An idea for a log and backup policy that reduces the possibility of and potential damage from insider threats. Presented at Information Warfare Summit 2013.
A discussion of the importance of communication between people in different teams or working in different disciplines, with lots of examples from my time introducing devops practices to the UK Government.
This document contains the names of various photographers and their photos without any additional context. It lists over 20 photographers but does not provide any information about the photos themselves or what they depict.
C is not a dead programming language, and it should seriously be considered a prime candidate for a new programming language to lean by any who do not already know it. This was my presentation for SpringBeta 2013.
The document discusses best practices for password security, including using unique, long passwords for each account; avoiding reusing passwords; storing password hashes instead of plaintext passwords; using HTTPS for login and sensitive pages; and considering two-factor authentication. It recommends passwords be at least 12 characters with a mix of uppercase, lowercase, numbers and symbols; not changing passwords regularly; and using a password manager to generate secure, unique passwords for each site.
Authentication is among the most important concepts in security, but most people take a fatally simplistic approach to the matter. We will explore some of the concepts of authentication, including an idea for a more advanced view of authentication that violates common wisdom regarding a related topic.
A discussion of the importance of communication between people in different teams or working in different disciplines, with lots of examples from my time introducing devops practices to the UK Government.
This document contains the names of various photographers and their photos without any additional context. It lists over 20 photographers but does not provide any information about the photos themselves or what they depict.
C is not a dead programming language, and it should seriously be considered a prime candidate for a new programming language to lean by any who do not already know it. This was my presentation for SpringBeta 2013.
The document discusses best practices for password security, including using unique, long passwords for each account; avoiding reusing passwords; storing password hashes instead of plaintext passwords; using HTTPS for login and sensitive pages; and considering two-factor authentication. It recommends passwords be at least 12 characters with a mix of uppercase, lowercase, numbers and symbols; not changing passwords regularly; and using a password manager to generate secure, unique passwords for each site.
Authentication is among the most important concepts in security, but most people take a fatally simplistic approach to the matter. We will explore some of the concepts of authentication, including an idea for a more advanced view of authentication that violates common wisdom regarding a related topic.
This document discusses using deception in cybersecurity defenses. It begins by arguing that obscurity does provide some security benefits in practice. It then outlines several deception techniques like denial, degradation, and attribution. Examples of current deception research projects are presented, such as using fake passwords to thwart cracking and deceptive software patches. Modeling deception strategies using hypergames is also discussed. The document argues that deception methods show promise in improving security when combined with traditional defenses.
This document discusses implementing AppLocker whitelisting to prevent malware execution. It begins by explaining the limitations of traditional antivirus and introduces AppLocker as a "whitelisting" approach that allows only approved applications to run. It then provides guidance on planning and deploying AppLocker, including determining scope, generating application rules, selecting rule types, and configuring Group Policy for enforcement. The presentation aims to demonstrate how AppLocker can eliminate many IT problems by preventing the execution of unauthorized or unknown software.
Slides from my DevOpsExpo London talk "From oops to NoOps".
They tell you in these conferences that DevOps is not about tools, but about culture. And they are partially right. I am going to tell you that itās not only about culture or tools but also abstractions.
It is a lot about how you see software and its value. About our mental model of what software is: how it runs, evolves, and interacts with the other facets of an enterprise.
We used to view software as code. As a state of code. Now we think about software as change, as a flow. A dynamic system where people, machines, and processes interact continuously.
At Platform.sh we spend a bunch of time asking ourselves not āHow do you build?ā - or even āHow do you build consistently?ā - but rather āWhat does it mean to consistently build in a world where change is good?ā A world that lets you push security fixes into production as soon as theyāre available because you donāt want to be an Equifax but you do want stability.
In this presentation, I will go over what we think software is and why having the right ideas about software will help you get your culture right and your tooling aligned, as well as gain in productivity, and general happiness and well-being.
Security incident response is a reactive and chaotic exercise. What if it were possible to flip the scenario on its head? Security focused chaos engineering takes the approach of advancing the security incident response apparatus by reversing the postmortem and preparation phases. Contrary to Purple Team or Red Team game days, Security Chaos Engineering does not use threat actor tactics, techniques and procedures. It develops teams through unique configuration, cyber threat and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones.
Security Chaos Engineering allows incident response and product teams to derive new information about the state of security within their distributed systems that was previously unknown. Within this new paradigm of instrumentation where we proactively conduct āPre-Incidentā vs. āPost-Incidentā reviews we are now able to more accurately measure how effective our security incident response teams, tools, skills, and procedures are during the manic of the Incident Response function.
In this session Aaron Rinehart, the mind behind the first Open Source Security Chaos Engineering tool ChaoSlingr, will introduce how Security Chaos Engineering can be applied to create highly secure, performant, and resilient distributed systems.
This document discusses advanced threat hunting and identifying zero-day attacks infiltrating organizations. It begins with background on the speaker and an overview of the evolving threat landscape, including nation-states, criminal enterprises, and hacktivists. It then discusses how advanced threats may not be as sophisticated as assumed and how threats often "live off the land" by using existing tools to blend in. The document emphasizes that advanced threat hunting requires knowing what to look for, as threats can enter opportunistically but cause damage over time. It provides examples of living off the land techniques like using PowerShell and internal sites for command and control. The conclusion stresses the importance of understanding one's environment and capabilities when conducting threat hunting.
This document discusses the concepts of DevOps, SecOps, and DevSecOps. It describes how the traditional divisions between development, operations, and security can lead to problems, and how adopting a DevOps culture and practices like continuous integration, infrastructure as code, and automation can help break down silos. It emphasizes that DevSecOps is about collaboration, culture change, and bringing security practices into the development lifecycle from the beginning.
Building a Modern Security Engineering Organization. Zane LackeyYandex
Ā
The document discusses building a modern security engineering organization. It describes how the world has changed with near-instantaneous code deployment and increased developer access to production systems. It advocates for adopting a culture of continuous monitoring and transparency around security issues. The document provides recommendations for incentivizing communication between security and development teams and for implementing access restrictions in a way that does not remove capabilities. It also discusses using bug bounties and attack simulations to increase the cost for attackers.
This document provides an introduction to network and security for Elastix systems. It discusses that security is a broad topic that requires constant monitoring and improvement. The document outlines four layers of security: firewalls, authentication, obfuscation, and monitoring. It warns of "script kiddies" who use automated tools to find vulnerabilities, and stresses the importance of strong passwords and monitoring logs. The overall message is that security requires ongoing effort across multiple layers to protect systems from evolving threats.
OSDC 2018 | The Computer science behind a modern distributed data store by Ma...NETWAYS
Ā
What we see in the modern data store world is a race between different approaches to achieve a distributed and resilient storage of data. Most applications need a stateful layer which holds the data. There are at least three necessary ingredients which are everything else than trivial to combine and of course even more challenging when heading for an acceptable performance. Over the past years there has been significant progress in respect in both the science and practical implementations of such data stores. In his talk Max Neunhoeffer will introduce the audience to some of the needed ingredients, address the difficulties of their interplay and show four modern approaches of distributed open-source data stores.
Topics are:
ā Challenges in developing a distributed, resilient data store
ā Consensus, distributed transactions, distributed query optimization and execution
ā The inner workings of ArangoDB, Cassandra, Cockroach and RethinkDB
The talk will touch complex and difficult computer science, but will at the same time be accessible to and enjoyable by a wide range of developers.
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
Ā
Itās 3AM. Do you know what your servers are doing? In this age of increased attacks and highly publicized vulnerabilities, deploying your infrastructure in a secure way is mission critical. In this session, Aaron Hackney and Major Hayden from Rackspace will reveal security strategies to focus your spending and reduce your risk.
Building a Modern Security Engineering OrganizationZane Lackey
Ā
Continuous deployment and the DevOps philosophy have forever changed the ways in which businesses operate. This talk with discuss how security adapts effectively to these changes, specifically covering:
- Practical advice for building and scaling modern AppSec and NetSec programs
- Lessons learned for organizations seeking to launch a bug bounty program
- How to run realistic attack simulations and learn the signals of compromise in your environment
The computer science behind a modern disributed data storeJ On The Beach
Ā
What we see in the modern data store world is a race between different approaches to achieve a distributed and resilient storage of data. Every application needs a stateful layer which holds the data. There are at least three necessary components which are everything else than trivial to combine, and, of course, even more challenging when heading for an acceptable performance.
Over the past years there has been significant progress in both the science and practical implementations of such data stores. In his talk Max Neunhoeffer will introduce the audience to some of the needed ingredients, address the difficulties of their interplay and show four modern approaches of distributed open-source data stores (ArangoDB, Cassandra, Cockroach and RethinkDB).
The speaker discusses how they used Terraform to improve their workflow for data science projects. As a data scientist, they spent most of their time dealing with infrastructure issues rather than the data science work. Terraform's "infrastructure as code" approach allowed them to define and provision resources like servers and databases in a declarative way. This improved reproducibility and made it easier to setup and destroy resources for experiments. Modules also helped abstract complexity and allowed resources to be composed together. The speaker argues this approach can benefit both data scientists and devops teams by making infrastructure part of the reproducible workflow.
This document discusses strategies for managing large datasets, known as "big data". It identifies several challenges, such as ensuring proper hardware, software, data analysis tools, and report formats are selected. Effective big data management requires tightly defining problems, understanding user needs, and selecting fast platforms tailored to the data volume and type. Data mining software and defining the data's structure are important. The most important consideration is producing reports end users can easily understand.
Metric Abuse: Frequently Misused Metrics in OracleSteve Karam
Ā
This is a presentation I created for RMOUG 2014 which I was sadly unable to attend. However, I wanted to share it with the Oracle community so that you can learn a bit about metrics that are frequently cited, frequently demonized, and frequently misused. In this deck we will go through the steps to diagnose issues and what NOT to blame as you go through the process.
The topics and concepts discussed here were originally formed in a blog post on the OracleAlchemist.com site: http://www.oraclealchemist.com/news/these-arent-the-metrics-youre-looking-for/
The document outlines 10 rules for developing software with security in mind. The rules are:
1. Learn about security or it will teach you the hard way through vulnerabilities.
2. Security knowledge becomes obsolete quickly, so keep learning. Have a security expert on your team.
3. Befriend security researchers and let them test your software for vulnerabilities.
4. Expect to ship software with security bugs despite your best efforts.
5. Have security response plans to quickly address issues that arise.
6. Security and usability will always be in tension so aim for good, not perfect.
7. Have open conversations about security with users and researchers to build trust.
8. There may
This document provides an overview of Dev(Sec)Ops concepts through a series of Easter egg themed sections. It discusses why Dev(Sec)Ops is important for improving security, quality and morale. It defines Dev(Sec)Ops and distinguishes it from DevOps, emphasizing the need for security knowledge and rigor. The document outlines five Dev(Sec)Ops Easter eggs covering securing credentials, defining circles of trust for deployments, securing code repositories, managing application memory, and hardening cloud infrastructure. It concludes by emphasizing the importance of trust and defense-in-depth across the organization.
Slides from a workshop titled Data Privacy for Activists on January 29th, 2017 for the Data Privacy PDX Meetup group.
Workshop included presentation and live demos of:
- leaked credentials
- metadata fingerprinting
- VPN use
- Encrypted Email
Charles Southerland discusses issues with traditional time measurement systems and proposes adopting a hexadecimal system of measuring time. Some key problems with current systems include the complexity of sexagesimal counting and inconsistencies between time zones. Measuring time is important for keeping schedules, communication, and coding applications. While relativity complicates time measurement, standards organizations have worked to address these issues. Southerland suggests replacing traditional time systems with one based on hexadecimal to parallel how computers represent information internally.
RSA is a popular public key cryptography algorithm invented by Rivest, Shamir, and Adleman in 1978. It uses two large prime numbers to generate a public and private key pair. The public key is used to encrypt messages, and the private key is used to decrypt them. RSA works by converting the plaintext into numbers, encrypting it using modular arithmetic and the public key, then decrypting the ciphertext with the private key. It relies on the difficulty of factoring large numbers.
This document discusses using deception in cybersecurity defenses. It begins by arguing that obscurity does provide some security benefits in practice. It then outlines several deception techniques like denial, degradation, and attribution. Examples of current deception research projects are presented, such as using fake passwords to thwart cracking and deceptive software patches. Modeling deception strategies using hypergames is also discussed. The document argues that deception methods show promise in improving security when combined with traditional defenses.
This document discusses implementing AppLocker whitelisting to prevent malware execution. It begins by explaining the limitations of traditional antivirus and introduces AppLocker as a "whitelisting" approach that allows only approved applications to run. It then provides guidance on planning and deploying AppLocker, including determining scope, generating application rules, selecting rule types, and configuring Group Policy for enforcement. The presentation aims to demonstrate how AppLocker can eliminate many IT problems by preventing the execution of unauthorized or unknown software.
Slides from my DevOpsExpo London talk "From oops to NoOps".
They tell you in these conferences that DevOps is not about tools, but about culture. And they are partially right. I am going to tell you that itās not only about culture or tools but also abstractions.
It is a lot about how you see software and its value. About our mental model of what software is: how it runs, evolves, and interacts with the other facets of an enterprise.
We used to view software as code. As a state of code. Now we think about software as change, as a flow. A dynamic system where people, machines, and processes interact continuously.
At Platform.sh we spend a bunch of time asking ourselves not āHow do you build?ā - or even āHow do you build consistently?ā - but rather āWhat does it mean to consistently build in a world where change is good?ā A world that lets you push security fixes into production as soon as theyāre available because you donāt want to be an Equifax but you do want stability.
In this presentation, I will go over what we think software is and why having the right ideas about software will help you get your culture right and your tooling aligned, as well as gain in productivity, and general happiness and well-being.
Security incident response is a reactive and chaotic exercise. What if it were possible to flip the scenario on its head? Security focused chaos engineering takes the approach of advancing the security incident response apparatus by reversing the postmortem and preparation phases. Contrary to Purple Team or Red Team game days, Security Chaos Engineering does not use threat actor tactics, techniques and procedures. It develops teams through unique configuration, cyber threat and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones.
Security Chaos Engineering allows incident response and product teams to derive new information about the state of security within their distributed systems that was previously unknown. Within this new paradigm of instrumentation where we proactively conduct āPre-Incidentā vs. āPost-Incidentā reviews we are now able to more accurately measure how effective our security incident response teams, tools, skills, and procedures are during the manic of the Incident Response function.
In this session Aaron Rinehart, the mind behind the first Open Source Security Chaos Engineering tool ChaoSlingr, will introduce how Security Chaos Engineering can be applied to create highly secure, performant, and resilient distributed systems.
This document discusses advanced threat hunting and identifying zero-day attacks infiltrating organizations. It begins with background on the speaker and an overview of the evolving threat landscape, including nation-states, criminal enterprises, and hacktivists. It then discusses how advanced threats may not be as sophisticated as assumed and how threats often "live off the land" by using existing tools to blend in. The document emphasizes that advanced threat hunting requires knowing what to look for, as threats can enter opportunistically but cause damage over time. It provides examples of living off the land techniques like using PowerShell and internal sites for command and control. The conclusion stresses the importance of understanding one's environment and capabilities when conducting threat hunting.
This document discusses the concepts of DevOps, SecOps, and DevSecOps. It describes how the traditional divisions between development, operations, and security can lead to problems, and how adopting a DevOps culture and practices like continuous integration, infrastructure as code, and automation can help break down silos. It emphasizes that DevSecOps is about collaboration, culture change, and bringing security practices into the development lifecycle from the beginning.
Building a Modern Security Engineering Organization. Zane LackeyYandex
Ā
The document discusses building a modern security engineering organization. It describes how the world has changed with near-instantaneous code deployment and increased developer access to production systems. It advocates for adopting a culture of continuous monitoring and transparency around security issues. The document provides recommendations for incentivizing communication between security and development teams and for implementing access restrictions in a way that does not remove capabilities. It also discusses using bug bounties and attack simulations to increase the cost for attackers.
This document provides an introduction to network and security for Elastix systems. It discusses that security is a broad topic that requires constant monitoring and improvement. The document outlines four layers of security: firewalls, authentication, obfuscation, and monitoring. It warns of "script kiddies" who use automated tools to find vulnerabilities, and stresses the importance of strong passwords and monitoring logs. The overall message is that security requires ongoing effort across multiple layers to protect systems from evolving threats.
OSDC 2018 | The Computer science behind a modern distributed data store by Ma...NETWAYS
Ā
What we see in the modern data store world is a race between different approaches to achieve a distributed and resilient storage of data. Most applications need a stateful layer which holds the data. There are at least three necessary ingredients which are everything else than trivial to combine and of course even more challenging when heading for an acceptable performance. Over the past years there has been significant progress in respect in both the science and practical implementations of such data stores. In his talk Max Neunhoeffer will introduce the audience to some of the needed ingredients, address the difficulties of their interplay and show four modern approaches of distributed open-source data stores.
Topics are:
ā Challenges in developing a distributed, resilient data store
ā Consensus, distributed transactions, distributed query optimization and execution
ā The inner workings of ArangoDB, Cassandra, Cockroach and RethinkDB
The talk will touch complex and difficult computer science, but will at the same time be accessible to and enjoyable by a wide range of developers.
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
Ā
Itās 3AM. Do you know what your servers are doing? In this age of increased attacks and highly publicized vulnerabilities, deploying your infrastructure in a secure way is mission critical. In this session, Aaron Hackney and Major Hayden from Rackspace will reveal security strategies to focus your spending and reduce your risk.
Building a Modern Security Engineering OrganizationZane Lackey
Ā
Continuous deployment and the DevOps philosophy have forever changed the ways in which businesses operate. This talk with discuss how security adapts effectively to these changes, specifically covering:
- Practical advice for building and scaling modern AppSec and NetSec programs
- Lessons learned for organizations seeking to launch a bug bounty program
- How to run realistic attack simulations and learn the signals of compromise in your environment
The computer science behind a modern disributed data storeJ On The Beach
Ā
What we see in the modern data store world is a race between different approaches to achieve a distributed and resilient storage of data. Every application needs a stateful layer which holds the data. There are at least three necessary components which are everything else than trivial to combine, and, of course, even more challenging when heading for an acceptable performance.
Over the past years there has been significant progress in both the science and practical implementations of such data stores. In his talk Max Neunhoeffer will introduce the audience to some of the needed ingredients, address the difficulties of their interplay and show four modern approaches of distributed open-source data stores (ArangoDB, Cassandra, Cockroach and RethinkDB).
The speaker discusses how they used Terraform to improve their workflow for data science projects. As a data scientist, they spent most of their time dealing with infrastructure issues rather than the data science work. Terraform's "infrastructure as code" approach allowed them to define and provision resources like servers and databases in a declarative way. This improved reproducibility and made it easier to setup and destroy resources for experiments. Modules also helped abstract complexity and allowed resources to be composed together. The speaker argues this approach can benefit both data scientists and devops teams by making infrastructure part of the reproducible workflow.
This document discusses strategies for managing large datasets, known as "big data". It identifies several challenges, such as ensuring proper hardware, software, data analysis tools, and report formats are selected. Effective big data management requires tightly defining problems, understanding user needs, and selecting fast platforms tailored to the data volume and type. Data mining software and defining the data's structure are important. The most important consideration is producing reports end users can easily understand.
Metric Abuse: Frequently Misused Metrics in OracleSteve Karam
Ā
This is a presentation I created for RMOUG 2014 which I was sadly unable to attend. However, I wanted to share it with the Oracle community so that you can learn a bit about metrics that are frequently cited, frequently demonized, and frequently misused. In this deck we will go through the steps to diagnose issues and what NOT to blame as you go through the process.
The topics and concepts discussed here were originally formed in a blog post on the OracleAlchemist.com site: http://www.oraclealchemist.com/news/these-arent-the-metrics-youre-looking-for/
The document outlines 10 rules for developing software with security in mind. The rules are:
1. Learn about security or it will teach you the hard way through vulnerabilities.
2. Security knowledge becomes obsolete quickly, so keep learning. Have a security expert on your team.
3. Befriend security researchers and let them test your software for vulnerabilities.
4. Expect to ship software with security bugs despite your best efforts.
5. Have security response plans to quickly address issues that arise.
6. Security and usability will always be in tension so aim for good, not perfect.
7. Have open conversations about security with users and researchers to build trust.
8. There may
This document provides an overview of Dev(Sec)Ops concepts through a series of Easter egg themed sections. It discusses why Dev(Sec)Ops is important for improving security, quality and morale. It defines Dev(Sec)Ops and distinguishes it from DevOps, emphasizing the need for security knowledge and rigor. The document outlines five Dev(Sec)Ops Easter eggs covering securing credentials, defining circles of trust for deployments, securing code repositories, managing application memory, and hardening cloud infrastructure. It concludes by emphasizing the importance of trust and defense-in-depth across the organization.
Slides from a workshop titled Data Privacy for Activists on January 29th, 2017 for the Data Privacy PDX Meetup group.
Workshop included presentation and live demos of:
- leaked credentials
- metadata fingerprinting
- VPN use
- Encrypted Email
Charles Southerland discusses issues with traditional time measurement systems and proposes adopting a hexadecimal system of measuring time. Some key problems with current systems include the complexity of sexagesimal counting and inconsistencies between time zones. Measuring time is important for keeping schedules, communication, and coding applications. While relativity complicates time measurement, standards organizations have worked to address these issues. Southerland suggests replacing traditional time systems with one based on hexadecimal to parallel how computers represent information internally.
RSA is a popular public key cryptography algorithm invented by Rivest, Shamir, and Adleman in 1978. It uses two large prime numbers to generate a public and private key pair. The public key is used to encrypt messages, and the private key is used to decrypt them. RSA works by converting the plaintext into numbers, encrypting it using modular arithmetic and the public key, then decrypting the ciphertext with the private key. It relies on the difficulty of factoring large numbers.
Program Derivation of Operations in Finite Fields of Prime OrderCharles Southerland
Ā
This document summarizes Charles Southerland's presentation on program derivation of operations in finite prime fields Fp. It begins with an introduction and thanks section. Then, it outlines the topics to be covered: finite fields, program derivation, and deriving a program to find the multiplicative inverse in Fp. It provides background on finite fields, Dijkstra's guarded command language, the weakest precondition predicate transformer, and the process of program derivation. It also discusses multiplicative inverses in finite fields, the greatest common divisor algorithm, exploring Bezout's identity, and deriving a program to find the multiplicative inverse using a loop invariant based on Bezout's identity and the gcd algorithm.
The original version of my undergraduate research presentation that I was graded on (I got an A, but this version is certainly inferior to the later version of the presentation, by which time I also had better insight into my results).
One-Time Pad (OTP) encryption uses truly random keys that are only used once to encrypt plaintext. If the keys are random, only used once, and securely transferred and destroyed, then OTP provides perfect secrecy since the ciphertext reveals no information about the plaintext. However, achieving these strict conditions is difficult in practice, requiring solutions for secure key generation, transfer, storage and destruction. While OTP provides unbreakable encryption theoretically, more practical algorithms are needed to address its limitations.
Day 4 - Excel Automation and Data ManipulationUiPathCommunity
Ā
š Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program: https://bit.ly/Africa_Automation_Student_Developers
In this fourth session, we shall learn how to automate Excel-related tasks and manipulate data using UiPath Studio.
š Detailed agenda:
About Excel Automation and Excel Activities
About Data Manipulation and Data Conversion
About Strings and String Manipulation
š» Extra training through UiPath Academy:
Excel Automation with the Modern Experience in Studio
Data Manipulation with Strings in Studio
š Register here for our upcoming Session 5/ June 25: Making Your RPA Journey Continuous and Beneficial: https://community.uipath.com/events/details/uipath-lagos-presents-session-5-making-your-automation-journey-continuous-and-beneficial/
Test Management as Chapter 5 of ISTQB Foundation. Topics covered are Test Organization, Test Planning and Estimation, Test Monitoring and Control, Test Execution Schedule, Test Strategy, Risk Management, Defect Management
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM āisā and āisnātā
- Understand the value of KM and the benefits of engaging
- Define and reflect on your āwhatās in it for me?ā
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
MongoDB vs ScyllaDB: Tractianās Experience with Real-Time MLScyllaDB
Ā
Tractian, an AI-driven industrial monitoring company, recently discovered that their real-time ML environment needed to handle a tenfold increase in data throughput. In this session, JP Voltani (Head of Engineering at Tractian), details why and how they moved to ScyllaDB to scale their data pipeline for this challenge. JP compares ScyllaDB, MongoDB, and PostgreSQL, evaluating their data models, query languages, sharding and replication, and benchmark results. Attendees will gain practical insights into the MongoDB to ScyllaDB migration process, including challenges, lessons learned, and the impact on product performance.
Automation Student Developers Session 3: Introduction to UI AutomationUiPathCommunity
Ā
š Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program: http://bit.ly/Africa_Automation_Student_Developers
After our third session, you will find it easy to use UiPath Studio to create stable and functional bots that interact with user interfaces.
š Detailed agenda:
About UI automation and UI Activities
The Recording Tool: basic, desktop, and web recording
About Selectors and Types of Selectors
The UI Explorer
Using Wildcard Characters
š» Extra training through UiPath Academy:
User Interface (UI) Automation
Selectors in Studio Deep Dive
š Register here for our upcoming Session 4/June 24: Excel Automation and Data Manipulation: https://community.uipath.com/events/details
Enterprise Knowledgeās Joe Hilger, COO, and Sara Nash, Principal Consultant, presented āBuilding a Semantic Layer of your Data Platformā at Data Summit Workshop on May 7th, 2024 in Boston, Massachusetts.
This presentation delved into the importance of the semantic layer and detailed four real-world applications. Hilger and Nash explored how a robust semantic layer architecture optimizes user journeys across diverse organizational needs, including data consistency and usability, search and discovery, reporting and insights, and data modernization. Practical use cases explore a variety of industries such as biotechnology, financial services, and global retail.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
Ā
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
Communications Mining Series - Zero to Hero - Session 2DianaGray10
Ā
This session is focused on setting up Project, Train Model and Refine Model in Communication Mining platform. We will understand data ingestion, various phases of Model training and best practices.
ā¢ Administration
ā¢ Manage Sources and Dataset
ā¢ Taxonomy
ā¢ Model Training
ā¢ Refining Models and using Validation
ā¢ Best practices
ā¢ Q/A
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfleebarnesutopia
Ā
Soā¦ you want to become a Test Automation Engineer (or hire and develop one)? While thereās quite a bit of information available about important technical and tool skills to master, thereās not enough discussion around the path to becoming an effective Test Automation Engineer that knows how to add VALUE. In my experience this had led to a proliferation of engineers who are proficient with tools and building frameworks but have skill and knowledge gaps, especially in software testing, that reduce the value they deliver with test automation.
In this talk, Lee will share his lessons learned from over 30 years of working with, and mentoring, hundreds of Test Automation Engineers. Whether youāre looking to get started in test automation or just want to improve your trade, this talk will give you a solid foundation and roadmap for ensuring your test automation efforts continuously add value. This talk is equally valuable for both aspiring Test Automation Engineers and those managing them! All attendees will take away a set of key foundational knowledge and a high-level learning path for leveling up test automation skills and ensuring they add value to their organizations.
An Introduction to All Data Enterprise IntegrationSafe Software
Ā
Are you spending more time wrestling with your data than actually using it? Youāre not alone. For many organizations, managing data from various sources can feel like an uphill battle. But what if you could turn that around and make your data work for you effortlessly? Thatās where FME comes in.
Weāve designed FME to tackle these exact issues, transforming your data chaos into a streamlined, efficient process. Join us for an introduction to All Data Enterprise Integration and discover how FME can be your game-changer.
During this webinar, youāll learn:
- Why Data Integration Matters: How FME can streamline your data process.
- The Role of Spatial Data: Why spatial data is crucial for your organization.
- Connecting & Viewing Data: See how FME connects to your data sources, with a flash demo to showcase.
- Transforming Your Data: Find out how FME can transform your data to fit your needs. Weāll bring this process to life with a demo leveraging both geometry and attribute validation.
- Automating Your Workflows: Learn how FME can save you time and money with automation.
Donāt miss this chance to learn how FME can bring your data integration strategy to life, making your workflows more efficient and saving you valuable time and resources. Join us and take the first step toward a more integrated, efficient, data-driven future!
CTO Insights: Steering a High-Stakes Database MigrationScyllaDB
Ā
In migrating a massive, business-critical database, the Chief Technology Officer's (CTO) perspective is crucial. This endeavor requires meticulous planning, risk assessment, and a structured approach to ensure minimal disruption and maximum data integrity during the transition. The CTO's role involves overseeing technical strategies, evaluating the impact on operations, ensuring data security, and coordinating with relevant teams to execute a seamless migration while mitigating potential risks. The focus is on maintaining continuity, optimising performance, and safeguarding the business's essential data throughout the migration process
Introducing BoxLang : A new JVM language for productivity and modularity!Ortus Solutions, Corp
Ā
Just like life, our code must adapt to the ever changing world we live in. From one day coding for the web, to the next for our tablets or APIs or for running serverless applications. Multi-runtime development is the future of coding, the future is to be dynamic. Let us introduce you to BoxLang.
Dynamic. Modular. Productive.
BoxLang redefines development with its dynamic nature, empowering developers to craft expressive and functional code effortlessly. Its modular architecture prioritizes flexibility, allowing for seamless integration into existing ecosystems.
Interoperability at its Core
With 100% interoperability with Java, BoxLang seamlessly bridges the gap between traditional and modern development paradigms, unlocking new possibilities for innovation and collaboration.
Multi-Runtime
From the tiny 2m operating system binary to running on our pure Java web server, CommandBox, Jakarta EE, AWS Lambda, Microsoft Functions, Web Assembly, Android and more. BoxLang has been designed to enhance and adapt according to it's runnable runtime.
The Fusion of Modernity and Tradition
Experience the fusion of modern features inspired by CFML, Node, Ruby, Kotlin, Java, and Clojure, combined with the familiarity of Java bytecode compilation, making BoxLang a language of choice for forward-thinking developers.
Empowering Transition with Transpiler Support
Transitioning from CFML to BoxLang is seamless with our JIT transpiler, facilitating smooth migration and preserving existing code investments.
Unlocking Creativity with IDE Tools
Unleash your creativity with powerful IDE tools tailored for BoxLang, providing an intuitive development experience and streamlining your workflow. Join us as we embark on a journey to redefine JVM development. Welcome to the era of BoxLang.
So You've Lost Quorum: Lessons From Accidental DowntimeScyllaDB
Ā
The best thing about databases is that they always work as intended, and never suffer any downtime. You'll never see a system go offline because of a database outage. In this talk, Bo Ingram -- staff engineer at Discord and author of ScyllaDB in Action --- dives into an outage with one of their ScyllaDB clusters, showing how a stressed ScyllaDB cluster looks and behaves during an incident. You'll learn about how to diagnose issues in your clusters, see how external failure modes manifest in ScyllaDB, and how you can avoid making a fault too big to tolerate.
Discover the Unseen: Tailored Recommendation of Unwatched ContentScyllaDB
Ā
The session shares how JioCinema approaches ""watch discounting."" This capability ensures that if a user watched a certain amount of a show/movie, the platform no longer recommends that particular content to the user. Flawless operation of this feature promotes the discover of new content, improving the overall user experience.
JioCinema is an Indian over-the-top media streaming service owned by Viacom18.
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
Ā
š Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
š Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
š» Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
š Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
Call Girls Chennai āļø +91-7426014248 š Chennai Call Girl Beauty Girls Chennai...
Ā
Logs And Backups
1. Logs and BackupsLogs and Backups
Charles Southerland (a.k.a. proidiot)Charles Southerland (a.k.a. proidiot)
Stuph LabsStuph Labs
Information Warfare Summit 2013Information Warfare Summit 2013
2. Imagine an outsider trying to deface yourImagine an outsider trying to deface your
organization's website.organization's website.
We'll say they're using SQL injection to do this.We'll say they're using SQL injection to do this.
3. The logs will likely give you a trove of informationThe logs will likely give you a trove of information
about how the attack occurred, and the backupabout how the attack occurred, and the backup
will allow you to revert the changes quickly.will allow you to revert the changes quickly.
4. Now imagine getting attacked by an insider.Now imagine getting attacked by an insider.
6. And those logs, which can usually be modifiedAnd those logs, which can usually be modified
with ease by an insider, will probably not help youwith ease by an insider, will probably not help you
figure out who attacked, how they attacked, orfigure out who attacked, how they attacked, or
perhaps even that they attacked at all.perhaps even that they attacked at all.
7. In fact, the logs might be almost as bad to leak asIn fact, the logs might be almost as bad to leak as
your backups.your backups.
8. Unfortunately, there doesn't appear to be a goodUnfortunately, there doesn't appear to be a good
one-size-fits-all way to deal with backups and logsone-size-fits-all way to deal with backups and logs
with respect to insider threats at this time.with respect to insider threats at this time.
9. I have no doubt that there is some vendor outI have no doubt that there is some vendor out
there that will sell you a āsecurity in a boxāthere that will sell you a āsecurity in a boxā
solution to this problem, but I seriously doubt suchsolution to this problem, but I seriously doubt such
a solution would be a good choice for manya solution would be a good choice for many
organizations.organizations.
10. ...but I have some ideas that might work for some...but I have some ideas that might work for some
organizations.organizations.
12. Why you might need to recover from backups:Why you might need to recover from backups:
ā
Something went wrongSomething went wrong
and you can recover quicklyand you can recover quickly
ā
Something catastrophic happenedSomething catastrophic happened
and you must recover carefullyand you must recover carefully
13. The best solution to non-breach recoveryThe best solution to non-breach recovery
is failover.is failover.
After all, the time it takes to restore from aAfter all, the time it takes to restore from a
backup is still downtime.backup is still downtime.
14. For the actual backups, separately backupFor the actual backups, separately backup
sensitive user data, other business data, etc.sensitive user data, other business data, etc.
15. Use a configuration management system (e.g.Use a configuration management system (e.g.
Chef, Puppet, CFEngine) and back up those filesChef, Puppet, CFEngine) and back up those files
in a form that necessary personnel can quicklyin a form that necessary personnel can quickly
decrypt and use as needed.decrypt and use as needed.
16. Encrypt all backups using a cryptosystem that isEncrypt all backups using a cryptosystem that is
appropriate for the sensitivity of the particularappropriate for the sensitivity of the particular
data, and be sure to always verify the authenticitydata, and be sure to always verify the authenticity
of the data (e.g. md5sum).of the data (e.g. md5sum).
17. Limit access to the onsite backups to a handful ofLimit access to the onsite backups to a handful of
people, and choose different people to grantpeople, and choose different people to grant
access to the crypto keys for those onsiteaccess to the crypto keys for those onsite
backups.backups.
18. Very closely monitor and log all access to theVery closely monitor and log all access to the
onsite backups. These onsite backups shouldonsite backups. These onsite backups should
preferably be kept somewhere that would be verypreferably be kept somewhere that would be very
difficult to extract information unnoticed from (i.e.difficult to extract information unnoticed from (i.e.
a computer with an air gap to the network).a computer with an air gap to the network).
19. Keep lots of backups in an offsite facility yourKeep lots of backups in an offsite facility your
employees don't have access to (e.g. Amazonemployees don't have access to (e.g. Amazon
Web Services, Rackspace).Web Services, Rackspace).
20. Amazon's Glacier would probably be a goodAmazon's Glacier would probably be a good
choice.choice.
21. Again, profusely log all access to the offsiteAgain, profusely log all access to the offsite
backups.backups.
22. Treat access to offsite backups like you do theTreat access to offsite backups like you do the
onsite one: encrypt all data, assure differentonsite one: encrypt all data, assure different
people have access to the data vs. the keys, etc.people have access to the data vs. the keys, etc.
23. Every 6 months and every time someone leavesEvery 6 months and every time someone leaves
who had access to the key or data for the onsitewho had access to the key or data for the onsite
backups, immediately destroy the key and data,backups, immediately destroy the key and data,
create new keys for the new backups, and thencreate new keys for the new backups, and then
randomly assign who will have access to whichrandomly assign who will have access to which
keys and data.keys and data.
24. It would be best to have similar practices withIt would be best to have similar practices with
regard to the keys and data for the offsiteregard to the keys and data for the offsite
backups, but care must be taken not to handlebackups, but care must be taken not to handle
these actions in an insecure way.these actions in an insecure way.
26. It is vital to assure that none of the sensitive dataIt is vital to assure that none of the sensitive data
leaks into the logs.leaks into the logs.
27. However, all other data, no matter how menial,However, all other data, no matter how menial,
should be recorded into the logs.should be recorded into the logs.
28. Hard drive space is very cheap and big data canHard drive space is very cheap and big data can
be extremely useful...be extremely useful...
29. ...so open the floodgates (e.g. this user requested...so open the floodgates (e.g. this user requested
this page by following this link from this ip addressthis page by following this link from this ip address
at this time from a browser with this agent string)at this time from a browser with this agent string)
30. You can use Apache Hadoop to analyze this dataYou can use Apache Hadoop to analyze this data
and do cool things like...and do cool things like...
34. You will accumulate an incredible amount of logYou will accumulate an incredible amount of log
data, but the sheer size could prove to be adata, but the sheer size could prove to be a
deterrant to would-be attackersdeterrant to would-be attackers
35. Not to mention that all access to the onsite andNot to mention that all access to the onsite and
offsite logs will also be heavily loggedoffsite logs will also be heavily logged
36. Access to the verbose offsite logs will rarely beAccess to the verbose offsite logs will rarely be
time sensitive, so access to those keys could betime sensitive, so access to those keys could be
much more heavily restricted apart from thosemuch more heavily restricted apart from those
timestimes
37. Not all of these suggestions will not work for everyNot all of these suggestions will not work for every
organizationorganization
38. The logs you keep on site do not need to be allThe logs you keep on site do not need to be all
that verbosethat verbose
39. And you don't really need to keep the onsite logsAnd you don't really need to keep the onsite logs
for very long (they're only needed to documentfor very long (they're only needed to document
the things that the IT dept can fix in a short time)the things that the IT dept can fix in a short time)
40. Also, as these approaches would likely require aAlso, as these approaches would likely require a
significant amount of resources to set up andsignificant amount of resources to set up and
maintain, it would likely not be cost effective formaintain, it would likely not be cost effective for
some organizationssome organizations
41. However, the kinds of organizations that InfragardHowever, the kinds of organizations that Infragard
focuses on would have such a high potential costfocuses on would have such a high potential cost
to an insider threat that alternate approaches toto an insider threat that alternate approaches to
this problem must at least be consideredthis problem must at least be considered
42. While there is currently no best solution to theWhile there is currently no best solution to the
problems that insider threats pose to logs andproblems that insider threats pose to logs and
backups, I feel it would be negligent not tobackups, I feel it would be negligent not to
continue looking for one.continue looking for one.