Tag Archives: plan

Mature DevSecOps orgs refine developer security skills training

BOSTON — IT organizations that plan to tackle developer security skills as part of a DevSecOps shift have started to introduce tools and techniques that can help.

Many organizations have moved past early DevSecOps phases such as a ‘seat at the table‘ for security experts during application design meetings and locked-down CI/CD and container environments. At DevSecCon 2018 here this week, IT pros revealed they’ve begun in earnest to ‘shift security left’ and teach developers how to write more secure application code from the beginning.

“We’ve been successful with what I’d call SecOps, and now we’re working on DevSec,” said Marnie Wilking, global CISO at Orion Health, a healthcare software company based in Boston, during a Q&A after her DevSecCon presentation. “We’ve just hired an application security expert, and we’re working toward overall information assurance by design.”

Security champions and fast feedback shift developer mindset

Orion Health’s plan to bring an application security expert, or security champion, into its DevOps team reflects a model followed by IT security software companies, such as CA Veracode. The goal of security champions is to bridge the gap and liaise between IT security and developer teams, so that groups spend less time in negotiations.

“The security champions model is similar to having an SRE team for ops, where application security experts play a consultative role for both the security and the application development team,” said Chris Wysopal, CTO at CA Veracode in Burlington, Mass., in a presentation. “They can determine when new application backlog items need threat modeling or secure code review from the security team.”

However, no mature DevSecOps process allows time for consultation before every change to application code. Developers must hone their security skills to reduce vulnerable code without input from security experts to maintain app delivery velocity.

The good news is that developer security skills often emerge organically in CI/CD environments, provided IT ops and security pros build vulnerability checks into DevOps pipelines in the early phases of DevSecOps.

Marnie Wilking at DevSecCon
Marnie Wilking, global CISO at Orion Health, presents at DevSecCon.

“If you’re seeing builds fail day after day [because of security flaws], and it stops you from doing what you want to get done, you’re going to stop [writing insecure code],” said Julie Chickillo, VP of information security, risk and compliance at Beeline, a company headquartered in Jacksonville, Fla., which sell workforce management and vendor management software.

Beeline built security checks into its CI/CD pipeline that use SonarQube, which blocks application builds if it finds major, critical or limiting application security vulnerabilities in the code, and immediately sends that feedback to developers. Beeline also uses interactive code scanning tools from Contrast Security as part of its DevOps application delivery process.

“It’s all about giving developers constant feedback, and putting information in their hands that helps them make better decisions,” Chickillo said.

Developer security training tools emerge

Application code scans and continuous integration tests only go so far to make applications secure by design. DevSecOps organizations will also use updated tools to further developer security skills training.

Sooner or later, companies put security scanning tools in place, then realize they’re not enough, because people don’t understand the output of those tools.
Mark FelegyhaziCEO, Avatao.com Innovative Learning Ltd

“Sooner or later, companies put security scanning tools in place, then realize they’re not enough, because people don’t understand the output of those tools,” said Mark Felegyhazi, CEO of Avatao.com Innovative Learning Ltd, a startup in Hungary that sells developer security skills training software. Avatao competitors in this emerging field include Secure Code Warrior, which offers gamelike interfaces that train developers in secure application design. Avatao also offers a hands-on gamification approach, but its tools also cover threat modeling, which Secure Code Warrior doesn’t address, Felegyhazi said.

Firms also will look to internal and external training resources to build developer security skills. Beeline has sent developers to off-site security training, and plans to set up a sandbox environment for developers to practice penetration testing on their own code, so they better understand the mindset of attackers and how to head them off, Chickillo said.

Higher education must take a similar hands-on approach to bridge the developer security skills gap for graduates as they enter the workforce, said Gabor Pek, CTO at Avatao, in a DevSecCon presentation about security in computer science curricula.

“Universities don’t have security champion programs,” Pek said. “Most of their instruction is designed for a large number of students in a one-size-fits-all format, with few practical, hands-on exercises.”

In addition to his work with Avatao, Pek helped create a bootcamp for student leaders of capture-the-flag teams that competed at the DEFCON conference in 2015. Capture-the-flag exercises offer a good template for the kinds of hands-on learning universities should embrace, he said, since they are accessible to beginners but also challenge experts.

For Sale – Apple MacBook Pro 2017 13″ touch bar model 256GB SSD, SOLD SOLD

Change of plan forces the sale of my Apple MacBook Pro 13″ model 2017 with TouchBar.
It was purchased on these very forums.

Previous for sale thread here;

For Sale – 13” MacBook Pro 2017 with AppleCare until Sept 2020 – £1100

it is in beautiful immaculate condition with a screen to die for and the added bonus (and safety) of AppleCare until the 12th Of September 2020, so over 2 years of warranty left.

Battery count is 9.

Comes boxed with adaptor and lead. Barely used and it shows.

The price is only £950 inclusive of special delivery postage via Royal Mail. My feedback speaks for itself. Collection also welcome. NOW SOLD

Payment via Bank Transfer only.

Price and currency: £950 PENDING SALE SOLD SOLD SOLD
Delivery: Delivery cost is included within my country
Payment method: Bank transfer only
Location: Banbridge County Down Northern Ireland
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Understand Windows Insider Program for Business options

The Windows Insider Program for Business provides features that help IT plan for and deploy GA builds when they arrive.

The Windows Insider Program, which Microsoft introduced in 2014, lets IT try out new features in the upcoming Windows release before Microsoft makes them generally available. Microsoft added the Windows Insider Program for Business in April 2018 to provide organizations with tools to better prepare for upcoming releases.

Windows Insider Program for Business

Microsoft designed the Windows Insider Program for Business specifically for organizations to deploy preview builds from Windows 10 and Windows Server to participating employees for testing before they are GA.

IT pros can register their domains with the service and control settings centrally rather than registering users or configuring machines individually. Individual users can also join the Windows Insider Program for Business on their own, independently of IT’s corporate-wide review.

Microsoft designed the Windows Insider Program for Business specifically for organizations to deploy preview builds from Windows 10 and Windows Server to participating employees for testing before they are GA.

The preview builds don’t replace the channel releases because IT doesn’t deploy the new builds across its organization. They’re simply earlier Windows 10 builds IT teams can use to prepare their organizations for the updates.

The Windows Insider Program for Business preview build releases make it possible for IT to implement new services and tools more quickly once the GA release is available. The previews also help IT ensure that Microsoft addressed data security and governance issues in advance of the release.

The Windows Insider Program for Business allows administrators, developers, testers and other users to see what effect a new release might have on their devices, applications and infrastructures. Microsoft includes the Feedback Hub for IT pros and users to submit reactions about their experiences, make requests for new features and identify issues such as application compatibility, security and performance problems.

Microsoft also offers the Windows Insider Lab for Enterprise, a test deployment for insiders who Microsoft specially selects to test new, experimental or prerelease enterprise security and privacy features. The lab provides insiders with a virtual test infrastructure that comes complete with typical enterprise technologies such as Windows Information Protection, Windows Defender Application Guard and Microsoft App-V.

Getting started with the insider program

Microsoft recommends organizations sign up for the Windows Insider Program for Business and dedicate at least a few devices to the program. IT pros must register their users with the service and set up the target devices to receive preview builds.

Microsoft also recommends that organizations use Azure Active Directory work accounts when registering with the service, whether an organization registers users individually or as part of a domain account. A domain registration makes it easier for IT to manage the participating devices and track feedback from users across the organization. Users that want to submit feedback on behalf of the organization must have a domain registration, as well.

IT can install and manage preview builds on individual devices or on the infrastructure and deploy the builds across multiple devices in the domain, including virtual machines. Using Group Policies, IT can also enable, disable, defer or pause preview installations and set the branch readiness levels, which determine when the preview builds are installed.

Microsoft’s three preview readiness branches

IT can configure devices so the preview builds install automatically or allow users to choose their own install schedules. With mobile device management tools such as Microsoft Intune, IT can take over the preview readiness branch settings, assigning each user one of three preview deployment branches.

Fast. Devices at the Fast level are the first to receive build and feature updates. This readiness level implies some risk because it is the least stable and some features might not work on certain devices. As a result, IT should only install Fast builds on secondary devices and limit these builds to a select group of users.

Slow. Devices at the Slow level receive updates after Microsoft applies user and organization feedback from the Fast build. These builds are more stable, but users don’t see them as early in the process compared to the Fast builds. The Slow level generally targets a broader set of users.

Release Preview. Devices at the Release Preview level are the last to receive preview builds, but these builds are the most stable. Users still get to see and test features in advance and can provide feedback, but they have a much smaller window between the preview build and the final release.

Is the Windows Insider Program for Business for everyone?

An organization that participates in the Windows Insider Program for Business must be able to commit the necessary resources to effectively take advantage of the program’s features. To meet this standard, organizations must ensure that they can dedicate the necessary hardware and infrastructure resources and choose users who have enough time to properly test the builds.

An organization’s decision to invest in these resources depends on its specific circumstances, but deploying a Windows update is seldom without a few hiccups. With the Windows Insider Program for Business, IT can avoid some of these issues.

For Sale – Apple MacBook Pro 2017 13″ touch bar model 256GB SSD, SOLD SOLD

Change of plan forces the sale of my Apple MacBook Pro 13″ model 2017 with TouchBar.
It was purchased on these very forums.

Previous for sale thread here;

For Sale – 13” MacBook Pro 2017 with AppleCare until Sept 2020 – £1100

it is in beautiful immaculate condition with a screen to die for and the added bonus (and safety) of AppleCare until the 12th Of September 2020, so over 2 years of warranty left.

Battery count is 9.

Comes boxed with adaptor and lead. Barely used and it shows.

The price is only £950 inclusive of special delivery postage via Royal Mail. My feedback speaks for itself. Collection also welcome. NOW SOLD

Payment via Bank Transfer only.

Price and currency: £950 PENDING SALE SOLD SOLD SOLD
Delivery: Delivery cost is included within my country
Payment method: Bank transfer only
Location: Banbridge County Down Northern Ireland
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple MacBook Pro 2017 13″ touch bar model 256GB SSD, SOLD SOLD

Change of plan forces the sale of my Apple MacBook Pro 13″ model 2017 with TouchBar.
It was purchased on these very forums.

Previous for sale thread here;

For Sale – 13” MacBook Pro 2017 with AppleCare until Sept 2020 – £1100

it is in beautiful immaculate condition with a screen to die for and the added bonus (and safety) of AppleCare until the 12th Of September 2020, so over 2 years of warranty left.

Battery count is 9.

Comes boxed with adaptor and lead. Barely used and it shows.

The price is only £950 inclusive of special delivery postage via Royal Mail. My feedback speaks for itself. Collection also welcome. NOW SOLD

Payment via Bank Transfer only.

Price and currency: £950 PENDING SALE SOLD SOLD SOLD
Delivery: Delivery cost is included within my country
Payment method: Bank transfer only
Location: Banbridge County Down Northern Ireland
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple MacBook Pro 2017 13″ touch bar model 256GB SSD, AppleCare till Sept 2020!, .PENDING SALE

Change of plan forces the sale of my Apple MacBook Pro 13″ model 2017 with TouchBar.
It was purchased on these very forums.

Previous for sale thread here;

For Sale – 13” MacBook Pro 2017 with AppleCare until Sept 2020 – £1100

it is in beautiful immaculate condition with a screen to die for and the added bonus (and safety) of AppleCare until the 12th Of September 2020, so over 2 years of warranty left.

Battery count is 9.

Comes boxed with adaptor and lead. Barely used and it shows.

The price is only £950 inclusive of special delivery postage via Royal Mail. My feedback speaks for itself. Collection also welcome. NOW SOLD

Payment via Bank Transfer only.

Price and currency: £950 PENDING SALE SOLD SOLD SOLD
Delivery: Delivery cost is included within my country
Payment method: Bank transfer only
Location: Banbridge County Down Northern Ireland
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple MacBook Pro 2017 13″ touch bar model 256GB SSD, AppleCare till Sept 2020!, £950 inc.

Change of plan forces the sale of my Apple MacBook Pro 13″ model 2017 with TouchBar.
It was purchased on these very forums.

Previous for sale thread here;

For Sale – 13” MacBook Pro 2017 with AppleCare until Sept 2020 – £1100

it is in beautiful immaculate condition with a screen to die for and the added bonus (and safety) of AppleCare until the 12th Of September 2020, so over 2 years of warranty left.

Battery count is 9.

Comes boxed with adaptor and lead. Barely used and it shows.

The price is only £950 inclusive of special delivery postage via Royal Mail. My feedback speaks for itself. Collection also welcome.

Payment via Bank Transfer only.

Price and currency: £950
Delivery: Delivery cost is included within my country
Payment method: Bank transfer only
Location: Banbridge County Down Northern Ireland
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – 16GB DDR4 RAM (2x 8Gb preferred)

Hi all,

I’m looking to begin my first build, and after some RAM to plan out my setup.
This will be used for the Ryzen 5 2400g processor, so I’d appreciate it you could include model numbers so I can check compatibility.

Please let me know what you have and how much you’re looking for. Preferably I am after 2 x 8GB sticks at 3000 or 3200MHz.

Thanks in advance!

Location: London

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

AppleCare Protection Plan for iMac

AppleCare Protection Plan for iMac.

Brand new and still sealed.

Extend your full Apple warranty to 3 years from date of iMac purchase. Your iMac must be within its first year to be able to extend.

Price and currency: £85
Delivery: Delivery cost is included within my country
Payment method: BT or PPG
Location: Saffron Walden
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference…

AppleCare Protection Plan for iMac

AppleCare Protection Plan for iMac

AppleCare Protection Plan for iMac.

Brand new and still sealed.

Extend your full Apple warranty to 3 years from date of iMac purchase. Your iMac must be within its first year to be able to extend.

Price and currency: £95
Delivery: Delivery cost is included within my country
Payment method: BT or PPG
Location: Saffron Walden
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference…

AppleCare Protection Plan for iMac