• The Need for Speed: Application Performance Testing with JMeter

    It's time to launch your new product, but are you confident it's not going to crash and burn once you go-live? This month, Yello Cloud Infrastructure Engineer, Jason Hernandez, will show you how to use JMeter -- the industry standard load and performance measuring tool. Jason will walk us through some of the JMeter features and plugins he used to simulate web traffic with the goal of understanding performance capabilities of Yello's new Interview Scheduling product. During our lightning round, Jason Allen, will talk about FedRAMP. If you want to provide products to US government departments with high security requirements, then understanding FedRAMP is a must. Speakers ---------------- Jason Hernandez, Cloud Infrastructure Engineer @Yello Jason Allen, CIO @Yello Schedule ---------------- 5:30 - 6:00p - Networking + food and beverages 6:00 - 6:15p - Lightning talk: Demystifying FedRAMP 6:15 - 7:00p - The Need for Speed: Application Performance Testing with JMeter 7:00 - 7:30p - Q&A, networking

  • The Dark Art of OSINT


    The first stage in the cyber kill chain is reconnaissance. Before attacking an organization you need to discover its weaknesses and vulnerabilities. During this Meetup we're going to examine popular some tools and strategies of OSINT -- open source intelligence gathering. You'll learn how to locate publically available information that could be used against your company and employees. - Searching public Git repos for credentials and keys - Subdomain enumeration - Google dorking - Automating compromised account discovery - Job post TMI - People searching This month will also feature a lightning talk, Classical Insight, Modern Application. Kung fu expert, Dan Borden, teaches us how to apply lessons from The Book of Five Rings to DevSecOps. Speakers ---------------- Dan Borden, IT Manager @Yello Lukasz Czechura, Information Security Officer @Yello Schedule ---------------- 6:00 - 6:30p - Networking + food and beverages 6:30 - 6:45p - Lighting Talk: Classical Insight, Modern Application 6:45 - 7:30p - The Dark Art of OSINT 7:30 - 8:00p - Q&A, networking

  • Creating a DevSecOps Culture


    How do I create a better DevSecOps culture in my organization? This month George Gerchow, Chief Security Officer at Sumo Logic, will help us answer that challenging question. We know that DevSecOps helps teams build software faster and more securely, but getting started isn't always easy. Overcoming the old way of doing things takes knowledge and a plan. You're going to walk away from this Meetup with a wealth of actionable information that's going to help you build a DevSecOps culture. - DevSecOps workflows - Best of breed tools - How to overcome lack of interest in security initiatives - Change management - Security training - Hiring - And more.... George Gerchow isn't just an executive at a well-known technology company, he's also an experienced practitioner. George has been active in DevOps and security communities for years and he's one of the industry's most knowledgeable and passionate speakers on the subject. Schedule ---------------- 6:00 - 6:30p - Networking 6:30 - 7:30p - Creating a DevSecOps Culture 7:30 - 8:00p - Q&A, networking This is going to be a popular event so please RSVP early.

  • Infrastructure as Code using Terraform

    Stop spinning-up servers by hand. You'll learn the basics of Terraform so you can securely automate cloud infrastructure creation and destruction. Yello's Sr. Infrastructure Director, Tim Laszlo, shows us how to provision complex application environments using scripts that can be versioned with standard development tools like Git. We'll start with a simple Terraform demonstration and then quickly move into a complex infrastructure use case. Does anyone really like using passwords for authentication? Our lightning round this month explores the promise of a passwordless future with the FIDO2 Project. - What you need to get started - Companies supporting FIDO2 - Quick Linux demo Speakers: Tim Laszlo, Sr. Infrastructure Director at Yello Jason Allen, CIO at Yello Agenda: 6:00-6:30p: Networking / Food + Beverages 6:30-6:45p: A Passwordless Future? 6:45-7:30p: Infrastructure as Code with Terraform Sponsors: HackerOne

  • Defending your Web Applications with AWS WAF

    Protecting your web applications from attackers is hard. Scott Reynolds, Head of Infrastructure and Security at Raise, will show you how to use AWS WAF to help keep the help bad guys out. At the end of the talk, you'll feel more confident about AWS WAF and it's used in real-world situations. AWS WAF is a web application firewall that helps you protect your websites and web applications against various attack vectors at the HTTP protocol level. Our presentation will familiarize everyone with AWS WAF and provide insight into the following topics: - What AWS WAF is, what you can defend against, and why you should implement it - How WAF integrates seamlessly with your existing AWS applications - WAF components and implementation strategies *** Bonus Lightning Talk *** How do you know when someone modifies a security group in your AWS environment? Yello's Phil Prescher will talk about the Open Source tool, Security Monkey, and you can use it to monitor all kinds of changes in AWS. Speakers: Scott Reynolds, Head of Security and Infrastructure @ Raise Phil Prescher, Cybersecurity Analyst @Yello Ross Feldman @NewRelic Agenda: 6:00-6:30p: Networking / Food + Beverages 6:25-6:30p: New Relic Presentation 6:30-6:45p: Going Bananas with Security Monkey 6:45-7:30p: Defending your Web Applications with AWS WAF Please RSVP.

  • Intro to Threat Modeling


    Join us for our very first Chicago DevSecOps Meetup. Threat modeling allows you to effectively analyze your application and hosting environment to identify, quantify, and address security risks. Our presentation starts with the basics and shows you how to use a straightforward threat modeling process to help defend your applications. You'll learn: - Why threat modeling is important - How to model your environment using data flow diagrams - STRIDE and how you can use it to identify threats - Threat countermeasures - Validating your findings Speakers: Lukasz Czechura - Information Security Officer, Yello Jason Allen - CIO, Yello Agenda: 6:00-6:30p: Networking / Food + Beverages 6:30-6:45p: Chicago DevSecOps kick-off presentation 6:45-7:30p: Intro to Threat Modeling