Tag: Operations
-
Prioritizing Vulnerability Findings
Most shops are small. Small shops as a rule (there are exceptions!) do not dedicate resources to security, and that represents risks to big shops that depend on those small shops. Big shops don’t like risk, so we have compliance baselines. Big shops usually have lots of dedicated security people…
-
Observing System Failures
The system is down, and half a dozen teams join a Zoom call that stretches over a couple of days and a Slack channel that lasts for weeks. Vendors and integration partners are bridged in and out, executives pop by to see what’s going on, and the hours pass with…
-
Sorting Alerts
Ah, the new year! February begins the new fiscal for many organizations, and it’s a fine time for resolutions and spring cleaning. You know, fun stuff like dumping recurring meetings, washing the windows, tech debt hackathons, or rearranging the living room. Here’s a fun spring cleaning activity to consider: review,…
-
Getting Stuff Done while Growing
One of the benefits of a long career across a variety of enterprise companies is that I have seen a variety of solutions to getting stuff done. This post will mainly be about operational cadence work and incident response. The related problems of developing new software solutions are a different…
-
Book Review: Learning OpenTelemetry
Slim volume packed with good stuff, I enjoyed this book. Notably, Observability is defined more practically as the practice of knowing what’s happening instead of the black box outputs definition. There’s a good strong call out against MELT-style thinking. This is the idea that there’s three (or four, or N)…
-
Book Review: Security Chaos Engineering
Excellent book, introduction helpfully posted here. I’ve read a goodly number of information security books; there’s a weird (good weird) feeling to this one. Obviously some of that is from Kelly Shortridge’s (and Aaron Rinehart’s?) eclectic interests: a recipe for Mexican hot chocolate is used as a process mnemonic, for…
-
Why is Getting Data In hard?
Maybe first we should ask why people say it’s hard. After all, this shiny modern world is full of one-liners to install agents, hook in libraries, listen to your provider’s pub-sub, or just post stuff at an endpoint. It’s never been easier to get data, and it’s not like writing…
-
AI for Monitoring
Cognitive computing approaches to the monitoring problem haven’t worked in the past and still don’t work now. The future might still make it work, but it’s unlikely to be because of a change in AI technology unless that change is in the per-process execution economics. For AI to be a…
-
Task Scheduling and Slippage
Enterprise systems have a lot of things that need to happen. If they all happen at the same time, you’ll either overload your constrained resources or overload the budget attached to your elastic resources. Plus, some of these things are supposed to occur at a specific time, and others should…
-
Infrastructure as Code Sucks
Tasks to be done with a product can be thought of as points on a circular graph. That graph is a series of concentric bands, where each band is constituted of the people who can (have the ability and the permission to) do the task for the product. At the…
Monkeynoodle.Org 