Ready, Set, Architect!

A Quick Talk This is a quick tour through why we need to architect, a couple of the frameworks, and finally several helpful tools. It started out as a 5-minute lightning talk but turn more into an 8-minute flashflood. I want to thank the @chadevs for giving me the time to come and speak to the great group there. There was a good crowd that filled up the room. If you haven’t attended a Chattanooga Developers, ChaDevs, Lunch Meeting then check them out on Meetup.

Session Box

I draw a lot of diagrams. With all these diagrams there are an endless number of revisions and refinements created in the process. Some of the changes are necessary while others are definitely not earth-shattering. Timeboxing In time management, timeboxing allocates a fixed time period, called a time box, to each planned activity. It is also used for individual use to address personal tasks in a smaller time frame. Although timeboxing is a great idea it doesn’t always work when producing architecture.

The Certified Cloud Security Professional Test

First things first The most important point, for me anyway, is that I passed the test. It was helpful for me to hear how other people passed their tests and how they obtained their certifications. I can’t guarantee that you will pass the test if you read this but hopefully you will pick up a couple of tips that may help you along the way. What is the CCSP The (ISC)2 CCSP is a joint effort between the (ISC)2 and the Cloud Security Alliance.

Entitlements in a Multi-tenant World

We are in a super-shared, and super-scaled world where rights are no longer concentrated in one place. Your rights and permissions are living everywhere in the neighborhood. They have left home. These is the presentation I used for a basic talk on why it is important to understnad how entitlements work these day. It was meant for presenting but you may get somehting out of it. Entitlements in a Multi-tenant World(PDF) Entitlements in a Multi-tenant World(PPTx)

B-Sides Nashville 2016 Presentation

IAM Complicated: Why you need to know about Identity and Access Management B-Sides Nashville 2016 was a great event. Here are the links for the presentation. The IAM Complicated Recording thanks to Iron Geek. IAM Complicated Presentation(PPTX) IAM Complicated Presentation(PDF)

B-Sides Nashville 2016

I have been given the opportunity to speak at B-Sides Nashville 2016. This year’s topic will be all about identity access and management. IAM Complicated: Why you need to know about Identity and Access Management Do you know where identities are born? How can you tell what an identify can and can’t do? What do you do when you realize your refrigerator has an identity of its own? If your IPS blocks your refrigerator you may lose access to your pizza.

What is the secret of the Grail?

Grail Figure: What is the secret of the Grail? Who does it serve? Perceval: You, my lord. Grail Figure: Who am I? Perceval: You are my lord and king. You are Arthur. Grail Figure: Have you found the secret that I have lost? Perceval: Yes. You and the land are one. Doesn’t this sound like a conversation you overheard between several architects standing around the watercooler? Do you feel like we have long forgotten the secret of The Architecture?

OpenSDL Presentation

Here is the condensed version of how to mix security into agile development. Agile and Security. (PDF) Concept Platform A basic framework for the concept has been built around a Wiki and the OpenSAMM. This framework should be good enough to grow the idea and determine if it will add security value. The current version is here: Http://

B-Sides Nashville 2015

I got the opportunity to be at B-Sides in Nashville over the weekend. It was a great opportunity to mingle and meet people who had an interest in information security. One of the best parts was a great mix of old professionals and quite a few new people who were interesting in seeing what security is all about. It was a good time and I appreciate all the effort it took to make it happen.

Open Security Development Lifecycle

We need a no-frills and roughly-right life-cycle to raise our level of software Security Assurance. Right now there are several security life-cycles both in the wild and available through vendors. None of those attend to the full spectrum of security and risk needs. Most are heavily centered around software testing but the security umbrella is much larger than that. Maybe more importantly development and delivery methodologies have changed drastically over the last couple of years.