time through incremental investments.  Managing the EA asset is an art, just as all strategic management is an art. Just as the CMO must sense market opportunities, weigh tactics for communicating with of buying off the shelf.  The risk of developing a system incrementally and altering it based on user feedback is often lower than that of buying a finished product that is hard to change.  The advantages product that does not fit our business and customize it until it does.  We offer our business users a user interface that is clunky because it was designed for users in the abstract across many possible companies

operations will derive NFRs. Codify these into the tests and pipeline f. BUILD REUSABLE OPERATIONS USER STORIES INTO DEVELOPMENT i. Goal – make recurring work as repeatable and deterministic as possible; testing efforts – Part 6: The Technical Practices of Integrating Information Security, Change Management, and Compliance 1. Introduction a. Goal to simultaneously achieve Information Security goals Pipeline a. INTEGRATE SECURITY AND COMPLIANCE INTO CHANGE APPROVAL PROCESSES i. Effective change management recognized different risks associated with different types of changes, to be handled differently

are being achieved. iii. Logging Levels 1. Debug – anything that happens in the program 2. Info – user driven actions or system specific 3. Warn – conditions that could become an error and will likely a termination iv. Examples of potentially significant events (Gartner’s GTP Security & Risk Management group) 1. Authentication/authorization decisions 2. System and data access 3. System and application INTEGRATING A/B TESTING INTO OUR FEATURE TESTING i. Random subset of users shown differing versions. User groups define a cohort. Statistical analysis of cohort’s outcomes from differing versions used to

through hands-on “shipping” of product. Management for the sake of management is not respected.  Get things done: The hierarchy must be flattened. Layers of management get in the way of goals. The employee employee wants the shortest possible path to shipping code without needing layers of approval. Management should be close enough to the action that they can demonstrate understanding—witnessing employees’ information, IT can lead the organization in learning and in deriving business value from good risk management and from making the most of opportunities that present themselves. Steward of Assets: senior IT

 working off a single backlog of features, driven by vision and roadmap  product and release management, release planning  program psi objectives  common sprint lengths - system continuous integration  business epics  architectural epics  kanban epic system – limit WIP  program portfolio management, enterprise architect  value streams  investment themes - provide operating budgets for release

Development  Operations (Operational Waterfall)  Infrastructure Ops  Product Ops  Product Management  Every technology under the sun  Solaris, Windows, Linux  Apache, IIS, TCServer, etc.  homogenization and assimilation – no snowflakes  Deployment methodologies, automation, monitoring, and management tested continuously. Steve Barr steve.barr@csgi.com @srbarr1 Overall Quality improvements, “it”

Security Stack enables: correlated and centralized logs, container security, east/west traffic management, a zero-trust model, a whitelist, Role-Based Access Control (RBAC), continuous monitoring, signature-based This can also be used to send notifications when there is anomalous behavior. 4. Vulnerability Management 5. A service mesh proxy to connect to the service mesh 6. Zero Trust down to the container

seek feedback on its work? How will it solicit feedback and guidance from management? How frequently will it engage management? I want to make sure that we have an understanding on how my input and feedback

need to tighten up our change controls… what’s preventing us from getting there?”  “That change management tool is impossible to use. There’s a million mandatory fields and most of the time, the drop down

/iptables -P FORWARD ACCEPT # systemctl daemon-reload # systemctl restart docker ★默认还加了DOCKER-USER这个forward链，默认全部return，导致不通，也得 放开，具体得看下iptables规则），以下操作目的为 在系统启动后等待60秒待 k8s把iptables规则设置完毕再在以下几个chain里放通所有流量，如果对防火墙 sleep 60 /usr/sbin/iptables -I DOCKER 1 -s 0.0.0.0/0 -j ACCEPT /usr/sbin/iptables -I DOCKER-USER 1 -s 0.0.0.0/0 -j ACCEPT /usr/sbin/iptables -I DOCKER-ISOLATION-STAGE-1 1 -s 0.0.0.0/0 -j service-ip：是虚拟的ip，是由kube-proxy去建立相应的iptables/ipvs规则进行流量 的转发 ★kube-proxy的代理规则模式有： 代理模式 k8s版本要求 User Space proxy mode v1.0 + iptables proxy mode v1.1 + ipvs proxy mode v1.8 + 需要在所有k8s服务器上加载ipvs内核