What's My Security Policy Doing to My Help Desk w/ Chris Swan

•

0 j'aime•369 vues

Operational data mining gives us a rich source of data for the third devops way - continual learning by experimentation. It also shows us just how damaging those 90 day password resets can be. This talk will look at what can go wrong, and the renewed fight to fix the problem at the root.

Logiciels

November 15, 2016
What’s My Security Policy Doing to My Help Desk?
Chris Swan (@cpswan), CTO Global Infrastructure Services, CSC

2 November 15, 2016© 2016 Computer Sciences Corporation
Chris Swan – why me?
Combat Systems Engineer - Royal Navy
Security R&D – Credit Suisse
CTO Security - UBS
CTO – Cohesive Networks
CTO, Global Infrastructure
Services - CSC
@cpswan

3 November 15, 2016© 2016 Computer Sciences Corporation
Agenda
• Operational Data Mining and the 3rd DevOps Way
• The #1 issue
• A parable about 802.1X
• Finding a better way

© 2016 Computer Sciences Corporation
Setting the scene:
The 3 DevOps Ways and
Operational Data Mining

5 November 15, 2016© 2016 Computer Sciences Corporation
The 3 ways
1.Flow
2.Feedback
3.Continual Learning
& Experimentation

6 November 15, 2016© 2016 Computer Sciences Corporation
Operational Data Mining (ODM) takes ‘data exhaust’ from service
management and ancillary systems
‘Exhausting’ by Ben Salter https://flic.kr/p/8VTaMe

7 November 15, 2016© 2016 Computer Sciences Corporation
Operational Data Mining focusses on the 3rd Way
1.Flow
2.Feedback
3.Continual Learning
& Experimentation

8 November 15, 2016© 2016 Computer Sciences Corporation
Data helps us find the constraints, then tells us what to do with them
‘Narrow’ by gwire https://flic.kr/p/4d3N4

9 November 15, 2016© 2016 Computer Sciences Corporation
Constraint unblocking helps provide better flow and feedback
1.Flow
2.Feedback
3.Continual Learning
& Experimentation

10 November 15, 2016© 2016 Computer Sciences Corporation
Data provides a means of empowerment to front line staff
“I knew that,
I knew that we needed to do that”

© 2016 Computer Sciences Corporation
So let’s start with the #1 issue

12 November 15, 2016© 2016 Computer Sciences Corporation
#1 - Password reset related issues
Account Login
Tickets
31%
Escalated to
Other Queues
No Resolving
Action
Required1
Other,
Completed by
Service Desk
Service Desk Incident Tickets
August 2014 – August 2015
n = 67k tickets
AD Accounts
34%
Rater Portal
Accounts
Mainframe
Accounts
Other
Accounts
Account Reset Tickets
August 2014 – August 2015
n = 21k tickets
1. There are primarily calls chasing other previously opened tickets
For incidents were the Service Desk
is the resolver of the incident,
account issues represent the vast
majority of these tickets
The Service Desk typically spends 5-
10 min of effort on each of these
reset tickets, although occasionally
tickets are re-opened again later if the
user calls back a 2nd or 3rd time.

13 November 15, 2016© 2016 Computer Sciences Corporation
AD account lockout issues:
Multiple incidents in the past year by user

14 November 15, 2016© 2016 Computer Sciences Corporation
AD account lockout issues:
3+ incidents in the past year

15 November 15, 2016© 2016 Computer Sciences Corporation
Service desk volume for AD account locking tickets:
Users with the same problem 3+ times in last year

16 November 15, 2016© 2016 Computer Sciences Corporation
A deeper analysis reveals that users often experience these repeat issues
in quick succession
• Of those users that have the same issue multiple
times, these multiple occurrences often occur in quick
succession
• This, along with additional observations in the ticket
notes, indicates that the help desk is often not
resolving the underlying issue behind the incident
which thus subsequently generates more incidents
• Users are often connected to different support
personnel on each call, thus the Service Desk often
does not notice that they are just constantly unlocking
accounts for the same users and thus not actually
fixing the root cause of the issue

© 2016 Computer Sciences Corporation
A parable about WiFi authentication:
Why 802.1X for BYOD can be a really bad
idea

18 November 15, 2016© 2016 Computer Sciences Corporation
It all seems so simple

19 November 15, 2016© 2016 Computer Sciences Corporation
When ‘one password’ lets you down
I
have
the
old
password
Password
reset

© 2016 Computer Sciences Corporation
Finding a better way

21 November 15, 2016© 2016 Computer Sciences Corporation
First it was CESG in the UK
Source: http://www.theregister.co.uk/2016/05/05/stop_resetting_your_password_says_uk_spy_network/

22 November 15, 2016© 2016 Computer Sciences Corporation
Then NIST in the US
Source: https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/

23 November 15, 2016© 2016 Computer Sciences Corporation
This isn’t a withdrawal from password security

24 November 15, 2016© 2016 Computer Sciences Corporation
My colleagues produced a white paper on this topic
Source: http://assets1.csc.com/cybersecurity/downloads/THE_PROBLEM_WITH_P4__W0RDS_.pdf

25 November 15, 2016© 2016 Computer Sciences Corporation
Let’s not pretend that this is an easy fix

26 November 15, 2016© 2016 Computer Sciences Corporation
When systems and culture collide

© 2016 Computer Sciences Corporation
Wrapping up

28 November 15, 2016© 2016 Computer Sciences Corporation
Summary
• Operational Data Mining and the 3rd DevOps Way
• The #1 issue
• A parable about 802.1X
• Finding a better way

© 2016 Computer Sciences Corporation
Thanks to the sponsors and supporters

© 2016 Computer Sciences Corporation
Time for questions?

Contenu connexe

En vedette

George Parris III, Capital One In many companies, the cornerstone of their continuous integration and continuous deployment strategy is a few, well known pieces of automation software that are absolutely vital to the way companies are building software these days using agile methodologies. Many times though, someone with some infrastructure experience will just spin up a server and install the packages, building and iterating upon that same install for the following years that they're using it, which puts them in a shaky place every time they have to make changes to it. On the Online Account Opening project at Capital One, we’ve strived to maintain our entire infrastructure as immutable as possible. In doing so, it was decided that we should apply that principle to our core CI/CD automation tools as well. By using Config As Code, Implementing a useful backup and testing strategy, and utilizing some AWS capabilities, we’re able to make that happen.

Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...

Sonatype

Security and dev ops for high velocity organizations

Chef

My talk from All Day DevOps 2016 introducing IdentityOps. IdentityOps is a set of strategies that integrates security, Identity and DevOps to solve common use cases for technical operations. Key take aways of IdentityOps: * Centralized policy for access management to resources * Uniform application of policy and real-time enforcement * Better operational efficiency * Enable use cases: least privilege, nonrepudiation, segregation of duties, and audibility

Security, Identity, and DevOps, oh my - Print

Chris Sanchez

DevOps and IT security

ch.osme

Prepare to defend thyself with Blue/Green

Sonatype

Embedded environments greatly restrict the tools available for a DevOps pipeline. A regulated environment changes the processes a development team can use to deliver software. The combination results in a highly restricted environment that forces the team back to first principles, finding what can actually work. In this talk, we'll consider the options, develop a set of helpful tools and discuss the challenges facing any team working on DevOps in unfavorable environments. Together, we'll examine my experiences with a medical device company, where I built a DevOps pipeline for software controlling a heart pump. I would like to discuss the tools that worked as well as the principles that lead our team to success.

DevOps in a Regulated and Embedded Environment (AgileDC)

Arjun Comar

Presented August 11, 2016 by Michael Right, Senior Product Manager, HPE Security Fortify; Mike Pittenger, VP of Security Strategy, Black Duck. Open source software is an integral part of today’s technology ecosystem, powering everything from enterprise and mobile applications to cloud computing, containers and the Internet of Things. While open source offers attractive economic and productivity benefits for application development, it also presents organizations with significant security challenges. Every year, thousands of new open source security vulnerabilities – such as Heartbleed, Venom and Shellshock – are reported. Unfortunately, many organizations lack visibility into and control of their open source. Addressing this challenge is vital for ensuring security in applications and containers. Whether you’re building software for customers or for internal use, the majority of the code is likely open source and securing it is no easy task. In this session, you’ll learn about: • The evolving DevOps and software security assurance lifecycle in the age of open source • The software security considerations CISOs, security, and development teams must address when using open source • An automated approach to identifying vulnerabilities and managing software security assurance for custom and open source code.

Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck

Black Duck by Synopsys

Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed

SeniorStoryteller

Madhu Akula, Automation Ninja We can see attacks happening in real time using a dashboard. By collecting logs from various sources we will monitor & analyse. Using data gleaned from the logs, we can apply defensive rules against the attackers. We will use AWS for managing and securing the infrastructure discussed in our talk. For most network engineers who monitor the perimeter for malicious content, it is very important to respond to an imminent threat originating from outside the boundaries of their network. Having to crunch through all the logs that the various devices (firewalls, routers, security appliances etc.) spit out, correlating that data and in real time making the right choices can prove to be a nightmare. Even with the solutions already available in the market. As I have experienced this myself, as part of the Internal DevOps and Incident Response Teams, in several cases, I would want to create a space for interested folks to design, build, customise and deploy their very own FOSS based centralised visual attack monitoring dashboard. This setup would be able to perform real time analysis using the trusted ELK stack and visually denote what popular attack hotspots exist on a network.

Automated Infrastructure Security: Monitoring using FOSS

Sonatype

A web application’s attack surface is the combination of URLs it will respond to as well as the inputs to those URLs that can change the behavior of the application. Understanding an application’s attack surface is critical to being able to provide sufficient security test coverage, and by watching an application’s attack surface change over time security and development teams can help target and optimize testing activities. This presentation looks at methods of calculating web application attack surface and tracking the evolution of attack surface over time. In addition, it looks at metrics and thresholds that can be used to craft policies for integrating different testing activities into Continuous Integration / Continuous Delivery (CI/CD) pipelines for teams integrating security into their DevOps practices.

Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...

Denim Group

Scaling Rugged DevOps to Thousands of Applications - Panel Discussion

SeniorStoryteller

Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure

Puppet

BsidesMCR_2016-what-can-infosec-learn-from-devops

James '-- Mckinlay

Making Security Agile - Oleg Gryb

SeniorStoryteller

Justin Collins, Brakeman Security It is not enough to have fast, automated code deployment. We also need some level of assurance the code being deployed is stable and secure. Static analysis tools that operate on source code can be an efficient and reliable method for ensuring properties about the code - such as meeting basic security requirements. Automated static analysis security tools help prevent vulnerabilities from ever reaching production, while avoiding slow, fallible manual code reviews. This talk will cover the benefits of static analysis and strategies for integrating tools with the development workflow.

Static Analysis For Security and DevOps Happiness w/ Justin Collins

Sonatype

DevOps and Application Security

Shahee Mirza

Building Security In - A Tale of Two Stories - Laksh Raghavan

SeniorStoryteller

Looking at security and DevOps requires a view across two dimensions: Securing the application; and Securing the application delivery pipeline Securing the application focuses on ensuring the application being developed and delivered, and the associated data, are secure. This means building and delivering them using secure engineering practices that ensure their security and integrity, as well as that of the business and end-users. Securing the application delivery pipeline focuses on securing the delivery platform itself, so that the application development and delivery tools, the Infrastructure and environments, configurations, automation tools, repositories, and associated services and APIs are all secure. Join us to hear an overview of these concepts, how they can be applied across the software delivery pipeline and IBM offerings that can help you on your journey to secure DevOps.

Security and DevOps - Managing Security in a DevOps Enterprise

Claudia Ring

Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur Überwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im Übergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit "Security-DevOps" dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe übertragen.

Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015

Christian Schneider

En vedette (19)

Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...

Security and dev ops for high velocity organizations

Security, Identity, and DevOps, oh my - Print

DevOps and IT security

Prepare to defend thyself with Blue/Green

DevOps in a Regulated and Embedded Environment (AgileDC)

Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck

Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed

Automated Infrastructure Security: Monitoring using FOSS

Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...

Scaling Rugged DevOps to Thousands of Applications - Panel Discussion

Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure

BsidesMCR_2016-what-can-infosec-learn-from-devops

Making Security Agile - Oleg Gryb

Static Analysis For Security and DevOps Happiness w/ Justin Collins

DevOps and Application Security

Building Security In - A Tale of Two Stories - Laksh Raghavan

Security and DevOps - Managing Security in a DevOps Enterprise

Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015

Similaire à What's My Security Policy Doing to My Help Desk w/ Chris Swan

Operational Analytics at Credit Suisse from ThousandEyes Connect

ThousandEyes

Observability at Spotify

Aleksandr Kuboskin, CFA

INFOCOMM 2015 / 2016 Brightbox Secure Charging Station Usage Study. InfoComm is the largest, most exciting event in the Western Hemisphere focused on the pro-AV industry, with nearly 1,000 exhibitors, thousands of products, and 40,000 attendees from 110+ countries. Brightbox has been the official charging station at both the 2015 Orlando and 2016 Las Vegas events. Events Featured: Secure Mag Swipe as key module Secure Pin Code as key module Email Collection Impression Analytics QR Code on-screen Brightbox is an American B2B kiosk technology company and a world leader in the development, operation and sale of kiosks and a platform for securely recharging smartphones and mobile devices, delivering content and collecting data. Our mission is two-fold: to deliver convenient, highly secure mobile power to the public, and to deliver brand enhancement to organizations. We now have 1000 kiosks deployed in 10 countries. We sell and lease the most sophisticated and secure interactive recharging kiosk to experiential agencies and brands. Features include Camera Audience Measurement, Polling, SMS relay, Coupons, and the ability to amplify a social media campaign via our prized charging amenity. We offer many secure locker key options, including brandable Mag Swipe cards, Secure Pin Code, or RFID readers compatible with the leading badge and ticket registration companies in the industry. BRANDS Increase brand awareness Get credit for solving a huge need Engage customers with interactive messaging, surveys, phone & email acquisition. For more information contact us Martin@brightboxcharge.com or visit http://www.brightboxcharge.com

InfoComm Charging Station Usage Study Secure Mag Swipe, Pin Code, QR Code

Joel Martin

Data lineage is a regulatory and internal requirement with potential to deliver significant operational and business benefits, but financial institutions can find it difficult to implement and complex to maintain as systems and regulatory requirements themselves, change quickly. The importance of understanding where the true source of the data is coming from, where the data flows to and what has changed cannot be overstated. The webinar defines data lineage and discuss implementation through the eyes of those that have implemented and sustained successful lineage solutions with significant benefits. Listen to the webinar to find out about: - Data management for data lineage - Winning buy-in for projects - Best practice implementation - Operational and business benefits - Expert practitioner advice

The art of implementing data lineage

Leigh Hill

Managing Large Scale Financial Time-Series Data with Graphs

Objectivity

The supply chain of the future will accelerate due to assistance from autonomous technologies and processes. These are slides from our webinar Supply Chain and the Autonomous World webinar featuring special guests Jim Lawton, Chief Product and Marketing Officer, Rethink Robotics and Andy Souders, SVP Products and Strategy IoT/Big Data, Savi Technology, as they join Lora to discuss the impact of technologies such as robotics, self-driving vehicles, wearable devices, cognitive learning, 3-D printing and other evolutions on current and future supply chains.

Autonomous webinar final deck

Lora Cecere

As engineers, we’re empowered by advancements in cloud platforms to build ever more complex systems that can achieve amazing feats at a scale previously only possible for the elite few. The monitoring tools have evolved over the years to accommodate our growing needs with these increasingly complex systems, but the emergence of serverless technologies like AWS Lambda has shifted the landscape and broken some of the underlying assumptions that existing tools are built upon - eg. you can no longer access the underlying host to install monitoring agents/daemons, and it’s no longer feasible to use background threads to send monitoring data outside the critical path. Furthermore, event-driven architectures has become easily accessible and widely adopted by those adopting serverless technologies, and this trend has added another layer of complexity with how we monitor and debug our systems as it involves tracing executions that flow through async invocations, and often fan’d-out and fan’d-in via various event processing patterns. Join us in this talk as Yan Cui gives us an overview of the challenges with observing a serverless architecture (ephemerality, no access to host OS, no background thread for sending monitoring data, etc.), the tradeoffs to consider, and the state of the tooling for serverless observability.

The present and future of serverless observability

Yan Cui

How do I do DevOps when all I have is Ops?

Chris Swan

Understanding Business APIs through statistics

WSO2

Need for Systems Analysis & Design-19Jul2016

Conrad Sebego

Online Student Record (1)

Nayeem Hasan

Thavron: Service Costing for the Board Room to Finance

Thavron Solutions

"Big Data" is currently a big hype. Large amounts of historical data are stored in Hadoop or other platforms. Business Intelligence tools and statistical computing are used to draw new knowledge and to find patterns from this data, for example for promotions, cross-selling or fraud detection. The key challenge is how these findings can be integrated from historical data into new transactions in real time to make customers happy, increase revenue or prevent fraud. "Fast Data" via stream processing is the solution to embed patterns - which were obtained from analyzing historical data - into future transactions in real-time. This session uses several real world success stories to explain the concepts behind stream processing and its relation to Hadoop and other big data platforms. The session discusses how patterns and statistical models of R, Spark MLlib and other technologies can be integrated into real-time processing using open source frameworks (such as Apache Storm, Spark or Flink) or products (such as IBM InfoSphere Streams or TIBCO StreamBase). A live demo shows the complete development lifecycle combining analytics, machine learning and stream processing.

How to Apply Machine Learning with R, H20, Apache Spark MLlib or PMML to Real...

Kai Wähner

Delivering Services Powered by Operational Data - Connected Services

OSIsoft, LLC

De Impactvolle Data Analist

Kevin Anderson

Streetlife's real time analytics stack

idan_by

Principles of ict concepts and data processing

bwire sedrick

ME is an Australian bank with a difference - we're a branchless, digital bank that depends on our external and internal applications and services to achieve our purpose to help all Australians get ahead. In this session Matt Forder, Infrastructure Service Manager, will show how ME use platforms like Pega Systems, Temenos T24, and Software AG WebMethods in a service-orientated, multi-sourced environment to deliver digital services for customers and staff, and how AppDynamics helps make sense of it all. Key takeaways: • How AppDynamics can be used in service-oriented environment with a mix of in-house developed and commercial off-the-shelf software. • How AppDynamics can help measure and improve the experience of internal and field-based staff. • How AppDynamics can increase service provider accountability in a multi-sourced environment. For more information, go to: www.appdynamics.com

AppDynamics and ME Bank: Use Cases for a Modern Digital Bank - AppSphere16

AppDynamics

Data Science Perspective, Manish Kurse, 2016

manishkurse

PCMA Events Professional Convention Management Association (PCMA) is the definitive authority in education, business networking and community engagement for leaders in the global meetings, convention and business events industry. With more than 6,500 members and 50,000 customers PCMA drives innovation through risk taking, research and data driven decision making. The following report is a usage sampling from six PCMA educational events. In addition we have worked with event partner / operators such as InCharged.com and ITMMobile.com for deployment at these events.

PCMA Usage Studies 2015 - 2017

Joel Martin

Similaire à What's My Security Policy Doing to My Help Desk w/ Chris Swan (20)

Operational Analytics at Credit Suisse from ThousandEyes Connect

Observability at Spotify

InfoComm Charging Station Usage Study Secure Mag Swipe, Pin Code, QR Code

The art of implementing data lineage

Managing Large Scale Financial Time-Series Data with Graphs

Autonomous webinar final deck

The present and future of serverless observability

How do I do DevOps when all I have is Ops?

Understanding Business APIs through statistics

Need for Systems Analysis & Design-19Jul2016

Online Student Record (1)

Thavron: Service Costing for the Board Room to Finance

How to Apply Machine Learning with R, H20, Apache Spark MLlib or PMML to Real...

Delivering Services Powered by Operational Data - Connected Services

De Impactvolle Data Analist

Streetlife's real time analytics stack

Principles of ict concepts and data processing

AppDynamics and ME Bank: Use Cases for a Modern Digital Bank - AppSphere16

Data Science Perspective, Manish Kurse, 2016

PCMA Usage Studies 2015 - 2017

Plus de Sonatype

DevOps Days Columbus - Derek Weeks - 2019

Sonatype

2019 DevSecOps Reference Architectures

Sonatype

RSAC DevSecOpsDays 2018 - We are all Equifax

Sonatype

DevSecOps reference architectures 2018

Sonatype

30+ Nexus Integrations to Accelerate DevOps

Sonatype

2017 DevSecOps Survey

Sonatype

Gary Gruver, Gruver Consulting In my role, I get to meet lots of different companies, and I realized quickly that DevOps means different things to different people. They all want to do “DevOps” because of all the benefits they are hearing about, but they are not sure exactly what DevOps is, where to start, or how to drive improvements over time. They are hearing a lot of different great ideas about DevOps, but they struggle to get every-one to agree on a common definition and what changes they should make. It is like five blind men describing an elephant. In large orga-nizations, this lack of alignment on DevOps improvements impedes progress and leads to a lack of focus. This session is intended to help structure and align those improvements by providing a framework that large organizations and their executives can use to understand the DevOps principles in the context of their current development processes and to gain alignment across the organization for success-ful implem

Starting and Scaling DevOps In the Enterprise

Sonatype

Mandy Whaley, CISCO Microservices create an explosion of internal and external APIs. These APIs need great docs. Many organizations end up with a jungle of wiki pages, swagger docs and api consoles, and maybe just a few secret documents trapped in chat room somewhere… Keeping docs updated and in sync with code can be a challenge. We’ve been working on a project at Cisco DevNet to help solve this problem for engineering teams across Cisco. The goal is to create a forward looking developer and API doc publishing pipeline that: Has a developer friendly editing flow Accepts many API spec formats (Swagger, RAML, etc) Supports long form documentation in markdown Is CI/CD pipeline friendly so that code and docs stay in sync Flexible enough to be used by a wide scope of teams and technologies We have many interesting lessons learned about tooling and how to solve documentation challenges for internal and external facing APIs. We have found that solving this doc publishing flow is a key component of a building modern infrastructure. This is most definitely a culture + tech + ops + dev story, we look forward to sharing with the DevOps Days community.

DevOps Friendly Doc Publishing for APIs & Microservices

Sonatype

In today’s world, a company must be a “Learning Organization” in order to be successful and innovative. Learning from both failure and success, in order to implement small incremental improvements is critical. But until you implement and apply new information, you haven’t truly “learned” anything and you certainly haven’t improved. According to the 2015 Monitoring Survey, most companies leverage metrics from monitoring and logging purely for performance analytics and trending. If high availability and reliability are important, they also leverage metrics to alert on fault and anomaly detection. Despite these “best practices”, the metrics are primarily only used as context to keep things “running” or return them back to “normal” if there’s a problem. Rarely is that data used as a method to identify areas of improvement once services have been restored. When an outage occurs to your system, you will absolutely repair and restore services as best you know how, but are you paying attention to the data from the recovery efforts? What were operators seeing during diagnosis and remediation? What were their actions? What was going on with everyone, including conversations? A step-by-step replay of exactly what took place during that outage. This “old-view” perspective on the purpose of monitoring, logging, and alerting leaves the full value of metrics unrealized. It fails to address what’s important to the overall business objective and it lacks any hope of seeking out innovation or disruption of the status quo. This talk will illustrate how to identify if your company is making the best use of metrics and ways to not only learn from failure, but to become a “Learning Company”.

The Unrealized Role of Monitoring & Alerting w/ Jason Hand

Sonatype

DevOps promises to make better software faster and more safely and many organizations begin by practicing Continuous Integration and moving on to Continuous Delivery and sometimes even extending as far as Continuous Deployment - but this is only the tip of the iceberg. DevOps demands a fundamental shift in the way we work and requires all participants in an organization to live its principles. It’s much more than a tool chain. When you are delivering software in an Agile manner in fortnightly sprints, are you still funding in an annual manner? Are you adhering to The Third Way? I.e. are you practicing Continuous Experimentation? Continuous Learning? How are you doing Continuous Testing? Are you including security in that? Have you have Continuous Improvement in your organization for years? When does Continuous Everything turn into Continuous Apathy?

DevOps and All the Continuouses w/ Helen Beal

Sonatype

Serverless and the Way Forward

Sonatype

Small and medium-size businesses are under the same pressure to innovate-at-speed as large corporations. They face these challenges with shoestring IT budgets and limited staff who are stretched thin and forced to wear multiple hats. These limits are particularly acute in the world of nonprofit associations. But with the right vision and culture, even small teams can successfully implement a DevOps philosophy and bust the barriers to high-speed IT innovation. In this presentation, I will recount our small membership association’s transformative journey to DevOps and share the lessons we learned along the way. I will offer first-hand experiences and practical ideas on how to cultivate a collaborative team culture to realize faster deployment cycles while improving build quality and delighting customers with great software.

A Small Association's Journey to DevOps w/ Edward Ruiz

Sonatype

Lee Calcote, Solar Winds Running a few containers? No problem. Running hundreds or thousands? Enter the container orchestrator. Let’s take a look at the characteristics of the four most popular container orchestrators and what makes them alike, yet unique. Swarm Nomad Kubernetes Mesos+Marathon We’ll take a structured looked at these container orchestrators, contrasting them across these categories: Genesis & Purpose Support & Momentum Host & Service Discovery Scheduling Modularity & Extensibility Updates & Maintenance Health Monitoring Networking & Load-Balancing High Availability & Scale

Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors

Sonatype

Akash Mahajan, Appsecco Ansible offers a flexible approach to building a SecOps pipeline. System hardening can become just another software project. Using it we can do secure application deployment, configuration management and continuous monitoring. Security can be codified & attack surfaces reduced by using Ansible. Who is this talk for? This talks and demo is relevant and useful for any practitioner of DevSecOps. It introduces the concepts of declarative security Showcases one of the tools (Ansible) to embrace DevSecOps in a friction free no expense required manner Implements security architecture principles using a structured language (YAML) as part of the framework (playbooks) which is ‘Infrastructure As Code’ Gives a clear roadmap on how to find the best practices for security hardening Covers how continuous monitoring can be applied for security Technical Requirements While 30 minutes short for letting attendees do hands-on, the following will be required - A modern Linux distribution with Python and Ansible installed - Basic idea of running commands on the Linux command line

System Hardening Using Ansible

Sonatype

Erlend Oftedal, Blank Immutable infrastructure and serverless architectures have very interesting security properties. This talk will give an introduction to immutable infrastructure and serverless architecture and try to highlight some of the properties of such architectures. Next we will look at the positive effects this can have on the security of our systems, but also highlight some of the negative aspects and potential problems. At the conclusion of this sessions, we hope to have shed some light on the positive and negative security effects of such architectures.

There is No Server: Immutable Infrastructure and Serverless Architecture

Sonatype

Damien Corabouef, Multipharma, Clear2Pay Implementing a CI/CD solution based on Jenkins has become very easy. Dealing with multiple feature, staging and release branches? Not so much. Having to handle that for multiple teams and multiple projects becomes a real challenge. This presentation shows a solution to scale to several thousands of jobs, used by dozens of different development and test teams, 24 hours a day, 7 days a week, on a worldwide schedule. I will talk about the challenges that we’ve met, and how we’ve put in place a scalable and on-demand solution, secure and simple to use. This is a real-life, real-scale story of making CI/CD a day-to-day reality by allowing development and test teams to consider automation as a simple and customisable service.

Getting out of the Job Jungle with Jenkins

Sonatype

Nathen Harvey, Chef Automation at scale is the foundation of every successful high velocity organization. Automation requires dynamic infrastructure that is managed as code. Modern infrastructure code means bringing the lessons from software development to your infrastructure. Automation is managed in version control systems, tests drive code development, code moves through a continuous pipeline from the workstation to the production environment. What will this look like in five years? We will see a continued improvement in the way teams work together toward common goals, build more operable applications, and embrace complexity while improving ease-of-use.

Modern Infrastructure Automation

Sonatype

Jayne Groll, DevOps Institute Culture is undoubtedly one of the most critical aspects of any DevOps initiative. While much emphasis is placed on the automation of the deployment pipeline, there is also a need for a “Continuous People Pipeline”. Continuous People Pipelines help individuals and teams recognize their contribution to the value stream, provide realistic approaches and milestones for ongoing communication and collaboration and can be the basis for shared accountabilities and meaningful metrics. Most importantly, people pipelines help increase trust, flow, feedback and connection across IT silos. This session will provide insight on the value, creation and support of Continuous People Pipelines. It will help attendees understand some of the human dynamics of change that must be considered – cultural debt, adoption models, acceptance curves, collaboration, immersion and conflict management. At the end of this session, leaders will take away some innovative strategic and tactical ideas for overcoming silo constraints and creating a collaborative culture that excites, engages and unifies people towards common business goals.

Continuous Everyone: Engaging People Across the Continuous Pipeline

Sonatype

Michiel Rook, make.io It's a situation many of us are familiar with: a large legacy, monolithic application, limited or no tests, slow & manual release process, low velocity, no confidence... A lot of refactoring is required, but management keeps pushing for new features. How to proceed? Using examples and lessons learned from a real-world case, I'll show you how to replace a legacy application with a modern service-oriented architecture and build a continuous integration and deployment pipeline to deliver value from the first sprint. On the way, we’ll take a look at the process, automated testing, monitoring, master/trunk based development and various (possibly controversial!) tips and best practices.

The Road to Continuous Deployment

Sonatype

Daniël van Gils, Cloud 66 So you’ve already containerized the shit out of your code, broken down monoliths, microserviced the hell out of your app and have run some awesome workloads in your local, dev and test environments. It’s all looking good, but now what? Running Docker commands is one thing, but maintaining containers in production is a whole other ballgame. So during this talk I’ll show you the REAL wild world of Docker in production. With the added benefit of talking to and observing how over 900 of our customers have been using Docker in production, I’ll be presenting some of these data points and sharing our observations on how to get it right. My aim? I want to turn the conversation on its head and dispel some of the ‘silver bullet’ assumptions flying around by taking an inside-out approach to building with Docker. The idea is to provide you with a framework for how to get your code into containers, streamline the Docker build flow and avoid common pitfalls when moving from dev to live environments. Because remember, Docker will NOT, and I repeat, will not solve your bad dev and ops behaviours. So don’t end up with a ‘hot mess’ (more on that later), and attend my talk to get container smart

Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...

Sonatype

Plus de Sonatype (20)

DevOps Days Columbus - Derek Weeks - 2019

2019 DevSecOps Reference Architectures

RSAC DevSecOpsDays 2018 - We are all Equifax

DevSecOps reference architectures 2018

30+ Nexus Integrations to Accelerate DevOps

2017 DevSecOps Survey

Starting and Scaling DevOps In the Enterprise

DevOps Friendly Doc Publishing for APIs & Microservices

The Unrealized Role of Monitoring & Alerting w/ Jason Hand

DevOps and All the Continuouses w/ Helen Beal

Serverless and the Way Forward

A Small Association's Journey to DevOps w/ Edward Ruiz

Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors

System Hardening Using Ansible

There is No Server: Immutable Infrastructure and Serverless Architecture

Getting out of the Job Jungle with Jenkins

Modern Infrastructure Automation

Continuous Everyone: Engaging People Across the Continuous Pipeline

The Road to Continuous Deployment

Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...

Dernier

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

HR Software Buyers Guide in 2024 - HRSoftware.com

Fatema Valibhai

Test automation is a cornerstone of software development and quality assurance in today's rapidly evolving digital landscape. Its significance cannot be overstated. Businesses can enhance efficiency, productivity, and accelerate software delivery to market through automation, streamlining testing processes effectively. This comprehensive guide addresses the best practices for test automation in 2024. It offers a detailed checklist to empower you to optimize your automation efforts and maintain a competitive edge.

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

kalichargn70th171

Looking to embark on a digital project in New York City? Choosing the ideal Laravel development partner is pivotal. Begin by defining your project requirements clearly. Assess potential partners' experience, expertise, and technical proficiency, checking portfolios and client testimonials. Effective communication and collaboration are paramount, so evaluate partners' communication styles and project management approaches. Consider long-term scalability and support options, and discuss pricing and contracts transparently. Lastly, trust your instincts when selecting a partner aligned with your vision and values.

How to Choose the Right Laravel Development Partner in New York City_compress...

software pro Development

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (29-April-2024(PSS)

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

At TECUNIQUE, we're a stable and steadily growing Indian software services company with over 14 years of industry experience. Specializing in offshore software development and quality assurance services, we've built a reputation for delivering unique and effective solutions to start-ups, software development companies, enterprises, and digital agencies. We pride ourselves on our commitment to excellence and innovation. By blending insightful business domain knowledge with exceptional technical prowess, we craft tailor-made solutions that meet the unique needs of our clients. Our dedicated teams are adept in specific technologies, ensuring seamless integration of skills and delivering reliable, scalable, and high-quality software solutions aligned with our clients' preferences. Bespoke Dedicated Teams: Crafted to meet your specific needs and technology preferences, our dedicated teams are committed to delivering top-notch software solutions. Offshore Software Development: Accelerate your software development and scale up quickly with our 12+ years of expertise in offshore development. Quality Assurance Services: Ensure the quality of your software products with our dedicated teams of experienced QA professionals. IT Staff Augmentation: Overcome skill gaps with our client-centric software team, offering staff augmentation services. Expert Software Services: Unlock our capabilities in custom software development, product development, and quality assurance. Mission and Vision: Our mission at TECUNIQUE is to be the catalyst for our clients' success in the dynamic domain of software development. Rooted in our core values of respect, authenticity, and responsibility, we strive to ease the software outsourcing experience, reducing both time and cost to market for our clients. We envision ourselves as the leading Indian software services company, renowned for our unwavering commitment to excellence and innovation. www.tecunique.com

TECUNIQUE: Success Stories: IT Service provider

mohitmore19

Software Quality Assurance Interview Questions

Arshad QA

Craft an AI & Machine Learning Pitch with our Editable Professional PowerPoint Template. Ignite your AI & Machine Learning pitch with our cutting-edge PowerPoint template tailored for the industry. Perfect for AI conferences, investor presentations, sales pitches to tech-focused companies, training sessions, and educational programs. - 20+ editable slides: Get a variety of options to choose from for your presentation. - Time-saving solution: Download, replace text/images with a few clicks. - User-friendly customization: Easy to use and personalize. - Modern and attractive design: Captivating visuals, sleek layout. - Tailored to your requirements: Fully alterable for customization. - Well-organized slides: Complete control over content. - Thematic specificity: Reflects healthcare industry with relevant graphics. - Showcase your business idea: Communicate value proposition effectively.

AI & Machine Learning Presentation Template

Presentation.STUDIO

Unlocking the Future of AI Agents with Large Language Models

aagamshah0812

Foundation models are machine learning models which are easily capable of performing variable tasks on large and huge datasets. FMs have managed to get a lot of attention due to this feature of handling large datasets. It can do text generation, video editing to protein folding and robotics. In case we believe that FMs can help the hospitals and patients in any way, we need to perform some important evaluations, tests to test these assumptions. In this review, we take a walk through Fms and their evaluation regimes assumed clinical value. To clarify on this topic, we reviewed no less than 80 clinical FMs built from the EMR data. We added all the models trained on structured and unstructured data. We are referring to this combination of structured and unstructured EMR data or clinical data.

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

harshavardhanraghave

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

kalichargn70th171

Data spaces in distributed environments should be allowed to evolve in agile ways providing data space owners with large flexibility about which data they store. Agility and heterogeneity, however, jeopardize data exchanges because representations may build on varying ontologies and data consumers may not rely on the semantic correctness of their queries in the context of semantically heterogeneous, evolving data spaces. Graph data spaces are one example of a powerful model for representing and querying data whose semantics may change over time. To assert and enforce conditions on individual graph data spaces, shape languages (e.g SHACL) have been developed. We investigate the question of how querying and programming can be guarded by reasoning over SHACL constraints in a distributed setting and we sketch a picture of how a future landscape based on semantically heterogeneous data spaces might look like.

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Steffen Staab

8257 interfacing 2 in microprocessor for btech students

HimanshiGarg82

Looking for an efficient way to manage your finances? Look no further than our money management app. With easy-to-use features, you can track your expenses, create budgets, and monitor your savings goals all in one place. Our app provides real-time updates on your spending habits and helps you make smarter financial decisions. Take control of your finances today with our user-friendly money management app.

Right Money Management App For Your Financial Goals

Jhone kinadey

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

VishalKumarJha10

A Secure and Reliable Document Management System is Essential.docx

ComplianceQuest1

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Many specialized tools cater to distinct stages within the software development lifecycle (SDLC). These tools target various aspects of development, delivery, and operations, each with its unique strengths. Uniting these diverse testing needs into a single continuous testing platform presents several challenges. Such a platform must seamlessly integrate with various development tools and environments, accommodate different testing methodologies, and remain flexible to adapt to organizational processes and quality standards.

The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...

kalichargn70th171

Dernier (20)

VTU technical seminar 8Th Sem on Scikit-learn

HR Software Buyers Guide in 2024 - HRSoftware.com

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

How to Choose the Right Laravel Development Partner in New York City_compress...

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

TECUNIQUE: Success Stories: IT Service provider

Software Quality Assurance Interview Questions

AI & Machine Learning Presentation Template

Unlocking the Future of AI Agents with Large Language Models

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

8257 interfacing 2 in microprocessor for btech students

Right Money Management App For Your Financial Goals

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Microsoft AI Transformation Partner Playbook.pdf

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

A Secure and Reliable Document Management System is Essential.docx

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...

What's My Security Policy Doing to My Help Desk w/ Chris Swan

1. November 15, 2016 What’s My Security Policy Doing to My Help Desk? Chris Swan (@cpswan), CTO Global Infrastructure Services, CSC

2. 2 November 15, 2016© 2016 Computer Sciences Corporation Chris Swan – why me? Combat Systems Engineer - Royal Navy Security R&D – Credit Suisse CTO Security - UBS CTO – Cohesive Networks CTO, Global Infrastructure Services - CSC @cpswan

6. 6 November 15, 2016© 2016 Computer Sciences Corporation Operational Data Mining (ODM) takes ‘data exhaust’ from service management and ancillary systems ‘Exhausting’ by Ben Salter https://flic.kr/p/8VTaMe

12. 12 November 15, 2016© 2016 Computer Sciences Corporation #1 - Password reset related issues Account Login Tickets 31% Escalated to Other Queues No Resolving Action Required1 Other, Completed by Service Desk Service Desk Incident Tickets August 2014 – August 2015 n = 67k tickets AD Accounts 34% Rater Portal Accounts Mainframe Accounts Other Accounts Account Reset Tickets August 2014 – August 2015 n = 21k tickets 1. There are primarily calls chasing other previously opened tickets For incidents were the Service Desk is the resolver of the incident, account issues represent the vast majority of these tickets The Service Desk typically spends 5- 10 min of effort on each of these reset tickets, although occasionally tickets are re-opened again later if the user calls back a 2nd or 3rd time.

16. 16 November 15, 2016© 2016 Computer Sciences Corporation A deeper analysis reveals that users often experience these repeat issues in quick succession • Of those users that have the same issue multiple times, these multiple occurrences often occur in quick succession • This, along with additional observations in the ticket notes, indicates that the help desk is often not resolving the underlying issue behind the incident which thus subsequently generates more incidents • Users are often connected to different support personnel on each call, thus the Service Desk often does not notice that they are just constantly unlocking accounts for the same users and thus not actually fixing the root cause of the issue

30. November 15, 2016

31. November 15, 2016

33. November 15, 2016

What's My Security Policy Doing to My Help Desk w/ Chris Swan

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (19)

Similaire à What's My Security Policy Doing to My Help Desk w/ Chris Swan

Similaire à What's My Security Policy Doing to My Help Desk w/ Chris Swan (20)

Plus de Sonatype

Plus de Sonatype (20)

Dernier

Dernier (20)

What's My Security Policy Doing to My Help Desk w/ Chris Swan