Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Foxtrot Division Capabilities Collection
1. this is not business-as-usual
this is rock-and-roll
capabilities collection
what we do
CONTACT
US!
What’s your
MISSION?
SOFTWARE
ENGINEERING
CYBER SYSTEMS
ENGINEERING
CYBER
SECURITY
DEVOPS
USER
EXPERIENCE (UX)
DATA INFORMATION
VISUALIZATION
1.
2.
3.
5.
6.
4.
we create secure systems that deliver
a brilliant user experience and help
our clients be great at what they do.
wilco@foxtrotdivision.us
2. software
engineering
wilco@foxtrotdivision.us
http://foxtrotdivision.us
• DevOps Methodology
• Application Assurance
• User Experience (UX)
• Defensive Coding
• Open Source Software Support
STANDARDS EXPERTISE
• Software Assurance Maturity Model
(SAMM)
• Capability Maturity Model Integrated
(CMMI)
AUTOMATION
We provide custom software to
automate the routine and streamline
workflows, allowing teams to spend
more time on value-added activities.
INTEROPERABILITY
We create the “glue” that allows
multiple heterogeneous systems
to communicate with each other,
maximizing IT investment value.
MISSION SUPPORT
We create custom software that helps
our clients accomplish their mission,
from cyber defense analytics to
logistics and property management.
Writing code is our passion. Creating secure systems that function
as intended and deliver a brilliant user experience is our purpose.
Delivering value Early and Often
Organize requirements into functional
stories with short development times. Bake in
security along the way.
Refine concepts into verifiable
requirements.
Plan User Experience (UX) by
understanding users, workflows, and
objectives.
Release functionality incrementally,
as it is developed, tested and verified.
Validate functionality by
obtaining feedback from users and
stakeholders. Is it really what the
users want and need?
for (int i = today; i endOfTime; i++) {
goFurtherAndFaster(yesterday);
}
3. CYBER SYSTEMS
wilco@foxtrotdivision.us
http://foxtrotdivision.us
• Systems Engineering Technical
Assistance
• Agile/DevOps Methodology
• Full System Development Life Cycle
Support
STANDARDS EXPERTISE
• Software Assurance Maturity Model
(SAMM)
• Capability Maturity Model Integrated
(CMMI)
• Project Mgmt Body of Knowledge (PMBOK)
• International Council on Systems
Engineering (INCOSE)
• National Institute of Standards
Technology (NIST)
ENGINEERING
Basic to advanced
technical support for
all components of the
system.
SUPPORT
Establishing systems to
maintain and disseminate
project knowledge and intel-
ligence; giving stakeholders
info they need, when they
need it.
KNOWLEDGE MGMT
Coordinating system deployments,
equipment movements, and prop-
erty mgmt.
LOGISTICS
Analysis and management
of requirements through-
out the life cycle.
REQUIREMENTS MGMT
Streamlined change and
version control for rapid
integration of changes.
CONFIGURATION MGMT
Automated verification
and regression testing.
TESTING VERIFICATION
Agile development/integration of
system components focused on
delivering value early and often.
ENGINEERING
Continuous monitoring
of risks to project cost,
schedule, scope, and
performance.
RISK MGMT
Application of regulatory,
statutory, and organiza-
tional security requirements;
automated, continuous
compliance monitoring and
assessments.
CYBER SECURITY
The project is itself a system, composed of many moving parts...
hardware, software, people, processes, support systems.
Everything is connected. Everything matters.
REQUIREMENTS
MGMT
CONFIGURATION
MGMT
CYBERSECURITYRISKMGMT
ENGINEER
ING
TESTING
VERIFICATION
LO
GISTICS
SUPPORTKNOWLEDGE
MGMT
PROJECT
MGMT
DEVOPS
deliver value ea
rlyoften
QUA
LITYASSURANCE verify delivered value meetsstan
dards
4. CYBER
SECURITY
wilco@foxtrotdivision.us
http://foxtrotdivision.us
DEFENDABLE
by design
• Application Assurance
• Automated Implementation,
Assessment, and Monitoring of
Security Controls
• Risk Management Framework (RMF)
• Full Security Life Cycle Support
We don’t check boxes.
We don’t shuffle paper.
We secure systems
and that includes people,
processes, and nuts-and-bolts
engineering.
Our risk-based approach focuses on a thorough technical understanding of the
system and its operating environment, its threats and vulnerabilities, and the
proper application of security controls based on risk tolerance.
MALICIOUS ACTORS
NATURAL DISASTERS
NON-MALICIOUS ACTORS
Individuals may inadvertently cause a
compromise by act or omission.
Hurricanes, tornadoes, lightning, and other
natural events.
Malicious actors with means, motive, and
opportunity.
Understand the SYSTEM.
First, we must understand the system by
identifying the types of information received,
processed, stored, and/or transmitted by each
component.
Personally Identifiable Information (PII)
Other Information Requiring Special Protection
Sources and Methods Information (SAMI)
Health Information
Financial Information
SOFTWARE PEOPLE
HARDWARE
Emissions, HVAC/
power limitations, no
redundancy, lack of
port security...
Lack of training, social
engineering, human
error, improper use
of removable media...
Lack of input
validation, code
defects, lack of error
handling...
PROCESSES
Improper change
control, insufficient
testing, lack of patch
mgmt...
Understand the THREATS. Understand the VULNERABILITIES.
Apply the SECURITY LIFE CYCLE.
CATEGORIZE
SYSTEM
SELECT
SECURITY
CONTROLS
IMPLEMENT
SECURITY
CONTROLS
ASSESS
SECURITY
CONTROLS
AUTHORIZE
SYSTEM
MONITOR
SECURITY
CONTROLS
We leverage custom software and off-the-
shelf tools to rapidly implement, assess,
and monitor security controls.
5. wilco@foxtrotdivision.us
http://foxtrotdivision.us
• Custom Workflow Automation
• Versatile team members doing more
with less
• Using tools and collaboration to build
better systems, faster
DEVOPS
the revolution will be automated...
OPERATIONS
STAKEHOLDERS DEVELOPMENT
USERS
Fund it. Create it.
Use it.Maintain it.
PEOPLE PROCESSES
TOOLS
Our DevOps approach seeks to seamlessly integrate PEOPLE,
PROCESSES, and TOOLS to reliably deliver high quality systems, faster.
AUTOMATION SUPPORT SYSTEMS
AUTOMATED HARDENING
AUTOMATED
BUILD INTEGRATION
HARDEN BUILD VERIFY DEPLOY
We create custom software to provide
secure system configurations in a
repeatable manner (that don’t brick
the box).
We use off-the-shelf software to
continuously build and integrate
changes into the system baseline.
AUTOMATED VERIFICATION
We create automated test cases to
verify new builds meet requirements,
and don’t break the baseline.
AUTOMATED DEPLOYMENT
We use centralized management
tools to push changes to production
systems.
D
EVELOP
BUILD
TESTVERIFY
QADEPLOY
OPERATE
real-time
collaboration
a
wareness
Cen
tralizedDEVOPSt
ools
CONTINUOUSFEEDBACK
RAPID RESPONSE TO CHANGE
6. wilco@foxtrotdivision.us
http://foxtrotdivision.us
• UX Designed for All Participants in the
System
• Structured Process to Implement
Effective UX
• Continuous Feedback for Effective
Process Improvement
UX
user experience
Users matter most.
Period.
WHO WE ARE DESIGNING FOR
CONTENT NAVIGATION FUNCTION FORM
Will it help
me do my
job?
Will it be
easy to
use?
Will it be
available
when I
need it?
How often will
it need human
intervention?
Will it
integrate with
tools I already
use?
Will patches
be available
in a timely
manner?
Will it be
secure?
What business
metrics will be
available?
Will it add
value for
our users?
The Elements of User Experience (UX)
One of our first objectives
is to understand and
logically organize the
data and information
stakeholders need to
perform their mission.
We design an effective
navigation structure to
ensure stakeholders can
find what they are looking
for quickly, easily, and in
a repeatable manner.
What must the system do?
We seek to understand
how each stakeholder will
use the system, and what
actions they need to take
to perform their mission.
The appearance of each
component is designed
to be intuitive, add value,
and have logical meaning
with the context of the
larger system.
When designing a UX, we consider the wants, needs, and concerns of all participants
MAINTAINERS OWNERSUSERS
7. wilco@foxtrotdivision.us
http://foxtrotdivision.us
• Custom Dashboards for Business
Analytics
• Cyber Defense Watch Consoles
• Real-time Project Status
• Intelligence-Oriented Reporting
DATA INFORMATION
VisualizationRevealing the intelligence
behind the data.
We use design to reveal the truth in data. The truth about what’s
happening now, what’s happened in the past, and what’s likely to
happen in the future.
G
NORMAL (G)
+/- 15% from goal
Y
CAUTION (Y)
+/- 16-31% from goal
O
WARNING (O)
+/- 32-50% from goal
R
CRITICAL
50% from goal
INTELLIGENCE-ORIENTED DESIGN
Our design focuses
on presenting the
most concise, factual
data to facilitate rapid
analysis and response
by stakeholders.
How is the
project
doing?
Botnet Activity
Subnet HR
IP: 192.168.10.2
ACTIONS
What’s
happening
on the
network?
Custom dashboards and visualizations designed to help
our clients be great at what they do.
WARNING CRITICAL
REAL-TIME STATUS.
BASED ON REAL DATA.
RISK MATRIX
Highly Likely
Likely
Somewhat Likely
Unlikely
Highly Unlikely
LOW MODERATE HIGH
What are
the risks?
ScheduleG
CostO
ScopeY
PerformanceG