RECAP: 2016 B-Sides DC

Another security conference has come and gone and I surprisingly do not feel the doom and gloom of knowing that my data is being utterly owned.  Two of the more interesting talks focused on protecting environments through Powershell and how to thoroughly test applications with more than just limited security automated tools. Defending with Powershell […]

Read more
Dynamic Versioning of Maven POM

In a typical CI/CD pipeline, code is build, code is deployed, code is tested. In our specific scenario the code is built through Jenkins and maven on a Jenkins build slave, then the build artifacts are uploaded to an artifact repository. Through an Infrastructure-as-code tool, like Chef, the code is deployed to a test environment […]

Read more
DevOps in a Regulated and Embedded Environment: What’s the Problem?
DevOps

Welcome to the first part of an ongoing series I’m calling DevOps in a Regulated and Embedded Environment. This first part looks at the particular challenges posed by a particular embedded environment. Future posts will dig into the details of how the more interesting problems were solved and what we should have done differently given […]

Read more
Setting Up A Load Balancer In Azure

Setting up a load balancer in Azure is a simple process, the tricky part is all of the prerequisites and dependencies that need to be met in order for two or more virtual machines to be load balanced. The first and most important dependency is creating an Availability Set for your virtual machines to live […]

Read more
Spring MVC Project Structure

Whether you like it or not, Spring MVC is by far the the most popular and used web framework for Java. It is important to recognize this popularity and its reputation. It’s one of the most favored framework by federal agencies because the fact that it is Java-based means “enterprise-ready” and that carries a lot […]

Read more
Migrating S3 Buckets from AWS to GovCloud

Amazon S3 (Simple Storage Service) is a handy tool for online file storage that is often used when setting up VMs. While transferring data between availability zones in Amazon Web Services (AWS) is a trivial task, transferring S3 buckets from AWS to AWS GovCloud requires a greater challenge. In order to start, you’ll need a […]

Read more
Starting up a Jenkins Clone Safely

Why bother starting Jenkins in neutral? Jenkins can be a dangerous virtual machine to bring up.  This situation arises when I’m recovering one, cloning one, or testing provisioning automation.  The damage one can cause is hard to predict because it depends on exactly what yours does, but I’ll try to paint a couple common pictures […]

Read more
5 Common Pitfalls of Agile Transformation in the Government (and How to Avoid Them)

Agile has increasingly become the standard way software development organizations deliver software. According to a recent TechBeachon survey, most organizations lean toward agile or purely rely on it for their software delivery. For a majority of government projects, waterfall methodologies continue to be heavily used with large amounts of process governance and controls. While the government […]

Read more
X