Skip to content
View in the app

A better way to browse. Learn more.

hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Tech

Tech Articles from a wide variety of topics and categories
Name : Africa Fraud, Security & Compliance Summit – West Africa 2025
Website: https://www.biiafsc.com/west-africa-edition/
Africa Fraud, Security & Compliance (AFSC) Summit – West Africa 2025
28–29 October 2025 | Lagos Marriott Hotel, Ikeja, Nigeria
The Africa Fraud, Security & Compliance (AFSC) Summit – West Africa brings together the region’s leading regulators, banks, fintechs, and solution providers to strengthen the fight against financial crime and advance digital trust across Africa’s evolving financial ecosystem.
Now in its West Africa edition, the summit will host C-suite executives, compliance leaders, AML specialists, risk professionals, and technology innovators for two transformative days of insights, networking, and collaboration. Discussions will span key themes including AI-driven fraud prevention, AML/CFT innovation, regulatory technology, cyber resilience, and the psychology of fraud.
The event will also feature the prestigious AFSC Awards – West Africa, celebrating organizations and individuals who demonstrate excellence in compliance, innovation, and integrity.
With interactive panel sessions, fireside chats, and an exhibition showcasing cutting-edge technologies, AFSC West Africa 2025 is where strategy meets innovation shaping a secure, compliant, and inclusive financial future for the region.
The post Africa Fraud, Security & Compliance Summit – West Africa 2025 appeared first on CISO MAG | Cyber Security Magazine.
View the full article
Date: November 27, 2025 Location: Spant! Conference Centre, Bussum, Netherlands   On Thursday, 27 November 2025, the annual Cyber Security Experience will take place at Spant! Conference Centre in Bussum. This year’s conference presents a program that focuses on realistic case studies, current threats, and the strategic choices organizations face today at the intersection of technology, security, and governance. One of the central elements is a talk show moderated by Erik Peekel, featuring: Thomas Schmidt (IT & Cybersecurity Lead for the NATO Summit, on behalf of the Ministry of Foreign Affairs) Rick van der Kleij (Professor of Cyber Resilient Organizations, Avans University of Applied Sciences / Senior Researcher at TNO) Corence Klop (Chief Information Security Officer, Rabobank) In this session, they reflect on the organization and cybersecurity of the NATO Summit held on 25 June 2025 in The Hague. They will discuss questions such as: How do you strike the right balance between risk acceptance and control? How do you respond when your organization is suddenly confronted with a digital breach? And what should already be in place beforehand? The program also offers a behind-the-scenes look at one of this year’s most talked-about cybersecurity incidents. Clinical Diagnostics, the laboratory that collaborated with Bevolkingsonderzoek Nederland, was hit by a cyberattack. Agnes Bouwman, MT member for Marketing & Communication, will share how the organization responded and what lessons were learned. Also discover: Vanderlande Industries – In the roundtable “Third Party Risk under Geopolitical Pressure – Navigating Between Regulation and Reality”, Ruud van Oorschot (Senior Groupleader Cyber Defence Organisation & TISO) discusses complex supply chain and third-party risks in an international context. Kennedy Van der Laan – In the session “Deep Dive: Keep Calm and Call Breach Counsel!”, Rosalie Brand(Lawyer & Partner Cybersecurity) addresses the legal aspects of cyber incidents, including AI-driven attacks, evolving regulations, and the role of counsel in crisis management. Van Oord Dredging and Marine Contractors B.V. – In “The Tower of Babel in Security: Making the Case for One CISO Capability Map”, Edwin Franse (CISO) and Milan van der Meer (Enterprise Security Architect) present a practical model for the role of the CISO in complex organizations with diverse responsibilities. In short: an event not to be missed. Book Your Seat The post Cyber Security Experience 2025 appeared first on CISO MAG | Cyber Security Magazine.
View the full article
Explore the latest trends, techniques, and procedures (TTPs) our incident response (IR) experts are actively facing with the TTP Briefing Q3 2025, a report built on frontline threat intelligence from our global incident response investigations, enriched by noteworthy detections from our SOC. 
View the full article
There’s a new DORA report out from Google, but it’s not the usual DevOps one we’ve come to expect – this one is entirely focused on the state of AI-assisted software development.
That’s not too surprising, straight up DevOps is last decade’s news – Gene Kim rebranded the DevOps Enterprise Summit and is publishing vibe coding books, the DevOps OGs like Patrick Debois and John Willis have been focusing on AI building, and so it makes sense that the DORA crew are also poking in that direction.
A lot of the shift in DevOps in recent years has been towards focusing on developer productivity. Whether that’s the rise of platforms to take burden and complexity away from devs, to Nicole Forsgren’s new SPACE metrics that extended her previous Accelerate/DORA metrics that were focused just on software delivery, everyone is keenly aware that unlocking the developers’ ability to create is important.
Companies I work with are really prioritizing that. At ServiceNow, they got Windsurf licenses for all and report a 10% productivity boost from it. And just “we have some AI” isn’t enough, Meta just cut one of their major AI teams because they had “gotten too bureaucratic” and slow so they wanted to move people to a newer team where they could get more done. So companies are taking developer productivity very seriously and spending real money and making big changes to get it.
Understanding Your Software Delivery Performance
As you read the report, you’ll notice that large chunks of it are NOT about AI directly. This first chapter, for example, recaps the important areas from previous DORA reports. It talks about metrics for software delivery and characterizes kinds of teams you see in the wild and their clusters of function and dysfunction. You don’t really get to AI till page 23.
Is this “AI-washing”? If so, it’s justified. People want “AI” to be the solution when they don’t understand their problem, or how to measure whether their problem is solved – AI can help with software engineering and DevOps but it does nothing to change the fundamental nature of any of it, so if you don’t understand the non-AI basics, if you’re handed AI to loose on your company you may as well be an armed toddler.
AI Adoption and Use
The report has good stats that dig deeper than news reports – while 90% of people are “using AI”, in general they use it maybe 1-2 hours out of their day and don’t go to it first all the time.
The thing I found the most surprising was what people were using it for. In my experience folks are using AI for the lighter work more often than actually writing code, but their research showed writing code was by far the most common use case (60%) and stuff like internal communication the least common task (48%) (outside calendar management at 25%, but the tools for that are terrible IMO).
Chatbots and IDEs are the vast majority of how people interact with AI still, integrated tool platforms only have 18% traction.
People do in general believe they’re being more productive from using AI, by a wide margin, and also believe their code quality has gone up! Pure vibe coding makes terrible quality code, I believe this is because how real coders are using AI is more thoughtful than just “write this for me.” And this is borne out in their trust metrics – most people do NOT trust AI output. 76% of respondents trust AI somewhat, a little, or not at all – despite 84% believing it has increased their productivity.
I think that’s super healthy – you should not trust AI output, but if you keep that in mind, it lets you use it and be more productive. You just have to double check and not expect magic. Consider that ServiceNow article I linked above about their Windsurf adoption, it’s not reastic to think AI is going to give you orders of magnitude of coding productivity increase – 10% is great though, more of an improvement than most other things you can do!
AI and Key Outcomes
That leads us into the meatier portion of the report, which is taking the research past “what people think” and trying to correlate real outcomes to these factors. Which is a little ticky, because developer morale is a part of what contributes to delivery and there may be a “placebo factor” where believing AI tools are making you better, makes you better whether or not the tool is contributing!
What they found is that while AI use does really improve individual effectiveness, code quality, and valuable work, it doesn’t help with friction and burnout, and has a significant negative effect on software delivery instability.
So what do we make of increased software delivery instability when we think we’re generating more and better code? And we think the org performance is still doing better? The report doesn’t know either.
My theory is similar to the answer to “why doesn’t everyone run multi-region systems when AWS us-east goes down from time to time?” Just to refresh you on the answer to that one, “it’s more expensive to do it right than to have an outage from time to time.” If you can cram more code down the pipe, you get more changes and therefore more instability. But just like companies gave up on shipping bug-free code long ago, some degree of failure with the tradeoff of shipping more stuff is a net financial win.
AI Capabilities Model
The reason I love DORA is they go deep and try to establish correlation of AI adoption best practices to outcomes. At page 49 is their big new framework for analysis of AI impact on an org. Here’s what they have so far on how specific practices correlate to specific outcomes, with caveats that it’ll take another year of data to know for sure (though AI innovation cycles are month by month, I hope they’ll find a way to get more data more quickly than a yearly cadence).
Platform Engineering
The report then takes another turn back to earlier DORA topics and talks about platform engineering, the benefits, and how to not suck at it.
For those who are unclear on that, you get wins from a platform that is user centric. So many organizations don’t – or deliberately mis- – understand that. You could call all the old centralized IT solutions from previous decades a “platform” – Tivoli, HP WhateverCenter, and so on – but they were universally hateful and got in the way of progress in the name of optimizing the work of some commodity team behind a ticket barrier. (I’ll be honest, there’s a lot of that at my current employer.)
I’m going to go a step farther than the report – if you don’t have a product manager guidlign your platform based on its end users’ needs, your platform is not really a platform, it’s a terrible efficiency play that is penny wise but pound foolish. Fight me.
Anyway, they then say “platforms, you know, it’s the place you can plug in AI.” Which is fine but a little basic.
Value Stream Management
Is important. The premise here is that given the basic premise of value flow (if you don’t know about lean and value streams and stuff, I’ve got a LinkedIn Learning course for you: DevOps Foundations: Lean and Agile), systems thinking dictates that if you accelerate pieces in your workflow you can actually harm your overall throughput, so major changes mean you need to revisit the overall value stream to make sure it’s still the right flow, and measure so you understand how speeding up pieces (like oh say making code) affects other pieces (like oh say release stability).
They find that AI adoption gets you a lot more net benefit in organizations that understand and engineer their value stream.
The AI Mirror
This section tries to address the mix of benefits and detriments we’ve already talked about with AI. It basically just says hey, rethink how you do stuff and see if you can use AI in a more targeted way to improve the bad pieces, so for software delivery try using it more for code reviews and in your delivery pipelines. It’s fine but pretty handwavey.
That’s understandable, I don’t think anyone’s meaningfully figured out how to bring AI to bear on the post-code writing part of the software delivery pipeline. There’s a bunch of hopefuls in this space but everything I’ve kicked the tires on seems still pretty sketch.
Metrics Frameworks
You need metrics to figure out if what you’re doing is helping or not. They mention frameworks like SPACE, DevEx, HEART, and DORA’s software delivery metrics, and note that you should be looking at developer experience, product excellence, and organizational effectiveness. “Does AI change this?” Maybe, probably not as much as you think.
And that’s the end at page 96, there’s 50 pages of credits and references and data and methodology if you want to get into it.
Those last 4 chapters feel more like an appendix, they don’t really flow with the rest of the report. The AI methodology talks about things to do specifically boost your AI capabilities (Clear and communicated AI stance… Working in small batches) which somewhat overlap (Quality internal platforms, User-centric focus) with these later chapters but to a degree don’t. If value stream management is shown to improve your AI outcomes then – why’s it not in the capability model?
I assume the answer is, to a degree, “Hey man this is a work in progress” which is fair enough.
Conclusion
I find two major benefits from reports like this, and judge their success based on how well they achieve them.
Showing clear benefits of something, so you can use it to influence others to adopt it. This report does very well there. One of my complaints about the DORA reports is that in recent years they’d become more about the “next big thing” than about demonstrating the clear benefits of core DevOps practices, so I’d often go back and refer to older reports instead of the newer ones. But here – are people getting benefit from AI? Yes, and here’s what, and here’s what not. Very cleaar and well supported. Telling you how to best go about doing something, so you can adopt it more effectively. The report also does well here, with the caveat of “so much of this is still emerging and moving at hyperspeed that it’s hard to know.” They’ve identified practices within AI adoption and in the larger organization that are correlated to better outcomes, and that’s great. And I do like the mix of old and new in this report. You have to wave the new shiny at people to get them to pay attention, but in the end there are core truths about running a company and a technology organization within a company – value streams, metrics, developer experience, release cadence and quality – that AI or any new silver bullet may change the implementation of, but does not change fundamentally, and it’s a good reminder that adopting sound business basics is the best way to take advantage of any new opportunity, in this case AI.
TL;DR – Good report, use it to learn how people are benefitting from AI and to understand specific things you can do to make your organization benefit the most from it!
View the full article
Date: February 4-5, 2026
Location: Olympia, London, United Kingdom
Website: https://www.cybersecuritycloudexpo.com/global/
Join 9,000+ cybersecurity and tech leaders for two days of expert insights, high-level discussions, and premium networking.
CTOs, IT Directors, Government Officials, Developers, Investors, and industry innovators will gather to explore the latest in cybersecurity and digital transformation.
With 200+ speakers and hundreds of exhibitors, the event delivers real-world strategies, cutting-edge solutions, and actionable knowledge.
The dedicated Cyber Security Expo stage will tackle Europe’s most pressing cybersecurity challenges, from emerging threats to industry-specific innovations. Key sectors covered include finance, healthcare, legal, retail, energy, government, and more.
Don’t miss the chance to expand your expertise, discover new technologies, and connect with decision-makers shaping the future of digital security. Register Now.
While the event is free to attend, the Gold Pass offers all-access benefits, including enhanced networking opportunities. The code is: MP20
Book Your Seat The post Cyber Security & Cloud Expo Global 2026 appeared first on CISO MAG | Cyber Security Magazine.
View the full article
This year, Compuquip proudly celebrates 45 years in business, a journey that began with mainframe computers and has grown into a mission to deliver trusted cybersecurity solutions. Through every evolution, one thing has never changed: our commitment to deep technical expertise and strong customer relationships.
View the full article
GITEX GLOBAL 2025, marking its 45th edition, stands as the world’s largest tech & AI event. For over four decades, it has been the
premiere gateway for tech creators, investors and enthusiasts to collaborate. This year, the event scales new heights, spanning
across two mega venues – Dubai World Trade Centre & Dubai Harbour. It offers an unprecedented 40 halls of exhibition space,
showcasing tech giants and innovative startups in fields like AI, Data Centres, Digi Health & Biotech, Cybersecurity, Intelligent
Connectivity, Green Impact and more.

Prepare for five exhilarating days filled with conferences, live-action workshops, matched concierge networking and business
partnerships. Discover the latest and unseen tech innovations that continue to shape our world.

The GITEX GLOBAL ecosystem encompasses 11 co-located shows: GITEX GLOBAL, GITEX Cyber Valley, GITEX Digi Health & Biotech,
GITEX Green Impact, GITEX Quantum Expo, Global Devslam, Expand North Star, GITEX ScaleX, House of Finance, Marketing Mania,
North Star Green Impact. Central to these shows are innovation, collaboration, and discovery. 200,000+ visitors will explore real-
world applications of AI and source latest innovations that reduce operating costs and enhance business efficiency.
For More Information: Visit GITEX GLOBAL 2025
The post GITEX GLOBAL 2025 appeared first on CISO MAG | Cyber Security Magazine.
View the full article
Security teams are stretched thin. SOC analysts face constant alert volume, long hours, and a never-ending stream of investigations. Even the most advanced security stack can’t change one fact: people power your defense.

That’s why Empowerment is the fourth pillar of the CQ Blue AI strategy — and the true heart of the SOC Triage Agent. While the first three pillars (Efficiency, Accuracy, and Speed) transform operations, Empowerment ensures analysts remain at the center of it all. This is AI that amplifies human intelligence, not replaces it.
View the full article
Date: October 8-9, 2025
Location: Marina Bay Sands Expo and Convention Centre, Singapore
Website: https://www.singaporetechnologyweek.com/cyber-security-world/
Cyber Security World Asia 2025 returns on 8 – 9 October 2025!
Over two days, you can:
Explore leading technologies that safeguard your enterprise Benchmark solutions side by side for resilience and risk management Get practical insights from experts on securing your digital future If strengthening your cyber resilience, protecting customer trust, and ensuring compliance are on your agenda this year, this is the place to make it happen.
See you this 8-9 October, together with thousands of other cybersecurity professionals representing organisations such as A*STAR, Airbus, Coalition of Cybersecurity in Asia-Pacific, DSTA, Prudential, The Coca-Cola Company and more.
Register Today The post Cyber Security World Asia 2025 appeared first on CISO MAG | Cyber Security Magazine.
View the full article
Cybereason is continuing to investigate. Check the Cybereason blog for additional updates.    Last update: Oct 7, 11am EST     Overview and What Cybereason Knows So Far
July 2025, Oracle releases security updates including 309 patches, which included nine that addressed flaws/vulnerabilities in Oracle E-Business Suite (EBS). July 2025 (end of) through September 2025 (beginning of), Cybereason has assessed based on emerging evidence and ongoing forensic investigations, that CL0P orchestrated an Intrusion Path that allowed for unauthorized access to on-premise, customer-managed Oracle E-Business Suite (EBS) solutions, enumerated accessible and stored data, and conducted data exfiltration. September 2025 (end of) through October 2025 (beginning of), a widespread orchestrated email extortion campaigns emerged targeting users of on-premise, customer-managed Oracle E-Business Suite (EBS) and requesting contact with CL0P in order to not expose data allegedly exfiltrated. October 2025 (beginning of), Cybereason is aware of ongoing investigations in which CL0P has provided proof of data. CL0P does not appear to have named new victims associated with this incident as of October 4, 2025. October 5, 2025, Oracle confirms CVE-2025-61882 in Oracle E-Business Suite (EBS). This vulnerability was remotely exploitable without authentication (i.e., it can be exploited over a network without the need for a username and password). Successful exploitation can lead to remote code execution (RCE). October 7, 2025, Cybereason confirms earliest evidence of threat actor activity occurred August 9, but is subject to change based on ongoing investigations.  View the full article
The following is the list of changes as part of content update:
Changelogs
Added SaaS Release Changelogs for Sep 20,2025 Release Site Updates
Added new Maintenance and Deployment Schedules guide to inform customers about planned upgrade windows. View the full article
Cybereason Security Services recently analyzed an investigation into a broader malicious Chrome extension campaign, part of which had been previously documented by DomainTools. While earlier iterations of this campaign involved the impersonation a variety of services, the latest version shifts focus to Meta (Facebook/Instagram) advertisers through a newly crafted lure: “Madgicx Plus,” a fake AI-driven ad optimization platform. Promoted as a tool to streamline campaign management and boost ROI using artificial intelligence, the extension instead delivers potentially malicious functionalities capable of hijacking business sessions, stealing credentials, and compromising Meta Business accounts. Notably, several domains associated with earlier parts of the campaign have been repurposed to promote this new theme, highlighting the operators’ tendency to recycle infrastructure while adapting their social engineering strategy to new targets.
View the full article
Image made by AI! Oh, the irony! Boy, that AI, it’s to blame for so many things isn’t it!
AI causes layoffs! AI causes bad journalism! AI causes headaches for recruiters! AI causes ethics violations! But here’s the truth, AI doesn’t cause any of this – people do.
All these things are human decisions. “AI” didn’t cause that layoff or any of these other things. It’s a handy technology, and just like the PC or mobile, it allows us to disrupt and change things, but it’s not “causing” anything.
And to be honest, most “AI-caused layoffs” are a barefaced lie. Just like most RTO mandates are clandestine layoffs, CEOs have realized that you can now have a layoff or hiring freeze and say “because of our use of AI” and your stock goes up instead of down. So that’s what they say. Speaking as a technology consultant whose team is involved in a lot of large AI implementations, except for large call center or “digital piecework” shops, no one is really using AI enough already that it’s truly laid off large numbers of staff, and certainly all developer layoffs attributed to AI so far are layoffs they just wanted to do regardless.
Every decade has its new technology silver bullet. In the after-times, we remind ourselves that there is no such thing as a silver bullet and it’s always more complicated than that. Then we forget and fall in love with the newest silver bullet, and the shinest teflon-coated hollow-point silver bullet is AI. But that’s just tech business as usual.
The core problem here is that personification of AI is very deliberately being used to shift blame and pass the buck.
Remember when Mark Zuckerberg went before Congress and kept trying to blame “the algorithm” for fanning political extremism, as if it wasn’t just software his company had built? This is the same playbook, scaled out, substituting in “AI” as the boogeyman.
Whenever any AI exec talks about AGI or “we the tech oligarchs are also scared of AI, it may be alive and coming to get us!” they are very deliberately trying to play a shell game of brandishing something that you all can identify as a blame-bearing entity in front of them so that they, their company, and their practices can have plausible deniability. No no, it’s “the AI” that stole all of your IP, or told you to drive your car off a cliff, not us. But the only reason you think it’s different than “a person at that company told you to do that” is the use of disinformation, wealth, and power to snooker you.
In many use cases, AI isn’t better, it’s just cheaper, and it’s only cheaper right now when trillions of dollars are being poured into defraying its cost. No one wants an AI drive-through – it’s slower and harder to fix mistakes. Companies only pitch it as the ‘better option’ when the alternative is an underpaid, burned-out worker. That’s a false choice.
This false choice is set up for you by companies that don’t care about your experience but want to save money. They’re the ones who only want to pay minimum wage, or have your support phone calls go to another country, or whatnot, and have already done that at the expense of you as a customer. The real option, doing it well in the first place, is always on the table. Don’t let them play you like a toddler and ask you “which of these two shirts you want to wear today.”
Over the millennia, people have always found a scapegoat for exploitation. First it was “the gods,” then “the laws,” then “the algorithm,” and now it’s “the AI.” Always keep in mind that all of these are only masks for one person – The Man. It’s not the mask taking the actions, it’s the people hiding behind them. Don’t get suckered into the shell game. Hold the real decision-makers accountable.
Demand better. Don’t be decieved into framing decisions and outcomes as being “caused by” AI. Journalists are the *worst*, they gave up on real reporting already in favor of “what someone said on Twitter,” and they are now happily replacing that with “ChatGPT says”, as if that’s thoughtful analysis.
View the full article
This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. (It’s not a real sabbatical—I’m just an adjunct—but it’s the same idea.) I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the University of Toronto.
I will be organizing a reading group on AI security in the fall. I will be teaching my cybersecurity policy class in the Spring. I will be working with Citizen Lab, the Law School, and the Schwartz Reisman Institute. And I will be enjoying all the multicultural offerings of Toronto.
It’s all pretty exciting.
View the full article
Date: November 11, 2025
Location: Hilton London Canary Wharf, London, United Kingdom
Website: https://cybersecureforum.co.uk/
Cyber Secure Forum – Your One-Day Gateway to High-Value Connections
Celebrating 10 years of bringing industry leaders and innovative solution providers together for a day of powerful networking, insights, and business growth.
This year marks our 10th anniversary, and we’re making it our biggest and most impactful Cyber Secure Forum yet.
We know your time is valuable, so we make it count. Simply tell our team who you’d like to meet, and we’ll create a personalised itinerary of one-to-one meetings matched to your needs, preferences, and live projects – so you can focus on what matters most.
As a buyer, your FREE pass includes:
A tailored itinerary of pre-arranged one-to-one meetings Full hospitality throughout the day, including lunch & refreshments Multiple networking opportunities with industry peers Access to our expert-led educational seminar programme Flexible attendance options to suit your schedule Register your FREE pass here via our quick booking form.
For more details on what you can expect as a buyer, contact Josh Kingsmill on 01992 374100 or [email protected] .

Are you a supplier to the industry?
Meet face-to-face with pre-qualified, senior decision-makers who have asked to meet you specifically to discuss your products and services – and are actively seeking solutions for upcoming projects.
Your supplier package includes:
A schedule of one-to-one meetings with your chosen prospects A fully equipped stand with electrics, furniture & name board Lunch & refreshments for the full day Detailed delegate profiles in advance Your logo featured in all event marketing Inclusion in our supplier networking sessions Buyers attending are seeking solutions in areas such as:
UK Cyber Strategy Data Protection Access Control Authentication Cloud Business Continuity Identity Access Management Multi-Factor Authentication AI & Machine Learning Application Security …and much more.
For more information on supplier partner packages, contact our Event Manager:
[email protected] | 01992 374078
Book Your Seat The post Cyber Secure Forum appeared first on CISO MAG | Cyber Security Magazine.
View the full article
Date: August 21, 2025
Location: JW Marriott, Juhu, Mumbai
CISO Connect India 2025 is a premier cybersecurity leadership summit bringing together top CISOs, cybersecurity leaders, and technology innovators to discuss emerging threats, best practices, and future strategies. The Mumbai edition will serve as a high-impact networking platform where decision-makers from leading enterprises, government bodies, and global security providers converge to share insights and drive collaborations.
This year’s event will feature keynote sessions by industry veterans, panel discussions on next-gen cybersecurity trends, and interactive workshops. With a curated audience of over 120 security leaders, the event ensures an exclusive opportunity for thought leadership, meaningful engagement, and brand visibility for participating partners.
The post CISO India Connect 2025 – Mumbai appeared first on CISO MAG | Cyber Security Magazine.
View the full article
Atlassian’s Bitbucket Cloud has tightly integrated CI/CD capabilities via its Bitbucket Pipelines feature set. However, some of our Bitbucket Cloud and Bitbucket Data Center customers still use Jenkins for CI/CD. In this blog, I present a practical walkthrough of the benefits of Bitbucket Pipelines over a tool like Jenkins in the context of two key stats from our recent State of DevEx 2025 report. These stats serve serve as motivation for why teams should move to a tightly integrated, cloud native SAAS offerings like Bitbucket Cloud with Bitbucket Pipelines, rather than self-hosted on-prem CI/CD tools like Jenkins.
What is DevEx
First, let’s quickly review what DevEx is and briefly touch on why it’s important.
There’s even a Knuth quote about DevEx:
Knuth says:
“The enjoyment of one’s tools is an essential ingredient of successful work.”
DevEx is important because developers working in an environment with a good developer experience spend more time building software and solving problems for their customers, and less time doing other less valuable work.
State of DevEx Report 2025
Atlassian produces a State of DevEx report every year. We interview thousands of developers and development leaders and ask questions about their teams’ development experiences. I want to focus on two stats from the 2025 report.
First:
“50% of developers now report losing more than 10 hours of their working week due to inefficiencies.“
This stat is wild to me. If a developer works a 40-hour week, that means 25% of their time is lost to friction in the development process. Developers tend to work long hours to hit project deadlines. If these 10 hours a week could be recouped, we’d be happier and get more done.
Second:
“Developers are only spending 16% of their time every week writing code.“
This means that developers spend 84% of their time searching for information, context switching between tools, in meetings, and fighting with tech debt. If we could shift even a fraction of that time to building software and solving problems, we’d all be happier and better able to ship features to our customers.
Please keep these two stats in mind as you continue.
What it takes to get a new Jenkins box up and running
I decided to setup a new Jenkins box on AWS, integrate it with Bitbucket, and get it building, testing, and deploying my code using a Jenkinsfile. The following sections provide some insight into the setup process and future work I’d be taking on to continue using Jenkins.
Create an EC2 box and install Jenkins and its dependencies
The first thing I did was create an AWS EC2 box in ca-central-1. Then, I installed Jenkins and its dependencies following the Jenkins documentation. The image above shows some of the AWS infrastructure I created and some of the commands necessary to install and configure Jenkins and its dependencies.
This was fairly straightforward, as the documentation was good. When I finished this process, I had a single Jenkins box running on a single AWS EC2 server. However, there are problems with what I had setup. A single node isn’t highly available, resilient, or durable. I’d need additional infrastructure to make this a service I could roll out to my team and other teams.
Also, I’m not an expert in AWS EC2 networking or Linux security, and I’m unsure if I implemented security best practices. I will likely have security vulnerabilities to address in the future, and I will definitely have to patch the box and the software as new vulnerabilities arise.
I’ve created tech debt for myself.
Install some plugins
https://dam-cdn.atl.orangelogic.com/AssetLink/sa3hc0ll272qbw4huwq01mc3dmw84x20.mp4 After I got the Jenkins box up and running, I needed to install some plugins to make it work the way I wanted it to. I didn’t know I needed to install these plugins so I spent some time fumbling around Stack Overflow and the Jenkins documentation until I figured it out.
I eventually installed plugins for Git, Docker, and Bitbucket. The plugin install process is simple and none of the plugins I installed required plugin specific setup. Going through the UI to install the plugins I noticed that there are literally hundreds of plugins available. While having all these plugins available for Jenkins is great, it seems like a lot of them simply provide functionality that Bitbucket Cloud and Pipelines offers out of the box.
For example:
Git is available in every build by default and the Bitbucket Pipelines runtime automatically clones relevant repos. Bitbucket Pipelines is entirely docker-native with full support for “Docker-in-Docker” setups and docker buildx. Bitbucket Pipelines comes fully integrated with Bitbucket Cloud and all the other Atlassian tools by default. The key takeaway for me is that, although Jenkins’ library of plugins is vast, many of them exist to provide the bare essentials. The idea of managing a system with potentially hundreds of plugins enabled, that all needed to be updated from time to time, gave me anxiety.
Integrate Jenkins with Bitbucket
https://dam-cdn.atl.orangelogic.com/AssetLink/pq13lfi747pqw44kisj8y7e2u8p587bv.mp4 After I got the plugins installed I setup the integration between Bitbucket and Jenkins. I wanted Jenkins to run the pipeline defined in my Jenkinsfile whenever I pushed to a branch, created a pull request, or merged a branch to my production branch. This was easy to setup and get working.
At this point I had two separate systems up and running, Bitbucket Cloud and Jenkins, and an integration between them. Now, I could move on to actually setting up a Jenkins pipeline to build, test, and deploy my software.
Configure a Jenkins pipeline
From the Jenkins main page I had the option to create a New Item.
From here I had to choose from one of the six options.
I wasn’t sure sure what I wanted so I was off to the Jenkins documentation to learn. I guessed that I wanted a Pipeline so I started reading about that, and luckily I was correct. The pipeline screen provided a bunch of configuration checkboxes and options to setup what I wanted. After some reading, I got what I needed setup.
https://dam-cdn.atl.orangelogic.com/AssetLink/3475vk611sp26m5r40jiwul5g5qfw463.mp4 This part of the process is pretty similar to every other CI/CD product on the market. Setup some data in the product and write a config file that lives in the repository that details the various analysis, build, test, and deploy steps you want. All that was left was to write a proper Jenkinsfile.
Write a Jenkinsfile; Time to learn Groovy
https://dam-cdn.atl.orangelogic.com/AssetLink/a3q4x5q6i80xffuftj6kmn15vh2ih813.mp4 While Bitbucket and other vendors use YAML for their CI/CD configuration, Jenkins uses Groovy. This means I have to learn a completely separate language just to use Jenkins, in addition to learning the Jenkinsfile syntax. I don’t know Groovy, and I don’t want to pick up yet another language just to use one specific tool. Luckily, I had Rovo Dev CLI to help me write the Jenkinsfile.
Rovo is Atlassian’s platform-wide AI solution. Rovo Dev CLI is a terminal-based way of interacting with the Atlassian platform. It provides all of the expected coding support that other AI tools provide, AND it lets me interact with my Atlassian products.
After I got it to build a Jenkinsfile for me, I told it to update the Jira issue I was using to track my work. This is pretty handy as it saves me from having to jump into Jira, search for the Jira issue, and manually type the updates. This improves my DevEx because I spend less time clicking around a UI in my browser and more time in my dev tools.
Now, I want to talk about a couple other bits of work that came up as part of the process of standing up a Jenkins box.
Emergent work
At this point I had Jenkins up and running and building, testing, and deploying my code. I suspected that my networking and EC2 setup were probably not up to standards and would require some attention.
Tickets from Cloud Engineering
Turns out I was right.
My new EC2 box wasn’t standards-compliant. Atlassian Cloud Engineering maintains standards for infrastructure running in AWS. I got three tickets from cloud engineering for things I needed to patch, update, and install on my EC2 box to make it compliant with Atlassian standards.
The wiki pages describing the required steps for each of the tickets were substantial. The work wasn’t hard to complete, but it pulled me away from building software and solving problems for my customers. I was spending time administering Jenkins. This is a prime example of that 16% / 84% statistic from the State of DevEx report I reference earlier.
Every company I’ve worked for has had their own standards for how to setup and configure infrastructure, so this isn’t an Atlassian specific problem.
User access control? Availability? Reliability? Durability?
My current setup has only a single Jenkins node. That isn’t production ready. I need more nodes for redundancy and I need to setup some kind of a backup process to recover from failures.
Another problem is scaling. I don’t want to pay for multiple EC2 boxes when no one is running builds. I also don’t want to be compute constrained when my team is trying to run hundreds of concurrent builds, or running extensive test suites in QA.
Setting up more nodes, backup and recovery, and auto-scaling is going to be a ton of work that I just don’t have to do with modern SAAS systems like Bitbucket Cloud.
Bitbucket Pipelines features that improve the DevEx
Now, let’s switch gears for a second and look at some features of Bitbucket Pipelines that improve the developer experience. We’ll start off with an extremely powerful tool called Dynamic Pipelines.
Dynamic Pipelines
https://dam-cdn.atl.orangelogic.com/AssetLink/0a0s5t6460u1e2le5yu7upuwb1y57w6o.mp4 Dynamic Pipelines are a way for engineering or platform teams to create standards-compliant pipelines and then push them out across one or more Bitbucket workspaces. Dynamic Pipelines are defined in code using Atlassian’s Forge platform. They can be as simple as injecting a single step into the pipelines of repositories in a workspace or as complex as dynamically generating standards compliant, always up to date, best practice workflows from nothing but a few labels in a YAML file.
As you might guess, there are numerous benefits to this capability.
For example, using Dynamic Pipelines, a central security or compliance team can guarantee that a set of static analysis and security scanning steps are executed in every pipeline that runs in a workspace. What’s even better is that those static analysis and security scanning steps don’t need to be defined in the bitbucket-pipelines.yml file in each repository; The steps are injected by dynamic pipelines at runtime, using configuration defined by the central team.
Furthermore, when the organization decides to change the set of static analysis and security scanning steps they want to run, they can update the dynamic pipeline once and all pipelines in the workspace will automatically start running the new steps without engineers having to manually update individual bitbucket-pipelines.yml files. This reduces maintenance work and helps organizations quickly adapt to changing requirements and technologies.
In addition, engineers are no longer required to know the exact process to use each of the static analysis and security scanning tools since the correctly configured steps are injected automatically at runtime.
Critical to note though, is that Dynamic Pipelines do not prevent teams from still writing their own YAML workflows if they want to. Dynamic Pipelines are smart enough to enable centralized standards compliance whilst still retaining individual team autonomy.
Dynamic Pipelines improve the developer experience by reducing the number of lines of YAML they have to maintain, and frees up engineers’ cognitive capacity to focus on building software and solving problems for customers by reducing the amount of brain power they spend maintaining CI/CD.
You can learn more about Dynamic Pipelines here, here, and here.
AI assisted pipelines
https://dam-cdn.atl.orangelogic.com/AssetLink/8c6p6013m67w5s7hq6802ss8342cp0c2.mp4 AI-assisted pipelines are like having a build engineering sitting beside you to help you fix problems in your pipeline. When a pipeline step fails, Rovo will look at things like the code being deployed, the pipeline’s configuration, and pipeline logs to determine what happened and how to fix it.
Without AI, we all have to do this manually, and it can be awful. I don’t like looking through 230570238509 lines of logs to figure out what broke and neither does any other engineer I know. I’d rather have someone else solve this kind of problem for me so I can focus on building stuff.
AI-assisted pipelines directly addresses the 16% / 84% stat mention earlier by reducing the amount of time I spend digging through logs and searching for information.
Self-Hosted Runners
By default, Bitbucket Pipelines executes all steps on Atlassian cloud hardware. This works well for many customers, but some customers have compliance regimes meaning they need to run some of their steps on their own hardware, behind their firewall. Bitbucket Cloud’s self-hosted runners makes this simple, allowing teams to run a single step, all the way up to an entire pipeline, on their infrastructure – still orchestrated from Bitbucket Cloud.
To use self-hosted runners, teams create a runner and register it with Bitbucket. This process is a couple of clicks in the UI.
Once the runner is registered in Bitbucket, teams can add the runs-on tag to their bitbucket-pipelines.yml file to tell Bitbucket Pipelines to execute that particular step on the runner. Teams can also give specific runners unique tags and then add those tags to the same runs-on section to distribute specific pipelines or steps to specific individual runners.
In this way teams can setup as many runners as they need, with specific resources and access for the task they’re going to perform, and Bitbucket will ship work to them as required. With this approach teams can run most of theirs steps on Atlassian hardware whilst distributing specialized workloads onto their own hardware. This hybrid approach gives them the best of both worlds.
Size parameter
Different steps in a CI/CD pipeline can require different amounts of memory and take different amounts of time to execute. With the size parameter, teams can control the amount of CPU and memory resources available to each individual step. This lets them fine tune their resource usage.
By default, if the size parameter is not specified, Bitbucket runs the step with a 1x size parameter, which is a runner with 2 CPUs and 4 GB of memory and is the least expensive runner to use. This helps keep costs to a minimum by default.
When a team has a step that is taking too long to execute or requires more memory, they can add the size parameter to the step and get access to up to 32 CPUs and 64 GB of memory. In this way, teams can tailor their resource usage to have sufficient performance while being as inexpensive as possible.
DORA metrics in Jira and Compass
Bitbucket is tightly integrated with the rest of the Atlassian platform. For developers, that means it automatically ships CI/CD metric information to other Atlassian products. In particular, it is easy to get access to DORA metrics in both Jira, and Compass. The data is available in Jira, and Compass automatically, with no additional configuration.
This means you can add DORA metrics to your Compass components.
And you can view DORA metrics in Jira reports.
With the tight integration of Bitbucket with the Atlassian platform, teams don’t have to setup yet another tool to track and calculate their DORA metrics. They get them for free, out of the box.
How to migrate to Bitbucket Pipelines from Jenkins
I strongly encourage everyone who is using both Bitbucket and Jenkins to consider migrating to Bitbucket Pipelines. Doing this will improve your developer experience, allow you to spend more time building software and solving problems for your customers, and spend less time on server setup, configuration, and maintenance.
To that end, Atlassian provides a tool to help migrate declarative Jenkins pipelines to Bitbucket Pipelines by converting Jenkinsfiles to bitbucket-pipelines.yml files. You can find information about this process by following the QR code or the link above.
You can also try converting Jenkinsfiles to bitbucket-pipelines.yml files yourself using the Rovo Dev CLI, which is currently in Beta.
Useful Links
Rovo Dev CLI
Bitbucket Cloud
Bitbucket Pipelines
Dynamic Pipelines
How to migrate Jenkins to Bitbucket Pipelines
Why Bitbucket Pipelines over Jenkins
The post To Bitbucket from Jenkins: Enhancing Developer Experience appeared first on Work Life by Atlassian.
View the full article
On July 31, 2025, 24By7Security celebrates its 12th anniversary of being in operation. Looking back over the past 12 years, we are proud of the difference we have made for our clients—helping them strengthen their cybersecurity posture and achieve compliance, while continuously improving our own processes and deliverables. With many 5-star reviews and positive client testimonials, we like to keep improving our processes and deliverables, and to gain efficiencies. With over 85% of our clients returning year after year, more than 3,400 risk assessments completed across 850 locations, and steady business growth, we find it valuable to pause and reflect on our journey - seeing the path we have taken and how we have helped our clients strengthen their resilience.
In this post, we highlight 12 real‑world cyber resilience wins where we tackled client challenges and enabled them to mature in their cybersecurity strategies.

View the full article
Cybereason is actively investigating exploitation attempts of these vulnerabilities. Check the Cybereason blog for additional updates.    Key Takeaways
Two zero-day vulnerabilities discovered in on-premise Microsoft SharePoint servers, tracked as CVE‑2025‑53770 and CVE‑2025‑53771. Affected versions include: Subscription Edition – KB5002768, SharePoint 2019 – KB5002754, SharePoint 2016 – KB5002760.  If exploited, these vulnerabilities could allow for remote code execution (RCE).  Cybereason has observed ongoing active exploitation attempts of these vulnerabilities through our Global SOC monitoring.  With this exploit, we recommend taking an “assume compromised” posture, immediately patching impacted versions, and conducting incident response historical look back.  View the full article
The following is the list of changes as part of the F5 Distributed Cloud Services documentation update:
Data Residency and Processing Reference
Updated the “Data Residency and Processing Reference” document to include MongoDB, Inc sub-processor for F5 Distributed Cloud Services user data. View the full article
The following is the list of changes as part of content update:
Changelogs
Added SaaS Release Changelogs for July 13,2025 Release Site Updates
Added new F5 Customer Edge IP Address and Domain Reference for Firewall or Proxy Settings guide. This new reference guide lists all required domains and IP addresses to allow. Non-Site firewall requirements now solely in the F5 Distributed Cloud Services IP Address and Domain Reference for Firewall or Proxy Settings guide. View the full article
There have been dramatic changes to the developer landscape since our 2024 report. AI capabilities are extending beyond coding assistants, the rubber is hitting the road on platform engineering initiatives, and there’s more pressure than ever before to deliver quality software, fast.
Delivering high-quality software fast is an excellent goal, but do developers have what they need to achieve this?
This survey represents our opportunity to hear directly from developers and their leaders on how these advancements are changing their experience.
Last year, we found that developers and their leaders weren’t aligned on what causes friction in developers’ daily work. This year, we surveyed 3,500 developers and managers across six countries to understand how the developer experience is evolving in the age of AI.
Here are some key takeaways.
AI adoption is up, and so are the hours saved
Let’s start with the good news. During our 2024 survey, the overwhelming majority of developers had yet to experience any real productivity gains using AI tools.
That has dramatically changed.
Almost all developers (99%) now report time savings by using AI tools, with 68% saving more than 10 hours a week! While numerous reports already study time savings on coding tasks, this survey focused on the holistic impact of GenAI across the entire working week.
While it’s not surprising that developers save time using AI, the amount of time being saved is a huge jump from 2024, particularly for non-coding tasks.
It’s important to remember that saving time on tasks is great, but it’s only really valuable if the time saved is put to good use. And this is where the good news continues: developers are using the saved time to focus on improving code, developing new features, and developing documentation.
But developers are still losing time across the software development lifecycle…
Last year, I somewhat controversially said AI can enhance developer experience without necessarily improving it. At the time, most companies were investing heavily in coding assistants. Developers only spend 16% of their time coding, and coding is not a friction point for developers, which is why coding assistants can enhance the experience without improving it.
The insufficient investment in resolving actual friction points for developers has come through clearly in our 2025 survey results. Developers are losing valuable time to non-coding tasks: 50% report losing 10+ hours per week, and 90% lose 6+ hours or more, largely due to organizational inefficiencies.
So we’re right back where we started, with developers saving 10 hours a week using AI and losing 10 hours a week to inefficiencies. Improving the developer experience requires a systematic approach to understanding and resolving developer friction points.
Developers report the top time-wasters as: finding information (services, docs, APIs), adapting new technology, and context switching between tools. Interestingly, tech debt fell out of the top 5 this year, but collaboration with other teams has moved up as a friction point.
You’ll notice that coding wasn’t listed in 2024 or 2025 as a source of time wasting.
AI is a fantastic way to improve developer experience if it’s used to address friction points across the SDLC.
…And the empathy gap is getting wider
All of this is somewhat explained by the growing empathy gap between developers and their leaders.
63% of developers now say leaders don’t understand their pain points, up sharply from 44% last year. This is likely caused by leaders banking time savings achieved through AI without addressing existing points of friction.
To understand friction points, you need to start by speaking with developers. This is the foundation of improving developer experience and productivity across an engineering organization. In an organization that gets this right, we expect to see a high percentage of developers confirming that their leaders understand their pain points, and developers losing fewer hours to inefficiencies.
What can teams do?
The data is clear: AI is a powerful lever, but it’s not a silver bullet.
We’ve seen evidence that AI can improve developer experience if it’s used to address developer pain points. Without this focus on resolving friction, a false economy is created with unfair expectations to deliver faster while navigating increased levels of unaddressed friction.
Step 1 is (always) to speak with your developers.
Gain a deep understanding of developer friction points and test potential solutions with them. In many cases, AI will be part of the answer; in others, it could be something simple like creating self-serve enablement materials.
But this doesn’t mean developers are off the hook.
Developers should help leaders become aware of their challenges, framing them in terms of impact. This makes it easier for leaders to prioritize the challenges to be resolved. It helps reframe the conversation from a complaint to be dismissed to a challenge with action required.
Both developers and leaders bring valuable perspectives. When communication flows both ways – regularly and with intent – teams can surface issues early, build trust, and stay aligned on what matters most.
Get the report The post Atlassian research: AI adoption is rising, but friction persists appeared first on Work Life by Atlassian.
View the full article
Annual Security Risk Assessments Tell You Everything You Need to Know to Protect Your Business
Security risk assessments are now required by all federal and state regulations that include provisions for security safeguards as well as by all major cybersecurity frameworks and accepted cybersecurity standards. If your organization is governed by any of these regulations, frameworks, or standards, you should be no stranger to security risk assessments. The question is, what don’t you know?
View the full article
FBI War on Cybercrime Update
The FBI has announced 15 arrests, indictments, seizures, and prison sentences this year in its war on cybercrime
As the investigative arm of the U.S. Department of Justice, the Federal Bureau of Investigation is charged with exploring cyberattacks and intrusions that affect organizations such as power utilities, telecommunications networks, hospitals, schools, and other infrastructure vital to our communities. The FBI leads law enforcement actions against individuals engaging in cybercrime, collaborates with international agencies to address transnational crimes, and works with U.S. Attorneys to prosecute cybercriminals.
Year-to-date, the FBI has announced 15 arrests, seizures, indictments, operational disruptions, and prison sentences for cybercriminals. The small sample below offers a sense of the scale and variety of these cybercrimes and the associated penalties.
Cryptocurrency and money laundering played a role in financing a number of these cybercrimes, and in multiple cases criminals operated online marketplaces for the purpose of selling cybercrime tools and stolen data.
 

View the full article
The following is the list of changes as part of the F5 Distributed Cloud Services documentation update:
Changelogs
Added SaaS Release Changelogs for June 05,2025 Release Mobile App Shield
Added new Mobile App Shield Service document DDoS
Updated L7 DDoS Docs. New option for custom service policy. CE Site Deployment
Updated Secure Mesh Site v2 ClickOps documents. WAAP and Platform
Added new document for automated API security testing Added new reference document for API namespace checks and corresponding endpoints reference document Network Firewall Allowlist
Updated the network firewall reference document to include Bot Defense Standard domains for allowlisting View the full article
Cyberskills Gaps and Staff Shortages are Reducing Cyber Resilience
Recent reports quantify scope of challenges affecting systems security
Fewer than 15% of organizations are confident that they have both the people and the skills necessary to meet their cybersecurity objectives, according to a 2025 report by the World Economic Forum. More than 65% of organizations report a moderate to critical cyberskills gap. The report also cites a global staffing shortage of four million cybersecurity professionals.
The 2024 ISC2 Cybersecurity Workforce Study produced similar findings, although it estimates the global staffing shortage at 4.8 million. Most respondents reported concerns that their cybersecurity teams lack sufficient numbers or the right range of skills to meet organizational objectives. Almost 60% of respondents indicate that cyberskills gaps have significantly affected their ability to secure their organizations. According to the study, even as demand rises for cyber professionals needed to adequately secure their companies, employers are cutting back on both hiring new personnel and developing their existing cybersecurity teams. These combined actions are reducing cyber resilience around the world, including in the U.S.
According to multiple reports, a lack of distinct career paths, the rising cost of professional certifications, outdated training content, stress on the job, and the threat of being replaced by AI applications are discouraging individuals from pursuing careers in cybersecurity—creating shortfalls in qualified cybersecurity personnel and cybersecurity expertise. 

View the full article
The Path to HITRUST Certification May Be a Rocky Road if You're Not Prepared
HITRUST readiness is a critical step to smooth, successful certification
An undisputed leader in cybersecurity assurance, HITRUST offers a complete and efficient approach to regulatory compliance and security risk management. Becoming HITRUST certified inspires confidence among your customers, partners, and other stakeholders. By demonstrating your all-in commitment to data security, HITRUST Certification enhances your credibility and provides a keen competitive edge. Small wonder that HITRUST Certification is considered the gold standard for healthcare cybersecurity and third-party assurance.
This blog explores important aspects of HITRUST Certification to help you determine HITRUST is right for you, and will guide you in preparing for HITRUST Certification.

View the full article
This post is based on the Atlassian TEAM ‘25 session, “From Dough to Deployment: Domino’s Recipe for Success” led by Andrew Fraser, Software Engineering Manager at Domino’s Pizza Enterprises. You can watch the recording of this session as well as other recorded sessions on-demand to learn more about how some of the world’s most successful companies improve their systems of work with Atlassian.
Domino’s before Compass
Article in DevOps Why developer experience is more important than productivity
This article was originally featured in TechCrunch on January 29, 2024. The unhealthy obsession with measuring developer productivity There’s an unhealthy obsession with companies looking for a way to measure developer productivity. The desire to measure productivity is understandable; senior leaders have been under pressure to deliver results while capitalizing on their investments in teams […]
Domino’s Pizza Enterprises Ltd (Domino’s) is the largest franchisee for the Domino’s brand – holding exclusive master franchise rights in 12 markets across Europe and Australasia, and boasting over 3,800 stores globally.
Domino’s first realized their need for an internal developer portal after they shifted their software development teams to a product delivery model in 2022. As they reorganized their org to build and ship numerous products concurrently, documentation became scattered across project spaces – resulting in team and information silos. Lacking shared components and best practices, their IT environment quickly became a state of software sprawl.
The shift in responsibilities also meant teams inherited supportive services for many components they had never worked on before. When issues arose, the proliferation of components cost developers precious time as they searched across various corners of their Confluence instance to find ownership information, delaying incident response and damaging system reliability.
Further, teams lacked critical insight into the health and performance of their systems. New projects were often interrupted by urgent issues related to tech debt, and developers lacked the ability to report the quality of their work. It was clear to Domino’s software leaders that they needed to find a way to reduce their developers’ cognitive load while simultaneously building out implementation patterns, automated pipelines, quality gates, and other improvements.
Why Domino’s chose Compass
To evaluate internal developer portal (IDP) providers, Domino’s had four requirements: 
The ability for teams to understand their product and ownership  The ability to drive quality at the team level. Improved onboarding and accessible source of truth. Quality tracking at a component and team level. Andrew found that Compass went beyond these requirements by allowing his teams to simplify onto a single platform to reduce integration challenges and tool sprawl. The familiar interface and seamless integration of Compass with Jira, Confluence, and other Atlassian experiences meant developers could get up-to-speed quickly and easily, and streamlined the collaboration with other teams who relied on the same system of information.
How Compass improves DevEx at Domino’s
Domino’s uses standardized components in Compass to drive system uniformity, which allows engineers to onboard quickly and maintain best practices with minimal disruption – even with annual team changes. Additionally, the ability to configure Jira projects to use Compass components affords the ability to track issues across payment APIs, teams, and projects. 
The Compass software catalog’s unified source of truth lets teams quickly locate component documentation and ownership information, driving faster incident response and improving system uptime and reliability.
Further, the DevEx Dashboard helps engineering managers understand team performance metrics and identify areas to improve dev productivity.
What’s next for Domino’s?
As the Domino’s brand expands its global influence, their engineering team’s ability to scale developer efficiency and system performance becomes increasingly important. Critical to these efforts is the ability to use Compass to map related software components. Compass has become a key information source that sits at the center of Jira and Confluence, allowing all teams to catalog their components in one unified source of truth. Domino’s plans to continue consolidating their system of work on Atlassian, integrating Compass with their Jira Service Management instance by mapping business services to Compass components. This will allow teams to quickly correlate support desk issues to the underlying software components, providing teams with information they need to further reduce incident response times and support system reliability as they test, build and support more products around the world.
Ready to uplevel your team’s DevEx? Try Compass today for free.
Watch the Domino’s TEAM ‘25 session replay

The post From Dough to Deployment: Domino’s Recipe for Success appeared first on Work Life by Atlassian.
View the full article
The following is the list of changes as part of content update:
Site Updates
Updated “Data Residency and Processing Reference” document to add Microsoft Azure as a sub-processor for F5 Distributed Cloud due to its use by AI Assistant and removed NGINX Ltd from F5 Affiliates list. View the full article
The following is the list of changes as part of content update:
Site Updates
Updated “Data Residency and Processing Reference” document to add Microsoft Azure as a sub-processor for F5 Distributed Cloud due to its use by AI Assistant and removed NGINX Ltd from F5 Affiliates list. View the full article
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute.
This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from. Losing it will bring us back to a world where there’s no single way to talk about vulnerabilities. It’s kind of crazy to think that the US government might damage its own security in this way—but I suppose no crazier than any of the other ways the US is working against its own interests right now.
More similar quotes in the article.
My guess is that we will somehow figure out how to transition this program to continue without the US government. It’s too important to be at risk.
EDITED TO ADD: Another good article.
View the full article
Adversarial Machine Learning is Fighting Back
Hackers and other adversaries have found hot new targets in AI and machine learning apps
Although some of us are adapting faster than others, most of us are getting used to the notion that artificial intelligence and machine learning are beginning to make our lives a bit easier, even while we recognize some of the downsides of AI. (Let’s face it, if today’s typical chatbot experience was our only contact with AI, the future would look pretty grim.)
Unhelpful, poorly trained chatbots aside, AI and machine learning bring us conveniences like traffic predictions and alternate route suggestions, converting speech to text, online shopping recommendations, language translations, image recognition and object detection functions, some decent customer service triage, and those notorious self-driving vehicles, to name just a few. Most of these, and a whole lot more, are here to stay.

View the full article
At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought:
This is the access that the Chinese threat actor Salt Typhoon used to spy on Americans:
View the full article
ClickFix Scams Target Computer Users Across Industries and Borders
Fake CAPTCHA screens, document error alerts, and phony Facebook messages infect user PCs with data-stealing malware
A clever new cyberscam is wreaking havoc among businesses, hospitality venues, healthcare providers, and other organizations. The scam uses the psychology of social engineering to exploit our human desire to fix little computer problems ourselves, rather than calling IT or opening a ticket. Instead, a pop-up screen on your computer offers simple instructions to fix the document, reload the webpage, or simply prove you are not a robot. Sounds easy enough for the typical computer user, right?
In truth, the easy part is falling for the scam. And no computer user is safe.

View the full article
Why Healthcare Providers Must Comply with PCI DSS
When patients use credit cards to pay for health services, providers must meet the requirements of the payment card industry’s new Data Security Standard
As a healthcare provider, you are governed by the Payment Card Industry’s Data Security Standard (PCI DSS) if you process, transmit, or store cardholder data. In the same way that your compliance with HIPAA is required to protect your patients’ health information, compliance with PCI DSS is required to protect your patients’ payment information. This is true:
When you accept a co-pay by credit card When a patient hands you a debit card to cover their office visit When you accept a prepaid card in payment for a medical supply, such as a brace the patient needs, or for a service When a patient provides their credit card information online to pay their medical bill. There are numerous other payment card acceptance scenarios that require your compliance with the PCI Data Security Standard.  You have a responsibility to know and understand them, just as you are required to understand and comply with HIPAA.

View the full article
The Changing Cybersecurity Landscape in 2025
Navigating compliance with the new PCI DSS, CMMC, and HIPAA Security Rule
Looming compliance deadlines, relentless cyberthreats, and a shifting regulatory landscape have combined to make 2025 a challenging year for cybersecurity.
While the effects of an evolving regulatory climate are yet to be determined, here’s what we know about impending security updates from the payment card industry (PCI DSS 4.0.1), the Department of Defense (CMMC 2.0), and the HHS Office for Civil Rights (HIPAA Security Rule).
CMMC 2.0 and the new HIPAA Security Rule represent updates to previous versions of these federal security regulations; PCI DSS 4.0.1 is an update to the industry’s previous security standard. All three of these security updates have key implementation milestones in 2025. PCI DSS 4.0.1 addresses formatting and typographical errors discovered in v4.0 and provides additional implementation guidance for users, with minimal changes to the existing security requirements of v4.0. CMMC 2.0 significantly streamlines security requirements to three levels of cybersecurity, aligns the requirements at each level with well-known NIST cybersecurity standards, and relieves the smallest contractors of unnecessary compliance burdens. The new HIPAA Security Rule aims to further strengthen cybersecurity safeguards for electronic protected health information, or ePHI, in the most substantial healthcare security update in more than a decade.
View the full article
How Human Vulnerabilities Affect Your Security
Actively managing your human security risk is essential to effective cybersecurity
Human vulnerabilities, leading to human failures, were responsible for more than two thirds of data breaches (68%) in 2024. The failures were not malicious or deliberate. Instead, they resulted from employees falling victim to phishing schemes and other social engineering attacks, and making human errors that affected company security. These two top examples of human security risk were spotlighted in Verizon’s 2024 Data Breach Investigations Report.
Cybersecurity tools and technologies have evolved to their most effective levels ever. So it’s no surprise that cybercriminals have turned increasingly to the weakest link in the security chain by exploiting our human vulnerabilities. Fortunately, that link is gradually being strengthened thanks to more effective management of human security risk, including regular cybersecurity training.

View the full article
How does OpenAI compare versus a penguin in the role of a legal secretary? Let’s see…
import openai import os from dotenv import load_dotenv, find_dotenv _ = load_dotenv(find_dotenv()) # read local .env file openai.api_key = os.getenv('OPENAI_API_KEY') def get_completion(prompt, model="gpt-3.5-turbo", temperature=0): messages = [{"role": "user", "content": prompt}] response = openai.ChatCompletion.create( model=model, messages=messages, temperature=temperature, ) return response.choices[0].message["content"] prompt = f""" Translate the following letter from a legal firm to a delinquent client, Fred 'The Cincinnati Strangler' Johnson, from hostile slang to a friendly business letter: 'Attention criminal pervert: Where the hell is my dough, you twisted goon? Don't forget who got you sprung on that technicality. I want the money. Now. P.S. Have you strangled your wife yet, psycho-brain?' """ response = get_completion(prompt) print(response) I still have to give it to Opus by a flipper, mainly for the P.S., but OpenAI got into the right general headspace! And it’s too hot here in Texas for me to keep a penguin around to translate what I want to say into more acceptable terms, and I sure get tired of doing it.
I miss my old Eudora email client that would put little hot peppers next to my email if it thought it was too spicy…
View the full article
A recent project delay at work put me in mind of this recurring issue I’ve seen with a lot of agile teams. That is, reluctance to call something a blocker. Karthik and I are working on a new revision of our LinkedIn Learning courser “DevOps Foundations: Lean and Agile” so I decided to dig into this a bit.
I think many engineers believe a blocker is “something that prevents me from doing any work whatsoever on this entire project.” This in my experience leads to a lot of project delays and unaddressed issues because something was not identified and communicated widely enough to be swiftly resolved.
This is unfortunately encouraged by some Agile wonks who start hairsplitting with terms. “Well, there’s a blocker and then there’s an impediment,” they say. As I google this, it turns out you can differentiate between “delays, impediments, blockers, and roadblocks. Oh, and dependencies.” And boards, reports, etc. have to do/in progress/done and blockers, not 10 other categories.
Here’s the deal. Most teams out there are not formally trained on PM or agile and have essentially figured out what they know via osmosis. And there’s one term they even vaguely understand, which is “blocker”. (I have never seen a team distinguish formally between blockers and impediments in decades of doing this.).
While I love wordplay as much as the next person, I don’t think this attempt to categorize bad things on the infinite spectrum of bad things is practical, and best belongs as an organic explanation of the impact. Does it prevent you from proceeding on that piece of work? On any work? You can proceed on it but it can’t become done until the thing is resolved? Or it doesn’t technically stop work but it does put the project a week behind? Sure, say it. It’s important to know the impact but it does not change the nature of the existence of an issue and the need to swarm on or escalate it.
The practical definition of a blocker from a team member level is “anything not entirely in my control that is stopping or delaying work now or in the very near future.”
The practical definition of a blocker from a management point of view is “anything that is getting in the way of the team that I need to know about or do something about.”
We have to go back to the entire reason to have a term like “blocker”, which is to allow the team, or failing that their management escalation, to resolve issues that prevent the continued timely flow of work. Period, end of story, if process definition hairsplitting isn’t serving that core goal then do what does.
Definition people love to say something’s not “technically a blocker – yet.” “Well not having a cloud accout to use as the required test fixture isn’t technically a blocker because I won’t need it for another two days, even though there’s been no obvious headway on the request we made to IT for it.” Can anyone seriously contend that’s not a blocker? It’s a problem that is clearly visible on the road ahead, you don’t have to run into it first like my cheap Roomba does in order to escalate it, and doing so is antithetical to the overall agile goal of ensuring smooth and continuous flow. I don’t tolerate “technically true” when it becomes “wilfully dumb.”
Underlying this seems to be some unstated assumption that blockers are “bad” and you are bad for having one or reporting one. And I get it, there’s plenty of bad scrum masters/managers/etc. out there that operate unthinkingly on some Neanderthal level and react as “person say thing I don’t like, person is bad.” (Or the modern tech bro Neanderthal who has some variation of this like “well I need to discourage people from reporting blockers to make them use their masculine energy to pull themselves up by their bootstraps blah blah.”) Sure, toxic people can drive any process off track, that shouldn’t be the default however.
I believe in a healthy Agile environment team members should be encouraged to bring up anything threatening to slow or stop work. It can be a small thing, but it creates an opening for help from the team. Even “I haven’t used this tool before and it’s taking a little longer and I am not sure I’ll get this task done by sprint end” – that’s an opportunity for someone to hop on for a half hour to pair with you or train you.
If you’re off schedule there’s some blocker around, whether it can be handled in the team or needs escalation. You don’t have to escalate everything, though even if the team handled it, schedule or other impacts need to be communicated. For escalations, make it clear it’s an escalation and who to, don’t just assume everyone who gets a status report will seize on all the blocker lines as to dos. “Blocker: No headway on Azure text fixture, it’s needed to complete our work this sprint and will delay us if it’s not in place in 2 days – @ernest we need your help with this one” is perfect.
As someone providing oversight for a lot of sprint teams working on consulting engagements often with client-prescribed milestone deliverables, I keep getting into situations where a sprint full of reporting “no blockers” suddenly turns into “well but of course we won’t have any of the deliverables at sprint end tomorrow.” That makes everyone unhappy, especially me if it’s something I could have urged the client or an external team to provide for the team more promptly. Give people the opportunity to intervene to keep you on track!
I’m going to start adding “definition of blocker” right after “definition of done” in kickoff discussions because of how chronic this issue is – I venture to say I’ve seen it everywhere, it’s just more tolerated in environments where schedules aren’t taken too seriously.
Let me know how you handle this issue, if you encourage a wide definition of blocker, and your experiences on this!
View the full article
This came up today at work and I realized that over my now-decades of cloud engineering, I have developed a very specific way of using tags that sets both infra dev teams and SRE teams up for success, and I wanted to share it.
Who cares about tags? I do. They are the only persistent source of information you can trust (as much as you can trust anything in this fallen world) to communicate information about an infrastructure asset beyond what the cloud or virtualization fabric it’s running in knows. You may have a terraform state, you may have a database or etcd or something that knows what things are – but those systems can go down or get corrupted. Tags are the one thing that if someone can see the infrastructure – via console or CLI or API or integrated tool – that they can always see. Server names are notoriously unreliable – ideally in a modern infrastructure you don’t reuse servers from one task to another or put multiple workloads on one, but that’s a historical practice that pops up all to often, and server names have character limits (even if they don’t, the management systems around them usually enforce one).
Many powerful tools like Datadog work by exclusively relying on tags. It simplifies operation and prevents errors if, when you add a new production app server, that automatically gets pulled into the right monitoring dashboards and alerting schemes because it is tagged right.
I’ve run very large complex cloud environments using this scheme as the primary means to drive operations.
Top level tag rules:
Tag everything. Tagging’s not just for servers. Every cloud element that can take a tag, tag. Network, disk images, snapshots, lambdas, cloud services, weird little cloud widgets (“S3 VPC endpoint!”). Use uniform tags. It’s best to specify “all lower case, no spaces” and so on. If people decide to word a tag slightly differently in two places, the value is lost. Both the key and the value, but especially the key – teach people that if you say “owner” that means “owner” not “Owner” and “owning party” and whatever else. Don’t overtag with attributes you can easily see. Instance size, what AZ it’s in, and so on is already part of the cloud metadata so it’s inefficient to add tags for it. Use standard tags. This is what I’ll cover in the rest of this article. At the risk of oversimplifying, you need two things out of your systems environment – compliance and management. And tags are a great way to get it.
Compliance
Attribution! Cost! Security! You need to know where infrastructure came from, who owns it, who’s paying for it, and if it’s even supposed to be there in the first place.
Who owns it?
Tag all cloud assets with an owner (email address) basically whatever is required to uniquely identify who owns an asset. Should be a team email for persistent assets, if it’s a personal email then the assumption should be if that person leaves the company those assets get deleted (good for sandboxes etc). 
The amount of highly paid engineer time I’ve seen wasted over the last decade of people having to go out and do cattle calls of “Hey who owns these… we need to turn some off for cost or patch them for security or explain them for compliance… No really, who owns these…” is shocking.
owner:[email protected]
Who’s paying for it
This varies but it’s important. “Owner” might not be sufficient in an environment – often some kind of cost allocation code is required based on how your company does finances. Is it a centralized expense or does it get allocated to a client? Is it a production or development expense, those are often handled differently from a finance perspective. At scale you may need a several-parter – in my current consulting job there’s a contract number but also a specific cost code inside that contract number that we need all expenses divvied up between.
billing:CUCT30001
Where did it come from
Traceability both “up” and “down” the chain. When you go look at a random cloud instance, even if you know who it belongs to you can’t tell how it got there. Was it created by Terraform? If so where’s the state file? Was it created via some other automation system you have? Github? Rundeck? Custom python app #25?
Some tools like Cloudformation do this automatically. Otherwise, consider adding a source tag or set of tags with sufficient information to trace the live system back to the automation. Developers love tagging git commits and branches with versions and JIRA tickets and release dates and such, same concept applies here. Different things make sense depending on your tech stack – if you GitOps everything then the source might be a specific build, or you want to say which s3 bucket your tfstate is in… Here as an example, I’m working with a system that is terraform instantiated from a gitops pipeline so I’ve made a source tag that says github and then the repo name and then the action name. And for the tfstate I have it saved in an s3 bucket named “mystatebucket.”
source:github/myapp/deploy-action
sourcestate:s3/mystatebucket
When does it go
OK, I know the last two sound like the lyrics to “Cotton-Eyed Joe”, which is a bonus. But a major source of cost creep is infrastructure that was intended to be there for a short time – a demo, a dev cycle – that ends up just living forever. And sure, you can just send nag-o-grams to the owner list, but it’s better to tag systems with an expires tag in date format (ideally YYYY-MM-DD-HH-MM as God intended). “expires:never” is acceptable for production infrastructure, though I’ve even used it on autoscaling prod infrastructure to make sure systems get turned over and don’t live too long.
expires:2025-02-01-00-00-00
or
expires:never
Management
Operations! Incidents! Cost and security again! Keep the entire operational cycle, including “during bad production incidents”, in mind when designing tags. People tear down stacks/clusters, or go into the console and “kill servers”, and accidentally leave other infrastructure – you need to be able to identify and clean up orphaned assets. Hackers get your AWS key and spin up a huge volume of bitcoin miners. Identifying and actioning on infrastructure accurately and efficiently is the goal.
As in any healthy system, the “compliance” tags above aren’t just useful to the beancounters, they’re helpful to you as a cloud engineer or SRE. But beyond that, you want a taxonomy of your systems to use to manage them by grouping operations, monitoring, and so on.
This scheme may differ based on your system’s needs, but I’ve found a general formula that fits in most cases I come across. Again, it assumes virtual systems where servers have one purpose – that’s modern best practice. “Sharing is the devil.”
EARFI
I like to pronounce this “errr-feee.” It’s a hierarchy to group your systems.
environment – What environment does this represent to you, e.g. dev, test, production, as this is usually the primary element of concern to an operator. “environment:uat” vs “environment:prod”. application – What application or system is this hosting? The online banking app? The reporting system? The security monitoring server? The mobile game backend? GenAI training? “application:banking”. role – What function does this specific server perform? Webserver dbserver, appserver, kafka – systems in an identical role should have identical loadouts. “role:apiserver” vs “role:dbserver”. Keep in mind this is a hierarchy and you won’t have guaranteed uniqueness across it – for example, “application:banking,role:dbserver” may be quite different from “application:mobilegame,role:dbserver” so you would usually never refer to just “role:dbserver.” flavor – Optional, but useful in case you need to differentiate something special in your org that is a primary lever of operation (Windows vs Linux?  CPU vs GPU nodes in the same k8s cluster? v2 vs v2?). I usually find there’s only one of these (besides of course region and things you shouldn’t tag because they are in other metadata). For our apiserver example, consider that maybe we have the same code running on all our api servers but via load balancer we send REST queries to one set and SOAP queries to another set for caching and performance reasons. “flavor:rest” vs “flavor:soap”. instance – A unique identifier among identical boxes in a specific EARF set, most commonly just an integer. “instance:2”. You could use a GUID if you really need it but that’s a pain to type for an operator. This then allows you to target specific groups of your infrastructure, down to a single element or up to entire products.  
“Run this week’s security patches on all the environment:uat, application:banking, role:apiserver, flavor:rest servers.” Once you verify, you can do the same on environment:prod.” “The second of the three servers in that autoscaling group is locked up. Terminate environment:uat, application:banking, role:apiserver, flavor:rest, instance:2“ “We seem to be having memory problems on the apiservers. Is it one or all of the boxes? Check the average of environment:prod, application:banking, role:apiserver, flavor:rest and then also show it broken down by instance tag. It’s high on just some of the servers but not all? Try flavor:rest vs flavor:soap to see if it’s dependent on that functionality. Is it load do you think? Compare to the aggregate of environment:uat to see if it’s the same in an idle system.” “Set up an alert for any environment:prod server that goes down. And one for any environment:prod, application:banking, role:apiserver that throws 500 errors.” “Security demands we check all our DB servers for a new vulnerability. Try sending this curl payload to all role:dbservers, doesn’t matter what application. They say it won’t hurt anything but do it to environment:uat before environment:prod for safety.” So now a random new operator gets an alert about a system outage and logs into the AWS console and sees not just “i-123456 started 2 days ago,” they see
owner:[email protected]
billing:CUCT30001
source:github/myapp/deploy-action
sourcestate:s3/mystatebucket
expires:never
environment:prod
application:mobilegame
role:dbserver
flavor:read-only
instance:2

That operator now has a huge amount of information to contextualize their work, that at best they’d have to go look up in docs or systems and at worst they’d have to just start serially spamming. They know who owns it, what generates it, what it does and has hints at how important it is. (prod – probably important. A duplicate read secondary – could be worse.) And then runbooks can be very crisp about what to do in what situation by also using the tags. “If the server is environment:prod then you must initiate an incident <here>… If the server is a role:dbserver and a role:read-only it is OK to terminate it and bring up a new one but then you have to go run runbook <X> and run job <y> to set it up as a read secondary…”
Feel free and let me know how you use tags and what you can’t live without!
View the full article
Basic Commands
Identify Version
tcpdump --version The general syntax for the tcpdump command is as follows:
tcpdump [options] [expression] The command options allow you to control the behavior of the command. The filter expression defines which packets will be captured.  
Use the -D option to print a list of all available network interfaces that tcpdump can collect packets from:
sudo tcpdump -D For each interface, the command prints the interface name, a short description, and an associated index (number)
To specify the interface on which you want to capture traffic, invoke the command with the -i option followed by the interface name or the associated index. For example, to capture all packets from all interfaces, you would specify the any interface:
sudo tcpdump -i any  
By default, tcpdump performs reverse DNS resolution on IP addresses and translates port numbers into names. Use the -n option to disable the translation:
sudo tcpdump -n  
Instead of displaying the output on the screen, you can redirect it to a file.  Two options and its important you use the correct one depending on how you plan on reading the output.
OPTION 1: text file
This is great if you just want what would be displayed on the screen to be captured in a text file.  NOTE: this will more then likely not be readable by any of the software packages designed to analyze captures like the very popular Wireshark
sudo tcpdump -n -i any > file.out You can also watch the data while saving to a file using the tee command:
sudo tcpdump -n -l | tee file.out The -l option in the command above tells tcpdump to make the output line buffered. When this option is not used, the output will not be written on the screen when a new line is generated.
OPTION 2: binary file
This is the way you want to go if you plan on sending to someone or even yourself to analyze the capture in a tool such as Wireshark.
sudo tcpdump -w <filename> Example
sudo tcpdump -n -i any -w file.pcap or a more intense version of the command
tcpdump -s0 -nnnvi 0.0:nnnp -vw /var/tmp/appname_$(date +%d_%b_%H_%M_%S)_$HOSTNAME.pcap host 10.47.78.103  
Capture Filters
 
WORKING DOCUMENT...  sorry for how incomplete it is

scp

SCP Linux Command – How to SSH File Transfer from Remote to Local
SCP Syntax
scp [OPTIONS] [[user@]src_host:]file1 [[user@]dest_host:]file2 scp - It initializes the command and ensures a secure shell is in place. OPTIONS - They grant different permissions depending on how they have been used. Some of the most common options include: P(Caps) - specifies the port to establish connection with the remote host. p(lowercase) - preserves the times-tamp for ease of modification and access. r - copies the entire directory recursively q - copies files quietly, doesn't display the progress messages. Also known as quiet mode. C - for compression of data during transmission. To understand more about OPTIONS read scp options src_host - where the file is hosted. The source can either be a client or server depending on the origin of the file. dest_host - where the file will be copied to. Examples
Copy File from Local Host to Remote Host
scp test.txt user@destination:/location Copy all files ending in php to Remote Host
scp *.php user@destination:/~/ *.php - copies all the files with the .php extension in the currently specified folder. /~/ - means copy them to the home directory. Copy a file with one name but save it on remote host with a different filename
scp -P 8080 test.txt user@destination:/user/home/test2.txt  
Copy Files from Remote Host to Local Host
scp <remote_username>@<IPorHost>:<PathToFile> <LocalFileLocation> Copy File test2.txt from Remote Host to Local Host
scp user@remotehost:test2.txt . Copy Files from Remote Host to another Remote Host
scp [email protected]:/files/test.txt [email protected]:/files Copy Multiple Files
scp file1 file2 ... user@<ip_address_of_user>: Destination So SCP is a very powerful tool when needing to move files around between systems over the network
curl is a command-line tool to transfer data to or from a server, using any of the supported protocols (HTTP, FTP, IMAP, POP3, SCP, SFTP, SMTP, TFTP, TELNET, LDAP, or FILE). curl is powered by Libcurl. This tool is preferred for automation since it is designed to work without user interaction. curl can transfer multiple files at once. 
Syntax:  
curl [options] [URL...] URL: The most basic use of curl is typing the command followed by the URL.  
curl https://www.hosangit.com This should display the content of the URL on the terminal. The URL syntax is protocol dependent and multiple URLs can be written as sets like: 
curl http://site.{one, two, three}.com URLs with numeric sequence series can be written as: 
curl ftp://ftp.example.com/file[1-20].jpeg Progress Meter: curl displays a progress meter during use to indicate the transfer rate, amount of data transferred, time left, etc. 
curl -# -O ftp://ftp.example.com/file.zip curl --silent ftp://ftp.example.com/file.zip If you like a progress bar instead of a meter, you can use the -# option as in the example above, or –silent if you want to disable it completely. 
 
Options: 
-o: saves the downloaded file on the local machine with the name provided in the parameters. 
Syntax:
curl -o [file_name] [URL...] Example:
curl -o hello.zip ftp://speedtest.tele2.net/1MB.zip  
 
So for a year or two I have been looking for a Point of Sale system that accomodates all my needs which isn't alot but most POS's are focused on the restaurant business or retail and thats pretty much it.  We end up having to try and make one or the other work for events. I'll start off with the requirements then work give a review of each POS I've tried so far.
Requirements
Let's first start with my least liked POS but it didn't start that way...

Mobi POS
At the beginning this was a great little POS with some custom options but its really focused around a restaurant which I'm not but made it work.  A few years back they introduced the cloud version which I loved the idea of..  build everything in the cloud and push your changes down to your Terminals.  MOBI is not good at this at all.  Originally (and they still have) a peer network where you have one iPad acting as the server and another iPad can be a terminal but that extra terminal is very limited on what it can do.
Pricing was okay but still pricey for what you get.  I found for the same price you can get into a nicer POS but MOBI was very easy to get up and going quickly if you have on one register.  They do offer a 14 day risk free trial at the time of this writing so give them a look, maybe they'll work for what you need.  Unfortunately MOBI isn't strong enough with features to do what we need a POS to do so they are now no longer a part of our infrastructure.
 

AirPOS
This POS felt like a step up from MOBI but more so in the cloud aspect.  Getting multiple terminals up is easy as well as configuring your products but it felt still like the feature set was lacking.  For example there is no discount or coupon area to add pre-populated information or an ability to run reports on discounts. 
When you log in via an assigned PIN there was a huge lag between each press of the number to where you would continue to enter the wrong number because the lag is so bad.
Pricing I never got into but they are currently very generous with there trial period of 30days which I was blown away with.  Thank You!  Support wasn't horrible but needs improvement but that could be because airpos is headquartered in Northern Ireland.  I'm sure the time difference has something to do with it.
Again, like MOBI if you have a simple setup then airpos may be fine for your needs but when you run into complicated environments like ours then it just won't do.
 

talech
My next attempt was talech which was found off a google search for a Point of Sale system that would work on an iPad.  I have much frustration with talech for mainly they have  promise but I should of known I was in trouble right from the start.  Salesman did a nice demo of the system and showed what I could do.  My staff and I brought up questions to the salesman which was answered no problem, talech can do that.  SOLD!  Paid for the product but it took a days to get the login information and to process the purchase.  Once I received the information I learned that you don't get all the features as demonstrated without purchasing the upgraded premium package.  Also an odd thing but you cant apply discount coupon to one item.  It says you can but if you have 5 of the same product and you only want to discount 2 of them you can't, the system applies the discount to all 5 of the same item.  Weird.  Also trying to edit items on the backend in the browser the system would just spin.  Also I can not run the reports on discount/coupons used.  It took awhile but I learned that talech, yet more feature reach than the other two, wasn't going to be our Point of Sale system.
 

iConnect
With the 7 day free trial of iConnect POS I thought I may of found a winner.  It is very feature rich and pretty easy to use.  In fact it had the most features of any POS I tested.  Also impressed with the support for iOS, Android and Web based.  So it sounds great right?  Nope, just a dress on a pig.
You will get different features based on what operating system you use so since you have three possible ways to connect to iConnect you also get three different environments.  For example the Android and Web interface supports drop down discounts but the iPad does not.  The iPad will support USB Printer where the Android Tablets do not... just to name a few differences.
Something I definitely did not like is if you apply a discount to an item it spreads the discount all over every items (like a percentage off).  It looks ugly and not sure who would want that.
Finally a feature that I feel is a serious bug.  If you process a refund on a sale it doesn't mark it in the system that you refunded an item off that ticket so that customer can go back as many times as they want and get a refund on the same ticket.  That was the final straw that broke the iConnect POS back.  I can easily see this happening in our environment.
I did love the ability to place an order on HOLD and pull it back up.  I could see the ladies in the office doing sales during the week enter all these sales in a HOLD pattern and finalize it on the weekend when they customer comes to the gate.
 

ShopKeep
Thank goodness for shopkeep.  I have tried all these and lost alot of money in the process.  The staff is very friendly and helpful.  After introduction from Nick which handed me off to a specialist named Tim which showed me what I needed to see.  I was up and running in less than an hour.
Now no one is perfect and I didn't see the ability to get a free trial of the system to play around.  I had to pay $138 for two terminals/month which is the most expensive of all that I tried but it works.  iConnect does have more features than shopkeep but Shopkeep just does what I need it to do.  Sometimes more isn't always better.  Unlike Revel we can shut down the terminals when not in use and I don't get billed the $69 for each terminal a month but if you want access to your reports still and keep all your products entered then you may a small price of $10/month.  When your season starts back up you pay the $69/terminal and it downloads what you need.
For me its a no brainer and I'm still on my first day with the product but what I learned from using all the other POS systems, this product is really great.
A browser connecting to the secure server will use the SSL protocol to connect and verify the server’s certificate. However, customers can also use Mutual Authentication to have both the client and server use signed certificates to authenticate each other. With Mutual Authentication, both client and server will provide signed certificates for verification.
How Mutual Authentication Works
Client sends ClientHello message proposing SSL options.
Server responds with ServerHello message selecting the SSL options. Server sends Certificate message, which contains the server's certificate. Server requests client's certificate in CertificateRequest message, so that the connection can be mutually authenticated. Server concludes its part of the negotiation with ServerHelloDone message. Client responds with Certificate message, which contains the client's certificate. Client sends session key information (encrypted with server's public key) in ClientKeyExchangemessage. Client sends a CertificateVerify message to let the server know it owns the sent certificate. Client sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send. Client sends Finished message to let the server check the newly activated options. Server sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send. Server sends Finished message to let the client check the newly activated options. How the Client and Server Accomplish Each of the Checks for Client Authentication
Digital Signature:  The client sends a "Certificate Verify" message that contains a digitally signed copy of the previous handshake message.  This message is signed using the client certificate's private key.  The server can validate the message digest of the digital signature by using the client's public key (which is found in the client certificate).  Once the digital signature is validated, the server knows that the public key belonging to the client matches the private key used to create the signature.
Certificate Chain:  The server maintains a list of trusted Client Authorities (CAs), and this list determines which certificates the server will accept.  The server will use the public key from the CA certificate (which it has in its list of trusted CAs) to validate the CA's digital signature on the certificate being presented.  If the message digest has changed or if the public key does not correspond to the CA's private key used to sign the certificate, the verification fails and the handshake terminates.
Expiration Date and Validity Period:  The server compares the current date to the validity period listed in the certificate.  If the expiration date has not passed and the current date is within the period, then this check succeeds.  If it is not, then the verification fails and the handshake terminates.
Certificate Revocation Status:  The server compares the client certificate to the list of revoked certificates on the system.  If the client certificate is on the list, the verification fails and the handshake terminates.
Additional Information
Verify the Client Certificate with auth-root
Run the following command to verify the client certificate:
openssl verify -purpose sslclient -CAfile auth-root.crt testcert.crt
Test Connection with Client Cert
Run the following command to test the connection with the client:
openssl s_client -servername example.com -connect example.com:443 -key client-cert.key -cert client-cert.crt
 
Below is an example of two-way SSL authentication on the BIG-IP system and how to configure mutual or two-way (mutual) authentication using a Client SSL profile to protect application traffic.
One-way authentication
Using one-way authentication, clients perform SSL handshakes when initiating a new connection with SSL protected applications.
During the SSL handshake, the protected application sends its public SSL certificate to the remote client for validation (referencing the photo on the right the remote client is shown as Server).
The remote client (Server) validates the application's public SSL certificate by searching for the signing Certificate Authority (CA) certificate in its trusted CA store.
If the remote client (Sever) is unable to validate or find the signing CA for the public SSL certificate, it should not complete the SSL handshake and abandon the new connection attempt.
 
Two-way authentication
Two-way authentication is a less popular method for protecting application traffic as it requires an additional layer of security. When using two-way authentication, clients perform a slightly modified SSL handshake when initiating a new connection with SSL-protected applications. During the modified SSL handshake, the protected application sends its public SSL certificate to the remote client for validation and requests that the remote client sends its Client SSL certificate for validation as well. Both the remote client and protected application validate the SSL certificates they receive by searching for the signing CA certificates in their respective trusted CA stores. If the remote client or the protected application is unable to validate the received SSL certificate, they should not complete the SSL handshake and abandon the new connection attempt.
 
REFERENCE:
K12140946 K15137
Many companies regardless if its I.T. related, medical or anything really, businesses have discovered they can save a ton of money but utilizing resources over sea's where the cost of living is much cheaper which in turn means talent is also less expensive.
Obviously some downfalls come with using overseas
no face to face via in office conversations no participation in out of office gatherings biggest issue many times is language barrier as recorded below  
Some of us dabble a bit in Wordpress but we had to start somewhere which means we got help from somewhere.  This blog entry is in hopes to give some material to help a newbie in the world of Wordpress.
There are a few different great tools to use to build/customize your site and one of them I like to use is called Elementor.  Here is a great starter guide/video that is a bit older but he does a great job at walking you through building a wordpress site.
 
This video focuses mainly on how to use Elementor to customize the site for you
 
This video is more about creating everything for an eCommerce site using Woo Commerce (the free plugin) installed on the free Wordpress.com
 
And you can Google search Elementor Wordpress Theme and come across lots and lots of video tutorials.  No other Web platform has as many tutorials available.
 
Going to add that you should leverage helpful free tools to evaluate your site to make it more SEO compliant so you show on searches.
You should make sure you have meta content on everything, especially your photos.
Make sure your website is using Google Developer Tools (formerly known as webmaster)
Also check out this tool that goes through and check out your site for issue/errors.
Meta Data Google Developer Tools WAVE
Being a mac user and sometimes linux user (never Windows), I miss Visio since that's how I created my diagrams.  I tried many different software replacements to just be let down.  I stumbled on lucid.app which my initial reaction was, no way a web based anything could come close to Visio but man was I wrong.
Yes you can import stencils
Yes you can import Visio diagrams, OmniGraffle, Gliffy, Draw.io

Yes you can export Visio

Is it free?  No but its very affordable or I wouldn't be using it.  I haven't done the compare in cost but I'm fairly confident it's less expensive than the subscription to Visio and no obligation.  As you can see I use the Individual plan which runs $95/year but includes more than enough to be a competitor with Visio and other similar tools.
My MacBook Pro got updated to MacOS Monterey (12.2.1) and since then, I can't use git at all.  When I run git I get this
USDETMNBSJEMD6R:~ iSupport$ git xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun So in reading about others having this issue they just run 
USDETMNBSJEMD6R:~ iSupport$ xcode-select --install xcode-select: note: install requested for command line developer tools This popped open a window showing the install (which isn't a fast install at all)

Eventually it will give you a pop up like the one shown below that states the software is installed.

For my own sanity I just check version to see if the command git will work now and it does
USDETMNBSJEMD6R:~ iSupport$ git --version git version 2.30.1 (Apple Git-130)
Many of us have to supply a report showing our devices are compliant based on auditors requirements.  What tool out there does compliancy checks?  A great free opensource compliancy tool is called netshot.
The open source compliance network software. Freely available : www.netfishers.onl/netshot
I'm use to using all these different software packages available to other CMS sites like Wordpress, Joomla, Drupal, etc.. that would perform routine backups of your site and make it very easy to restore.  In fact cPanel has backup and restore built in for Wordpress sites but that's where it stops.  Apparently we are all suppose to use the very slow Wordpress solution.  NOT!
Briefly here is how you can create the routine to backup your website regardless
1st concentrate on the Database backups since many times you could reinstall the software but much of the content you can find in the database.
BACKUP DATABASE in cPANEL with CRON JOB
OPTION 1
cpanel
cronjobs
/usr/bin/mysqldump -u dbusername -p 'dbpassword' dbname > /path/backup.sql
OPTION 2
file manager
+ file
.my.cnf
edit .my.cnf
[client]
user = dbusername
password = "dbpassword"
host = localhost
SAVE CHANGES
cronjobs
mysqldump dbname > /path/backup.sql >/dev/null 2>&1
Now let's concentrate how to backup the files for your website since many of us have files/attachments and we want them to retur
Definitions
CVSS: Common Vulnerability Scoring System.  The CVSS framework is maintained by the Forum of Incident Response and Security Teams (FIRST), a nonprofit organization consisting of more than 500 members.
CVSS scores are calculated using a formula consisting of vulnerability-based metrics. A CVSS score is derived from scores in these three groups: Base, Temporal and Environmental. Scores range from zero to 10, with zero representing the least severe and 10 representing the most severe.
CVE: Common Vulnerabilities and Exposures. CVE divides threats into two categories: vulnerabilities and exposures. The catalog, which is sponsored by Department of Homeland Security's (DHS), is designed to standardize the way each known vulnerability or exposure is identified.
CVE system is a vulnerability classification scheme, which assigns each vulnerability a unique identifier, as listed in the National Institute of Standards and Technology (NIST) National Vulnerability Database. CVE identifiers are formatted as follows:
CVE-[Four-Digit Year]-[Sequential Identifier]
"1984" is an American television commercial which introduced the Apple Macintosh personal computer for the first time. It was conceived by Steve Hayden, Brent Thomas and Lee Clow at Chiat/Day, Venice, produced by New York production company Fairbanks Films, and directed by Ridley Scott. Anya Major performed as the unnamed heroine and David Graham as Big Brother. Its only U.S. daytime televised broadcast was on January 22, 1984 during and as part of the telecast of the third quarter of Super Bowl XVIII. Chiat/Day also ran the ad one other time on television, in December 1983 right before the 1:00 am sign-off on KMVT in Twin Falls, Idaho, so that the advertisement could be submitted to award ceremonies for that year.
In addition, starting on January 17, 1984 it was screened prior to previews in movie theaters for a few weeks. It has since been seen on television commercial compilation specials, as well as in "Retro-mercials" on TV Land. The estate of George Orwell and the television rightsholder to the novel 1984 considered the commercial to be a flagrant copyright infringement, and sent a cease-and-desist letter to Apple and Chiat/Day in April 1984. The commercial was never televised as a commercial after that.
Back in January 1984, Apple was on the cusp of debuting its successor to both the Apple II and the Lisa - called the Macintosh. But it was a commercial during the Super Bowl that already convinced a bunch of its users to buy one, before it had even been shown in public.
As a break began during the third quarter of Super Bowl XVIII, a George Orwell-inspired ad showed a lady running through a futuristic citadel, all directed by Ridley Scott of Alien and Gladiator. She throws a sledgehammer at a screen, to the shock of its citizens, telling viewers to prepare for the Macintosh.
It was a huge success, and it's due to its ongoing regenerations that you can go to an Apple Store today and look to buy an iMac, a MacBook Pro, a Mac mini and more - they all originated from that day in January 1984.
However, you could argue that the messaging that the commercial gave, brings more relevance now than ever before, due to where Apple is going with the Mac for Apple Silicon chips and rumored plans to take more control over what's inside the iPhone in the coming years.
 
Persistence—otherwise known as stickiness—is a technique implemented by ADCs to ensure requests from a single user are always distributed to the server on which they started.
Sticky session, or session persistence occurs when the load balancer creates a connection between a network and a user for a direction of the session.
Requests for sessions from a client in a sticky session means all requests go to the same machine that received the first request.
Sticky sessions ensure that the connection between the client and the network during a session is not lost as a result of requests being routed to different servers.
However, sticky sessions can cause uneven load distributions across servers.
Load Balancer
If user sessions depend on the client always connecting to the same backend, you can send a cookie to the client to enable sticky sessions.
Sticky sessions are only visible at the load balancer layer; the cookies used for sticky sessions are both set and stripped at the load balancer. Because those cookies are not present in the request sent to the backend Droplets, backend applications cannot use them.
Sticky sessions send subsequent requests from the same client to the same Droplet by setting a cookie with a configurable name and TTL (Time-To-Live) duration. The TTL parameter defines the duration the cookie remains valid in the client’s browser. This option is useful for application sessions that rely on connecting to the same Droplet for each request.
Note that sticky sessions do not work with SSL passthrough (port 443 to 443). However, they do work with SSL termination (port 443 to 80) and HTTP requests (port 80 to 80).
This is actually a pretty difficult subject since there are so many different programming languages out there.  I will be covering what I have discovered are the more common mostly used programming lanugages which are bash (shell), python and JSON since those are what I use on a daily basis.  I'm not an expert in any of these languages but I am happy to share my progress as I go through these.
You will find more info under the Programming Club on this site where you'll find discussions, blogs, images, files and more.  This page is just a doormat before you walk into the house of Programming.
Today, DryRun Security, came out of stealth as the co-founders James Wickett (me) and Ken Johnson (@cktricky) launched the company. To the readers of The Agile Admin, you’ll know that I post about security and its connection with devops from time to time.
We launched the company because the arc of the industry has created silos where legacy security solutions have  been geared towards security professionals rather than those who write the software. 
This leads to three significant gaps.  The first is testing for security issues after it’s been deployed leads to wasted developer and security team cycles when problems are discovered. The second is many of the bugs being identified are not even relevant,  resulting in false-positives. Finally, the third is application security teams lack an accurate picture of which code reviews require their expertise. This is further exacerbated by the sheer velocity and number of daily and weekly code updates. All of these problems lead to inaccurate, delayed, and often incorrectly prioritized security testing and ultimately , an overall less-secure codebase. 
DryRun Security fixes the disconnect between security and developers by performing Contextual Security Analysis which runs where developers work. As a developer writes code, they dry-run security testing and analysis  and get results back in near real time, which is where the name “DryRun” comes from.  This type of testing builds the security context of the code and provides feedback to developers whenever they make changes or write new code.
“The disconnect between engineers and security testers is due to a lack of security context making it back to developers” said James Wickett, CEO and Co-Founder of DryRun Security, “DryRun Security was created to address this fundamental disconnect under the assumption that developers truly care about the security of the products they are building. With that assumption, we believe that security should be an integral part of the software development process.  That’s why it’s our mission to provide engineers with a tool that makes it easy to identify and fix potential security bugs while the developer is working on that section of code.”
“At DryRun Security, we understand that once a developer can see the security context of their changes, they can make better decisions and create more secure applications. This is different from  the way that testing has been happening over the past two decades which has made fixing bugs inefficient, driving up costs and creating unnecessary hurdles for developers and security professionals.” Said Ken Johnson, Co-Founder and CTO of DryRun Security. “I experienced these headaches firsthand, which is why I started DryRun Security with James. Our belief is that the solution we provide will give developers the ability to integrate contextual security analysis into their development workflow and fix issues before they become bigger problems.”DryRun Security is currently running a private beta for their product, and they are accepting signups to the list.
Please visit https://dryrun.security to signup and join the early access list.
Link to the full Press Release
View the full article
“What is my manager’s deal, anyway?”
Here’s some career advice that can help you build a more effective relationship with your manager. Remember, they may be a manager but they don’t know everything, or everything that you do, and they are navigating work and life with just as much trepidation as you are! If you haven’t been a manager, it’s sometimes hard to understand why they’re doing what they are and how to best work with them to make both of you happy. So you want to figure out how to “hack” your manager by managing up!
For many years I treated my managers as random-weird-request generators, and frequently worked at cross-purposes with them. until I got advice on managing up and it helped my career.
Managing up, or managing your manager, is an important skill that can contribute to a more productive and positive work environment. Here are some key pieces of advice to effectively manage up:
Understand your manager’s priorities and expectations: Take the time to understand your manager’s goals, preferred communication style, and expectations. Ask them if it’s not obvious! This knowledge will help you align your work and approach accordingly, or at least find a happy medium. (Feel free and tell them the same about you!) Managers usually have a very specific reason for why they’re asking for something and why they are stressing the things they’re stressing; understanding why is the key to understanding them. Build a strong relationship: Develop a positive and professional relationship with your manager. Be proactive in seeking feedback, understanding their working style, and demonstrating your commitment to achieving shared goals. Our managers try to share the context of what needs to happen with everyone so that they can go do it with autonomy, so reflecting your understanding of and commitment to what’s going on at a high level helps them empower you. If you can help them achieve their goals via a plan you put together, it prevents them needing to “micromanage” by also dictating how to get there. Communication is key: Maintain open and regular communication with your manager. Keep them informed about your progress, challenges, and any important updates. Be clear, concise, and respectful in your communication, and adapt your style to match your manager’s preferences – remember they have a bunch of people they are trying to wrangle to understand the state of a lot of projects. Anticipate needs and be proactive: Try to anticipate your manager’s needs and take proactive steps to address them. Take initiative, suggest solutions to problems, and offer assistance when appropriate. Show that you are capable of working independently and taking ownership of your responsibilities. Make clear asks: Your manager is there to get you what you need to do your job and be happy and healthy. But everyone is different. They don’t know how you prefer to get recognized, or what kind of projects you want to work on, or resources you think you need to be successful… So tell them! They should be trying to figure it out by asking you too, but “communication is hard” and people often make assumptions based on a given situation or communication that may or may not reflect your needs. Provide solutions, not just problems: When you encounter challenges or issues, avoid simply presenting the problems to your manager. Instead, propose potential solutions or alternatives. This demonstrates your critical thinking and problem-solving skills, and it lightens the burden on your manager by offering actionable suggestions. If you don’t have a good solution to a specific issue it’s fine, but sometimes a manager can become dismissive of someone who “just complains all the time” because it adds work to a limited time without any help. Seek and act on feedback: Actively seek feedback from your manager on your performance and areas for improvement. Be open to constructive criticism and use it to grow and develop professionally. Demonstrate your willingness to learn and make necessary adjustments based on the feedback received. Manage your time effectively: Prioritize your tasks, set clear goals, and manage your time efficiently. This will help you meet deadlines, deliver quality work, and reduce the need for constant supervision. Ask if priorities or timings aren’t clear. Your manager dearly wants everyone to be able to do their own thing without any intervention but is held responsible by upper management for outcomes and project schedules/profitability. Be a team player: Collaborate and foster positive relationships with your colleagues. Support your teammates, share knowledge, and contribute to a cooperative and harmonious work environment. Show that you can work well with others and contribute to the overall success of the team. Managing up is not about manipulation or trying to control your manager. It’s about building a strong working relationship based on trust, effective communication, and mutual respect. By demonstrating your competence, reliability, and commitment, you can effectively manage up, have the trust and proactive support of your manager, and contribute to your professional growth and success.
(This article partially written by ChatGPT!)
View the full article
I have been in technology management for more than 20 years now and have worked in a wide variety of shops, and I think I’ve identified a key element that creates a good leader, and that is gratefulness.
Gratefulness Empowers Recognition
Everyone knows that “employee recognition” is important for morale; any company cites it as a priority whether they are really doing it or not. Sometimes it just gets forgotten – but sometimes there’s excuses given not to do it, concerns that it “sounds artifical” or that “they get thanks in form of their salary” or “people will be uncomfortable or jealous.” And some people honestly have a hard time doing it.
I’ve found that those that cultivate an actual spirit of gratefulness within them for other peoples’ work, especially for those who work for you and the sweat of their brow contributes to your success and growth, have an easier time of it.
This shouldn’t be a surprise. The classic Dale Carnegie book How To Win Friends and Influence People is often categorized as a “sales book.” It’s not, it’s way more profound than that and deserves a place in any leader’s library. In its introduction there’s explicitly a story of a man with 314 employees who did nothing but criticize them, then studied the book’s principles, and subsequently turned around his management strategy so he had 314 friends and not 314 enemies, leading to both increased happiness and increased profitability. And Part 2 of the book quickly gets to the “how” – it starts with “Become genuinely interested in other people” and ends with “Make the other person feel important – and do it sincerely.”
I don’t think it’s a shocking revelation that gratefulness leads to better recognition and therefor to better morale, but what I want to get across here is that even if you’re not good at that out of the gate, it can be learned.
And once you learn it, you get more help from other people.
I personally grew up as a very introverted person who was happy alone and on the computer, and not being very interested in others. But in my early career I quickly saw that was holding me back. I wanted to change it so I read How To Win Friends and Influence People and tried to put it into action. Awkwarly and self-consciously at first, of course.
Then something strange started happening to me. People I didn’t know would turn and talk to me in the elevator! I was, frankly, shocked. Generally in my life up to that point, in public I left people alone and they left me alone. I came to the realization that even my demeanor had changed and was more open somehow, and it was causing people I didn’t even know and wasn’t intending to interact with to feel like they could interact with me. And not to hassle me, but to help me.
Ungratefulness Leads To Bad Decisions
For many years I thought that gratefulness was just something that made you friendlier and made recognition easier and so was good in the long term. But then I worked at a startup where the CEO had a deep, fundamental lack of gratefulness, and I saw how that leads to critically bad decisonmaking.
Because people, and people’s work, have value – not in some hug-filled hippie sense, but in a very tangible sense. At the company in question the CEO came to me several times wanting to fire an engineer who had legit written 80% of the working product code in the shop “because he doesn’t think architect level.” He ousted a co-founder who was the only person who had actually brought in sales for the company. So years later it was a startup that had trouble even creating a shipping product and certainly wasn’t growing revenue, and had – seriously estimating – about 300% employee turnover in its lifetime. He sabotaged his own company because he couldn’t look at even objective value creation (working code! shipping product! sales revenue!) and value those who generate it at all.
That really made me stop and think. The stereotype of the ungrateful leader is one that only values hard objective results and “is mean” to people otherwise, but my experience has led me to the conclusion that’s a false dichotomy – if you are unable to see value you’re going to be unable to see it whether it’s in a person or in github or on a ledger book. Especially in a sector where that value is being created by the skilled workers!
Instead, you want to train yourself to see value so that you can gather more of it and help it grow! It’s not just being a kind leader because that’s “in” this decade, gratefulness is actually a strength you can develop that helps you make effective decisions.
View the full article
Hey all! James and I are preparing to revise our LinkedIn Learning course, DevOps Foundations, a three hour set of videos designed to orient beginners in the whole scope of DevOps. 
We created the course in 2016 primarily because at the time there were no good introductions to DevOps. You needed to know what blogs to follow and what events to go to and that was it. Even the DevOps Handbook hadn’t come out yet. And this provided a very high barrier to entry to the field. And we believe in learning and collaboration so we knew what we had to do!
Since then, it’s been one of the top tech courses on LinkedIn Learning with over 400,000 learners so far and has generated a dozen other courses drilling down into detail in specific areas. The things that make it worth it to me is the people we run across who say “this helped me improve my career.” My favorite was one gentleman who pulled me aside at the Aqua Security booth at RSA back before the pandemic and said “Hey, I had just gotten out of the Army and was trying to get a good job, and so was looking at tech. Your course oriented me enough that I got a sales job here!” Being able to help people like that is a rare privilege and we really value it.
Please fill out our survey to let us know what you think are the key things someone needs to learn about DevOps – whether they have some existing dev or ops knowledge or are just getting into it!
Here’s the old table of contents for reference… A lot of this hasn’t changed, the basics are still the basics, but it has been 7 years and a lot has changed, some things to add, some things to change, some things to cut. Let us know your opinion!
DevOps Basics What Is DevOps? – Understand the meaning of DevOps and why you might care about it. DevOps Core Values: CAMS – Culture, Automation, Measurement, and Sharing are the core values of DevOps. DevOps Principles: The Three Ways – The Three Ways can guide your strategic approach to DevOps. Your DevOps Playbook – There’s a developing list of patterns and methodologies that can help you transition to DevOps. Ten Practices for DevOps Success: 10 through 6 – Tactical, pragmatic tips for DevOps success in your organization Ten Practices for DevOps Success: 5 through 1 – Tactical, pragmatic tips for DevOps success in your organization DevOps Tools – the Cart Or The Horse? – The role of tools in DevOps and tips for selecting and using tooling to achieve your end goal. DevOps: A Culture Problem The IT Crowd and the Coming Storm – Existing IT culture has both internal and external problems. Meanwhile, new challenges of scale and business cadence are pressing technology departments to change. Use Your Words – Communication is the key to collaboration and solving problems when the stakes are high. Do Unto Others – Build trust and respect and eliminate blame and hostility in your teams. Throwing Things Over Walls – Break down the silos and establish a culture of responsibility and ownership, and align your teams to support the flow of concept to cash. Kaizen: Continuous Improvement – Everything can be iterated upon to make it better – even yourself! The Building Blocks of DevOps DevOps Building Block: Agile – DevOps extends Agile principles to include deployment and operations. DevOps Building Block: Lean – Understanding Lean can be the difference between a DevOps implementation that helps you achieve your company’s goals and one that’s just “the same but different.” ITIL, ITSM, and the SDLC – Where does the “old school” fit in to a DevOps world? Infrastructure Automation Infrastructure As Code – Take a fundamentally different approach to building distributed systems whether in the datacenter or in the cloud. Golden Image to Foil Ball – Learn about configuration mangement, automated provisioning, deployment and orchestration. Immutable Deployment – With the rise of containers, different CM patterns are gaining currency. Your Infrastructure Toolchain – Common tools in this space include Chef, Puppet, and Ansible but new container-based approaches like docker are on the rise. [Yes, this was before terraform and kubernetes, definitely places to update] Continuous Delivery Small + Fast = Better – Delivering small batches of change quickly reduces risk, improves quality, and restricts technical debt. Continuous Integration Practices – Learn about Continuous Integration, Delivery, and Deployment, which you need and how to get there. The Continuous Delivery Pipeline The Role Of QA – Move from manual testing to automated with Test Driven Development (TDD) and Behavior Driven Development (BDD). Your CI Toolchain – From Github to Jenkins, your code pipeline consists of many different parts with specific functions. Reliability Engineering Engineering Doesn’t End With Deployment – If you build it, you run it and other patterns for reliability engineering. Design For Operation – Theory – Building a system to be resilient is the highest leverage step in ensuring high uptime and low MTTR. Design For Operation – Practice – Ops has learned hard lessons about resiliency over the years – take it into account when building your applications. Operate For Design: Metrics and Monitoring – Operational support isn’t just keeping the systems up, it provides crucial feedback back into the development cycle. {Yes, the kids call this observability now] Operate for Design: Logging Your SRE Toolchain – Monitoring, troubleshooting, and metrics are a vital space in your tooling strategy. Additional DevOps Resources Unicorns, Horses, and Donkeys, Oh My – In an emerging discipline, going to events to learn from other expert practitioners is your fastest route to success. Ten Best DevOps Books You Need to Read – There’s a growing number of books on DevOps, here’s our top 10 reading list. Navigating The Series of Tubes – DevOps information on the Web is fragmented and hard to find sometimes; here’s some of the best places to watch. The Future of DevOps Cloud to Containers to Serverless – Profound changes to our computing model have arrived to challenge many of our established practices. The Rugged Frontier of DevOps: Security – Security is changing and is rapidly uptaking the DevOps movement, we cover the major implications here. {Yes. the kids call this DevSecOps now] Conclusion Next Steps: Am I a DevOp now? – Learn what next steps you should pursue for growing in DevOps understanding and practice. View the full article
Well, the Agile Admins have handed the reins of DevOpsDays Austin off to a new generation! And DoDA 2023 is coming up next week! I’ll be there, participating rather than wrangling for once…
Shaun Mouton, one of the new core organizers, asked me to share an annotated overview of items which may be of interest to attendees! So read on, and hope to see you out at the conference.
Austin musical notes
for Visitors and Interested Parties
DevOpsDays Austin 2023 is coming up quite soon, and I thought I’d mention for the out-of-towners and folks who might want to know that there are some decent shows happening around the same time:
May 3rd: The Black Dahlia Murder w/Terror, etc at the Mohawk
Metalheads, trudge through some sludge. TBDM is here. Daisy The Great at Antone’s
If twee indie pop heavy on harmony is your thing get your fill of Brooklyn’s darling sextet at Antone’s. Portland’s Olive Klug is playing too and this will probably be a really fun show. The Drakes at Saxon Pub
The Drakes put on a tremendous rock n roll show at one of Austin’s classic venues. Arc Angels at Gruene Hall
I can’t make this show and I’m bummed about it. You should go catch this Hill Country supergroup at one of Texas’ finest music venues. Warren Hood at ABGB
I’ve heard good things about his shows but haven’t made it yet. Still, I feel pretty comfortable recommending this one. Wednesdays with W.C. Clark at Pinballz Kingdom in Buda
The Godfather of Austin Blues lays it down. W.C.’s still got it and you can get it too. Libby and the Loveless
Sam’s Town Point is a great place to hang out and see a show, and L&tL (nobody calls them that) will play a fine mix of country standards. Michael Hale Organ Trio & Sketch at C-Boy’s Heart & Soul Bar
If you’re coming to Austin for the first time or haven’t been to C-Boy’s you might want to make this show. Great venue, great music. Matt the Electrician & friends at The 04 Center
Matt’s fantastic, this is likely to be a great show, and the 04 is a good venue for them. May 4th: Lil Wayne at Stubb’s
I might skip out on evening events if I can make this one. Sorry y’all, it’s Tha Carter. Tennis at ACL Live at the Moody Theater
Tennis is a bit precious, but if you’re into it they’re a lot of fun. Dance it out at the Moody. Barbara Nesbitt & Friends at The Continental Club Gallery
I’m getting a little annoyed writing these now, there’s so much to see. Nesbitt’s voice is a delightful slice of Americana. Two Step Lessons
You’ve got good choices if you want to learn how to two-step on Thursday. Sam’s Town Point and the White Horse cater to newbies who want to learn how to put a little twang in their electric slide. Large Brush Collection, Little Mazarn, Jenny Carson at Feels So Good
FSG started out as a differently named screenprinting shop and showed up at a few local tech conferences making shirts for attendees to-order. They’re chill people and put on a great series of shows at the shop. Greg Koch at the 04 Center
Pretty sure Koch is going to tear the A-frame roof of the sucker. If you’re into groovy six-string acrobatics this will be a fun outing. The Arc Angels with Madam Radar at Riverbend Centre
Again, probably going to have to miss this one For Reasons, but I’m not happy about it. Grab this chance to see some of our local greats burn the house down. Manny Velazquez at the Little Longhorn Saloon
Manny V knows country music, puts on a good show, and Austin’s lucky to have him. Classic country sound at a fun little venue. May 5th: The Blues Specialists at The Continental Club
The Blues Specialists have been holding down the Continental Club for ages with their Texas-style jump blues. If that sounds even a little like your jam, it’s absolutely your jam. Get you to the Continental, friend. The Psychedelic Furs at ACL Live at the Moody Theater.
You a Furs fan? This would be a decent opportunity to catch them. The Moody Theater is a fine place to see a show. Oh, and apparently Evan Dando too, as a treat. Charlie Robison at Gruene Hall
Charlie Robison is a genuine Austin treasure, and Gruene Hall is a stellar venue to see him perform. One of the finest singer-songwriters to come out of a town overflowing with them. Wild Child at Emo’s
Austin indie pop band, they’ve got a lot of fun songs. The vocalist reminds me of my favorite New Orleans chanteuse. Austin tasty eats
local food recommended by a local (it me, I grew up here)
Start here with this guide from Paul Czarkowski and friends for stuffing your face around this place. It could be somewhat out of date, things change pretty fast around here. I’ll add some notes of my own here even though I’ve contributed to that before:
Central TX BBQ
Don’t bother with the BBQ sides, it’s all about the meat. Have a nice salad somewhere else before and after or maybe a smoothie from Juiceland. Kerlin BBQ has sadly closed up shop, although they do still sell tasty kolaches. Gourdough’s may have closed too, which would be a blessing for my waistline. Quesabirria tacos
These are still pretty hot right now, but prepare yourself. You dip the tacos in the cup of consomme and it all drips, this ain’t for fancy dress occasions. Bring extra napkins, and eat em fast before the tacos cool off from the griddle. La Tunita 512 – 2400 Burleson Rd
this was one of Austin’s first offerings for quesabirria de res, and they’re delicious. Actual Tacos
There’s Tacodeli and Torchy’s for the white people food that’s pretty tasty, and then there are tacos. These are taco joints. Cuantos Tacos – 1108 E 12th St
Located about a mile away from the Alumni Center, Cuantos serves the sort of tacos you might find in CDMX. They’re good. Veracruz All Natural (and Veracruz Fonda)
Somewhat fancy, somewhat down-to-earth, Veracruz is tasty and I am happy to recommend them to you. Other Items Of Interest
If you’re spending any amount of time here and need something not covered by this guide feel free to holler at me on whatever social media platform you favor and can find me, I’ll be happy to come up with something that’ll put a smile on your face. I’m glad you’re going to be at the conference, please say hi or wave in my general direction if you get a chance!
Shaun
View the full article
OHC_logo_transparent_01.jpeg flags-medium.png OHC_logo_blue_square_small.jpeg

 

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.