helped 4. Rapid organizational learning was enabled and accumulated ii. Public knowledge versus private knowledge from emails b. AUTOMATE STANDARDIZED PROCESSES IN SOFTWARE FOR RE-USE i. Don’t store known vulnerabilities and consolidate multiple versions of the same library iii. 2014 Verizon PCI Data Breach Investigation Report – studies over 85K cardholder breaches. 10 vulnerabilities accounted relevant telemetry 1. Successful/unsuccessful logins 2. Password resets 3. Email resets 4. PII or private changes l. CREATE SECURITY TELEMETRY IN OUR ENVIRONMENT i. Create environment telemetry 1. OS

small-medium-large as units for assigning story points. Over time, as the teams accumulate performance data, this iterative and incremental4 process improves accuracy in allocating points. Point values are typically is the contractor team of software developers, including software and security engineers, data specialists, testers, quality assurance, and configuration managers. Ideally these participants community. This guide recommends that DoD programs consider six months as the release timeframe. Many private sector companies using Agile techniques deploy capabilities every month, but that cycle is likely

stewarding three critical assets: the Enterprise Architecture asset, the IT people asset, and the data asset. These three assets represent the capabilities of the company and its ability to address the com/groups/AgileForDefense/permalink/2557027747901552/ or https://bit.ly/39IOrGw The group is private so the first time you visit you likely have to wait for an admin to approve your request to join

problem-solving. ii. Telemetry – An automated communications process by which measurements and other data are collected at remote points and are subsequently transmitted to receiving equipment for monitoring development. Operations don’t just monitor what’s up or down. ii. Modern Monitoring architecture 1. Data Collection at business logic, application, & environments layer a. Events, logs, & metrics b. Common 1. Authentication/authorization decisions 2. System and data access 3. System and application changes, especially privileged changes 4. Data changes (CRUD) 5. Invalid input, possible malicious injections

proceeds the data • Put the data in • Fast to use • Can lose subtle contexts • Good for exploitation; not for exploration & change Sense-making Frameworks Sense-making framework - the data proceeds proceeds the framework • Capture the data • Patterns emerge from the data • Provides context and awareness • Good for non-trivial domainsObvious • Cause & Effect Relationships exist • Relationships

Operations to improve outcomes 2. Ch. 9 – Create the Foundations of Our Deployment Pipeline a. Enterprise Data Warehouse program by Em Campbell-Pretty - $200M, All streams of work were significantly behind schedule Application code & dependencies 2. Environment scripts & creation tools 3. DB scripts and reference data 4. Containers 5. Automated tests 6. Project artifacts – documentation, procedures, etc. 7. Application Smoke testing our deployments – test connections to supporting services and systems, run sample data/transaction tests, fail deployment if needed 3. Ensure we maintain consistent environments – continually

environment and ensuring service levels are met v. Infosec – team responsible for securing systems and data vi. Release Managers – the people responsible for coordinating the production deployment processes PLANNING HORIZONS SHORT i. Act like a startup, strive to generate measurable improvement or actionable data within weeks f. RESERVE 20% OF CYCLES FOR NON-FUNCTIONAL REQUIREMENTS AND REDUCING TECHNICAL DEBT

and other version control tasks. As a distributed revision control system it is aimed at speed, data integrity, and support for distributed, non-linear workflows https://try.github.io/levels/1/challenges/1

3rd Party Application Installations  Route Adds – requires heightened security access  Database Data Script Execution  Load Balancer Node Disablement  OS and Security Patching  Requesting access

activities. A flow state ensues when one is engaged in self-controlled, goal-related, meaningful actions. Data regarding flow were collected on thousands of individuals, from mountain climbers to chess players