Quick run through of some ideas about continuously devopsing microservices for Velocity NY keynote. A bit about Pivotal, a bit about me, the industry, and you. Yes you...
slides for VMworld presentation
Devops, Continuous Delivery, Microservices, Platforms, what does it all mean?
TL;DR
Automation is a function of what is being automated. Ad hoc automation will not solve deployment and operational problems as much as being thoughtful about the architectures being deployed. The technology and the people mirror each other's communication.
Managing a large open source community - OSCON 2016{code}
Â
Increasing your online presence in the open source community involves more than just writing and committing code. We need to create safe places to collaborate and communicate freely in order to involve more people than just our closest team members. Jonas Rosland and Stephanie Carlson outline a few of the tools they use to tackle this big task and discuss failures, successes, and lessons learned.
Presentations from our osAccelerate event in London UK by Mark Brincat, CTO of The Economist and Steve Tanner, Systems Analyst at the World Trade Organisation.
devops, microservices, and platforms, oh my!Andrew Shafer
Â
A story about a boy and his quest to build great software delivered at the Cloud Foundry Summit in Santa Clara May 2015. (https://www.youtube.com/watch?v=rX4mQHPWuUY) Walk through the history of my personal career, and the evolution of the industry highlighting themes like devops, microservices and platforms.
slides for VMworld presentation
Devops, Continuous Delivery, Microservices, Platforms, what does it all mean?
TL;DR
Automation is a function of what is being automated. Ad hoc automation will not solve deployment and operational problems as much as being thoughtful about the architectures being deployed. The technology and the people mirror each other's communication.
Managing a large open source community - OSCON 2016{code}
Â
Increasing your online presence in the open source community involves more than just writing and committing code. We need to create safe places to collaborate and communicate freely in order to involve more people than just our closest team members. Jonas Rosland and Stephanie Carlson outline a few of the tools they use to tackle this big task and discuss failures, successes, and lessons learned.
Presentations from our osAccelerate event in London UK by Mark Brincat, CTO of The Economist and Steve Tanner, Systems Analyst at the World Trade Organisation.
devops, microservices, and platforms, oh my!Andrew Shafer
Â
A story about a boy and his quest to build great software delivered at the Cloud Foundry Summit in Santa Clara May 2015. (https://www.youtube.com/watch?v=rX4mQHPWuUY) Walk through the history of my personal career, and the evolution of the industry highlighting themes like devops, microservices and platforms.
Sharing is Caring, How OSS can help embed a DevOps CultureHarm Boertien
Â
This talk will cover how we share software/cookbooks inside and outside of Schuberg Philis and this benefits us as a company and how it brings benefit to our industry as a whole.
Chzech SharePoint Conference - intranets on share point and office365 - the g...Thomas Gölles
Â
"What's the deal with Communication and Teams Sites?", "Should I use Teams or Groups for collaboration?", "Is on-premises dead?" Those questions sound familiar? Then let's talk about the different opportunities on how to orchestrate the core services of Office365 and SharePoint on-premises to deliver an intranet architecture that not only adds value but also drives user adoption. SPFx, PnP and Microsoft Graph build the technology base layer, whereas services like Flow, PowerApps or the Azure Bot Framework take your intranet to a new level. But never forget about the main target: your users must use it on a daily basis. This session gives an overview of the not so techie side, focusing on the tools in the design, architecture and roll-out phase and of course the setup of an ideal intranet project.
Harald Schirmer shows tools and features to create more impact with less effort - concrete examples and background information on how to upskill for efficiency and effectiveness in a holistic, sustainable way - based on values and #WEwins mentality
Two years ago at Devoxx UK we talked about DevOps, what it was, why it was important and how to get started. Boy, was it scary. Now weâre wiser. More battle-scarred. The large scale of the challenge for application writers exploiting cloud and DevOps is clearer, but so is the path forward. Understanding the DevOps approach is important, but equally you must understand specific deployment technologies, security issues, operational reliability, and how to drive organisational transformation. Whether creating simple applications or sophisticated microservice architectures many of the challenges are the same. Join us to learn how you can apply this within your team and company.
The Apache Way: A Proven Way Toward SuccessEvans Ye
Â
With innumerous successful Apache projects that dominate the big data world, the working model of Apache communities clearly deserved a study. In this talk, I'll walk you through how Apache communities and the Apache Software Foundation work generally. The whole thing behinds it is so called "The Apache Way".
For audience whose an engineer, I'll share with you why you should be part of the Apache family, how to do it, and what you can get from it. Moreover, I'll cover this with some actionable tips, and closing up with some career advices. For those being managers or at CXO level, I'll talk about some aspects on building engineering culture which can alternately pace your team and business toward success.
DevOps is becoming the new "buzzworld", like "SOA" or "Agile" did in the past years.
In this presentation we will try to separate the idea from the marketing following "DevOps" idea since its inception in the 2008, from its relationship with Agile and other, similar, ideas in other disciplines.
Then we will discuss why these ideas work and how they're applied in an IT context.
How Amnesty International Uses Design Systems and Advanced Custom Fields to W...Daniel Schutzsmith
Â
Amnesty International USA launched a website redesign in May 2017 based on a design pattern that would reinforce our branding and make it easy to implement on any page using WordPress, Bootstrap 4 and Advanced Custom Fields. Weâll discuss how we defined the design pattern and why itâs important for every website to have one. Then weâll explore how ACF uses flexible content and repeater fields to create an infinite number of design possibilities while still maintaining design guidelines. Code, design and process will be shared.
Keynote Presentation at NTC WordPress Day 2018. Presented by Daniel Schutzsmith and Gabriel Dekoladenu, Amnesty International USA
(Best) Practices for the Solo DeveloperMichael Eaton
Â
You are the only developer in your company. Maybe youâre an independent consultant. Maybe you work from home, maybe not. Any way it goes, being the lone developer can be tough. Whether you work in a cube or the comfort of your home office or the local coffee shop, there are many challenges facing the solo developer. Project management, estimation, testing and even writing code all change when you work alone. In this session, I will discuss many of the lessons learned and practices Iâve developed working almost exclusively as a single developer for the past ten years.
This is a high-level presentation I will be presenting to employees at Medavie. I thought it might be useful for other people as well. Its vendor agnostic.
Where 2.0 Perch Product Launch Presentationperryevans
Â
Product preview for Closely's new Perch small business mobile app. Perch gives merchants a bird's eye view of their business neighborhood. Perch combines social and promotion posts into one daily use tool for the business owner.
Slides presented by Katie Dunneback at the 2011 O'Reilly Tools of Change Conference as part of the "Solving the Digital Loan Problem: Can Library Lending of eBooks be a Win-win for Publishers AND Libraries?" presentation
Sharing is Caring, How OSS can help embed a DevOps CultureHarm Boertien
Â
This talk will cover how we share software/cookbooks inside and outside of Schuberg Philis and this benefits us as a company and how it brings benefit to our industry as a whole.
Chzech SharePoint Conference - intranets on share point and office365 - the g...Thomas Gölles
Â
"What's the deal with Communication and Teams Sites?", "Should I use Teams or Groups for collaboration?", "Is on-premises dead?" Those questions sound familiar? Then let's talk about the different opportunities on how to orchestrate the core services of Office365 and SharePoint on-premises to deliver an intranet architecture that not only adds value but also drives user adoption. SPFx, PnP and Microsoft Graph build the technology base layer, whereas services like Flow, PowerApps or the Azure Bot Framework take your intranet to a new level. But never forget about the main target: your users must use it on a daily basis. This session gives an overview of the not so techie side, focusing on the tools in the design, architecture and roll-out phase and of course the setup of an ideal intranet project.
Harald Schirmer shows tools and features to create more impact with less effort - concrete examples and background information on how to upskill for efficiency and effectiveness in a holistic, sustainable way - based on values and #WEwins mentality
Two years ago at Devoxx UK we talked about DevOps, what it was, why it was important and how to get started. Boy, was it scary. Now weâre wiser. More battle-scarred. The large scale of the challenge for application writers exploiting cloud and DevOps is clearer, but so is the path forward. Understanding the DevOps approach is important, but equally you must understand specific deployment technologies, security issues, operational reliability, and how to drive organisational transformation. Whether creating simple applications or sophisticated microservice architectures many of the challenges are the same. Join us to learn how you can apply this within your team and company.
The Apache Way: A Proven Way Toward SuccessEvans Ye
Â
With innumerous successful Apache projects that dominate the big data world, the working model of Apache communities clearly deserved a study. In this talk, I'll walk you through how Apache communities and the Apache Software Foundation work generally. The whole thing behinds it is so called "The Apache Way".
For audience whose an engineer, I'll share with you why you should be part of the Apache family, how to do it, and what you can get from it. Moreover, I'll cover this with some actionable tips, and closing up with some career advices. For those being managers or at CXO level, I'll talk about some aspects on building engineering culture which can alternately pace your team and business toward success.
DevOps is becoming the new "buzzworld", like "SOA" or "Agile" did in the past years.
In this presentation we will try to separate the idea from the marketing following "DevOps" idea since its inception in the 2008, from its relationship with Agile and other, similar, ideas in other disciplines.
Then we will discuss why these ideas work and how they're applied in an IT context.
How Amnesty International Uses Design Systems and Advanced Custom Fields to W...Daniel Schutzsmith
Â
Amnesty International USA launched a website redesign in May 2017 based on a design pattern that would reinforce our branding and make it easy to implement on any page using WordPress, Bootstrap 4 and Advanced Custom Fields. Weâll discuss how we defined the design pattern and why itâs important for every website to have one. Then weâll explore how ACF uses flexible content and repeater fields to create an infinite number of design possibilities while still maintaining design guidelines. Code, design and process will be shared.
Keynote Presentation at NTC WordPress Day 2018. Presented by Daniel Schutzsmith and Gabriel Dekoladenu, Amnesty International USA
(Best) Practices for the Solo DeveloperMichael Eaton
Â
You are the only developer in your company. Maybe youâre an independent consultant. Maybe you work from home, maybe not. Any way it goes, being the lone developer can be tough. Whether you work in a cube or the comfort of your home office or the local coffee shop, there are many challenges facing the solo developer. Project management, estimation, testing and even writing code all change when you work alone. In this session, I will discuss many of the lessons learned and practices Iâve developed working almost exclusively as a single developer for the past ten years.
This is a high-level presentation I will be presenting to employees at Medavie. I thought it might be useful for other people as well. Its vendor agnostic.
Where 2.0 Perch Product Launch Presentationperryevans
Â
Product preview for Closely's new Perch small business mobile app. Perch gives merchants a bird's eye view of their business neighborhood. Perch combines social and promotion posts into one daily use tool for the business owner.
Slides presented by Katie Dunneback at the 2011 O'Reilly Tools of Change Conference as part of the "Solving the Digital Loan Problem: Can Library Lending of eBooks be a Win-win for Publishers AND Libraries?" presentation
âOne file to rule them allâ In these slides, I detail my three-pronged strategy to create a single EPUB file for most ereaders, as well as the basis for conversion to Kindle/mobi and KF8.
Using WordPress for Digital Workflows and MoreKirk Biglione
Â
As digital becomes more central to a book publishers life, the tools must change to keep pace. In this session we look at WordPress as a lightweight digital swiss army knife, a powerful and flexible platform that can be adapted to many publishing needs. Weâll look at using WordPress-based systems for ecommerce, marketing, catalogs and discovery and more. Participants will aslo have a hands-on demo of PressBooks (built on WordPress), a digital book production tool that participants can use to generate an epub and typeset PDFs.
Better Bash - Unit and Integration TestingC.J. Jameson
Â
Presented at Velocity Santa Clara 2016, June 22
Relevant links:
https://github.com/sstephenson/bats
https://github.com/concourse/git-resource/tree/master/test
https://github.com/rbenv/ruby-build/tree/master/test
Social Gold: The Design of FarmVille and Other Social Games (Web2Expo 2010)Amitt Mahajan
Â
Amitt Mahajan discusses common game design techniques used within Zynga's popular social games to create experiences that encourage user acquisition, retention, and investment.
(Short version) Building a Mobile, Social, Location-Based Game in 5 WeeksJennie Lees
Â
A 5-week experiment to practice Lean methods in game development by testing and iterating concepts around mobile, location-based social gaming and apps. (Short version for Where 2.0)
Mobilising the world's Natural History - Open Data + Citizen ScienceMargaret Gold
Â
my slides for the Ignite Talks at OSCON 2016 in London.
Mobilizing the worldâs natural history: Open data + citizen science
Margaret Gold
The Natural History Museum is embarking on an epic journey to digitize 80 million specimens from one of the worldâs most important natural history collections. But alongside this, the museumâs citizen science projects invite you to actively contribute to its science research. Margaret explains where the two meet and how they might change the face of natural history.
Data Science and Smart Systems: Creating the Digital Brain VMware Tanzu
Â
Big Data technologies enable us to build the digital brain of smart systems. I will illustrate with examples how we build a digital brain by collecting data from a large number of sensors and using the brain to find value in that data. We build a Data Lake using cutting edge technology from Pivotal and use it to store large amounts of sensor and other data. Then we can find patterns in that data by applying the Data Science methodology using sophisticated machine learning and statistical algorithms customized to run on big data within the Data Lake. Armed with these patterns the system can detect anomalies and respond in an appropriate manner. Data Science combined with sensors and actuators can make a system smart!
Web 2.0 Expo speech May 6, 2010 by Charlene Li entitled, "Open Leadership: How Social Technology Can Transform How You Lead". Learn more at open-leadership.com
Hadoop's Impact on the Future of Data Management | Amr AwadallahCloudera, Inc.
Â
Speaker: Amr Awadallah
As Hadoop and the surrounding projects & vendors mature, their impact on the data management sector is growing. Amr will talk about his views on how that impact will change over the next five years. How central will Hadoop be to the data center of 2020? What industries will benefit most? Which technologies are at risk of displacement or encroachment?
Locked Out in London (and tweeting about it) - version with my notesSylvain Carle
Â
Last year I talked about how people sucked at naming places.
This year I was talking about anecdotes about us humans and what we tweet about, and where.
All my examples are from Needium, our platfrom that matches needs expressed to a location and to businesses that can answer them.
My talk with Jim Kimball on the tyranny of the SLA; in it, we:
- Deconstruct the purpose of the service level agreement
- Discuss pitfalls of aspects of common SLA clauses, including how current SLAs inhibit the development of resilient systems and the cultivation of a DevOps culture
- Explore other potential SLA models that could foster healthier organizational behaviors and dynamics, and ultimately result in better technical outcomes and therefore business outcomes.
Did Social Media Hijack My Communications StrategyMike Smith
Â
This presentation focuses on the challenges facing communications teams and chart viable strategies for creating an effective presence in the Web 2.0 worldâpunctuated by valuable lessons learned from our biggest failures. The discussion will be relevant to businesses that need to gain footing and find a path to maintain relevance in the social web.
Agile
SCRUM
SAFe
IBM approach to SAFe
Why Scale Agile?
IBMâs Point of ViewScaling Agile âThe Recipe
SAFeÂź Overview
IBMâs Support for SAFe
5 Simple Value Propositions
Evolving to SAFe
How IBM uses SAFe to deliver ALM tooling
Summary
Business Agility: a roadmap to the digital enterprise by Jaco ViljoenIndigoCube
Â
Business Agility event 2018 hosted by IndigoCube was on 17th July at Fairlawns Boutique Hotel. Jaco Viljoen, Head of Digital presented on Business Agility: a Roadmap to the Digital Enterprise.
Accelerate Your Time to a Successful Deployment with DevOpsPerficient, Inc.
Â
According to research firm IDC, 70% of Global Fortune 500 firms are expected to adopt DevOps by the end of 2017. With digital transformation strategies at the forefront of organizational priorities, IT is now under more pressure than ever to optimize innovation cycles while removing roadblocks.
In this IBM / Perficient DevOps SlideShare, we discuss topics including:
The differences between DevOps, Agile, and Waterfall methodologies
How automation can influence your development process, remove roadblocks to innovation, and increase visibility into your projects
Why the DevOps toolchain impacts your entire innovation cycle
DevOps best practices from industry leaders
The way how we help customers at ASPgems to do their software development projects in order to better accomplish their business objective in the Digital World.
PMI Thailand: DevOps / Roles of Project Manager (20-May-2020)Gonzague PATINIER
Â
DevOps seems to be the latest âbuzzwordâ and trend in the IT industry. This is driven by business needs for ever-faster deployment of new functionality and frustrations with the time and effort it takes to get new systems into operations. It is no longer a question of âshould we adopt DevOpsâ, but âwhen and howâ?
DevOps represents a significant cultural and behavioral change and many organizations fail to address this in their adoption. Gartner defines DevOps as a change in IT culture, focusing on rapid IT service delivery through the adoption of agile, lean practices in the context of a system-oriented approach. These culture changes include organization changes, impacting structure, roles and responsibilities.
What and where is the role of the project manager in organizations that have transitioned towards adopting DevOPs? Join us and letâs discuss DevOps and answer your questions followed by an informative discussion.
Agile Upstream and Downstream Webinar - EnglishCollabNet
Â
Enterprises continue to struggle with scaling agile planning across their varied development teams. As the chart above shows less than 20% have been able to scale agile planning. Still further, only 13% of workgroups have connected their upfront agile planning to their subsequent software development and delivery tools and practices. This leads to isolated high performing teams doing great work, but the enterprise continuing to struggle with the overall delivery of projects and products on time.
This webinar will show you CollabNetâs unique ability to bring these upstream and downstream practices together in a consistent repeatable manner, providing teams the ability to trace not only the work but the output of the work throughout the lifecycle and share that information with the business stakeholders.
Key Takeaways:
Understand the difference between agile upstream and agile downstream.
How CollabNetâs TeamForge platform can link together upstream and downstream agile.
Best practices for scaling agile development upstream and downstream across the enterprise.
How to gain visibility across the enterprise on how these teams are doing and how they can best collaborate with one another.
In the world of agile, there is theory and then there is practice. We like to talk about self-organizing teams, asynchronous execution, BDD, TDD, and emergent architecture. We also talk about cross-functional teams: how analysts, testers, architects, technical writers, and UX designers belong on the same team, right next to programmers. It all sounds nice in theory, but how does this work in reality? What do these people actually do? How do they interact? What does it look like? Is there really a pragmatic way to make this work?
In this simulation, a cross-functional team will actually build a piece of software. Every specialist will have a hand in the process. Every specialist will also act as a generalist. Everyone will add value. And as a team, weâll get something DONE.
This is your opportunity to see agile development in practice, and to bridge the gap between what agilists say and what teams do. And itâs not as new or as difficult as you think â affinity between testers, BAâs, coders, and other team members has really been at the root of effective development practices all along. Letâs just finally acknowledge that it works, demonstrate its capabilities, and encourage it going forward.
This IS agile development.
Large organizations are increasingly turning to DevOps and Continuous Delivery principles, often with the goal of shipping better software faster. However, they're then faced with important considerations for scaling these processes across teams and in diverse environments while still maintaining the visibility and control necessary for compliance.
This presentation from Matt Meservey, Director of Product Management at SaltStack and Andrew Phillips, VP of DevOps Strategy at XebiaLabs discusses:
Practical advice and tips gleaned from the large organizations they have helped implement and scale DevOps and Continuous Delivery initiatives for
How to focus your initiatives around practicing improvement not just practicing âDevOpsâ
How the combination XebiaLabs and SaltStack accelerates the software cycle, delivers advanced automation capabilities, enables data-driven improvement and provides continuous insight into your end-to-end software release process in a way other tools simply cannot
Explains what the B2Bsn BOX is and how you could use it to improve the performance and productivity of your teams through immediate access to shared knowledge, regardless of organisational boundaries. In other words, how to harness collaboration and social business to MAKE BETTER DECISIONS, FASTER.
Similar to transforming how the world operates software (20)
DevSecOps: The End of the Beginning - AustinAndrew Shafer
Â
Andrew Clay Shafer musing about the evolution of devsecops. Where are we now? Where could things go? Building a global community of practice learning and sharing.
deep devops - learning to learn dotScale 2017Andrew Shafer
Â
dotsScale talk about devops as an exercise in evolution of behavioral change based on organizational learning. Learning has only happened when behaviors have changed.
Little talk about using software to visualize software development. We are surrounded by information, but we don't always have actionable insights. Strategic visualizations can makes all the difference.
Presented at devopsdays Nashville. Tdeas to simplify conversations about systems thinking and transformation. Touches on devops history, systems thinking, double loop learning and the overwhelming opportunity to solve problems with software.
Everyone seems to have an intuitive understanding of âarchitectureâ as the process and product of planning, designing, and constructing. The problem is most people donât have the same understanding which leads to disagreements about what the process and product entails. The transition from software shipped on physical media to software delivered as services further complicated the conversation as operating services introduces other factors that must be considered on an ongoing basis. These misunderstandings have only been exacerbated as greater speed and scale create new problems necessitating novel emergent solutions. This presentation will attempt to highlight the need for new language with dense semantics about the emerging architectures (because just saying âmicroservicesâ is causing more problems than it solves) while also pointing out that many of the struggles people have delivering software are rooted in architecture.
Slides given at Agile 2015 to support talk with Josh Long
Walks through basic ideas of Cloud Foundry BOSH, Cloud Foundry Elastic Runtime and Spring Boot/Spring Cloud.
Covered these slides in ~20 minutes, then did 50 minutes of Lattice demos and Spring live coding.
High level introduction to Linux Containers. Presented at Interop Las Vegas 2015. Frames the discussion with an introduction to intermodal shipping containers, the innovation around logistics and purpose built infrastructure and the impact. Walk through features of the Linux kernel which provide isolation and limitation and packaging applications as filesystem images. Finish talking about the emerging purpose built infrastructure for managing container deployments.
Configuration Management Camp presentation on the why and what of BOSH. Highlights the 'why' of deploying Cloud Foundry Elastic Runtime and the design decisions to do that.
devops, cultivation and the cycle of creation and disruption framed with the history of the samurai adaptation to the Mongol invasion and the book of 5 rings
Organizational Learning!
Nash Equilibriums!
Pareto Inefficiencies!
Oh My!
reprising themes I want everyone to understand and apply to to building the future
there is no talent shortage - Velocity 2013Andrew Shafer
Â
slides for talk at Velocity 2013
there is no talent shortage.
there is a shortage of courage and vision.
learning is a competitive advantage.
we get the future we deserve.
DevOps and Testing slides at DASA ConnectKari Kakkonen
Â
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Â
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Â
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Enhancing Performance with Globus and the Science DMZGlobus
Â
ESnet has led the way in helping national facilitiesâand many other institutions in the research communityâconfigure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Â
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Â
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
Â
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. Whatâs changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Â
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navyâs DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATOâs (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Â
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
Â
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
Â
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties â USA
Expansion of bot farms â how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks â Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Â
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
2. Pivotal ConfidentialâInternal Use Only
Modern Approach for Digital Business
AGILE PRODUCT DEVELOPMENT
Agile practices and collaboration for
product and culture transformation
âą World class application
development services
âą Proven transformational
methodology
BIG DATA
Modern, open, highly
parallelized platform
âą Hadoop, in-memory, and MPP
databases
âą Industryâs most complete big data
analytics offering
CLOUD NATIVE PLATFORM
open source, cloud native
deployment automation
âą Platform-as-a-Service (PaaS)
software with multi-cloud support
âą Polyglot, Self-Service, Self-
Healing, Container Scheduler