Tag Archives: final

BizDevOps, DevOps feedback loops guide IT transformation

For many IT shops, BizDevOps and DevOps feedback loops are the final stage of the digital transformation process, but one enterprise found them a useful place to start.

When American Fidelity Assurance Company, an insurance company in Oklahoma City that specializes in employee benefits, began its transition to DevOps in 2015, it rolled out continuous integration (CI) and deployment tools for application development, which is a customary starting point. At the same time, the company deployed Dynatrace monitoring tools to give developers fast feedback on the causes of software defects in production.

Dynatrace competes with other DevOps monitoring vendors such as New Relic and Cisco AppDynamics, which began with a focus on application performance monitoring, and have all added AI-driven automation and infrastructure monitoring features in recent years. Dynatrace was spun out of Compuware in 2014, while its main competitors were founded in 2008.

When American Fidelity first engaged with Dynatrace, its focus was on monitoring how customers interacted with digital products, or digital experience management, based on its 2015 acquisition of Keynote. Most DevOps monitoring tools now offer customer experience management features, but at the time, that was a Dynatrace specialty, and it helped American Fidelity compose its initial to-do list for application development.

This focus on DevOps feedback loops to guide developer workflows is something IT pros typically do much later in the DevOps transformation process, analysts say. 

“Monitoring is often an afterthought,” said Nancy Gohring, analyst at 451 Research. “People adopt new cloud technologies, then DevOps, but monitoring hasn’t been baked in, and they haven’t been prescriptive about how to approach it — and then they start running into problems.”

American Fidelity’s experience has been the opposite. While it deploys applications through a CI/CD pipeline, its IT infrastructure is still mostly on-premises VMware virtual machines, though a move to public cloud is underway. Rather than focus on cloud-native infrastructure automation, the company focused first on continuously improving the applications it delivers on the infrastructure it already had.

People often don’t realize that Dynatrace provides the ability to prioritize the areas of your applications that are most used for improvement. You can tell how many times something is called and how often it is called, and what will give you the most bang for your buck.
Gary CarrCloud infrastructure architect, American Fidelity

Even without highly complex microservices architectures, that infrastructure was becoming more complicated than IT staff could manage through manual intervention as the company deployed new network security devices and adopted microsegmentation.

“Developers did not have enough visibility to see all the connections between systems,” said Gary Carr, cloud infrastructure architect at American Fidelity. “They spent a lot of time troubleshooting the log files, exception messages, and even more time trying to reproduce issues in our development environments.”

Dynatrace sped up troubleshooting, but also helped the company prioritize which defects to fix first.

“People often don’t realize that Dynatrace provides the ability to prioritize the areas of your applications that are most used for improvement,” Carr said. “You can tell how many times something is called and how often it is called, and what will give you the most bang for your buck.”

BizDevOps feedback guides product roadmaps, software backlog

Developers and IT operations pros at American Fidelity gained visibility into applications deployed with DevOps feedback loops, but the company also gave application managers and marketing personnel access to Dynatrace dashboards, which help them make decisions on what to develop next. This practice, known as BizDevOps, is the ultimate goal for many companies that undergo digital transformation, but most enterprises still fall short of realizing that ideal.

Marketers at American Fidelity, however, already use Dynatrace dashboards and user experience monitoring tools to look at customers’ browser requirements, where website traffic is coming from, site response times and which products are used most. Dynatrace also analyzes those metrics to generate an overall customer experience rating that business managers use to determine what’s most in need of improvement.

In the meantime, American Fidelity’s DevOps teams rolled out advances in Dynatrace’s products as they emerged since 2015, such as the DAVIS data analytics system. DAVIS narrows down the root cause of IT incidents and generates ServiceNow support tickets for IT incident response. Dynatrace can also automate the response to incidents without human intervention, including rolling back problematic application deployments, but American Fidelity hasn’t yet used those features.

“While improving automation could possibly help us, there are times when the change that it’s going to make is not enough to take focus off our main projects,” Carr said. “Our goal is always to focus on our customers to make sure we can provide things like the fastest efficient claim process, the best enrollment system.”

Public cloud, containers and other advanced IT automation is on the to-do list for the company, as is exploring AIOps automation. In the meantime, Carr said he’d like to see Dynatrace offer the same kinds of troubleshooting and feedback for application security that it does for application performance.

“With Dynatrace, you’re already in the middle of transactions, you’re involved in the networking, you are involved in the data sources, and all the services,” Carr said. “It would be nice if Dynatrace actually had some implementation of security … in that same view.”

A Dynatrace spokesperson said the vendor is open to customer feedback on its roadmap, but that security is not a focus currently.

Go to Original Article
Author:

DerbyCon attendees and co-founder reflect on the end

After nine years running, DerbyCon held its ninth and final show, and attendees and a co-founder looked back on the conference and discussed plans to continue the community with smaller groups around the world.

DerbyCon was one of the more popular small-scale hacker conferences held in the U.S., but organizers surprised the infosec community in January by announcing DerbyCon 9 would be the last one. The news came after multiple attendee allegations of mistreatment by the volunteer security staff and inaction regarding the safety of attendees.

Dave Kennedy, co-founder of DerbyCon, founder of TrustedSec LLC and co-founder of Binary Defense Systems, did not comment on specific allegations at the time and said the reason for the conference coming to an end was that the conference had gotten too big and there was a growing “toxic environment” created by a small group of people “creating negativity, polarization and disruption.”

Kennedy claimed in a recent interview that DerbyCon “never really had any major security incidents where we weren’t able to handle the situation quickly and de-escalate at the conference with our security staff.”

Roxy Dee, a vulnerability management specialist, who has been outspoken about the safety for women at DerbyCon, told SearchSecurity that “it’s highly irresponsible to paint it as a great conference” given the past allegations and what she described as a lack of response from conference organizers.  

Despite these past controversies, attendees praised DerbyCon 9, held in Louisville, Ky from Sept. 6 to 8 this year, there have been no major complaints, and Kennedy told SearchSecurity it was everything the team wanted for the last year and “went better than any other year I can remember.”

“When we started this conference we had no idea what we were doing or how to run a conference. We went from that to one of the most impactful family conferences in the world,” Kennedy said. “It’s been a lot of work, a lot of time and effort, but at the end of the day we accomplished everything we wanted to get out of the conference and then some. Family, community and friendship. It was an incredible experience and one that I’ll miss for sure.”

As a joke, someone handed Kennedy a paper during the conference reading “DerbyCon 10” and the image quickly circled the conference via Twitter. Kennedy admitted he and all of the organizers “struggled with ending DerbyCon this year or not, but we were all really burned out.”

“When we decided, it was from all of us that it was the right direction and the right time to go on a high note. We didn’t have any doubts at all this year that there would ever be another DerbyCon. This is it for us and we ended on a high note that was both memorable and magical to us,” Kennedy said. “The attendees, staff, speakers and everyone were just absolutely incredible. Thank you all to who made DerbyCon possibly and for growing an amazing community.”

The legacy of DerbyCon

Kennedy told SearchSecurity that his inspiration for fostering the DerbyCon community initially was David Logan’s Tribal Leadership, “which talks about growing a tribe based on a specific culture.

“A culture for a conference can be developed if we try hard enough and I think our success was we really focused on that family and community culture with DerbyCon,” Kennedy said. “A conference is a direct representation of the people that put it on, and we luckily were able to establish a culture early on that was sorely needed in the INFOSEC space.”

April C. Wright, security consultant at ArchitectSecurity.org, said in her years attending, DerbyCon provided a “wonderful environment with tons of positivity and personality.”

“I met my best friend there. I can’t describe how much good there was going on, from raising money for charity to knowledge sharing to welcoming first-time attendees,” Wright said. “The quality of content and villages were world class. The volunteers and staff have always been friendly and kind. It was in my top list of cons worldwide.”

Eric Beck, a pen-tester and web app security specialist, said the special part about DerbyCon was a genuine effort to run contrary to the traditional infosec community view that “you can pwn or you can’t.”

“We all start somewhere, we all have different strengths and weaknesses and everyone has a seat at the table. Dave [Kennedy], set a welcoming tone and it meant that people that might otherwise hesitate took that first step. And that first step is always the hardest,” Beck said. “DerbCon was my infosec home base and where I recharged my batteries and I don’t know who or what can fill its shoes. I have a kiddo I thought I’d share this conference with and met people I assumed I’d see annually. I’m personally determined to contribute more in infosec and make the effort to reach out, but I have a difficult time imaging being part of something that brought in the caliber of talent and the sense of welcoming that this conference did.”

Danny Akacki, senior technical account manager with Gigamon Insight, said his first time attending was DerbyCon 6 and the moment he walked in to the venue he “fell in love with the vibe of that place and those people.”

“I still didn’t know too many people but I swear to god it didn’t matter. I made so many friends that weekend and I had the hardest bout of post-con blues I’ve ever experienced, which is a testament to just how profound an effect that year had on me,” Akacki said. “I had to skip 7, but made it to 8 and 9. Every year I went back, it felt like only a day had passed since the last visit because that experience and those people stay with you every day.” 

For Alethe Denis, founder of Dragonfly Security, DerbyCon 9 was her first time attending and she said the experience was everything she expected and more.

“The atmosphere was like a sleepover, compared to the giant summer camp that is DEF CON, and I really enjoyed that aspect of it. It felt like it was a weekend getaway with friends and the lack of casinos was appreciated. But I don’t feel that the quality of the talks and availability of villages was sacrificed in the least,” Denis said. “Even as small as Derby is, it was really tough to do everything I wanted to do because there were so many interesting options available. I feel like it brought only the best elements of the DEF CON type community and DEF CON conference to the Midwest.”

Micah Brown, security engineer at American Modern Insurance Group and vice president of the Greater Cincinnati ISSA chapter, echoed the sentiments of brother/sisterhood at DerbyCon and the cheerfulness of the conference and added another key tenet: Charity.

“One of the key tenets of DerbyCon has always been giving back. During the closing ceremonies, it was revealed that over the past 9 years, DerbyCon and the attendees have given over $700,000 to charity. That does not count the hours of people’s lives that go into making the presentations, the tools, the training that are freely distributed each year. Nor does it factor in the personal relationships and mentorships that are established and progress our community,” Brown said. “It was after my first DerbyCon I volunteered to be the Director of Education for the Greater Cincinnati ISSA Chapter and after my second DerbyCon I volunteered to be the Vice President of the Chapter. DerbyCon has also inspired me to give back by sharing my knowledge through giving my own presentations, including the honor to give back to the DerbyCon community with my own talk this year.”

Beyond DerbyCon

Xena Olsen, cyberthreat intelligence analyst in the financial services industry, attended the last two years of DerbyCon and credited the “community and sense of belonging” there with encouraging her to continue learning and leading her to now being a cybersecurity PhD student at Marymount University.

“The DerbyCon Communities initiative will hopefully serve as a means for people to experience the DerbyCon culture around the world,” Olsen said. “As far as a conference taking the place of DerbyCon, I’m not sure that’s possible. But other conferences can adopt similar values of community and inclusiveness, knowledge sharing and charity.” 

Wright said she has seen other conferences with similar personality and passion, “but none have really captured the heart of DerbyCon.”

“There are a lot of great regional cons in the U.S. that I think more people will start going to. They are affordable and easily accessed, with the small-con feel — as opposed to the mega-con vibe of ‘Hacker Summer camp’,” Wright said, referencing the week in Las Vegas that includes Black Hat, DEF CON, BSides Las Vegas, Diana Con and QueerCon plus other events, meetups and parties. “I don’t think anyone can fill the space left by DerbyCon, but I do think each will continue with its own set of ways and personality.”

Akacki was adamant that “no other con will ever take Derby’s place.”

“It burned fast and it burned bright. It was lighting in a bottle, never to be seen again. However, I’m not sad,” Akacki said. “I can’t even say that its vibe is rising from the ashes, because it would have to have burned down for that to happen. The fire that is the spirit of DerbyCon still burns and, I’d argue, it burns brighter than ever.”

I’m not sure any other con will be able to truly capture that magic and fill the space left by Derby.
Alethe DenisFounder, Dragonfly Security

Denis said it will be difficult for any conference to truly replace DerbyCon.

“I feel like the people who organized and were passionate about DerbyCon are what made Derby unique. I’m not sure any other con will be able to truly capture that magic and fill the space left by Derby,” Denis said. “But I guess that remains to be seen and hope that more cons, such as Blue Team Con in June 2020 in Chicago bring high quality content and engaging talks to the Midwest in the future.”

Wright noted that some of her favorite smaller security conferences included GRRcon, NOLAcon, CircleCityCon, CypherCon, Showmecon, Toorcon and [Wild West Hackin’ Fest], and she expressed hope that the proposed “DerbyCon Communities” project “will help with the void left by the end of the era of the original DerbyCon.”

The DerbyCon Communities initiative

The organizers saw DerbyCon growing fast, but “didn’t want to turn the conference into such a large production like DEF CON,” Kennedy told SearchSecurity.

“We wanted to go back to why DerbyCon was so successful and that was due to three core principles: Posivitiy and Inclusiveness, Knowledge Sharing and Charity. There is a direct need for a community to help new people in the industry and help charity at the same time,” Kennedy said. “The goal for the Communities initiative is to bring people together the same way DerbyCon did for one common goal.”

Kennedy also confirmed that there will be some involvement with the Communities initiative from the “core group” of organizers, including his wife Erin, Martin Bos and others.

Akacki said that with the local Derby Communities initiative, “the spirit of Derby has exploded into stardust, covering our universe.”

“You can’t kill what we’ve built, you can’t contain it and you can’t stop it,” Akacki said. “I’m not crying because it ended, I’m smiling and laughing … because it just became bigger than ever.”

On Sept. 11, Kennedy pitched the full idea of DerbyCon Communities to the team and said there should be four main areas of focus:

  • Chapter Groups
    • Independently run with chapter heads
    • Geographically placed
    • Volunteer network
  • Established Groups
    • Partner with similar groups that meet criteria and approval process to join DerbyCon network.
  • Conferences
    • Established or new. Allow for new conferences to be created.
  • Kids
    • Programs geared towards teaching next-gen children.

Ultimately, Kennedy told SearchSecurity he wants new groups to “be welcoming and accepting of new people and making a difference and impact in their local communities or worldwide.”

“Our hope is that not only do DerbyCon Chapters spawn up, but other conferences and chapter groups will join forces to create a DerbyCon network of sorts to grow this community in a positive way.”

Go to Original Article
Author:

For Sale – GTX 1070’s + GTX 1060 + GTX 1080Ti

So these are the final few cards I was going to keep in case crypto mining became viable again, but it looks like the fate is pretty much sealed on that front. These are a mixture of purchased from Amazon warehouse / CEX (see below for purchase location and purchase date). Cards were kept at around 60’C and not underclocked with very clean power from Corsair Gold or Platinum PSUs. All cards working as expected.

Collection preferred, happy to demo to buyers – see my feedback, I’ve sold a few cards and everyone has been happy so far

Palit 6GB 1060 – Amazon Warehouse (Early 2018) – £180
MSI ITX 1070 – CEX (Early 2018) – £270
ASUS STRIX OC 1070 – Amazon Warehouse (Early 2018) – £280
ZOTAC 1080Ti – Amazon Warehouse (Early 2018) – £480

I do have the mining rig I can list too, if anyone is interested – happy to do a multi price if someone fancies taking the lot + mining rig!

Cheers!

Price and currency: Various
Delivery: Delivery cost is not included
Payment method: BT
Location: Sheffield
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – GTX 1070’s + GTX 1060 + GTX 1080Ti

So these are the final few cards I was going to keep in case crypto mining became viable again, but it looks like the fate is pretty much sealed on that front. These are a mixture of purchased from Amazon warehouse / CEX (see below for purchase location and purchase date). Cards were kept at around 60’C and not underclocked with very clean power from Corsair Gold or Platinum PSUs. All cards working as expected.

Collection preferred, happy to demo to buyers – see my feedback, I’ve sold a few cards and everyone has been happy so far

Palit 6GB 1060 – Amazon Warehouse (Early 2018) – £180
MSI ITX 1070 – CEX (Early 2018) – £270
MSI ARMOUR 1070 – CEX (Early 2018) – £260
MSI FOUNDERS – Amazon Warehouse ( Early 2017) – £260
ASUS STRIX OC 1070 – Amazon Warehouse (Early 2018) – £280
ZOTAC 1080Ti – Amazon Warehouse (Early 2018) – £480

I do have the mining rig I can list too, if anyone is interested – happy to do a multi price if someone fancies taking the lot + mining rig!

Cheers!

Price and currency: Various
Delivery: Delivery cost is not included
Payment method: BT
Location: Sheffield
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Genuine Windows 10 Home Retail Key (Purchased from Microsoft – with proof) – Reduced to £55

** 19/05/2018 – Final reduction to £55 **

I have here for sale, a code for Window 10 Home Retail 32/64 Bit.

I purchased this in August 2015 directly from Microsoft online for use on a PC that never had a license, however since then the install was removed, the PC sold on, and the key has sat doing nothing ever since. I have not had need to use it since then as everything I have purchased since then has had its own Windows 10 key baked in.

I can provide the purchase information I…

Genuine Windows 10 Home Retail Key (Purchased from Microsoft – with proof) – Reduced to £55

TS140 Xeon Server / Gaming PC choice of 2

he final item for sale in my “fund my aero 15x” clear out

2014 LENOVO TS 140 server x2

Ok so I have two of these and one needs to go! Slightly different specifications and prices.
These are amazing machines, nice and quiet and very low power consumption.

Prices do not include postage

One I bought this just before Christmas as I intended to use it to power my oculus at home but I ended up buying a gaming laptop instead.
The other i purchased new from ebuyer in 2014 (I think) and…

TS140 Xeon Server / Gaming PC choice of 2

TS140 Xeon Server / Gaming PC choice of 2

he final item for sale in my “fund my aero 15x” clear out

2014 LENOVO TS 140 server x2

Ok so I have two of these and one needs to go! Slightly different specifications and prices.
These are amazing machines, nice and quiet and very low power consumption.

Prices do not include postage

One I bought this just before Christmas as I intended to use it to power my oculus at home but I ended up buying a gaming laptop instead.
The other i purchased new from ebuyer in 2014 (I think) and…

TS140 Xeon Server / Gaming PC choice of 2