The lecture titled "Automating AppSec" delves into the critical challenges associated with manual application security (AppSec) processes and outlines strategic approaches for incorporating automation to enhance efficiency, accuracy, and scalability. The lecture is structured to highlight the inherent difficulties in traditional AppSec practices, emphasizing the labor-intensive triage of issues, the complexity of identifying responsible owners for security flaws, and the challenges of implementing security checks within CI/CD pipelines. Furthermore, it provides actionable insights on automating these processes to not only mitigate these pains but also to enable a more proactive and scalable security posture within development cycles. The Pains of Manual AppSec: This section will explore the time-consuming and error-prone nature of manually triaging security issues, including the difficulty of prioritizing vulnerabilities based on their actual risk to the organization. It will also discuss the challenges in determining ownership for remediation tasks, a process often complicated by cross-functional teams and microservices architectures. Additionally, the inefficiencies of manual checks within CI/CD gates will be examined, highlighting how they can delay deployments and introduce security risks. Automating CI/CD Gates: Here, the focus shifts to the automation of security within the CI/CD pipelines. The lecture will cover methods to seamlessly integrate security tools that automatically scan for vulnerabilities as part of the build process, thereby ensuring that security is a core component of the development lifecycle. Strategies for configuring automated gates that can block or flag builds based on the severity of detected issues will be discussed, ensuring that only secure code progresses through the pipeline. Triaging Issues with Automation: This segment addresses how automation can be leveraged to intelligently triage and prioritize security issues. It will cover technologies and methodologies for automatically assessing the context and potential impact of vulnerabilities, facilitating quicker and more accurate decision-making. The use of automated alerting and reporting mechanisms to ensure the right stakeholders are informed in a timely manner will also be discussed. Identifying Ownership Automatically: Automating the process of identifying who owns the responsibility for fixing specific security issues is critical for efficient remediation. This part of the lecture will explore tools and practices for mapping vulnerabilities to code owners, leveraging version control and project management tools. Three Tips to Scale the Shift Left Program: Finally, the lecture will offer three practical tips for organizations looking to scale their Shift Left security programs. These will include recommendations on fostering a security culture within development teams, employing DevSecOps principles to integrate security throughout the development
Enabling Powerful Software Insights by Visualizing Friction and Flow In an Agile software development process, a software team will typically meet on a regular basis in a “retrospective meeting” to reflect on the challenges faced by the team and opportunities for improvement. On the surface, this challenge might seem straight-forward, but modern software projects are complex endeavors, and developers are human – identifying what’s most important in a complex sociotechnical system is a task humans struggle to do well. What if developers had tools that recorded and helped them explore their historical experiences with the code, and they could identify hotspots of team friction, worthy of discussion, based on empirical data? This talk will explore the possibility and impact of such tools through a design fiction and working prototype of an Augmented Reality (AR) Code Planetarium powered by FlowInsight developer tools. Arty Starr, PhD student, University of Victoria & Founder, FlowInsight Arty is a recognized Flow Experience expert, researcher, speaker and thought leader, and the author of Idea Flow. This expertise, along with her experience as a former CTO and software engineer inspired Arty’s mission to improve the efficiency and morale of engineering teams, culminating in her founding FlowInsight. Arty teaches system models for better understanding the Flow Experience of software development, and the practice of using Flow Metrics to systematically optimize programming flow. “Flow as a practice” is the art of getting in and staying in flow state to optimize productivity. The company she founded, FlowInsight, is on a mission to bring back joy to our everyday work.
Ralph Lloren discusses social engineering and AI chatbots. He defines social engineering as gathering data about a system or framework to find vulnerabilities and then exploiting or healing gaps. He explains how biases, emotions, and behaviors can be manipulated in social engineering. Ralph also discusses how communication with chatbots, like ChatGPT, requires understanding human patterns of intellect, emotions, and behaviors to have effective conversations.
GCP Terraform Modules: Scaling Your Infrastructure the easy way With GCP Terraform Modules, you can take advantage of pre-built modules that simplify the process of creating and managing GCP resources, such as virtual machines, load balancers, databases, and more. These modules are designed to be reusable, scalable, and customizable, allowing you to quickly and easily deploy complex infrastructure configurations with just a few lines of code. Whether you're just getting started with GCP or you're looking for a more efficient way to manage your infrastructure, GCP Terraform Modules are a great way to streamline your operations and scale your infrastructure with ease. Join us as we cover details on why to use modules, how to use and where to find more helpful resources. Anita Gutta is Cloud Infrastructure Engineer in Google Cloud Professional Services Organization (PSO). She provides technical guidance to customers adopting Google Cloud Platform services. She works closely with clients to understand their business needs and recommends the best cloud solutions to meet those needs. She has hands-on terraform experience and leads the SME TF Community in Google Cloud. Prior to Google Anita worked in the IT industry for 25 years, the majority focused in the finance sector. Imran Nayer is a Senior Technical Solutions Consultant at Google Cloud Professional Services. He has been working on Google Cloud since 2019. Helped companies in the healthcare, financial, and retail sectors with projects including cloud foundation, migration, and automation. He is a regular contributor to the official GCP Terraform module, aka the Cloud Foundation Toolkit. He developed the Cloud Armor Security Module and several other CFT submodules.
Mastering Continuous Resiliency in Cloud: Chaos Engineering No one likes downtime. It can be detrimental in today’s competitive environment. It isn’t cheap either. Many companies have been using traditional DR strategies. However, their testing is costly, limited, and complex. In the modern agile environment, the latest DR exercise becomes invalid not long after it is done and there’s a greater variety of disruptions that can occur. In this demo, we’ll explore how to use chaos engineering techniques to: quantify reliability and resiliency, gain valuable insights, and build systems that can withstand the unexpected. By applying these practices, you can gain confidence, prove resiliency, and be sure you are ready to face the unexpected. Our speaker is Alexander Snegovoy, Lead of DevOps & Cloud Center of Competence at DataArt. Alex spearheads DataArt’s drive toward innovation, with more than 10 years of professional experience across the financial services, healthcare, travel, and IoT industries. After joining DataArt as a software engineer in 2016, he became a leading member of the DevOps & Cloud Center of Competence. His role also includes identifying and communicating technology trends, cementing alliances and strategic partnerships with other companies, and coaching and mentoring new talent.
There is a “dark side” to Kubernetes that makes it difficult to ensure the desired performance and resilience of cloud-native applications, while also keeping their costs under control. Indeed, the combined effect of Kubernetes resource management mechanisms and application runtime heuristics may cause serious performance and resilience risks. See Akamas' AI-powered optimizations solve this!
Brian Sullivan and J Schuh GDG Cloud Southlake #19: Design Thinking Primer: How to Build Better Ideas Video and other items from the event are here: https://gdg.community.dev/events/details/google-gdg-cloud-southlake-presents-gdg-cloud-southlake-19-sullivan-and-schuh-design-thinking-primer-how-to-build-better-ideas/
Crawl, Walk, Run. An exciting journey from 0 to fully certified on Google Cloud. A story of inspiration, entertainment, and struggle. You don't want to miss it. @YujunLiang is an Associate Director at Accenture. He started his Google Cloud journey in 2017 and had been on many challenging projects including leading roles on some of them. His expertise spans Cloud Infrastructure and Data analytics. Currently, Yujun works as the cloud architect on a Data Analytics Platform and helps the team remove roadblocks in networking and security. He is also known as the certification king on LinkedIn. He holds all 11 Google Cloud certifications and all 14 AWS certifications. His dedication to learning has created a sensation. Yujun is a Google Cloud Champion Innovator with a specialization in Data Analytics, Databases, Security, and Networking. Video on YouTube: https://youtu.be/RkMCn6ukfZg Check out past and future GDG Cloud Southlake events: https://gdg.community.dev/gdg-cloud-s... #cloud #gdg #gdgcloudsouthlake #sabre #google #careerjourney
If Artificial Intelligence (AI) is a black-box, how can a human comprehend and trust the results of Machine Learning (ML) alogrithms? Explainable AI (XAI) tries to shed light into that AI black-box so humans can trust what is going on. Our speaker Meg Dickey-Kurdziolek is currently a UX Researcher for Google Cloud AI and Industry Solutions, where she focuses her research on Explainable AI and Model Understanding. Recording of the presentation: https://youtu.be/6N2DNN_HDWU
Do you know The Cloud Girl? She makes the cloud come alive with pictures and storytelling. The Cloud Girl, Priyanka Vergadia, Chief Content Officer @Google, joins us to tell us about Scaleable Data Analytics in Google Cloud. Maybe, with her explanation, we'll finally understand it! Priyanka is a technical storyteller and content creator who has created over 300 videos, articles, podcasts, courses and tutorials which help developers learn Google Cloud fundamentals, solve their business challenges and pass certifications! Checkout her content on Google Cloud Tech Youtube channel. Priyanka enjoys drawing and painting which she tries to bring to her advocacy. Check out her website The Cloud Girl: https://thecloudgirl.dev/ and her new book: https://www.amazon.com/Visualizing-Google-Cloud-Illustrated-References/dp/1119816327