Creating technical training using continuous integration and continuous delivery principles. Create the slides, the labs, and the lab environments with automated scripts so that changes can be updated rapidly.
Dwjw2019 Lisbon - Training-as-code- applying CI & CD to training developmentRomén Rodríguez-Gil
Dwjw2019 Lisbon - Training-as-code- applying CI & CD to training development
Blog post: https://www.romenrg.com/blog/2019/12/31/everything-as-code/
Recording: https://www.youtube.com/watch?v=1hda-bVYaVc&feature=youtu.be
Hal Speed gave a presentation about the Micro:bit Educational Foundation. The Foundation aims to get people creative, connected, and coding with its Micro:bit device. The Micro:bit is designed as a learning tool for digital skills and backed by research showing it helps students learn coding. It can be programmed using Blocks, JavaScript, Python, and connected to Scratch. Resources on the Foundation's website include lessons, projects, and ways to get involved with translation.
Open security summit 2019 owasp london 25th febDinis Cruz
The document advertises the Open Security Summit 2019 conference happening in London from June 3-7. It will bring together security experts, developers, users, government agencies and vendors to collaborate on solving hard security problems. Participants will have the opportunity to engage in working sessions from 8am to 2am focused on 12 tracks, including outcomes from last year's summit. Individuals can purchase tickets, seek sponsorship, or have their company sponsor the event. The goal is to create a collaborative environment for maximum productivity and synergies between attendees.
This document appears to be a slide presentation about the Micro:bit Educational Foundation and the micro:bit device. Some key points summarized:
- The micro:bit is a small physical computing device designed for computer science education that has inputs like buttons and sensors and can be programmed for outputs.
- Research has shown the micro:bit helps more students see that anyone can code, increases the number of girls interested in computing, and makes coding easier for students.
- The presentation outlines various curriculum and lesson plans for teaching coding with the micro:bit using platforms like Scratch, MakeCode, Python, and more.
- Accessories are available to expand what students can do with the micro:bit and
This document discusses the micro:bit, a small programmable device designed to teach coding and computer science. It provides an overview of the micro:bit's features, various programming languages and tools that can be used with it including Scratch and MakeCode, and curriculum resources aligned to its use. Research findings are presented showing the micro:bit helps students learn coding and girls show more interest in computing. Options for purchasing micro:bit kits and accessories are also mentioned.
This document discusses the Micro:bit educational foundation and the Micro:bit device. Some key points:
- The Micro:bit is a small programmable device designed for educational use by students aged 11-12. Over 1 million were distributed in the UK in 2015.
- Studies found 90% of students said the Micro:bit helped show anyone can code, and 70% more girls said they would choose computing.
- The Micro:bit educational foundation was formed in 2016 to make the Micro:bit available globally. It can be programmed through block coding in MakeCode or text coding in JavaScript, Python, and more.
- Many lessons and curricula have been developed to teach concepts like
The document summarizes navigating open source communities and contributions. It provides statistics on open source usage and diversity. It then presents a case study of the Kubernetes community and CNCF, detailing its growth and impact. Finally, it outlines different levels of involvement from consumer to leader and offers advice on finding sponsors and navigating unspoken rules to contribute effectively.
From Zero to DevOps Superhero: The Container Edition (JenkinsWorld SF)Jessica Deen
This document contains a presentation on containers and DevOps. It discusses how modern life runs on code, with intelligent vehicles, smart cities, and other technologies relying on millions of lines of code. It then discusses how containers can help developers and operations teams by enabling portable and standardized applications. The rest of the presentation demonstrates container concepts like layers, compares containers to virtual machines, and discusses tools like Kubernetes, Helm, and best practices for using containers in a DevOps workflow.
Dwjw2019 Lisbon - Training-as-code- applying CI & CD to training developmentRomén Rodríguez-Gil
Dwjw2019 Lisbon - Training-as-code- applying CI & CD to training development
Blog post: https://www.romenrg.com/blog/2019/12/31/everything-as-code/
Recording: https://www.youtube.com/watch?v=1hda-bVYaVc&feature=youtu.be
Hal Speed gave a presentation about the Micro:bit Educational Foundation. The Foundation aims to get people creative, connected, and coding with its Micro:bit device. The Micro:bit is designed as a learning tool for digital skills and backed by research showing it helps students learn coding. It can be programmed using Blocks, JavaScript, Python, and connected to Scratch. Resources on the Foundation's website include lessons, projects, and ways to get involved with translation.
Open security summit 2019 owasp london 25th febDinis Cruz
The document advertises the Open Security Summit 2019 conference happening in London from June 3-7. It will bring together security experts, developers, users, government agencies and vendors to collaborate on solving hard security problems. Participants will have the opportunity to engage in working sessions from 8am to 2am focused on 12 tracks, including outcomes from last year's summit. Individuals can purchase tickets, seek sponsorship, or have their company sponsor the event. The goal is to create a collaborative environment for maximum productivity and synergies between attendees.
This document appears to be a slide presentation about the Micro:bit Educational Foundation and the micro:bit device. Some key points summarized:
- The micro:bit is a small physical computing device designed for computer science education that has inputs like buttons and sensors and can be programmed for outputs.
- Research has shown the micro:bit helps more students see that anyone can code, increases the number of girls interested in computing, and makes coding easier for students.
- The presentation outlines various curriculum and lesson plans for teaching coding with the micro:bit using platforms like Scratch, MakeCode, Python, and more.
- Accessories are available to expand what students can do with the micro:bit and
This document discusses the micro:bit, a small programmable device designed to teach coding and computer science. It provides an overview of the micro:bit's features, various programming languages and tools that can be used with it including Scratch and MakeCode, and curriculum resources aligned to its use. Research findings are presented showing the micro:bit helps students learn coding and girls show more interest in computing. Options for purchasing micro:bit kits and accessories are also mentioned.
This document discusses the Micro:bit educational foundation and the Micro:bit device. Some key points:
- The Micro:bit is a small programmable device designed for educational use by students aged 11-12. Over 1 million were distributed in the UK in 2015.
- Studies found 90% of students said the Micro:bit helped show anyone can code, and 70% more girls said they would choose computing.
- The Micro:bit educational foundation was formed in 2016 to make the Micro:bit available globally. It can be programmed through block coding in MakeCode or text coding in JavaScript, Python, and more.
- Many lessons and curricula have been developed to teach concepts like
The document summarizes navigating open source communities and contributions. It provides statistics on open source usage and diversity. It then presents a case study of the Kubernetes community and CNCF, detailing its growth and impact. Finally, it outlines different levels of involvement from consumer to leader and offers advice on finding sponsors and navigating unspoken rules to contribute effectively.
From Zero to DevOps Superhero: The Container Edition (JenkinsWorld SF)Jessica Deen
This document contains a presentation on containers and DevOps. It discusses how modern life runs on code, with intelligent vehicles, smart cities, and other technologies relying on millions of lines of code. It then discusses how containers can help developers and operations teams by enabling portable and standardized applications. The rest of the presentation demonstrates container concepts like layers, compares containers to virtual machines, and discusses tools like Kubernetes, Helm, and best practices for using containers in a DevOps workflow.
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS User Group - Thailand
The document discusses a career day presentation about DevOps engineering and cloud career paths. The presentation covers what DevOps is, the roles of developers and operations teams, DevOps practices like continuous integration and delivery, and AWS services that can be used as part of a DevOps approach like CodePipeline, CodeBuild, and CloudFormation. It emphasizes that DevOps is a culture of collaboration between development and operations and encourages automating as many processes as possible.
This document summarizes Cheryl Hung's presentation on cloud native computing. The presentation covered the Kubernetes community and role of the CNCF in growing it, current architectural trends like serverless computing and service meshes, and new norms for companies engaging in open source like individual contributions over company reputation. It encourages companies to establish open source program offices to guide compliance, outreach and executive support for open source contributions.
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
Security assessments are a critical part of any security program. Being able to identify – and communicate about – vulnerabilities systems is required to get vulnerabilities prioritized for remediation. For web and mobile applications, assessment methodologies are reasonably straightforward and established. However, for cloud-native applications, the combination of new technologies and architectural elements has introduced questions about how to scope, plan, and execute security assessments. This presentation looks at how the assessment landscape has changed with the introduction of cloud-native applications and explores how threat modeling is central to testing their security. In addition, the “Four C’s” conceptual model for looking at cloud-native application security is introduced, including a discussion of how both automated and manual testing methodologies can be used to accomplish assessment goals. Finally, vulnerability contextualization and reporting are discussed, so that teams running cloud-native application assessments can properly characterize the results of their efforts to aid in the prioritization and remediation of identified issues.
This document summarizes a presentation about cloud native computing from a community perspective. It discusses the growth of Kubernetes and the Cloud Native Computing Foundation (CNCF) community. It provides statistics on member companies and countries involved in CNCF. It also outlines the CNCF's role in fostering open source cloud native projects and describes some of the services it provides. Finally, it discusses the importance and impact of cloud native technologies, including their role in improving efficiency and reducing carbon emissions.
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
Developers need to move quickly and efficiently. Coverity’s speed, accuracy, ease of use, and scalability meet the needs of even the largest, most complex environments. ThreadFix allows you to centralize all test and vulnerability data in one place so your software security team can spend less time on manually correlating results and more time focusing on higher-level risk decisions. Join us to get a firsthand look at how Coverity and ThreadFix arm development teams with the tools they need to advance security programs in real time.
Secured Technology Platform Provider in Enterprise IT WIKI LABS SDN BHD
Wiki Labs
As a Secured Technology Platform provider in Enterprise IT space, Wiki Labs strive to be the next generation Solution Provider to provide many gaps in the technology world. A decade of experience in IT Business makes our clienteles grow exponentially across the region from financial services to Telco industry, from large corporation to public sector and GLC.
Our motive is to progress mankind with what we can deliver, our aim is to make this world a better place through technologies we offer. We enjoy our growths, always stay ahead at the curve and be the best in what we do!
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
This document discusses how Coverity static analysis and ThreadFix application security management can work together. Coverity finds defects and security issues in code during development. ThreadFix consolidates vulnerabilities from multiple scanners, prioritizes risks, and translates issues for developers in their existing tools. When integrated, Coverity results are imported into ThreadFix to give context and be tracked through remediation. This allows securing the entire software development lifecycle.
How to (Permanently) Fix the Most Common DevOps Security BlundersDevOps.com
This document discusses achieving greater speed and agility in continuous deployment while maintaining security. It advocates shifting security practices left in the development process to foster a DevOps culture. Some anti-patterns like security teams operating in silos are highlighted. The document recommends minding default configurations, treating applications like user identities with least privilege access, and auditing everything. A new secrets management product coming in December is mentioned that can securely store and manage secrets for DevOps workflows using microservices, containers, and APIs. In conclusion, the document recommends following general best practices while shifting security left in the development process.
A Guided Journey of Cloud Native, featuring MonzoCheryl Hung
The document discusses the Cloud Native Computing Foundation (CNCF) and provides an overview of cloud native concepts. It describes the CNCF's mission to foster open source, vendor-neutral cloud native projects and some of its activities. It then outlines a scale from houses to cities to describe how cloud native practices become more important as software systems increase in complexity and size, from source control and continuous integration for small systems, to high availability, storage and security for large systems with 500+ services. The document promotes upcoming KubeCon + CloudNativeCon conferences in Europe, China and North America.
The document summarizes Cheryl Hung's presentation on cloud native computing past, present and future. The presentation discussed Kubernetes starting as internal Google technology, being open sourced in 2014, and growing to be the largest cloud native project at the CNCF. It also reviewed how the CNCF fosters open source projects and graduated over 20 projects, as well as common questions received about what the CNCF does and how projects can be donated. The presentation concluded by discussing challenges to cloud native adoption and how cloud native technologies can help address issues like climate change.
The document discusses leveraging multiple cloud orchestration. It introduces a cloud orchestrator tool that aims to provide a self-service portal for users to provision cloud resources across different cloud platforms like AWS, Azure and GCP. This is intended to reduce the workload for IT operators by enabling self-service provisioning rather than requiring users to make resource requests. The orchestrator also offers cost optimization and governance features to help manage resources and costs across multiple clouds. A demo is provided showing example features of the orchestrator tool.
Scale DevSecOps with your Continuous Integration Pipeline DevOps.com
Hear from AppSec and Development leaders on how they apply the principles of DevOps to deliver secure products and services to customers. Learn how you can scale your DevSecOps initiatives to reduce time-to-deployment and lower costs as you deliver secure software. During this webinar, you will learn about the latest tools and techniques that will enable your development teams to embed security scanning into your IDE as you are coding, returning most scans in seconds – all while integrating into your CI pipeline. Our speaker will provide:
An overview of Veracode Greenlight and its integrations with developer tools;
A summary of recent Greenlight use cases and successes;
Examples of how Greenlight integrates into your CI pipeline
Many organizations have only a passing understanding of the scope of their application portfolios and how these assets are exposed to the Internet and other potentially dangerous networks. This puts them in a risky situation where they have attack surface that is unknown and unmanaged, often resulting in serious vulnerabilities being exposed indefinitely. This presentation looks at several tools and methods that can be used to enumerate enterprise application assets – including web applications, mobile applications, and web services. The discussion covers several open source application asset identification tools and compares their effectiveness. Finally, a framework for ongoing application asset discovery and enumeration is presented so that security managers can embark on a structured program to characterize their risk exposure due to their enterprise attack surface.
During a recent webinar, Lewis Ardem, senior security consultant at Synopsys presented "Reviewing Modern JavaScript Applications. " For more information, please visit our website at www.synopsys.com/software
AWS DevDay Cologne - CI/CD for modern applicationsCobus Bernard
The document discusses approaches for modern application development including continuous integration, continuous deployment, infrastructure as code, microservices, and serverless technologies. It provides examples of using AWS services like CodePipeline, CodeBuild, CodeDeploy, SAM, and CDK to implement infrastructure as code, continuous integration, and continuous deployment. The document contains diagrams and code samples to illustrate these concepts and services.
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Amazon Web Services
This document discusses lessons learned from implementing cloud automation at scale over multiple years at McGraw Hill Education. Some key lessons include: establishing centralized security configuration and response; using centralized account configuration for development, testing, and production environments; automating cost optimization techniques; developing networking automation while separating responsibilities between developers and network engineers; and integrating security practices into the DevOps toolchain and AMI management process. The benefits of these practices include increased speed, safety, accessibility, productivity, depth and breadth of cloud operations.
CI/CD Best Practices for Your DevOps JourneyDevOps.com
The journey to realizing DevOps in any organization is fraught with a number of obstacles for developers and other stakeholders. These challenges are often caused by key CI/CD practices being misunderstood, partially implemented or even completely skipped. Now, as the industry positions itself to build on DevOps practices with a Software Delivery Management strategy, it’s more important than ever that we implement CI/CD best practices, and prepare for the future.
Join host Mitchell Ashely, and CloudBees’ Brian Dawson, DevOps evangelist, and Doug Tidwell, technical marketing director, as they explore and review the CI/CD best practices which serve as your stepping stones to DevOps and a successful Software Delivery Management strategy.
The webinar will cover CI/CD best practices including:
Containers and environment management
Continuous delivery or deployment
Movement from Dev to Ops
By the end of the webinar, you’ll understand the key steps for implementing CI/CD and powering your journey to DevOps and beyond.
This document summarizes an open source presentation about getting involved in open source projects. It discusses how to get started with open source contributions, how to get paid for open source work, and potential pitfalls. The key points are:
1) There are many ways to contribute to open source projects beyond just coding, such as organizing events, helping others, writing documentation, and more.
2) Companies may sponsor open source work that aligns with their strategy to build their brand and recruit developers. If your company does not support contributions, you could crowdfund, seek grants, or start your own company.
3) It is important to be visible when contributing in order to potentially get paid opportunities. However
Using Cloud Hyperscale Vendors Cognitive Artificial Intelligence NoOps MLaaSBjörn Rodén
Global Cloud Hyperscale Vendors
- The top three (3) for MLaaS (AWS, Azure, GCP)
- What is NoOps, Cognitive AI, and MLaaS
- What is Differentiating Cognitive AI MLaaS NoOps Vendors
Using Cognitive AI MLaaS NoOps services
- Vision Image
- Vision Video
- Audio
- Language & Text
Approach for rapid Business Impact
The document discusses GitOps, Jenkins X, and the future of CI/CD. It describes GitOps as using Git as the single source of truth for infrastructure configuration and changes. Jenkins X aims to make developing and deploying cloud native applications on Kubernetes easy by integrating best practices and tools. The future of CI/CD is discussed including serverless Jenkins, leveraging production traffic for testing, and using machine learning for smarter testing and predicting risky deployments. Overall it emphasizes the importance of continuous improvement and using technologies like GitOps and Jenkins X to enable faster and more reliable software delivery.
Slides from the Docker and Jenkins [as code] talk at DevOps World | Jenkins World 2019. Discusses Jenkins, Docker, configuration as code as a concept groovy configuration, and the Jenkins configuration as code plugin (JCasC)
DevOps World | Jenkins World 2019 "Thinking about Jenkins Security" presentation by Mark Waite, Wadeck Follonier and Meg McRoberts. Reviews Jenkins security concepts, common pitfalls, and the techniques to avoid those common pitfalls.
More Related Content
Similar to Training as Code - Applying CI/CD to training
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS User Group - Thailand
The document discusses a career day presentation about DevOps engineering and cloud career paths. The presentation covers what DevOps is, the roles of developers and operations teams, DevOps practices like continuous integration and delivery, and AWS services that can be used as part of a DevOps approach like CodePipeline, CodeBuild, and CloudFormation. It emphasizes that DevOps is a culture of collaboration between development and operations and encourages automating as many processes as possible.
This document summarizes Cheryl Hung's presentation on cloud native computing. The presentation covered the Kubernetes community and role of the CNCF in growing it, current architectural trends like serverless computing and service meshes, and new norms for companies engaging in open source like individual contributions over company reputation. It encourages companies to establish open source program offices to guide compliance, outreach and executive support for open source contributions.
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
Security assessments are a critical part of any security program. Being able to identify – and communicate about – vulnerabilities systems is required to get vulnerabilities prioritized for remediation. For web and mobile applications, assessment methodologies are reasonably straightforward and established. However, for cloud-native applications, the combination of new technologies and architectural elements has introduced questions about how to scope, plan, and execute security assessments. This presentation looks at how the assessment landscape has changed with the introduction of cloud-native applications and explores how threat modeling is central to testing their security. In addition, the “Four C’s” conceptual model for looking at cloud-native application security is introduced, including a discussion of how both automated and manual testing methodologies can be used to accomplish assessment goals. Finally, vulnerability contextualization and reporting are discussed, so that teams running cloud-native application assessments can properly characterize the results of their efforts to aid in the prioritization and remediation of identified issues.
This document summarizes a presentation about cloud native computing from a community perspective. It discusses the growth of Kubernetes and the Cloud Native Computing Foundation (CNCF) community. It provides statistics on member companies and countries involved in CNCF. It also outlines the CNCF's role in fostering open source cloud native projects and describes some of the services it provides. Finally, it discusses the importance and impact of cloud native technologies, including their role in improving efficiency and reducing carbon emissions.
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
Developers need to move quickly and efficiently. Coverity’s speed, accuracy, ease of use, and scalability meet the needs of even the largest, most complex environments. ThreadFix allows you to centralize all test and vulnerability data in one place so your software security team can spend less time on manually correlating results and more time focusing on higher-level risk decisions. Join us to get a firsthand look at how Coverity and ThreadFix arm development teams with the tools they need to advance security programs in real time.
Secured Technology Platform Provider in Enterprise IT WIKI LABS SDN BHD
Wiki Labs
As a Secured Technology Platform provider in Enterprise IT space, Wiki Labs strive to be the next generation Solution Provider to provide many gaps in the technology world. A decade of experience in IT Business makes our clienteles grow exponentially across the region from financial services to Telco industry, from large corporation to public sector and GLC.
Our motive is to progress mankind with what we can deliver, our aim is to make this world a better place through technologies we offer. We enjoy our growths, always stay ahead at the curve and be the best in what we do!
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
This document discusses how Coverity static analysis and ThreadFix application security management can work together. Coverity finds defects and security issues in code during development. ThreadFix consolidates vulnerabilities from multiple scanners, prioritizes risks, and translates issues for developers in their existing tools. When integrated, Coverity results are imported into ThreadFix to give context and be tracked through remediation. This allows securing the entire software development lifecycle.
How to (Permanently) Fix the Most Common DevOps Security BlundersDevOps.com
This document discusses achieving greater speed and agility in continuous deployment while maintaining security. It advocates shifting security practices left in the development process to foster a DevOps culture. Some anti-patterns like security teams operating in silos are highlighted. The document recommends minding default configurations, treating applications like user identities with least privilege access, and auditing everything. A new secrets management product coming in December is mentioned that can securely store and manage secrets for DevOps workflows using microservices, containers, and APIs. In conclusion, the document recommends following general best practices while shifting security left in the development process.
A Guided Journey of Cloud Native, featuring MonzoCheryl Hung
The document discusses the Cloud Native Computing Foundation (CNCF) and provides an overview of cloud native concepts. It describes the CNCF's mission to foster open source, vendor-neutral cloud native projects and some of its activities. It then outlines a scale from houses to cities to describe how cloud native practices become more important as software systems increase in complexity and size, from source control and continuous integration for small systems, to high availability, storage and security for large systems with 500+ services. The document promotes upcoming KubeCon + CloudNativeCon conferences in Europe, China and North America.
The document summarizes Cheryl Hung's presentation on cloud native computing past, present and future. The presentation discussed Kubernetes starting as internal Google technology, being open sourced in 2014, and growing to be the largest cloud native project at the CNCF. It also reviewed how the CNCF fosters open source projects and graduated over 20 projects, as well as common questions received about what the CNCF does and how projects can be donated. The presentation concluded by discussing challenges to cloud native adoption and how cloud native technologies can help address issues like climate change.
The document discusses leveraging multiple cloud orchestration. It introduces a cloud orchestrator tool that aims to provide a self-service portal for users to provision cloud resources across different cloud platforms like AWS, Azure and GCP. This is intended to reduce the workload for IT operators by enabling self-service provisioning rather than requiring users to make resource requests. The orchestrator also offers cost optimization and governance features to help manage resources and costs across multiple clouds. A demo is provided showing example features of the orchestrator tool.
Scale DevSecOps with your Continuous Integration Pipeline DevOps.com
Hear from AppSec and Development leaders on how they apply the principles of DevOps to deliver secure products and services to customers. Learn how you can scale your DevSecOps initiatives to reduce time-to-deployment and lower costs as you deliver secure software. During this webinar, you will learn about the latest tools and techniques that will enable your development teams to embed security scanning into your IDE as you are coding, returning most scans in seconds – all while integrating into your CI pipeline. Our speaker will provide:
An overview of Veracode Greenlight and its integrations with developer tools;
A summary of recent Greenlight use cases and successes;
Examples of how Greenlight integrates into your CI pipeline
Many organizations have only a passing understanding of the scope of their application portfolios and how these assets are exposed to the Internet and other potentially dangerous networks. This puts them in a risky situation where they have attack surface that is unknown and unmanaged, often resulting in serious vulnerabilities being exposed indefinitely. This presentation looks at several tools and methods that can be used to enumerate enterprise application assets – including web applications, mobile applications, and web services. The discussion covers several open source application asset identification tools and compares their effectiveness. Finally, a framework for ongoing application asset discovery and enumeration is presented so that security managers can embark on a structured program to characterize their risk exposure due to their enterprise attack surface.
During a recent webinar, Lewis Ardem, senior security consultant at Synopsys presented "Reviewing Modern JavaScript Applications. " For more information, please visit our website at www.synopsys.com/software
AWS DevDay Cologne - CI/CD for modern applicationsCobus Bernard
The document discusses approaches for modern application development including continuous integration, continuous deployment, infrastructure as code, microservices, and serverless technologies. It provides examples of using AWS services like CodePipeline, CodeBuild, CodeDeploy, SAM, and CDK to implement infrastructure as code, continuous integration, and continuous deployment. The document contains diagrams and code samples to illustrate these concepts and services.
Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...Amazon Web Services
This document discusses lessons learned from implementing cloud automation at scale over multiple years at McGraw Hill Education. Some key lessons include: establishing centralized security configuration and response; using centralized account configuration for development, testing, and production environments; automating cost optimization techniques; developing networking automation while separating responsibilities between developers and network engineers; and integrating security practices into the DevOps toolchain and AMI management process. The benefits of these practices include increased speed, safety, accessibility, productivity, depth and breadth of cloud operations.
CI/CD Best Practices for Your DevOps JourneyDevOps.com
The journey to realizing DevOps in any organization is fraught with a number of obstacles for developers and other stakeholders. These challenges are often caused by key CI/CD practices being misunderstood, partially implemented or even completely skipped. Now, as the industry positions itself to build on DevOps practices with a Software Delivery Management strategy, it’s more important than ever that we implement CI/CD best practices, and prepare for the future.
Join host Mitchell Ashely, and CloudBees’ Brian Dawson, DevOps evangelist, and Doug Tidwell, technical marketing director, as they explore and review the CI/CD best practices which serve as your stepping stones to DevOps and a successful Software Delivery Management strategy.
The webinar will cover CI/CD best practices including:
Containers and environment management
Continuous delivery or deployment
Movement from Dev to Ops
By the end of the webinar, you’ll understand the key steps for implementing CI/CD and powering your journey to DevOps and beyond.
This document summarizes an open source presentation about getting involved in open source projects. It discusses how to get started with open source contributions, how to get paid for open source work, and potential pitfalls. The key points are:
1) There are many ways to contribute to open source projects beyond just coding, such as organizing events, helping others, writing documentation, and more.
2) Companies may sponsor open source work that aligns with their strategy to build their brand and recruit developers. If your company does not support contributions, you could crowdfund, seek grants, or start your own company.
3) It is important to be visible when contributing in order to potentially get paid opportunities. However
Using Cloud Hyperscale Vendors Cognitive Artificial Intelligence NoOps MLaaSBjörn Rodén
Global Cloud Hyperscale Vendors
- The top three (3) for MLaaS (AWS, Azure, GCP)
- What is NoOps, Cognitive AI, and MLaaS
- What is Differentiating Cognitive AI MLaaS NoOps Vendors
Using Cognitive AI MLaaS NoOps services
- Vision Image
- Vision Video
- Audio
- Language & Text
Approach for rapid Business Impact
The document discusses GitOps, Jenkins X, and the future of CI/CD. It describes GitOps as using Git as the single source of truth for infrastructure configuration and changes. Jenkins X aims to make developing and deploying cloud native applications on Kubernetes easy by integrating best practices and tools. The future of CI/CD is discussed including serverless Jenkins, leveraging production traffic for testing, and using machine learning for smarter testing and predicting risky deployments. Overall it emphasizes the importance of continuous improvement and using technologies like GitOps and Jenkins X to enable faster and more reliable software delivery.
Similar to Training as Code - Applying CI/CD to training (20)
Slides from the Docker and Jenkins [as code] talk at DevOps World | Jenkins World 2019. Discusses Jenkins, Docker, configuration as code as a concept groovy configuration, and the Jenkins configuration as code plugin (JCasC)
DevOps World | Jenkins World 2019 "Thinking about Jenkins Security" presentation by Mark Waite, Wadeck Follonier and Meg McRoberts. Reviews Jenkins security concepts, common pitfalls, and the techniques to avoid those common pitfalls.
Jenkins World 2019 lightning talk presented by Mark Waite, Aug 14, 2019 in San Francisco. Describes challenges, accomplishments, and lessons learned while adding Java 11 support to Jenkins
Techniques to improve performance and disc use of Jenkins jobs that store their source code in git repositories. Presented as a lightning talk at Jenkins World 2019, August 14, 2019 by Mark Waite
This document discusses how Docker and Jenkins can be used together for continuous integration. It describes how Docker provides repeatable environments that reduce unintended variations, and how Jenkins pipelines allow for frequent integration that detects issues earlier. Specific examples show how Docker images can standardize environments for building, testing, and reproducing bugs, while multi-branch Jenkins pipelines enable testing proposed changes before merging.
To TDD or not to TDD - that is the questionMark Waite
A test-driven development experience report based on the 10+ year history of the Jenkins git plugin. Provides examples and heuristics for cases where test-driven development may not be the most effective use of time.
The document discusses several Git techniques for reducing network transfer and storage requirements when using Git in large projects or continuous integration systems, including reference repositories, narrow refspecs, shallow clones, large file support, and sparse checkouts. It outlines the benefits and limitations of each technique, such as reducing network transfer and local storage needs but potentially limiting history or breaking workflows. The goal is to help optimize remote repositories, master servers that detect changes, and agent servers that perform builds and jobs.
Jenkins - Continuous Integration after Hudson, CruiseControl, and home builtMark Waite
This document discusses Jenkins, an open source tool for continuous integration. It describes how Jenkins can help improve productivity by detecting breaks sooner, reporting failures more clearly, and making progress more visible. The document outlines how Jenkins is easy to install, use, and extend with over 300 plugins. It provides examples of using Jenkins for various programming languages and tasks like version control, building, testing, analyzing code quality, and notifications. Finally, it explains how Jenkins can support team development through features like multi-configuration and multi-stage jobs, and swarms to dynamically allocate resources.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.