All posts by Harout

About Harout

Technologist, Cloud Promoter, Automation and Continuous Optimization Advocate. View all posts by Harout →

Log4j

July 16, 2022UncategorizedHarout

source: The Cyber Security Hub

Ok, had re-share this one 🙂

Uptime…

May 22, 2022Techavailability, devops, devsecops, dns, dnssecurity, engineering, homeoffice, linux, networkinfrastructure, networksecurity, secops, security, sysadmin, uptimeHarout

Remember the days when server up-time was how we measured service availability and bragged about it? This Pi-hole DNS server running on a Debian-loaded mini PC at my home office, is now at 177 days since last reboot, yet is fully patched and running latest version of Pi-hole DNS. Maybe it’s because there are no windows near this mini PC 😏

Pipelines…

May 10, 2022Techconfigmgr, development, devops, devsecops, git, hudson, jenkins, legacy, oldschool, softwareengineering, sysadmin, techops, thinkoutsidetheboxHarout

About 12 years ago, we used a piece of software called Hudson to automate various tasks that were otherwise run by hand. Things like running backup jobs, initiating web server warm-ups, checking on stale DNS records, sending emails reports, executing shell scripts on remote servers, updating firewall rules during peak times of day (think home brew auto-scaling logic), and later on, integrating with Git repositories, and deploying code and config to servers in data-centers.

On a side note, did you know Jenkins used to be called Hudson? It has been around since 2005, and deploying code from Git is only one of the many many things it is otherwise used for by professionals.

Always think outside the box…

Security Assessments

April 22, 2022Techaudits, compliance, devsec, devsecops, secops, security, securityaudit, securityconsulting, securitycontrols, trainingHarout

The deal with security compliance assessments and certifications is not just about that annual or bi-annual point in time, during which auditors certify your establishment as compliant. It’s about whether your organization and all of its individuals follow security guidelines and best practices as outlined in the assessment during their day-to-day operations.

Remember: Once auditors issue a compliance certificate and leave your office, from that point forward, your security is as good as your staff’s training, and discipline to follow security controls.

This is an everyday thing; not once or twice a year thing!

A Security+ Nostalgia

April 19, 2022Techcloud, cybersecurity, devops, devsecops, nostalgia, oldschool, secops, securityplus, sysadminHarout

Going through modern Security+ material, seeing mentions of legacy technologies and methodologies such as Sub7 or War-driving was a pleasant time travel 🙂

hackathon Gems

April 8, 2022Techcybersecurity, hackathon, hiring, networksecurity, security, securityconsulting, securitycontrols, securityprofessionalsHarout

If you’re attending a hackathon/security conference looking to recruit good security professionals, keep an eye for those using personal Internet devices, tethering via cell phone, or better yet, tethering via a cable connection to their cell phone to gain internet access.

As to those who are using the convention center’s free wifi during a hackathon/security event, maybe enroll them in some good security training programs first, if you really want to hire them.

Matter of preference

March 11, 2022Techchat, collaboration, collaborationsolutions, slack, teamsHarout

I understand this topic is a matter of personal preference, but I have to say; having had exposure to both platforms, I’ll take Slack over Teams as a collaboration platform any day…

Feels like yesterday…

March 4, 2022Techapache, cloudcomputing, inventorymanagement, lamp, legacy, linux, logistics, network, oldschool, pda, php, solutionarchitecture, solutions, team, warehouses, wifi, windows, workHarout

Feels like it was just yesterday when…

We transformed how a full-house inventory exercises were performed across warehouses, for an international book and magazine distribution business.

The solution we introduced included handheld PDAs running Windows CE, with bar-code scanning attachments, hooked up to a custom designed broad WiFi “mesh” network (before modern mesh WiFi became a thing you can buy), backed by a LAMP server hosting the inventory web front-end and database.

This setup was a game changer to the inventory team, as it reduced the amount of time it took to complete their yearly exercise from a multi-week effort to just a few days.

Bear in mind this was before the age of cloud computing, smart phones, 4G/5G networks, lightweight laptops and tablets.

To me, the level of excitement, the dropped jaws on the faces of all team members, senior management, and executive stakeholders, was the payoff to the work we did. It was quite the fun project to be a part of.

This was back in 2003. How time flies by…

Automate all the things?

February 17, 2022Techautomateallthethings, automation, automationengineer, cloud, cloudcomputing, complexity, devops, techopsHarout

Look… we get it; it’s easy to get carried away with the “let’s automate this, let’s automate that, let’s automate everything!” enthusiasm.

Before you go ahead and commit your team to a ton of automation work spanning the foreseeable sprints, it is best to have a sit down with your leads and establish an outline of all domains in which automation makes sense, prioritize those where repetitive high-frequency tasks reside, reduce hours consumed by your in-house skill overwhelmed by running routine tasks, and work your way down that list.

The last thing any directive would want is for their team spending months on an automation build-out, only to no longer be needed due to product life-cycle deprecation.

The goal of automation is to simplify and streamline workflow, reduce overhead, and allow skill to be leveraged where it is needed most… and that is not, in troubleshooting automation complexity issues.

Nice to have…

January 11, 2022Techagile, agileleadership, engineeringmanagement, itmanagement, leadershipandmanagement, leadershipculture, platformengineering, platforms, projectleadership, projectmanagement, projects, technicalprojectmanagementHarout

Platform projects, whether on-premise, cloud, or hybrid in nature, generally have two high-level lists: The Must Have’s, and the Nice-to Have’s. Almost each one of these projects, drifting from their original delivery timeline, is due to an imbalance between these two lists.

This is why a Technical Project Management overview is important during the development phase of a platform build. Joining efforts with Product Management, these two units can control the balance between the two lists, ensuring engineering and development efforts are invested appropriately, with minimum drifts into endless rabbit holes.