rolled it back We fixed the problem!
- 19. 19 Q: Where does DevSecOps fit?
- 21. 21 Secure in Development Development The right people are making the right changes The right sets of tests were performed The code passed our thresholds
- 22. 22 Secure in Delivery Development Delivery The right people are making the right changes The right sets of tests were performed The code passed our thresholds Immutable pipeline & components Changes detected, analyzed, approved Automated everything - no manual steps Automatic rollback on failure
- 23. 23 Secure in Production Development Delivery Production The right people are making the right changes The right sets of tests were performed The code passed our thresholds Immutable pipeline & components Changes detected, analyzed, approved Automated everything - no manual steps Automatic rollback on failure Bill of materials Instant mitigation without redeployment Graceful recovery and rollbacks Integrated and automated
- 24. 24 Want to know more? www.cloudbees.com/solutions/devs ecops
- 25. Thank You