Archiv pro štítek: OWASP

The Vanity of Diversity

Let's not talk around the subject here... women are under represented when it comes to speaking or participating in tech conferences. It's a male dominated culture. When I saw Lani Rosales had published, "The Ultimate list of Austin women who can speak at your tech event" in response to the complaint that there are no women speakers available in the tech industry, I called her right away. As co-founder of the world's largest DevOps conference, All Day DevOps, and as one of the core organizers of the global DevSecOps Days series of events, I wanted to hear how the list came together, her motiviation for creating the list and how the tech community has responded to an overt call for women speakers. One of the most surprising topics during our conversation was the continual reference to "the vanity of diversity". Lani is opposed to replacing males speakers just for the sake of having a token female speaker or panelists. As she says it, "Let's not remove male speakers, let's add female speakers." When she said that, it resonated with me. That's how true diversity works: add women, don't subtract men. Lani's vision is to make attendees, all attendees, feel welcome, represented and given the feeling that their way of thinking is welcome in the room, in the conference, and in the community. That's the true reason for diversity, and that's what we'll be talking about today. The Ultimate List of Austin Women Who Can Speak at Your Tech Event https://theamericangenius.com/tech-news/austin-women/

The Vanity of Diversity

Let's not talk around the subject here... women are under represented when it comes to speaking or participating in tech conferences. It's a male dominated culture. When I saw Lani Rosales had published, "The Ultimate list of Austin women who can speak at your tech event" in response to the complaint that there are no women speakers available in the tech industry, I called her right away. As co-founder of the world's largest DevOps conference, All Day DevOps, and as one of the core organizers of the global DevSecOps Days series of events, I wanted to hear how the list came together, her motiviation for creating the list and how the tech community has responded to an overt call for women speakers. One of the most surprising topics during our conversation was the continual reference to "the vanity of diversity". Lani is opposed to replacing males speakers just for the sake of having a token female speaker or panelists. As she says it, "Let's not remove male speakers, let's add female speakers." When she said that, it resonated with me. That's how true diversity works: add women, don't subtract men. Lani's vision is to make attendees, all attendees, feel welcome, represented and given the feeling that their way of thinking is welcome in the room, in the conference, and in the community. That's the true reason for diversity, and that's what we'll be talking about today. The Ultimate List of Austin Women Who Can Speak at Your Tech Event https://theamericangenius.com/tech-news/austin-women/

Create and Manage Internal Tech Conferences

I produced my first concert at the San Anselmo Playhouse in 1979. It was the first in a series of events that has lasted 40 years. I have produced more than 300 events and participated in many hundreds more as a speaker and participant. As the producer of this many events, I have an internal map of what to do to make an event successful, the steps to create and manage the logistics of an event, and how to promote them. All Day DevOps, a live online conference I co-founded with Derek Weeks, has over 30,000 registrations yearly. This type of involvement gives me a unique perspective into why an event is successful. In the past few years, I've been sketching out a "How To.." manual on producing successful events. When the book "Building Internal Conferences" came across my radar, my first thought was "Good! Something I won't have to do." After looking through the book, I called authors Matthew Skelton and Victoria Morgan-Smith to trade stories on tips and tricks for managing successful events. You might ask yourself at this point, "Why is this being covered on a tech podcast?" With so much to choose from when it comes to webinars, meetups, user groups and conferences, many companies are choosing to host their own event internally, or participate as supporters of a regional event. Industry conferences such as DevOps Days, DevSecOps Days, and SharePoint Saturday are run by local teams who are engaged in community development and education. This episode of the DevSecOps Podcast focuses on helping you as an event organizer avoid the "Epic Failures" that would stop your event from being a success. Where to find the book: https://confluxdigital.net/conflux-books/book-internal-tech-conferences

Create and Manage Internal Tech Conferences

I produced my first concert at the San Anselmo Playhouse in 1979. It was the first in a series of events that has lasted 40 years. I have produced more than 300 events and participated in many hundreds more as a speaker and participant. As the producer of this many events, I have an internal map of what to do to make an event successful, the steps to create and manage the logistics of an event, and how to promote them. All Day DevOps, a live online conference I co-founded with Derek Weeks, has over 30,000 registrations yearly. This type of involvement gives me a unique perspective into why an event is successful. In the past few years, I've been sketching out a "How To.." manual on producing successful events. When the book "Building Internal Conferences" came across my radar, my first thought was "Good! Something I won't have to do." After looking through the book, I called authors Matthew Skelton and Victoria Morgan-Smith to trade stories on tips and tricks for managing successful events. You might ask yourself at this point, "Why is this being covered on a tech podcast?" With so much to choose from when it comes to webinars, meetups, user groups and conferences, many companies are choosing to host their own event internally, or participate as supporters of a regional event. Industry conferences such as DevOps Days, DevSecOps Days, and SharePoint Saturday are run by local teams who are engaged in community development and education. This episode of the DevSecOps Podcast focuses on helping you as an event organizer avoid the "Epic Failures" that would stop your event from being a success. Where to find the book: https://confluxdigital.net/conflux-books/book-internal-tech-conferences

Securing the Software Supply Chain – Live Panel for International Conference on Cyber Engagement

In April 2019, I was invited to host a panel at the International Conference on Cyber Engagement in Washington DC, to discuss "Securing the Software Supply Chain". On the panel were four of the top voices in software supply chain management: - Edna Conway, Chief Security Officer, Global Value Chain, at CISCO - Joyce Corell, Assistant Director, Supply Chain and Cyber Directorate, National Counterintelligence and Security Center, US Office of the Director of National Intelligence - Bob Kolasky, Director, National Risk Management Center, Cybersecurity and Infrastructure Security Agency, US Department of Homeland Security - Dr. Suzanne Schwartz, Associate Director for Science & Strategic Partnerships, Center for Devices & Radiological Health, US Food & Drug Administration This episode of the DevSecOps Podcast is the full session from the conference. It is an extended session, running an hour and a half, significantly longer that our usual broadcast. I think you'll find it worth the time. Thank you to the ICCE for allowing rebroadcast of the panel. Pull up a chair, sit back, and listen in as we discuss Securing the Software Supply Chain.

Securing the Software Supply Chain – Live Panel for International Conference on Cyber Engagement

In April 2019, I was invited to host a panel at the International Conference on Cyber Engagement in Washington DC, to discuss "Securing the Software Supply Chain". On the panel were four of the top voices in software supply chain management: - Edna Conway, Chief Security Officer, Global Value Chain, at CISCO - Joyce Corell, Assistant Director, Supply Chain and Cyber Directorate, National Counterintelligence and Security Center, US Office of the Director of National Intelligence - Bob Kolasky, Director, National Risk Management Center, Cybersecurity and Infrastructure Security Agency, US Department of Homeland Security - Dr. Suzanne Schwartz, Associate Director for Science & Strategic Partnerships, Center for Devices & Radiological Health, US Food & Drug Administration This episode of the DevSecOps Podcast is the full session from the conference. It is an extended session, running an hour and a half, significantly longer that our usual broadcast. I think you'll find it worth the time. Thank you to the ICCE for allowing rebroadcast of the panel. Pull up a chair, sit back, and listen in as we discuss Securing the Software Supply Chain.

Tel Aviv and the 2019 Global AppSec Conference

When I think of Tel Aviv, I imagine a robust, young culture, living a good, fun life. Not only is the culture conducive to a young life style, its tech industry continues to gain traction. As Wired Magazine said last August, "Israeli startups have always been high on Silicon Valley shopping lists, but Tel Aviv is beginning to shake off its reputation as Europe’s exit capital." Zebra, the medical diagnostics company, MyHeritage online family tree service, Via ride sharing service, and the Waze navigation app, as well as dozens of other influencial start-ups call Tel Aviv home. This places Tel Aviv at the heart of the tech industry in Isreal and encourages conferences and gatherings on a regional, as well as global scale. In this broadcast, I speak with Avi Douglen and Ofer Moar, co-chairs of the upcoming Global AppSec Conference in Tel Aviv. They are both active participates in OWASP and the security community. I called them to find out more about the conference, how it's different from other conferences and what participants can expect as takeaways from the event. More information and registration: https://telaviv.appsecglobal.org/

Tel Aviv and the 2019 Global AppSec Conference

When I think of Tel Aviv, I imagine a robust, young culture, living a good, fun life. Not only is the culture conducive to a young life style, its tech industry continues to gain traction. As Wired Magazine said last August, "Israeli startups have always been high on Silicon Valley shopping lists, but Tel Aviv is beginning to shake off its reputation as Europe’s exit capital." Zebra, the medical diagnostics company, MyHeritage online family tree service, Via ride sharing service, and the Waze navigation app, as well as dozens of other influencial start-ups call Tel Aviv home. This places Tel Aviv at the heart of the tech industry in Isreal and encourages conferences and gatherings on a regional, as well as global scale. In this broadcast, I speak with Avi Douglen and Ofer Moar, co-chairs of the upcoming Global AppSec Conference in Tel Aviv. They are both active participates in OWASP and the security community. I called them to find out more about the conference, how it's different from other conferences and what participants can expect as takeaways from the event. More information and registration: https://telaviv.appsecglobal.org/

Persectives on the „Sec“ in DevSecOps w/ Tanya Janca

If you've read the Phoenix Project, you'll remember Brent, the indispensable cog on the operations team. Brent was a good guy, he wanted to do the right things, all of the right things, but was pulled in all directions because of the lack of a unified plan for the company's project workflow. But what if Brent didn't want to do the "right" thing? What if Brent was more interested in the convenience of getting his work done than he was in the overall health and output of the project. What if he deployed to production without checking into SourceSafe, not just once, but for years. From Tanya janca: I went to our trusty code repository, took a copy of the most recent code. I went looking for the bug, and I couldn't even find it. And then I'm running it locally, and I'm looking at the real one in prod. And they're completely different. I'm like, "What would have happened if I had pushed to prod? If I fixed that bug, and pushed to prod, and not noticed the difference?" And he's like, "All my work would have been gone. That would have been your mistake." I'm like, "Are you kidding?" He's like, "It's just easier if I check it in directly, if I just edit it right on the web server. It's just easier for me." I'm like, "Oh. Is it easier to do a shitty job? No. No, no, no. In today's episode, Tanya Janca, Cloud Security Advocate, Microsoft, expands on her just published article, "DevSecOps: Securing Software in a DevOps World", clarifying each of the 5 tactics she uses to integrate not just security into the software development process, but how to manage people as part of that process. Have a listen...

Persectives on the „Sec“ in DevSecOps w/ Tanya Janca

If you've read the Phoenix Project, you'll remember Brent, the indispensable cog on the operations team. Brent was a good guy, he wanted to do the right things, all of the right things, but was pulled in all directions because of the lack of a unified plan for the company's project workflow. But what if Brent didn't want to do the "right" thing? What if Brent was more interested in the convenience of getting his work done than he was in the overall health and output of the project. What if he deployed to production without checking into SourceSafe, not just once, but for years. From Tanya janca: I went to our trusty code repository, took a copy of the most recent code. I went looking for the bug, and I couldn't even find it. And then I'm running it locally, and I'm looking at the real one in prod. And they're completely different. I'm like, "What would have happened if I had pushed to prod? If I fixed that bug, and pushed to prod, and not noticed the difference?" And he's like, "All my work would have been gone. That would have been your mistake." I'm like, "Are you kidding?" He's like, "It's just easier if I check it in directly, if I just edit it right on the web server. It's just easier for me." I'm like, "Oh. Is it easier to do a shitty job? No. No, no, no. In today's episode, Tanya Janca, Cloud Security Advocate, Microsoft, expands on her just published article, "DevSecOps: Securing Software in a DevOps World", clarifying each of the 5 tactics she uses to integrate not just security into the software development process, but how to manage people as part of that process. Have a listen...