Wednesday
Jun182014
All my new posts are on my other blog
Wednesday, June 18, 2014 at 11:36AM My new blog can be found here: http://itrevolution.com/devops-blog/
Wednesday, June 18, 2014 at 11:36AM Thursday
Jan262012
Talk Notes: "Why Does Bad Software Happen To Good People?", Matt Tesauro: LASCON Keynote
Thursday, January 26, 2012 at 1:54PM LASCON 2011: October 27, 2011
- Talk title:Keynote: Why Does Bad Software Happen To Good People?
- Matt Tesauro (@matt_tesauro)
Matt Tesauro was the project lead for the LiveCD OWASP Project and is on the OWASP board. My notes are below...
Thursday
Jan262012
Talk Notes: A Statistical Journey through the Web Application Security Landscape: Jeremiah Grossman: LASCON 2011
Thursday, January 26, 2012 at 1:23PM LASCON 2011: October 27, 2011
- Talk title:A Statistical Journey through the Web Application Security Landscape
- Jeremiah Grossman (@jeremiahg, personal website, slideshare)
Jeremiah Grossman is the founder of White Hat Security, where my good friend Stephanie Fohn is currently CEO (she helped us with our first initiatives and product launches at Tripwire over a decade ago, for which I'll be forever grateful). Jeremiah is also very well-known for his work on metrics and benchmarking all aspects of vulnerabilities.
Here are my notes/tweets from Jeremiah's presentation:
Thursday
Jan262012
Talk Notes: The Infosec Perspective of DevOps: James Wickett: LASCON 2011
Thursday, January 26, 2012 at 12:50PM LASCON 2011: October 27, 2011
- Talk title: Coding Secure Infrastructure in the Cloud using the PIE framework
- James Wickett (@wickett, personal website, slideshare)
James Wickett and his ex-boss @ernestmueller are both a very special breed of people. James is well-known for his experience as an information security practitioner and his leadership in the OWASP community (he is the conference chair for the upcoming 2012 OWASP USA conference). But what makes him so interesting to me is that a boundary spanner. Beyond just infosec, he has experience doing IT Operations, as well as Development and DevOps practices.
(Incidentally, I believe his presentation on "The Rugged Way in the Cloud--Building Reliability and Security into Software" as one of the seminal works on how to information security integrates into DevOps-style practices. It is shown below, even though that isn't the topic of this talk note:)
At LASCON, he presented with Peco Karayanev on the PIE tool they built to integrate security practices into daily development and IT operations work. It will look very similar to a DevOps presentation, but hints at how organizations can integrate and deliver the non-functional requirements from the Rugged Computing initiative (e.g., scalable, available, survivable, securable, supportable, etc..).
Here's how they describe PIE, which is a tool they developed at National Instruments to support developing applications that are served up in the cloud:
in DevOps, lascon, security/compliance, talks
DevOps, lascon, security/compliance, talks Monday
Jan232012
Talk Notes: Gamification: Gabe Zichermann: ISEPP Lecture Series
Monday, January 23, 2012 at 10:46PM IESSP Lecture Series: November 17, 2011
- Talk title: Games: The New Science Of Engagement (Gamification),
- Gabe Zichermann (@gzicherm, personal website, slideshare)
This was a fantastic talk. Gabe Zichermann helped codify the gamification, writing a number of books on the topic, including "Game Based Marketing: Inspire Customer Loyalty Through Rewards, Challenges and Contests" and also the O'Reilly book "Gamification On Design".
My tweeted out notes are below:
in gamification, talks
gamification, talks