small-medium-large as units for assigning story points. Over time, as the teams accumulate performance data, this iterative and incremental4 process improves accuracy in allocating points. Point values are or the target end user cannot be accessed. Program scope is mostly limited to the application layer while using existing infrastructure. Program Scope Program spans core capabilities and underlying typically is the contractor team of software developers, including software and security engineers, data specialists, testers, quality assurance, and configuration managers. Ideally these participants

Time-sharing • Preserves immediacy, and hence enables us to maintain an overview of complexity • Unified programming environment • They attack the accidental difficulties of using tools togetherHopes for

problem-solving. ii. Telemetry – An automated communications process by which measurements and other data are collected at remote points and are subsequently transmitted to receiving equipment for monitoring monitor what’s up or down. ii. Modern Monitoring architecture 1. Data Collection at business logic, application, & environments layer a. Events, logs, & metrics b. Common service to centralize, rotate 1. Authentication/authorization decisions 2. System and data access 3. System and application changes, especially privileged changes 4. Data changes (CRUD) 5. Invalid input, possible malicious injections

default and always verify. Key aspects of zero trust at the container level include mutual Transport Layer Security authentication (mTLS), an encrypted communication tunnel between containers, strong identities

proceeds the data • Put the data in • Fast to use • Can lose subtle contexts • Good for exploitation; not for exploration & change Sense-making Frameworks Sense-making framework - the data proceeds proceeds the framework • Capture the data • Patterns emerge from the data • Provides context and awareness • Good for non-trivial domainsObvious • Cause & Effect Relationships exist • Relationships

Operations to improve outcomes 2. Ch. 9 – Create the Foundations of Our Deployment Pipeline a. Enterprise Data Warehouse program by Em Campbell-Pretty - $200M, All streams of work were significantly behind schedule Application code & dependencies 2. Environment scripts & creation tools 3. DB scripts and reference data 4. Containers 5. Automated tests 6. Project artifacts – documentation, procedures, etc. 7. Application Smoke testing our deployments – test connections to supporting services and systems, run sample data/transaction tests, fail deployment if needed 3. Ensure we maintain consistent environments – continually

environment and ensuring service levels are met v. Infosec – team responsible for securing systems and data vi. Release Managers – the people responsible for coordinating the production deployment processes PLANNING HORIZONS SHORT i. Act like a startup, strive to generate measurable improvement or actionable data within weeks f. RESERVE 20% OF CYCLES FOR NON-FUNCTIONAL REQUIREMENTS AND REDUCING TECHNICAL DEBT

known vulnerabilities and consolidate multiple versions of the same library iii. 2014 Verizon PCI Data Breach Investigation Report – studies over 85K cardholder breaches. 10 vulnerabilities accounted environments with infrastructure-as-code and auto- scaling. Must create alternatives methods of providing the data to show auditors controls are in place and operating. 1. Work closely to identify the evidence needed

and other version control tasks. As a distributed revision control system it is aimed at speed, data integrity, and support for distributed, non-linear workflows https://try.github.io/levels/1/challenges/1

3rd Party Application Installations  Route Adds – requires heightened security access  Database Data Script Execution  Load Balancer Node Disablement  OS and Security Patching  Requesting access