O'Reilly Velocity Europe

•

0 likes•236 views

Rekha Joshi

My slides on "Performance And Security: A Tale Of Two Cities" at O'Reilly Velocity Conference Europe

Technology

Performance And Security:
A Tale Of Two Cities
Rekha Joshi
Intuit
Rekha Joshi @rekhajoshm

About Me
Rekha Joshi
Principal Software Engineer, Intuit
https://www.linkedin.com/in/rekhajoshm
@rekhajoshm

Today
How Priorities Stack Up
Fast And Secure Services
Monitoring
Automation
Back To The Future!

Inherent Tension
Systems Not Performant Are Not Used
Systems Not Secure Do Not Last

Performance And Security: A Tale Of Two Cities
Image Credits: Bollywood

We Never Want Fast At Risk Of Safety
Image Credits: Disney

Recognizing Explicit Protection For Our Future
Choosing Your Leader Getting Through Airport
Image Credits: Internet Archive

Intuit - Performance Driven, Security Top Priority
Systems That Are Performant And Are Safe To Use
Systems That Are Secure And Are Usable

Consumers Small Businesses Accounting Professionals
Intuit – Who We Serve

Era of Windows Era of Web Era of the CloudEra of
DOS
Compliant
data
Mobile First
1980s 1990s 2000s
• Employees: 150
• Customers: 1.3M customers
• Revenue: $33M
• Employees: 4,500
• Customers: 5.6M
• Revenue: $1.04B
• Employees: 7,700
• Customers: 37M
• Revenue: $4.2B
20162010
Regulatory
data
Transactional data Batch data Real time data Complex, secure data
Intuit Landscape

Identification– Stop The Flood At The Gates
How many of you use passwords
known in bad passwords list?
How many of you use your
spouse or birthdates as
passwords?

Multi Factor Authentication
Push Approve
App Codes
Fingerprinting
Biometrics
USB ( Yubikeys)

Authorization
By The Power Of
Gray Skull,
You Do Not Have
The Power!
Image Credits: He-man And The Masters Of the Universe

Enforce Principle Of Least Privilege
Image Credits: Amazon Web Services

Making Security Easier
Custom Libraries
Secrets Management and Encryption
Data Classification, Governance and Stewardship
WhiteListing Process
Educating The Workforce

Where Are Performance Gains Coming From?
Image Credits: Silicon Valley

Configuration of Servers
Elasticity
Managing Memory
Optimized Instances
Using Enhanced Networking ( HVM vs PV)

Improving HTTP Protocol (HTTP/2)
Evolving
Compressed Headers
Multiplexing Request/Response
Reduced Number Of Connections
https://http2.github.io/

Codebase
Optimize, Tune Technology
Caching, Optimized Flows
Language Performance Improvement
Solution Path Analysis

Follow Your Customer Home
Explore How Your Customers Actually Use Your Product/Services

Monitoring Tools
AWS resource
alarms Custom App MetricsJVM and App
Metrics
Custom process
alerts
Logging and
alert
Receive an alert about an outage that hasn’t happened yet.
Prometheus.io
ElasticSearch
Kibana
LogStash
HipChat
Grafana

Logging And Audit
Manage Logs
Visibility on internal host state
Auto Anamoly Detection From Logs

Security Management
Vulnerability Testing
Network Analyzer
Threat Modeling
Mitigation
Continuous Monitoring

Injecting Performance Testing In CI
http://gatling.io/#/

Auto Notifications
Available Verified Patches For OS, AMI, Browsers, Mobile SDK
Available Patches For Possible Vulnerability/Threat

Automated Deployments
Making Configurations Easier To Change
Emergency Restacking

Back To The Future
The Future State?
Naturally Secure
And Performant
Systems!

Ahoy, Towards That Future!
Image Credits: Disney, Marvel comics

Rekha Joshi
Principal Software Engineer,
Intuit
Rekha Joshi @rekhajoshm
Thank You

Viewers also liked

Hadoop Summit 2016 - Evolution of Big Data Pipelines At Intuit

Rekha Joshi

CRM at capital one

Joshpin Bala.B

In my previous years’ talks at DevOps Enterprise Summit, I spoke about starting and scaling of DevOps at Capital One; importance of Open Source, Open Technology and Innovations in DevOps. This year, I will present Capital One’s journey of maturing in DevOps and Continuous Delivery. My presentation will cover our current areas of focus: Delivery Pipeline, Flow and Measurements. I will also share some of the problems we faced and what we did to solve them.

DOES SFO 2016 - Topo Pal - DevOps at Capital One

Gene Kim

Beautiful Monitoring With Grafana and InfluxDB

leesjensen

Capital One began moving to AWS just two years ago. Every day, the amount of traffic we serve from the cloud continues to grow. With development teams having the freedom to choose their own technology stacks, many teams have quickly started moving applications to Docker. In this session, learn how Capital One uses a combination of the Elastic Load Balancing service along with Application Load Balancer features to increase deployment speed and reliability.

AWS re:Invent 2016: From EC2 to ECS: How Capital One uses Application Load Ba...

Amazon Web Services

DockerCon EU 2015: The Latest in Docker Engine

Docker, Inc.

Capital One Digital Strategy - Rachel Shapiro

Rachel Shapiro

Video: https://www.youtube.com/watch?v=FJW8nGV4jxY and https://www.youtube.com/watch?v=zrr2nUln9Kk . Tutorial slides for O'Reilly Velocity SC 2015, by Brendan Gregg. There are many performance tools nowadays for Linux, but how do they all fit together, and when do we use them? This tutorial explains methodologies for using these tools, and provides a tour of four tool types: observability, benchmarking, tuning, and static tuning. Many tools will be discussed, including top, iostat, tcpdump, sar, perf_events, ftrace, SystemTap, sysdig, and others, as well observability frameworks in the Linux kernel: PMCs, tracepoints, kprobes, and uprobes. This tutorial is updated and extended on an earlier talk that summarizes the Linux performance tool landscape. The value of this tutorial is not just learning that these tools exist and what they do, but hearing when and how they are used by a performance engineer to solve real world problems — important context that is typically not included in the standard documentation.

Velocity 2015 linux perf tools

Brendan Gregg

Viewers also liked (8)

Hadoop Summit 2016 - Evolution of Big Data Pipelines At Intuit

CRM at capital one

DOES SFO 2016 - Topo Pal - DevOps at Capital One

Beautiful Monitoring With Grafana and InfluxDB

AWS re:Invent 2016: From EC2 to ECS: How Capital One uses Application Load Ba...

DockerCon EU 2015: The Latest in Docker Engine

Capital One Digital Strategy - Rachel Shapiro

Velocity 2015 linux perf tools

Similar to O'Reilly Velocity Europe

Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...

Rahul Neel Mani

Virtualization Conference Nov08 V2

Pini Cohen

Amazon Kinesis is a platform for streaming data on AWS, offering powerful services to make it easy to load and analyze streaming data. In this session, you'll learn about how AWS customers are transitioning from batch to real-time processing using Amazon Kinesis, and how to get started. We will provide an overview of streaming data applications and introduce the Amazon Kinesis platform and its services. We will walk through a production use case to demonstrate how to ingest streaming data, prepare it, and analyze it to gain actionable insights in real time using Amazon Kinesis. We will also provide pointers to tutorials and other resources so you can quickly get started with your streaming data application.

Analyzing Real-time Streaming Data with Amazon Kinesis

Amazon Web Services

Esm 5 08 V3

Pini Cohen

Amazon Web Services: Building a 'Web-Scale Computing' Architecture

goodfriday

apidays Helsinki & North 2023 API Ecosystems - Connecting Physical and Digital June 5 & 6, 2023 API Security in the era of Generative AI Matt Feigal, Partner Engineering Manager at Google Cloud Sweden ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...

apidays

Learning Objectives: - Get an overview of streaming data and it's application in analytics and big data. - Understand the factors driving the accelerating transformation of batch processing to real-time. - Learn how you should plan for incorporating data streaming in your analytics and processing workloads. Business can now easily perform real-time analytics on data that has been traditionally analyzed using batch processing in data warehouses or using Hadoop frameworks, and react to new information in minutes or seconds instead of hours or days. In this webinar, Forrester analyst Mike Gualtieri and Amazon Kinesis GM Roger Barga will discuss this prevalent trend, it's business significance, and how you should plan for it. You will also learn about the AWS services that can help you get started quickly with real-time, streaming applications fore your analytics and big data workloads.

Emerging Prevalence of Data Streaming in Analytics and it's Business Signific...

Amazon Web Services

Vazata Federal IaaS

ftculotta27

5 Years Of Building SaaS On AWS

Christian Beedgen

Virtualization Leadership Presentation - LONG and SHORT (April 2010)

IBM India Smarter Computing

Change auditing: Who, What, When, Where details for every change with 'before' and 'after' values Configuration assessment: State-in-time™ reports showing configuration settings at any point in time More than 200 predefined reports and dashboards with filtering, grouping, sorting, exporting, email subscriptions, drill-down, web access, granular permissions and ability to create custom reports AuditArchive™: scalable two-tiered storage (file-based + SQL database) holding consolidated audit data for up to and beyond 10 years Unified platform to audit the entire IT infrastructure (including systems that do not produce logs), as opposed to multiple hard-to-integrate standalone tools from other vendors

Change auditing: Determine who changed what, when and where

Giovanni Zanasca

Democratization - New Wave of Data Science (홍운표 상무, DataRobot) :: AWS Techfor...

Amazon Web Services Korea

Cloud Security for Startups - From A to E(xit)

Shahar Geiger Maor

Legacy monitoring and troubleshooting tools can limit visibility and control over your infrastructure and applications. Organizations must find monitoring and troubleshooting tools that can scale with the volume, variety and velocity of data generated by today’s complex applications in order to keep pace with business demands. Our upcoming webinar will discuss how Sumo Logic helped Scripps Networks harness cloud-native machine data analytics to improve application quality and reliability on AWS. Sumo Logic allows IT operations teams to visualize and monitor workloads in real-time, identify issues and expedite root-cause analysis across the AWS environment. Join us to learn: • How to migrate from traditional on-premises data centers to AWS with confidence • How to improve the monitoring and troubleshooting of modern applications • How Scripps Networks, a leading content developer, used Sumo Logic to optimize their transition to AWS Who should attend: Developers, DevOps Director/Manager, IT Operations Director/Manager, Director of Cloud/Infrastructure, VP of Engineering

Real-time Visibility at Scale with Sumo Logic

Amazon Web Services

Hw09 Large Scale Transaction Analysis

Cloudera, Inc.

The standard business model is changing rapidly changing. Companies used to be built for the long haul. But now, success is powered by rapid-paced innovation and the ability to get disruptive products to market first. You’re used to balancing resources between keeping things running and the development of new initiatives. But merely keeping the lights on doesn't differentiate you from your competitors.

The New Normal: Benefits of Cloud Computing and Defining your IT Strategy

Amazon Web Services

Sukumar Nayak-Agile-DevOps-Cloud Management

Sukumar Nayak

Advanced persistent threats

Network Intelligence India

[데브멘토tv]강사: 헨리코 세일즈포스닷컴 APAC 시니어 엔지니어_세일즈포스닷컴 활용 가이드 시연 2부 최종 -국내 처음 ‘포스닷컴’ 시연<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> -개발자 수익 100% 보장하는 앱 익스체인지의 비밀 -포스닷컴, 비즈니스 기회와 경영혁신 두마리 토끼 공략법

개발자 수익 100% 보장하는 앱 익스체인지의 비밀

mosaicnet

Security-testing presentation

Ezhilan Elangovan (Eril)

Similar to O'Reilly Velocity Europe (20)

Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...

Virtualization Conference Nov08 V2

Analyzing Real-time Streaming Data with Amazon Kinesis

Esm 5 08 V3

Amazon Web Services: Building a 'Web-Scale Computing' Architecture

apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...

Emerging Prevalence of Data Streaming in Analytics and it's Business Signific...

Vazata Federal IaaS

5 Years Of Building SaaS On AWS

Virtualization Leadership Presentation - LONG and SHORT (April 2010)

Change auditing: Determine who changed what, when and where

Democratization - New Wave of Data Science (홍운표 상무, DataRobot) :: AWS Techfor...

Cloud Security for Startups - From A to E(xit)

Real-time Visibility at Scale with Sumo Logic

Hw09 Large Scale Transaction Analysis

The New Normal: Benefits of Cloud Computing and Defining your IT Strategy

Sukumar Nayak-Agile-DevOps-Cloud Management

Advanced persistent threats

개발자 수익 100% 보장하는 앱 익스체인지의 비밀

Security-testing presentation

Recently uploaded

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Introduction to FIDO Authentication and Passkeys.pptx

FIDO Alliance

Introduction to use of FHIR Documents in ABDM

Kumar Satyam

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)

Samir Dash

Event-Driven Architecture Masterclass: Challenges in Stream Processing

ScyllaDB

Design Guidelines for Passkeys 2024.pptx

FIDO Alliance

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

FIDO Alliance

Key topics covered: - Real-world examples of Choreo's comprehensive coverage from application design and deployment, security, scaling, and monitoring - Running different types of workloads, such as web applications, APIs, microservices, integrations, and tasks at scale, and wire them together to deliver seamless omnichannel digital experiences - How Choreo improves the developer experience by eliminating repetition, silos, and redundancy through enhanced discoverability and self-serviceability

Choreo: Empowering the Future of Enterprise Software Engineering

WSO2

Working together SRE & Platform Engineering

Marcus Vechiato

Design and Development of a Provenance Capture Platform for Data Science

Paolo Missier

Simplifying Mobile A11y Presentation.pptx

MarkSteadman7

Because observability is such a broad topic – and often something we learn on the job – it can feel like there’s too much to learn at once. But you don’t have to tackle everything and can start with the basics and build from there! Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. No matter what tooling is in place, there are still observability fundamentals that developers should know. That’s why I’ve put together a primer on the different telemetry types, when to use them, how to understand the data journey, and what to look for in time series graphs.

Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)

Paige Cruz

Overview of Hyperledger Foundation

Hyperleger Tokyo Meetup

ERP Contender Series: Acumatica vs. Sage Intacct

BrainSell Technologies

Explore the latest trends and insights on JavaScript usage with Pixlogix's informative blog. Discover key statistics and facts about JavaScript's role in web development, its popularity among developers, and its impact on modern websites. Stay updated with the evolving landscape of JavaScript frameworks and libraries, and learn how they're shaping the future of web development. Gain valuable insights to enhance your JavaScript skills and stay ahead in the digital realm.

JavaScript Usage Statistics 2024 - The Ultimate Guide

Pixlogix Infotech

The presentation was made in “Web3 Fusion: Embracing AI and Beyond” is more than a conference; it's a journey into the heart of digital transformation. The conference a provided a platform where the future of technology meets practical application. This three-day hybrid event, set in the heart of innovation, served as a gateway to the latest trends and transformative discussions in AI, Blockchain, IoT, AR/VR, and their collective impact on the information space.

AI in Action: Real World Use Cases by Anitaraj

AnitaRaj43

Welcome to this session on UiPath Manufacturing and AI. In this session, we will discuss the importance UiPath plays with technology in the manufacturing and we will do an overview of AI and Document Understanding. Please join us to hear from UiPath and Community experts on why you might consider leveraging UiPath in manufacturing. Topics covered Community team overview The importance of UiPath technology for manufacturing UiPath AI and Document Understanding overview What is Document Understanding? DU Process Studio Template Components of DU Framework Q&A Speakers: Sebastian Seutter, Senior Industry Practice Director, UiPath, Inc. Priya Darshini, UiPath MVP RPA Solutions Architect Dzmitry Belanovski, Account Executive, UiPath, Inc.

UiPath manufacturing technology benefits and AI overview

DianaGray10

Recently uploaded (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Introduction to FIDO Authentication and Passkeys.pptx

Introduction to use of FHIR Documents in ABDM

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)

Event-Driven Architecture Masterclass: Challenges in Stream Processing

Design Guidelines for Passkeys 2024.pptx

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

WSO2's API Vision: Unifying Control, Empowering Developers

Six Myths about Ontologies: The Basics of Formal Ontology

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

Choreo: Empowering the Future of Enterprise Software Engineering

Working together SRE & Platform Engineering

Design and Development of a Provenance Capture Platform for Data Science

Simplifying Mobile A11y Presentation.pptx

Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)

Overview of Hyperledger Foundation

ERP Contender Series: Acumatica vs. Sage Intacct

JavaScript Usage Statistics 2024 - The Ultimate Guide

AI in Action: Real World Use Cases by Anitaraj

UiPath manufacturing technology benefits and AI overview

O'Reilly Velocity Europe

1. Performance And Security: A Tale Of Two Cities Rekha Joshi Intuit Rekha Joshi @rekhajoshm

2. About Me Rekha Joshi Principal Software Engineer, Intuit https://www.linkedin.com/in/rekhajoshm @rekhajoshm

3. Today How Priorities Stack Up Fast And Secure Services Monitoring Automation Back To The Future!

4. Inherent Tension Systems Not Performant Are Not Used Systems Not Secure Do Not Last

5. Performance And Security: A Tale Of Two Cities Image Credits: Bollywood

6. We Never Want Fast At Risk Of Safety Image Credits: Disney

7. Recognizing Explicit Protection For Our Future Choosing Your Leader Getting Through Airport Image Credits: Internet Archive

8. Intuit - Performance Driven, Security Top Priority Systems That Are Performant And Are Safe To Use Systems That Are Secure And Are Usable

9. Consumers Small Businesses Accounting Professionals Intuit – Who We Serve

10. Era of Windows Era of Web Era of the CloudEra of DOS Compliant data Mobile First 1980s 1990s 2000s • Employees: 150 • Customers: 1.3M customers • Revenue: $33M • Employees: 4,500 • Customers: 5.6M • Revenue: $1.04B • Employees: 7,700 • Customers: 37M • Revenue: $4.2B 20162010 Regulatory data Transactional data Batch data Real time data Complex, secure data Intuit Landscape

11. Secure Services

12. Identification– Stop The Flood At The Gates How many of you use passwords known in bad passwords list? How many of you use your spouse or birthdates as passwords?

13. Multi Factor Authentication Push Approve App Codes Fingerprinting Biometrics USB ( Yubikeys)

14. Authorization By The Power Of Gray Skull, You Do Not Have The Power! Image Credits: He-man And The Masters Of the Universe

15. Enforce Principle Of Least Privilege Image Credits: Amazon Web Services

16. Making Security Easier Custom Libraries Secrets Management and Encryption Data Classification, Governance and Stewardship WhiteListing Process Educating The Workforce

17. Fast Services

18. Where Are Performance Gains Coming From? Image Credits: Silicon Valley

19. Configuration of Servers Elasticity Managing Memory Optimized Instances Using Enhanced Networking ( HVM vs PV)

20. Improving HTTP Protocol (HTTP/2) Evolving Compressed Headers Multiplexing Request/Response Reduced Number Of Connections https://http2.github.io/

21. Codebase Optimize, Tune Technology Caching, Optimized Flows Language Performance Improvement Solution Path Analysis

22. Follow Your Customer Home Explore How Your Customers Actually Use Your Product/Services

23. Continuous Monitoring

24. Monitoring Tools AWS resource alarms Custom App MetricsJVM and App Metrics Custom process alerts Logging and alert Receive an alert about an outage that hasn’t happened yet. Prometheus.io ElasticSearch Kibana LogStash HipChat Grafana

25. Logging And Audit Manage Logs Visibility on internal host state Auto Anamoly Detection From Logs

26. Performance Management

27. Security Management Vulnerability Testing Network Analyzer Threat Modeling Mitigation Continuous Monitoring

28. Automation

29. Injecting Performance Testing In CI http://gatling.io/#/

30. Auto Notifications Available Verified Patches For OS, AMI, Browsers, Mobile SDK Available Patches For Possible Vulnerability/Threat

31. Automated Deployments Making Configurations Easier To Change Emergency Restacking

32. Back To The Future The Future State? Naturally Secure And Performant Systems!

33. Ahoy, Towards That Future! Image Credits: Disney, Marvel comics

34. Rekha Joshi Principal Software Engineer, Intuit Rekha Joshi @rekhajoshm Thank You

O'Reilly Velocity Europe

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (8)

Similar to O'Reilly Velocity Europe

Similar to O'Reilly Velocity Europe (20)

More from Rekha Joshi

More from Rekha Joshi (7)

Recently uploaded

Recently uploaded (20)

O'Reilly Velocity Europe