Here’s my LASCON 2016 presentation on Lean Security, explaining how and why to apply Lean Software principles to information security!
Author Archives: Ernest Mueller
I wanted to mention a couple Austin area events folks should be aware of – and one international one! November is full of DevOps goodness, so come to some or all of these…
The international one is called All Day DevOps, Tuesday November 15 2016, and is a one long day, AMER and EMEA hours, 3-track, free online conference. It has all the heavy hitter presenters you’d expect from going to Velocity or a DevOpsDays or whatnot, but streaming free to all. Sign up and figure out what you want to watch in what slot now! James, Karthik, and I are curating and hosting the Infrastructure track so, you know, err on that side 🙂 There’s nearly 5000 people signed up already, so it should be lively!
Then there’s CD Summit Austin 2016. There’s a regional IT conference called Innotech, and devops.com came up with the great idea of running a DevOps event alongside it. It’s Wednesday November 16 (workshops) and Thursday November 17 (conference) in the Austin Convention Center. All four of the Agile Admins will be doing a panel on “The Evolution of Agility” at 11:20 on Thursday so come on out! It’s cheap, even both days together are like $179.
But before all that – the best little application security convention in Texas (or frankly anywhere for my money) – LASCON is next week! Tues and Wed Nov 1-2 are workshop days and then Thu-Fri Nov 3-4 are the conference days. I’m doing my Lean Security talk I did at RSA last fall on Friday, and James is speaking on Serverless on Thursday. $299 for the two conference days.
Loads of great stuff for all this month!
I haz it!
It, of course, is the new DevOps Handbook, in which luminaries Gene Kim, Patrick Debois, John Willis, John Allspaw, and Jez Humble put together a single coherent guide to understanding and implementing DevOps. Most of the “DevOps” books to date have really just nibbled around the edges of DevOps instead of addressing its entire scope head on. This book does so, and will become the standard reference in anyone’s DevOps library. Get it on Amazon or elsewhere!
The CloudAustin user group that Karthik, James, and I run is in its fifth year and still going strong. Our venue hosts at Rackspace now have the equipment to record the talks! So I thought I’d share the videos and slides with our readers. Thanks to Derrick Wippler and Mike Schwartz, our speakers, and Rackspace and CenturyLink, our sponsors.
What Are Containers And Why Are They So Important, by Derrick Wippler
Struggling to understand all the hype around Docker? Don’t understand the difference between a VM and a container? Why are immutable operating systems cool? Why is everyone going crazy over Kubernetes/Swarm/Apache Mesos?
This talk will attempt to inform by pulling back the curtain on the container hype. We will dissect what a container is, why clustering containers and orchestration matters, immutable operating systems and finally where this is all going and how it will effect your future interaction with the cloud.
Derrick Wippler is: Tech Geek, Container evangelist, Software Developer, Entrepreneur and Rackspace Cloud Block Storage Imagineer. Creator of a SuperNES emulator (http://www.superretro16.com). And you can read my musings on technology on my blog (http://thrawn01.org)
Who Are You? From Meat To Electrons And Back Again, by Mike Schwartz
Conventional wisdom tells us to use two-factor authentication—and it does help to improve security. But the best way to reduce user-friction is to never require a person to authenticate. This talk will provide a modern solution to reconcile these two divergent imperatives by leveraging standard profiles of OAuth2 for trust elevation. Its not just the front door that needs protection!
Mike Schwartz is the Founder of Gluu, a security software company serving companies, governments and universities around the world. Schwartz is a domain expert in application security, authentication and API access management. The Gluu Server is one of the leading implementations of OpenID Connect. Schwartz has participated in the development of standards like the User Managed Access (UMA) profile of OAuth2, a new standard for API access management. He is also Co-chair of the Open Trust Taxonomy for OAuth2 (OTTO) working group at Kantara to create new standards for multiparty federation. Before starting Gluu, Schwartz was a security integrator for many large enterprises. He also was the Founder of an ISP in the ’90s. He now resides with his family (and pigeons) in Austin, TX.
Does this make you want to speak at CloudAustin, or sponsor it? Well please do! Come email us at austin-cug-admin at googlegroups dot com and sign up. And of course come attend, we meet the third Tuesday night of every month at Rackspace’s Austin facility on I-35 at 183.
James and I have been talking lately about the conjunction of Lean and Security. The InfoSec world is changing rapidly, and just as DevOps has incorporated Lean techniques into the systems world, we feel that security has a lot to gain from doing the same.
We did a 20 minute talk on the subject at RSA, you can check out the slides and/or watch the video:
While we were there we were interviewed by Derek Weeks. Read his blog post with a transcript of the interview, and/or watch the interview video!
We’ll be writing more about it here, but we wanted to get a content dump out to those who want it!
I hope you’ve been enjoying our Docker and the Future of Configuration Management blog roundup! I’m joining Jon Reeve of StackEngine, who’s sponsoring the roundup with prizes and such, in a Webinar this week to discuss the various points of view we’ve seen covered.
The Webinar will be on Wednesday Dec 09, 2015 at 11:00 AM CST. Register now at: https://attendee.gotowebinar.com/register/5726672543793290498
In this webinar – we’ll explore how Docker and containers are impacting the future of configuration management. Is true “Golden Image” management now a reality? We’ll explore different points of view and the pros and cons of Docker’s impact.
We’ll also review StackEngine’s approach to Docker and container management and how it is benefiting DevOps and Operations teams.