Name: DevSecOps – Ensuring built-in-Security in an evolved DevOps landscape
Start: 2020-10-06T12:00:00Z
End: 2020-10-06T12:01:06.000Z
Location: BrightTALK
Rating: 4.7

The webcasts in this channel will highlight trends and best practices for the application development lifecycle as well as how to make sure your application maintain a steady level of service.

The very nature of testing is undergoing radical and continual change. Testers need to be aware of these dramatic shifts and prepare to redefine their careers. The testing profession has evolved to meet the challenges of agile development, increasing levels of test automation, DevOps and quality engineering. We embrace our roles as members of software development teams and we recognize that as such, testing is a social activity. We become data scientists as we train and test AI, mitigating the effects of bias and groupthink.  We are shifting both left and right, and yet we are only in the early stages of a profound transformation in testing skills and the roles testers will play in delivering quality software.

Testers ask what knowledge and skills are needed to have a successful career in an era where testing means many different things. In this presentation, viewers will learn current trends and make educated analyses of what the future of testing and test activities may look like.

Tune into this session to hear Industry thought leader Gerie Own discuss how the testing profession has responded to the dramatic shifts in the software development lifecycle and provide testers with an approach to prepare for the future. She'll describe the “T” shaped skill assessment theory and show testers how to evaluate their skills, strengths and weaknesses and determine their next direction.  Finally, I’ll introduce the concept of the “Flexible Generalist” and show you can become a tester of the future.

Takeaways:
1. Attendees will understand how the role of the tester has evolved and how testers met the challenges of those changes.
2. How to embrace testing as a social activity.
2. Learn what skillsets and mindsets will be important to the tester of the future
3. How to prepare ourselves to become the testers of the future

The Tester of the Future

If you work on a large-scale software system, odds are that a significant part of your build goes to test execution. It so often happens that you change one line of code but you get thousands of tests running, even though the majority of those tests don't even get close to that line of code. This happens because build tools don't know much about what your tests really cover and because they are quite conservative. Test selection is a problem that software engineering researchers have been working on for decades now. 

In this talk, author and professor Mauricio Aniche will describe all the technical details of how we've implemented our own test selection algorithm at his company Adyen. The benefits were significant: 30x reduction in test case execution, 12x reduction in CPU time, and pipelines 10% to 30% faster.

Test Selection in Practice: Saving Time and Resources

Tune into this session to learn how AI is reshaping software development. Industry thought leader Atulpriya Sharma will walk through how AI can assist at every stage -- planning, designing, coding, testing, and deployment -- while also addressing the challenges like maintaining quality, ensuring security, and managing AI limitations.

The key takeaway is that AI isn’t here to replace developers but to make their work faster and more efficient. Viewers will learn best practices for adopting AI tools, like building effective human-AI workflows, ensuring oversight, and creating feedback loops for continuous improvement.

The AI-Enabled Developer: Maximizing Productivity Across the Development Pipeline

As the pharma industry confronts the dual challenges of regulatory compliance and the opioid crisis, innovative technological solutions are essential for safeguarding public health and ensuring legal adherence. This webinar explores how the convergence of AI and low code/no code (LCNC) platforms are revolutionizing the monitoring of suspicious orders in wholesale drug distribution. Our focus will be on the practical application of these technologies to enhance the monitoring and control of controlled drug dispensation, for millions of orders processed by a large wholesale pharma distributor.

Key takeaways:
- Understanding the need for monitoring suspicious orders: Overview of regulatory requirements and compliance. The impact of the opioid crisis and challenges in legacy methods.
- Introduction to LCNC platforms: Definition, benefits, and examples. How LCNC democratizes AI and tech development.
- Integrating AI with LCNC: Integration of AI capabilities with LCNC platforms. Benefits and case studies of AI-LCNC integration from various industries.
- Specialized use cases: Objectives and scope of monitoring suspicious orders in drug distribution. System architecture and workflow from data ingestion to alert generation.
- Implementation insights: Implementation process using LCNC tools. Adherence to security and compliance.
- AI models and algorithms: Overview of AI models used. Training, validation, and handling large datasets for accuracy.
- Real-world results: Key metrics, KPIs achieved, and case studies of detected suspicious orders. Impact on compliance and operational efficiency.
- Challenges, lessons learned and future directions: Technical and operational challenges faced and ways to overcome them. Future enhancements, scaling and emerging trends in AI and LCNC.

Join us to learn how the synergy of AI and LCNC platforms can transform the monitoring of suspicious orders in drug distribution, ensuring a safe and compliant pharma supply chain.

Smart Drug Order Monitoring: AI Meets Low Code/ No Code

How can organizations enable non-technical users to leverage AI through Low Code/No Code platforms without requiring extensive programming knowledge?

This panel session with Doreen Sebben, senior IT leader, Charlotte McGuire, B2B product leader, and Pamela Baker, founder of Core Four Productions, will cover best practices for: 
- Creating user-friendly interfaces.
- Providing appropriate training and support.
- Integrating AI capabilities into business workflows.
- And more.

This discussion is designed to help you empower team members, regardless of their technical background, to be more comfortable with using AI and drive innovation within your organization.

Empowering Citizen Developers with AI-Driven Low Code/No Code Tools

This presentation explores the revolutionary impact of generative AI (GenAI) on low-code development, empowering individuals and organizations with little to no/low coding experience to become software creators. Witness how GenAI breaks down traditional barriers, making software development accessible to small and big tech companies.

- Brainstorming and Design: Learn to harness GenAI for idea generation, rapid prototyping, and design
- Unlock Your Potential: Explore how GenAI-powered no/low-code platforms provide intuitive tools and AI assistance for code generation, UI design, and automation
- Accelerate Your Journey: Understand how GenAI accelerates the learning curve for aspiring developers and provides a stepping stone to advanced coding skills
- Custom Solutions: Discover how to develop custom GenAI agents tailored to your unique needs
- Future of Development: Examine GenAI's potential to democratize software development and shape the future of tech innovation

From Novice to Developer: The GenAI Low-Code Transformation

The integration of artificial intelligence (AI) into low-code/no-code platforms is revolutionizing the way businesses develop and deploy intelligent applications. Tune into this session presented by TD Bank's Pankul Chitrav to learn how these platforms empower non-technical users to harness the power of AI, enabling rapid prototyping and deployment without the need for extensive programming skills. However, while the accessibility of AI through these platforms presents numerous benefits, it also brings challenges related to security and code quality that must be carefully managed.

Harnessing AI in Low-Code/No-Code Platforms: Strategies for Secure and High-Quality Implementation

Let’s say you hear a claim that test tooling is coming that will recognize a failure, file a report, fix the production code, re-run and note the defect is fixed. Is this credible or not? How would you know?

It seems like every day we are bombarded with claims like this. Yet no one talks about discernment. Here we are, discussing testing, a professional activity whose role includes figuring out what is really going on, whose philosophers talk about epistemology, the science of knowing, and no one is talking about how to figure out what is actually going on in AI as an accelerator of testing.

It’s time we start.

Starting with an explanation of how large language models (LLMs) actually work, speaker and author Matt Heusser will build a conceptualization to help you understand what they are actually doing, and why they seem to work yet fail so spectacularly so often. After that he’ll discuss some actual practical applications, including a few real examples from the field. The goal here isn’t to give you an answer -- it is to give you a feel for how to find out the answer

Finally, we’ll put AI in context, compared to other “veritable tsunami waves” that were going to eliminate what came before.

Some ideas in AI are hip; some are hype. 

Let’s start talking about how to know the difference. 

… maybe with a couple of hip examples if we can.

About the speaker:
Matthew Heusser is the managing director at Excelon Development, and the co-author of “Software Testing Strategies: A Guide for the 2020’s.” He is also the 2014 recipient of the Most Influential Agile Test Professional Person (MAITPP) award in Potsdam Germany, a 2015 recipient of the Most Popular Online Contributor to Agile at the Agile Awards (Marble Arch, United Kingdom). Over the course his adult career in software, he has served two terms on the Association for Software Testing and delivered keynote speeches on the topic on three continents. Learn about Matt at www.xndev.com.

Discernment in AI: Hip vs. Hype

If generative AI models train on open source code, do they violate open source licenses? That's a question that AI developers, open source advocates and lawyers continue to hash out. The answers they find are poised to have profound consequences both for open source communities, forcing them to rethink software licensing strategies; and for developers who create software with help from generative AI-based tools (such as Copilot), which may or may not turn out to create licensing liabilities.

Although it remains unclear at present how the licensing debates surrounding open source and genAI will ultimately play out, it's not too early to predict what may plausibly happen. Tune into this session presented by professor and lecturer Christopher Tozzi  as he assesses the history and current state of legal claims involving GenAI and open source software and offers guidance on how developers who leverage genAI coding tools can best protect themselves against potential licensing issues.

About the speaker
Christopher Tozzi, a professor and freelance writer, has been writing and teaching about technology for more than a decade, with particular focus on topics including open source, software development and AI/ML. He is the author of For Fun and Profit: A History of the Free and Open Source Software Revolution (MIT Press, 2017), as well as an adjunct research advisor for IDC and a frequent contributor to media sites such as TechTarget, InformationWeek and Data Center Knowledge.

Assessing the State of Open Source Software Licensing and Generative AI

We would like to think that AI-based machine learning systems will always produce the right answer within their problem domain. However, in reality, their performance is a direct result of the data used to train them. The answers in production are only as good as that training data.

But data collected by human means, such as surveys, observations, or estimates can have built-in human biases, such as the confirmation bias or the representative bias. Even seemingly objective measurements can measure the wrong things or miss essential information about the problem domain.

The effects of biased data can be even more insidious. AI systems often function as black boxes, which means technologists are unaware of how an AI came to its conclusion. This can make it particularly hard to identify any inequality, bias, or discrimination feeding into a particular decision.

Tune into this talk to learn how AI systems can suffer from the same biases as human experts, and how that could lead to biased results. Viewers will learn how testers, data scientists, and other stakeholders can develop test cases to recognize biases, both in data and the resulting system, and how to address those biases.

About the speaker
Gerie Owen is a Lead Quality Engineer at ZS. She is a Certified Scrum Master, Conference Presenter and Author on technology and testing topics. She enjoys analyzing and improving test processes and mentoring new Quality Engineers as well as bringing a cohesive team approach to testing. Gerie is the author of many articles on technology including Agile and DevOps topics. She chooses her presentation topics based on her experiences in technology, what she has learned from them and what she would do to improve them. Gerie can be reached at gerie@gerieowen.com.  Her blog, Testing in the Trenches, is https://testinggirl.wordpress.com/ and she is available at www.gerieowen.com  and on Twitter and LinkedIn.

Testing for Cognitive Bias in AI Systems

As businesses increasingly embrace digital transformation, the role of software methodologies becomes paramount in steering organizations toward success.

In a thought-provoking presentation, Anastasiia Syrota, Project Manager at Intellectsoft, will delve into the dynamic realm of software methodologies, offering valuable insights into the top strategies being used by Intellectsoft that other companies can learn from, potentially influencing the way they approach software development in the coming year. 

Anastasiia will provide: 
- A comprehensive overview of the current software landscape, illuminating the key methodologies that promise to redefine how enterprises operate, innovate, and thrive.
- Actionable advice on tailoring methodologies to specific organizational needs.
- Attendees will leave better equipped to navigate the digital landscape and propel their enterprises to success in this year.

 Don't miss the chance to gain a strategic advantage. Having been in software development since 2007, Intellecsoft completed 500+ successful projects, including the world’s top companies, such as Universal, E&Y, Nestle, and many more

Top 12 Software Development Methodologies to Use in 2024

Companies today often find themselves in positions where writing software tests are time-consuming and unproductive. leaving developers lacking clear guidance for how to test important features. Once your company reaches a certain size, it's important to develop a scalable test strategy to ensure engineers can continue writing good tests in a productive manner. 

In this talk, tech lead, author and professor Dr. Mauricio Aniche will explore different factors at play when designing a test strategy as well as the different trade-offs you will have to make to implement the right approach for your company. 

About the speaker
Dr. Maurício Aniche’s life mission is to help software engineers to become better and more productive. Maurício is a Tech Lead at Adyen, where he heads the Tech Academy team and leads different engineering enablement initiatives. Maurício is also an assistant professor of software engineering at Delft University of Technology in the Netherlands. His teaching efforts in software testing gave him the Computer Science Teacher of the Year 2021 award and the TU Delft Education Fellowship, a prestigious fellowship given to innovative lecturers. He is the author of the “Effective Software Testing: A Developer’s Guide”, published by Manning in 2022. He’s currently working on a new book entitled “Simple Object-Oriented Design” which should be on the market soon.

Designing a Scalable Testing Strategy

DevOps is great, if you have the people, processes and tools to support it. In this session I’ll highlight the easiest ways for Java developers to work with their IT organizations and partners to deliver their code to the cloud, including the best ways to reliably make updates and maintain production cloud code. The focus is on real-world examples using Linux command line tools, open source tools including Jenkins, and other free SDKs and tools available on GitHub. The examples, tools and demos that I show are applicable to any cloud platform, and all are available on GitHub. I will show Microsoft Azure running the samples but will not be selling azure - this is a technical talk that will focus on the code.

DevOps for Java Shops

For competitive survival,  continuous improvement in product development capability is very important. DevSecOps and Agile development  are two very important framework for going in that direction though rolling out them may be fraught with challenges. There can be several reasons for that. This webinar will focus upon some of the best practices and lessons learnt from speaker’s past experience in multiple organizations and multiple products. This may benefit in making these transformations successful in your own organizations.

DevSecOps and Agile Transformation – Best Practices and Lessons Learnt

As COVID-19 shutdowns sent everyone working from home and close offices for a while, we took the opportunity to eliminate our physical infrastructure, network, domain, and servers and go completely virtual and cloud-based. In this session, we will cover:
What it takes to go virtual
What challenges we had to overcome
What benefits we achieved
What do we now that offices around the world are opening up
We will pay special attention in the session to the security aspects of this transition, both from an internal security administration standpoint and an external cybersecurity defense standpoint.
 
Attendees in this session should be interested in what it looks like to be 100% cloud-based and virtual, and what it takes to get there.

Thanks, COVID-19! Leaving Hybrid Behind To Go All Virtual

The cloud carries unique threats. The cloud Security Alliance  (CSA) is rapidly becoming the OWASP of cloud security standards. DevOps, containers, micro services, APIs, and orchestration are table stakes for effective cloud-native applications. Securing these software interfaces, configurations, and processes is NOT a trivial task. Furthermore, automation isn’t a panacea; in fact, it can mask critical security flaws that propagate. 
This session will describe the Top Threats to Cloud Computing (aka “the Egregious Eleven”), how to identify and mitigate these threats, and how they fit into a cloud-native security program.

The Egregious 11 — Defending Against the CSA Top Threats

DevSecOps extends DevOps, in that everyone in the software development life cycle is responsible
for security bringing operations and development together with security functions. DevSecOps
embeds security in every part of the development and operations processes. It is about automating
core security tasks by embedding security controls and processes early in the DevOps workflow
(rather than being bolted on at the end). For example, this could be the case when migrating to
microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud
infrastructure. It is about getting security back into the lifecycle, or as it has been described: ‘shifting security left’.

Integrating security into DevOps to deliver DevSecOps requires new mindsets, processes, and tools.
Starting with continual Risk Assessment, Security and Risk Management leaders need to adhere to
the collaborative, agile nature of DevOps to be seamless and transparent in the development
process, making security as silent, encompassing, and seamless as possible.

How to get a business to approach built-in security, from the beginning and continually:
1. By establishing a security and data privacy strategy – a Security Program spanning people, process, products with Risk Assessment and Policies.
2. Integrating Data Protection, Secure Coding and Testing practices within the engineering
lifecycle.
3. Leveraging automation to integrate security into the DevOps &amp; CI/CD pipeline – from code scanners through to continuous security configuration management and remediation – in Dev, Testing, Staging, Production environments.
4. Finally, staying abreast of practices, regulations, auditing and remaining certified, in true intent and spirit.

DevSecOps – Ensuring built-in-Security in an evolved DevOps landscape

DevOps

DevSecOps

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

DevSecOps – Ensuring built-in-Security in an evolved DevOps landscape

Presented by

About this talk

Application Development and Management