Roles and Responsibilities on DevOps Adoption

Size: px
Start display at page:

Download "Roles and Responsibilities on DevOps Adoption"

Transcription

1 Roles and Responsibilities on DevOps Adoption Hasan Yasar Technical Manager, Adjunct Faculty Member Secure Lifecycle Solutions CERT SEI CMU Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213

2 Copyright 2018 Carnegie Mellon University. All Rights Reserved. This material is based upon work funded and supported by the Department of Defense under Contract No. FA D with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-us Government use and distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. Carnegie Mellon and CERT are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM

3 Background The Software Engineering Institute (SEI) is a Federally Funded Research and Development Center (FFRDC) Source of CMMI, TSP, PSP Research software and cybersecurity problems of considerable complexity, create and test innovative technologies, and transition maturing solutions to widespread use. Assisted numerous government organizations in modernizing their software development practices in the spirit of DevOps principles. 25+ years of software development experiences Certified Scrum Practitioner Various roles throughout SDLC ; Manager, Architect, Tester, Developer, QA, IT Manager, Project Manager, VP Started with waterfall in 1990 Started with agile in 2003 Started with DevOps in 2010 Instructor on delivering DevOps course at CMU, SEI since

4 Gen. Chance Saltzman Director of current operations. 4

5 DevOps Reduce time: Concept to Capability Title of the Presentation Goes Here

6 DevOps? A Brief History! DevOps (a portmanteau of "development" and "operations ) emphasizes communication, collaboration, and integration between software developers and information technology (IT) operations personnel. [1] Patrick Debois Agile infrastructure and operations: how infra-gile are you?, Agile 2008 Conference John Allspaw 10+Deploys per Day: Dev and Ops Cooperation, Velocity 2009 DevOpsDays, October 30 th 2009, #DevOps term born [1] 6

7 DevOps aims to Increase the pace of innovation responsiveness to business needs collaboration software stability and quality... continuous feedback 7

8 DevOps has four Fundamental Principles Collaboration: between project team roles Infrastructure as Code: all assets are versioned, scripted, and shared where possible Automation: deployment, testing, provisioning, any manual or human-error-prone process Monitoring: any metric in the development or operational spaces that can inform priorities, direction, and policy 8

9 We ALL are Responsible 9

10 Is it Just Dev & Ops? Follow Agile methodologies - Using Scrum, Kanban and modern development approaches - Self directing, self managed, self organized Using any new technology - Each Dev has own development strategy - OpenSource, Operations - Runs the application - Manages the infrastructure - Support the applications Operations provides - Service Strategy, Design, Operations - Secure Systems Dev wants to deliver software faster with new requirements Ops wants to maintain stability, operations up-time 10

11 It is more than Dev and Ops IT Operations Business Analyst Infrastructure Maintenance Scalability Technical Documentation Release Review Deployment Networks Updates User Documentation Testing Developers Performance Programming User Interface Functional Requirements Code Review Business Constraints User Requirements Security Legal Issues Market Needs Budgets / Timelines Monitoring Data Privacy Incident response Intrusion Detection Quality Assurance /Tester Information Security 11

12 Development Lifecycle 12

13 Enhancing the SDLC A full DevOps Lifecycle 13

14 Pre-Production (PM, Users) Acquisition Requirements to Capability Test cases Resource allocation 14

15 DevOps Pipeline (OPS) Tool installation Configuration Integration of various tools ( ~200) Design for deployment, monitoring 15

16 Development (DEV) Frequent code commit Code review CI/CD Testing ( {non}functional Security Testing 16

17 Deployment/Rollback (SRE) Continuous Integration, automated testing Continuous Delivery /Deployment Approval Rollback decision 17

18 Monitoring and Feedback(All) Across DevOps Pipeline Application health Development Progress 18

19 Incident Handling Developers are the first responders Separate team dedicated to reliability are the first responders 19

20 DevOps is p 3 Title of the Presentation Goes Here

21 DevOps: People Heavy collaboration between all stakeholders Continuous Design / Architecture decisions Agreed on Environment / Network configuration Continuous Deployment planning Continuous Code Review Constantly available open communication channels: Dev and Ops together in all project decision meeting - Virtually or physical but sharing common collaboration environment Chat/ /Wiki services available to all team members 21

22 DevOps: Process Establish a process to enable people to succeed using the platform to develop Secure application Such that; Constant communication and visible to all Ensures that tasks are testable and repeatable Frees up human experts to do challenging, creative work Allows tasks to be performed with minimal effort or cost Creates confidence in task success, after past repetitions Faster deployment, frequent quality release 22

23 DevOps: Platform Where people use process to build software Automated environment creation and provisioning Automated infrastructure testing Parity between Development, QA, Staging, and Production environments Sharing and versioning of environmental configurations Collaborative environment between all stakeholders 23

24 SLS team GitHub Projects Once Click DevOps deployment Sample app with DevOps Process Tagged checkpoints v0.1.0: base Flask project v0.2.0: Vagrant development configuration v0.3.0: Test environment and Fabric deployment v0.4.0: Upstart services, external configuration files v0.5.0: Production environment On YouTube: 24

25 For more information DevOps Blog: Webinar : Podcast : 25

26 Title of the Presentation Goes Here

27 Any Questions? Hasan Yasar Technical Manager, Adjunct Faculty Secure Lifecycle 27

DOS AND DON'TS OF DEVSECOPS

DOS AND DON'TS OF DEVSECOPS SESSION ID: DEV-F01 DOS AND DON'TS OF DEVSECOPS Hasan Yasar Technical Manager, Adjunct Faculty Member CERT Software Engineering Institute Carnegie Mellon University @SecureLifeCycle Notices Copyright 2018

More information

Will your application be secure enough when Robots produce code for you?

Will your application be secure enough when Robots produce code for you? SESSION ID: ASD-W02 Will your application be secure enough when Robots produce code for you? Hasan Yasar Technical Manager, Faculty Member SEI CMU @securelifecycle With the speed of DevOps It is me! I

More information

Software, Security, and Resiliency. Paul Nielsen SEI Director and CEO

Software, Security, and Resiliency. Paul Nielsen SEI Director and CEO Software, Security, and Resiliency Paul Nielsen SEI Director and CEO Dr. Paul D. Nielsen is the Director and CEO of Carnegie Mellon University's Software Engineering Institute. Under Dr. Nielsen s leadership,

More information

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT

More information

Smart Grid Maturity Model

Smart Grid Maturity Model Smart Grid Maturity Model Austin Montgomery Software Engineering Institute Carnegie Mellon University Software Engineering Institute Carnegie Mellon University 2 SEI is a federally-funded research and

More information

Analyzing 24 Years of CVD

Analyzing 24 Years of CVD public release and unlimited distribution. Allen Householder adh@cert.org Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright. All Rights Reserved. This material is

More information

Julia Allen Principal Researcher, CERT Division

Julia Allen Principal Researcher, CERT Division Improving the Security and Resilience of U.S. Postal Service Mail Products and Services Using CERT -RMM (Case Study) Julia Allen Principal Researcher, CERT Division Julia Allen is a principal researcher

More information

Cyber Hygiene: A Baseline Set of Practices

Cyber Hygiene: A Baseline Set of Practices [DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright

More information

Integrating the Risk Management Framework (RMF) with DevOps

Integrating the Risk Management Framework (RMF) with DevOps Integrating the Risk Management Framework (RMF) with DevOps March 2018 Timothy A. Chick Security Automation Systems Technical Manager Software Engineering Institute Carnegie Mellon University Pittsburgh,

More information

ARINC653 AADL Annex Update

ARINC653 AADL Annex Update ARINC653 AADL Annex Update Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Julien Delange AADL Meeting February 15 Report Documentation Page Form Approved OMB No. 0704-0188

More information

Causal Modeling of Observational Cost Data: A Ground-Breaking use of Directed Acyclic Graphs

Causal Modeling of Observational Cost Data: A Ground-Breaking use of Directed Acyclic Graphs use Causal Modeling of Observational Cost Data: A Ground-Breaking use of Directed Acyclic Graphs Bob Stoddard Mike Konrad SEMA SEMA November 17, 2015 Public Release; Distribution is Copyright 2015 Carnegie

More information

SEI/CMU Efforts on Assured Systems

SEI/CMU Efforts on Assured Systems Unclassified//For Official Use Only SEI/CMU Efforts on Assured Systems 15 November 2018 *** Greg Shannon CERT Division Chief Scientist Software Engineering Institute Carnegie Mellon University Pittsburgh,

More information

Information Security Is a Business

Information Security Is a Business Information Security Is a Business Continuity Issue: Are You Ready? Dr. Nader Mehravari Cyber Risk and Resilience Management Team CERT Division Software Engineering Institute Carnegie Mellon University

More information

Defining Computer Security Incident Response Teams

Defining Computer Security Incident Response Teams Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that

More information

Be Like Water: Applying Analytical Adaptability to Cyber Intelligence

Be Like Water: Applying Analytical Adaptability to Cyber Intelligence SESSION ID: HUM-W01 Be Like Water: Applying Analytical Adaptability to Cyber Intelligence Jay McAllister Senior Analyst Software Engineering Institute Carnegie Mellon University @sei_etc Scuttlebutt Communications

More information

Cyber Threat Prioritization

Cyber Threat Prioritization Cyber Threat Prioritization FSSCC Threat and Vulnerability Assessment Committee Jay McAllister Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information

More information

The CERT Top 10 List for Winning the Battle Against Insider Threats

The CERT Top 10 List for Winning the Battle Against Insider Threats The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:

More information

Panel: Future of Cloud Computing

Panel: Future of Cloud Computing Panel: Future of Cloud Computing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Grace Lewis Advanced Mobile Systems (AMS) Initiative July 9, 2014 Mobile Device Trends Smartphones

More information

Automated Provisioning of Cloud and Cloudlet Applications

Automated Provisioning of Cloud and Cloudlet Applications Automated Provisioning of Cloud and Cloudlet Applications Secure and Assured Mobile Computing Components Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Jeff Boleng, PhD

More information

Advancing Cyber Intelligence Practices Through the SEI s Consortium

Advancing Cyber Intelligence Practices Through the SEI s Consortium Advancing Cyber Intelligence Practices Through the SEI s Consortium SEI Emerging Technology Center Jay McAllister Melissa Kasan Ludwick Copyright 2015 Carnegie Mellon University This material is based

More information

2013 US State of Cybercrime Survey

2013 US State of Cybercrime Survey 2013 US State of Cybercrime Survey Unknown How 24 % Bad is the Insider Threat? Insiders 51% 2007-2013 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting

More information

Modeling the Implementation of Stated-Based System Architectures

Modeling the Implementation of Stated-Based System Architectures Modeling the Implementation of Stated-Based System Architectures Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Peter H Feiler June 2009 Are Everywhere What is a state-based

More information

Test Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions

Test Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions Test Automation Strategies in Continuous Delivery Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions The world of application is going through a monumental shift.. Evolving

More information

Researching New Ways to Build a Cybersecurity Workforce

Researching New Ways to Build a Cybersecurity Workforce THE CISO ACADEMY Researching New Ways to Build a Cybersecurity Workforce Pamela D. Curtis, Summer Craze Fowler, David Tobar, and David Ulicne December 2016 Organizations across the world face the increasing

More information

Using CERT-RMM in a Software and System Assurance Context

Using CERT-RMM in a Software and System Assurance Context Using CERT-RMM in a Software and System Assurance Context Julia Allen SEPG NA 2011 24 March 2011 Agenda What is the CERT Resilience Management Model (CERT-RMM)? Model Building Blocks CERT-RMM for Assurance

More information

Software Assurance Education Overview

Software Assurance Education Overview Software Assurance Education Overview Nancy Mead June 2011 ABSTRACT: Complex software systems affect nearly every aspect of our lives, in areas such as defense, government, energy, communication, transportation,

More information

Situational Awareness Metrics from Flow and Other Data Sources

Situational Awareness Metrics from Flow and Other Data Sources Situational Awareness Metrics from Flow and Other Data Sources SEI CERT NetSA 2011 Carnegie Mellon University NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE

More information

Components and Considerations in Building an Insider Threat Program

Components and Considerations in Building an Insider Threat Program Components and Considerations in Building an Insider Threat Program Carly Huth Insider Threat Researcher, CEWM Carly L. Huth is an insider threat researcher in the Cyber Enterprise and Workforce Management

More information

Providing Information Superiority to Small Tactical Units

Providing Information Superiority to Small Tactical Units Providing Information Superiority to Small Tactical Units Jeff Boleng, PhD Principal Member of the Technical Staff Software Solutions Conference 2015 November 16 18, 2015 Copyright 2015 Carnegie Mellon

More information

OSATE Analysis Support

OSATE Analysis Support OSATE Analysis Support Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Julien Delange/Peter Feiler 07/08/2013 Overview of OSATE2 Eclipse-based AADL editor Support for AADLv2.1,

More information

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative SEI Webinar November 12, 2009 Polling Question 1 How did you hear about this webinar?

More information

Denial of Service Attacks

Denial of Service Attacks Denial of Service Attacks CERT Division http://www.sei.cmu.edu REV-03.18.2016.0 Copyright 2017 Carnegie Mellon University. All Rights Reserved. This material is based upon work funded and supported by

More information

Prioritizing Alerts from Static Analysis with Classification Models

Prioritizing Alerts from Static Analysis with Classification Models Prioritizing Alerts from Static Analysis with Classification Models PI: Lori Flynn, PhD Team: Will Snavely, David Svoboda, Dr. David Zubrow, Bob Stoddard, Dr. Nathan VanHoudnos, Dr. Elli Kanal, Richard

More information

Design Pattern Recovery from Malware Binaries

Design Pattern Recovery from Malware Binaries Design Pattern Recovery from Malware Binaries Cory F. Cohen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright 2015 Carnegie Mellon University This material is based

More information

Foundations for Summarizing and Learning Latent Structure in Video

Foundations for Summarizing and Learning Latent Structure in Video Foundations for Summarizing and Learning Latent Structure in Video Presenter: Kevin Pitstick, MTS Engineer PI: Ed Morris, MTS Senior Engineer Copyright 2017 Carnegie Mellon University. All Rights Reserved.

More information

Inference of Memory Bounds

Inference of Memory Bounds Research Review 2017 Will Klieber, software security researcher Joint work with Will Snavely public release and unlimited distribution. 1 Copyright 2017 Carnegie Mellon University. All Rights Reserved.

More information

Goal-Based Assessment for the Cybersecurity of Critical Infrastructure

Goal-Based Assessment for the Cybersecurity of Critical Infrastructure Goal-Based Assessment for the Cybersecurity of Critical Infrastructure IEEE HST 2010 November 10, 2010 NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS

More information

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013 ARINC653 AADL Annex Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Julien Delange 07/08/2013 Context, Rationale ARINC653 Avionics standard Standardized API (called APEX

More information

Encounter Complexes For Clustering Network Flow

Encounter Complexes For Clustering Network Flow Encounter Complexes For Clustering Network Flow. Leigh Metcalf, lbmetcalf@cert.org Flocon 2015 Date 2015 Carnegie Mellon University Copyright 2014 Carnegie Mellon University This material is based upon

More information

Current Threat Environment

Current Threat Environment Current Threat Environment Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213, PhD Technical Director, CERT mssherman@sei.cmu.edu 29-Aug-2014 Report Documentation Page Form

More information

Fall 2014 SEI Research Review Verifying Evolving Software

Fall 2014 SEI Research Review Verifying Evolving Software Fall 2014 SEI Research Review Verifying Evolving Software Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Arie Gurfinkel October 28, 2014 Report Documentation Page Form Approved

More information

Collaborative Autonomy with Group Autonomy for Mobile Systems (GAMS)

Collaborative Autonomy with Group Autonomy for Mobile Systems (GAMS) Collaborative Autonomy with Group Autonomy for Mobile Systems (GAMS) Presenter: (jredmondson@sei.cmu.edu) Date: August 19, 2014 Copyright 2014 Carnegie Mellon University This material is based upon work

More information

ContainerOps - DevOps Orchestration. Quanyi Ma

ContainerOps - DevOps Orchestration. Quanyi Ma ContainerOps - DevOps Orchestration Quanyi Ma Who Am I? Quanyi Ma DevOps & Open Source Expert Senior Architect & Full Stack Developer Email: maquanyi@huawei.com Twitter: @genedna

More information

10 Years of FloCon. Prepared for FloCon George Warnagiris - CERT/CC #GeoWarnagiris Carnegie Mellon University

10 Years of FloCon. Prepared for FloCon George Warnagiris - CERT/CC #GeoWarnagiris Carnegie Mellon University 10 Years of FloCon Prepared for FloCon 2014 George Warnagiris - CERT/CC gwarnagi@cert.org #GeoWarnagiris 2014 Carnegie Mellon University Disclaimer NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY

More information

HP APPs v.12 Solutions for Dev-Ops

HP APPs v.12 Solutions for Dev-Ops HP APPs v.12 Solutions for Dev-Ops Kimberly Fort HP Software July 2014 Kimberly Fort Software Solutions Architect *5 Months with HP *17 Years experience using HP Tools & products *20 Years experience in

More information

Engineering Improvement in Software Assurance: A Landscape Framework

Engineering Improvement in Software Assurance: A Landscape Framework Engineering Improvement in Software Assurance: A Landscape Framework Lisa Brownsword (presenter) Carol C. Woody, PhD Christopher J. Alberts Andrew P. Moore Agenda Terminology and Problem Scope Modeling

More information

The Need for Operational and Cyber Resilience in Transportation Systems

The Need for Operational and Cyber Resilience in Transportation Systems The Need for Operational and Cyber Resilience in Transportation Systems January 14, 2016 Dr. Nader Mehravari, MBCP, MBCI Cyber Risk and Resilience Management Software Engineering Institute Software Carnegie

More information

How Can Testing Teams Play a Key Role in DevOps Adoption?

How Can Testing Teams Play a Key Role in DevOps Adoption? June 3, 2016 How Can Testing Teams Play a Key Role in DevOps Adoption? Sujay Honnamane QA Director @sujayh Rameshkumar Bar Sr. Automation Architect @rameshbar 2016 Cognizant Session take away DevOps Overview

More information

CONTINUOUS DELIVERY IN THE ORACLE CLOUD

CONTINUOUS DELIVERY IN THE ORACLE CLOUD CONTINUOUS DELIVERY IN THE ORACLE CLOUD Lykle Thijssen Bruno Neves Alves June 7, 2018 NLOUG Tech Experience Amersfoort eproseed Confidential ABOUT US Lykle Thijssen Principal Architect and Scrum Master

More information

Dr. Kenneth E. Nidiffer Director of Strategic Plans for Government Programs

Dr. Kenneth E. Nidiffer Director of Strategic Plans for Government Programs War Fighting Technologies: Enhance Advance - Modernize: -Technological/Acquisition Advances Enabling a More Responsive 24th Anniversary - Systems & Software Technology Conference April 23-26, 2012 Salt

More information

DevOps and Continuous Delivery USE CASE

DevOps and Continuous Delivery USE CASE DevOps and Continuous Delivery USE CASE CliQr DevOps and Continuous Delivery Page 2 DevOps and Continuous Delivery In the digital economy, increasing application velocity is key to success. In order to

More information

Containers & Microservices For Realists. Karthik

Containers & Microservices For Realists. Karthik Containers & Microservices For Realists Karthik Gaekwad @iteration1 Karthik Gaekwad @iteration1 Principal Member of Technical Staff Oracle Container Cloud Team Previous: 10 years building cloud products

More information

Verifying Periodic Programs with Priority Inheritance Locks

Verifying Periodic Programs with Priority Inheritance Locks Verifying Periodic Programs with Priority Inheritance Locks Sagar Chaki, Arie Gurfinkel, Ofer Strichman FMCAD, October, 03 Software Engineering Institute, CMU Technion, Israel Institute of Technology Copyright

More information

Five Keys to Agile Test Automation for Government Programs

Five Keys to Agile Test Automation for Government Programs Five Keys to Agile Test Automation for Government Programs Robert Binder and Suzanne Miller Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 approved for public [DISTRIBUTION

More information

Static Analysis Alert Audits Lexicon And Rules David Svoboda, CERT Lori Flynn, CERT Presenter: Will Snavely, CERT

Static Analysis Alert Audits Lexicon And Rules David Svoboda, CERT Lori Flynn, CERT Presenter: Will Snavely, CERT Static Analysis Alert Audits Lexicon And Rules David Svoboda, CERT Lori Flynn, CERT Presenter: Will Snavely, CERT Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 2016 Carnegie

More information

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region Azure DevOps Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region What is DevOps? People. Process. Products. Build & Test Deploy DevOps is the union of people, process, and products to

More information

Passive Detection of Misbehaving Name Servers

Passive Detection of Misbehaving Name Servers Passive Detection of Misbehaving Name Servers Based on CMU/SEI-2013-TR-010 Jonathan Spring, Leigh Metcalf netsa-contact (AT) cert.org Flocon 2014, Charleston SC 2014 Carnegie Mellon University Copyright

More information

Flow Analysis for Network Situational Awareness. Tim Shimeall January Carnegie Mellon University

Flow Analysis for Network Situational Awareness. Tim Shimeall January Carnegie Mellon University Flow Analysis for Network Situational Awareness Tim Shimeall January 2010 NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN AS-IS" BASIS.

More information

Investigating APT1. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Deana Shick and Angela Horneman

Investigating APT1. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Deana Shick and Angela Horneman Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Deana Shick and Angela Horneman Copyright 2013 Carnegie Mellon University This material is based upon work funded and supported

More information

How to Build an Appium Continuous Testing Pipeline

How to Build an Appium Continuous Testing Pipeline How to Build an Appium Continuous Testing Pipeline Step-by-Step Tutorial November, 2017 Today s speakers Guy Arieli, CTO, Experitest Ruth Zamir Marketing Director Experitest 01 Why do we need continuous

More information

Carnegie Mellon University Notice

Carnegie Mellon University Notice Carnegie Mellon University Notice This video and all related information and materials ( materials ) are owned by Carnegie Mellon University. These materials are provided on an as-is as available basis

More information

The Insider Threat Center: Thwarting the Evil Insider

The Insider Threat Center: Thwarting the Evil Insider The Insider Threat Center: Thwarting the Evil Insider The CERT Top 10 List for Winning the Battle Against Insider Threats Randy Trzeciak 14 June 2012 2007-2012 Carnegie Mellon University Notices 2011 Carnegie

More information

NISPOM Change 2: Considerations for Building an Effective Insider Threat Program

NISPOM Change 2: Considerations for Building an Effective Insider Threat Program NISPOM Change 2: Considerations for Building an Effective Insider Threat Program Randall Trzeciak (rft@cert.org) July 7, 2016 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213

More information

DevOps A How To for Agility with Security

DevOps A How To for Agility with Security DevOps A How To for Agility with Security Murray Goldschmidt, COO Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney Level 8, 66 King Street Sydney NSW 2000 Australia Melbourne

More information

Testing in the Agile World

Testing in the Agile World Testing in the Agile World John Fodeh Solution Architect, Global Testing Practice 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Outline

More information

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative SEI Webinar November 12, 2009 Report Documentation Page Form Approved OMB No. 0704-0188

More information

COTS Multicore Processors in Avionics Systems: Challenges and Solutions

COTS Multicore Processors in Avionics Systems: Challenges and Solutions COTS Multicore Processors in Avionics Systems: Challenges and Solutions Dionisio de Niz Bjorn Andersson and Lutz Wrage dionisio@sei.cmu.edu, baandersson@sei.cmu.edu, lwrage@sei.cmu.edu Report Documentation

More information

Shift Left Testing: are you ready? Live Webinar, Sept 19

Shift Left Testing: are you ready? Live Webinar, Sept 19 Shift Left Testing: are you ready? Live Webinar, Sept 19 Guy Arieli CTO, Experitest 01 What exactly is Shift Left? Agenda 02 03 How Shift Left affects application development & testing organizational structures

More information

Architectural Implications of Cloud Computing

Architectural Implications of Cloud Computing Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,

More information

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES SERVICE, SUPPORT AND EXPERT GUIDANCE FOR THE MIGRATION AND IMPLEMENTATION OF YOUR ORACLE APPLICATIONS ON ORACLE INFRASTRUCTURE

More information

How Cisco IT Improved Development Processes with a New Operating Model

How Cisco IT Improved Development Processes with a New Operating Model How Cisco IT Improved Development Processes with a New Operating Model New way to manage IT investments supports innovation, improved architecture, and stronger process standards for Cisco IT By Patrick

More information

Secure Coding Initiative

Secure Coding Initiative Secure Coding Initiative Robert C. Seacord 2010 Carnegie Mellon University NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN AS-IS" BASIS.

More information

Application Deployment

Application Deployment Application Deployment Software Engineering II WS 2018/19 Christoph Matthies (christoph.matthies@hpi.de) Enterprise Platform and Integration Concepts Datacenter Work by Leonardo Rizzi (CC BY-SA 2.0) Agenda

More information

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE Overview all ICT Profile changes in title, summary, mission and from version 1 to version 2 Versions Version 1 Version 2 Role Profile

More information

An Incident Management Ontology

An Incident Management Ontology An Incident Management Ontology Presenter - Samuel Perl Co-Authors - David Mundie, Robin Ruefle, Audrey Dorofee, Matthew Collins, John McCloud 2014 Carnegie Mellon University Copyright 2014 Carnegie Mellon

More information

Cisco CloudCenter Use Case Summary

Cisco CloudCenter Use Case Summary Cisco CloudCenter Use Case Summary Overview IT organizations often use multiple clouds to match the best application and infrastructure services with their business needs. It makes sense to have the freedom

More information

WELCOME TO ITIL FOUNDATIONS PREP CLASS AUBREY KAIGLER

WELCOME TO ITIL FOUNDATIONS PREP CLASS AUBREY KAIGLER WELCOME TO ITIL FOUNDATIONS PREP CLASS AUBREY KAIGLER Audio Configuration Configure your audio settings. The Audio Setup Wizard allows you to configure your volume level, default microphone and recording

More information

Measuring the Software Security Requirements Engineering Process

Measuring the Software Security Requirements Engineering Process Measuring the Software Security Requirements Engineering Process Nancy Mead July 2012 ABSTRACT: Although there has been much research work in security requirements engineering, we do not have adequate

More information

SAFe AGILE TRAINING COURSES

SAFe AGILE TRAINING COURSES SAFe AGILE TRAINING COURSES INDEX INTRODUCTION COURSE Implementing SAfe Leading SAFe SAFe for Teams SAFe Scrum Master CERTIFICATION SAFe Program Consultant SAFe Agilist SAFe Practitioner SAFe Scrum Master

More information

I keep hearing about DevOps What is it?

I keep hearing about DevOps What is it? DevOps & OpenShift I keep hearing about DevOps What is it? FOR MANY ORGANIZATIONS, WHAT IS I.T. LIKE TODAY? WATERFALL AND SILOS Application Version X DEVELOPMENT OPERATIONS IT OPS IS UNDER PRESSURE ENVIRONMENT

More information

Report Writer and Security Requirements Finder: User and Admin Manuals

Report Writer and Security Requirements Finder: User and Admin Manuals Report Writer and Security Requirements Finder: User and Admin Manuals Nancy R. Mead CMU MSE Studio Team Sankalp Anand Anurag Gupta Swati Priyam Yaobin Wen Walid El Baroni June 2016 SPECIAL REPORT CMU/SEI-2016-SR-002

More information

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion

More information

DevOps in an ITIL Shop. Not just compatible; DevOps achieves ITIL s promise.

DevOps in an ITIL Shop. Not just compatible; DevOps achieves ITIL s promise. DevOps in an ITIL Shop Not just compatible; DevOps achieves ITIL s promise. Can DevOps & ITIL Coexist? ITIL Avoid Failure Rigorous Change Management and control Application Development not addressed Waterfall

More information

DevOps Agility in the Evolving Cloud Services Landscape

DevOps Agility in the Evolving Cloud Services Landscape DevOps Agility in the Evolving Cloud Services Landscape Kiran Chitturi CTO Architect, Sungard Availability Services @nkchitturi Kiran Chitturi Architect in the Office of the CTO Focus on DevOps and cloud

More information

Don t You Just Care that Your Food Tastes Good...and that you can afford it! ITIL

Don t You Just Care that Your Food Tastes Good...and that you can afford it! ITIL Don t You Just Care that Your Food Tastes Good...and that you can afford it! ITIL ITSM Executive Overview PMI Southwest Ohio Mega Keith D. Sutherland April, 2016 Acknowledgements Service Management Dynamix,

More information

Model-Driven Verifying Compilation of Synchronous Distributed Applications

Model-Driven Verifying Compilation of Synchronous Distributed Applications Model-Driven Verifying Compilation of Synchronous Distributed Applications Sagar Chaki, James Edmondson October 1, 2014 MODELS 14, Valencia, Spain Copyright 2014 Carnegie Mellon University This material

More information

ContainerOps DevOps Orchestration

ContainerOps DevOps Orchestration ContainerOps DevOps Orchestration Quanyi Ma DevOps & Open Source Expert Senior Architect & Full Stack Developer Email: maquanyi@huawei.com Twitter: @genedna Github: https://github.com/genedna Agenda 1.

More information

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs WITH PALO ALTO NETWORKS AND REAN CLOUD 1 INTRODUCTION EXECUTIVE SUMMARY Organizations looking to provide developers with a free-range development environment

More information

DAVIS SYSTEMS

DAVIS SYSTEMS Lessons Learned Using Agile Practices with TSP by Noopur Davis Davis Systems presented at the 2010 TSP Symposium Pittsburgh, PA September 23, 2010 DAVIS 1 2010 Agenda Background Project Planning Practices

More information

CATCH ERRORS BEFORE THEY HAPPEN. Lessons for a mature data governance practice

CATCH ERRORS BEFORE THEY HAPPEN. Lessons for a mature data governance practice CATCH ERRORS BEFORE THEY HAPPEN Lessons for a mature data governance practice A guide to working with cross-departmental teams to establish proactive data governance for your website or mobile app. 2 Robust

More information

The Confluence of Physical and Cyber Security Management

The Confluence of Physical and Cyber Security Management The Confluence of Physical and Cyber Security Management GOVSEC 2009 Samuel A Merrell, CISSP James F. Stevens, CISSP 2009 Carnegie Mellon University Today s Agenda: Introduction Risk Management Concepts

More information

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market MySQL CLOUD SERVICE Propel Innovation and Time-to-Market The #1 open source database in Oracle. Looking to drive digital transformation initiatives and deliver new modern applications? Oracle MySQL Service

More information

Open Systems: What s Old Is New Again

Open Systems: What s Old Is New Again Open Systems: What s Old Is New Again Tricia Oberndorf & Dr. Carol Sledge NO WARRANTY THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS" BASIS. CARNEGIE

More information

Shift Happens. The Role of Continuous Testing in DevOps. Alex Martins. CTO Continuous Testing. May 15 th, 2018 CA Technologies.

Shift Happens. The Role of Continuous Testing in DevOps. Alex Martins. CTO Continuous Testing. May 15 th, 2018 CA Technologies. Shift Happens The Role of Continuous Testing in DevOps Alex Martins CTO Continuous Testing May 15 th, 2018 CA Technologies February 2018 1 Chris Petterson (chris.petterson@ca.com) Account Executive SLED

More information

SDx and the Future of Infrastructure

SDx and the Future of Infrastructure SDx and the Future of Infrastructure John Manville, SVP, Global Infrastructure Services, Cisco Radhika Chagarlamudi, Sr. Dir., IT, Business Collaboration and Software Platforms ITM-1004 A Ten Year Journey..

More information

White Paper: The Impact of DevOps on Your ITIL Implementation

White Paper: The Impact of DevOps on Your ITIL Implementation White Paper: The Impact of DevOps on Your ITIL Implementation The question of whether ITIL 1 and DevOps are related is not new. People have many conflicting views on the subject: some argue that ITIL and

More information

Automation Best Practices for CI/CD. Leo Laskin, Sr. Solutions Architect

Automation Best Practices for CI/CD. Leo Laskin, Sr. Solutions Architect Automation Best Practices for CI/CD Leo Laskin, Sr. Solutions Architect Agenda Topic 1 CI/CD Topic 4 Other tips Topic 2 Best Practice Testing Topic 3 Selenium Testing THE PATH TO CI/CD Waterfall Fast Waterfall

More information

Bringing QA Into the Agile Process

Bringing QA Into the Agile Process Quality Assurance - SCQAA-OC 2/17/09 Bringing QA Into the Process SCQAA Meeting 2/17/09 Speaker: Paul Hodgetts, Logic, www.logic.com Rev 090217 Your Speaker: Paul Hodgetts Team coach, trainer, consultant,

More information

THE ESSENTIALS OF NON-FUNCTIONAL TESTING. Evaluating the readiness of a system by the testing of non functional attributes. Professional Development

THE ESSENTIALS OF NON-FUNCTIONAL TESTING. Evaluating the readiness of a system by the testing of non functional attributes. Professional Development THE ESSENTIALS OF NON-FUNCTIONAL TESTING Evaluating the readiness of a system by the testing of non functional attributes Vertical Type Sub-Category Websiteeebsite Technology Professional Development Software

More information

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo

More information