Blog

Tech Talk: Log4Shell, Single Sign-On, & AWS Cognito

by Alice Swan Nov 25th, 2021 Tech Talks

As companies expand the amount of software tools they utilize to do business, the risk of data breaches grows. The Log4Shell exploit hammers this point home. Single sign-on solutions help companies regain confidence in the protection of their sensitive data.

On November 23rd, Colin Ardizzone, a software engineer on the Security Control team held a virtual tech-talk on Single Sign-On and AWS Cognito. He discussed the numerous security and administrative benefits of utilizing single sign-on in an organization. He also discussed several different single sign-on protocols, with a deep dive into the SAML protocol.

During this deep dive, he focused on how SAML is configured both as an administrator and user. There was also a demonstration of single sign-on being executed using Security Control and Microsoft Azure as the identity provider. During this demonstration there was a focus on how data was exchanged between the two parties using the SAML protocol. Some of the auditing and security features of Azure were also used to show how single sign-on can be a powerful security auditing tool.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: Elastic Compute Cloud (EC2) Basics

by Alice Swan Jul 8th, 2021 Tech Talks

One of Amazon Web Services’ (AWS) Elastic Compute Cloud (EC2) is known not only as a starting path for learning all things cloud computing, but proves over a decade since its launch to be as versatile and important as ever.

On Tuesday July 6th, Business Analyst Matthew Lauer held a tech talk on the AWS compute service EC2. During the talk Matthew went over foundations for starting out with EC2 and how he is utilizing this tool on his current project with Bright Beginnings. Matthew discussed the goals for the Bright Beginnings project and provided an explanation of the cloud architecture used on the project.

Matthew explained that Elastic Compute Cloud is the most valuable technical component for hosting a Learning Management System platform and that is why his team chose to use it for the Bright Beginnings project. Additionally, he said that EC2 has been very important as a learning tool for the interns at EC, gearing them up for their Certified Cloud Practitioner exams.


About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the
sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: Efficient Cloud Development & Deployment

by Alice Swan May 7th, 2021 EC Inside Tech Talks

With the COVID-19 pandemic, the resurgence of remote work and an ever-increasing number of networks that a Developer must be ready to engage with, effective DevOps Strategies have become integral to every Team’s Software development Life Cycle.

On May 4th, Dave Rabrun, A Software Architect at EC, held a Tech Talk explaining different methodologies to developing, deploying and maintaining software on disparate networks. During the presentation, Dave provided the audience with information about several collaborative operations & development environments that he uses to move data and code across his networks.

 Dave also presented advantages of completing as much development as possible from commonly accessed networks such as DI2E, Dicelab.net, AWS GOVCLOUD or AWS Commercial. From there, Dave showcased several tools he considered essential to his DevOps Toolbox. The tools he showed were AWS Cloudformation, AWS SAM and SonarQube. He went on to explain that with proper configuration & leveraging the templating and automation available with Cloudformation & SAM CLI, a developer can deploy the same system, every time, across different AWS networks. With SonarQube, the audience were shown that they could create a baseline to ensure a predictable security cadence for their applications & deployments.

Lastly, Dave went over common pitfalls to deploying to disparate networks such as “building to origin” instead of “building to destination” and not taking advantage of unit testing. The concept of “building to origin” is creating applications based on the system of origin, instead of “building to destination” which predicates building applications to the lowest common denominator or the network where the software will eventually be deployed.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: Lean UX

by Alice Swan Mar 26th, 2021 Tech Talks

User Experience Design (UX) has many flavors, Human Centered Design, Design Thinking, Customer Experience (CX) and more. LEAN is one of these methodologies. Even with LEAN, there are different versions. 

On Tuesday March 23, Don Ruzek, one of Evans & Chambers’ User Experience Designers on the DID(it) team at USCIS, held a Tech Talk, explaining what LEAN UX is and how the team is using it.The core of this talk is about philosophies and techniques related to the book, The Lean Startup”, by Eric Ries. This allows Product Design to develop requirements, UI design, terminology, UI patterns, and more to create the best user experience and business value. This process has been used since 2017 and has proven extremely successful with tasks, tracking, and history related to mission critical USCIS case management.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: AWS Cloud Formation

by Alice Swan Feb 26th, 2021 Cloud EC Inside Tech Talks Technology

Amazon Web Services (AWS) CloudFormation is Amazon’s primary infrastructure-as-code (IaC) service. Nearly any resource that can be created through the AWS console can (and should) be created using CloudFormation templates. IaC is a cornerstone of the modern software development lifecycle. With IaC, solutions can be deployed, downtown, and redeployed as often as needed. 

Quoting the noted software developer Spider Man, “with great power comes great responsibility.” CloudFormation tools need to be used with care and with future maintainability in mind. The objective is always to be able to deploy an entire solution from scratch and with the least amount of code in your templates. 

Pat Ryan, cloud practice lead for Evans & Chambers, has been working with AWS for 4 years, and he presented the following lessons learned during the Tech Talk. 

  • Deploy early and often.
  • Always be able to deploy your entire solution from scratch.
  • YAML is preferred over JSON, as YAML supports comments and is more compact.
  • Make use of the built-in constants that are available when a stack deploys—for example,  AWS::StackId
  • Make resource identifiers unique to the stack.
  • Nest, but not too deep.
  • IAM policies can be complicated to get right in CloudFormation. Separate them into their own template.
  • Give your template to a colleague and ask her or him to deploy it. If the deployment fails, you will find out what resources you forgot to put in the template or what dependencies you did not properly factor out.
  • Deploy from the command line, as it is faster and more easily repeatable than deploying from the console.
  • When creating the template definition for an AWS service that you have never used before, use the documentation and keep the definition as minimal as possible.
  • CloudFormation has its limits. Consider other solutions such as AWS Cloud Development Kit (CDK), Ansible, and Terraform.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: Building Out a DevSecOps Pipeline

by Alice Swan Jan 27th, 2021 Cloud EC Inside Tech Talks Technology

Anyone who is familiar with the process to achieve Authority to Operate (ATO) understands that it is often fraught with issues that can holdup development and delivery of software products to their customers. Software development teams are in need of an effective development strategy to shorten these timelines and even make a continuous ATO possible. 

DevSecOps is becoming increasingly popular in the Federal Government to push through these limitations. Leveraging the continuities gained with DevSecOps such as Continuous Monitoring, Continuous Inspection and Continuous Testing, a development team’s security & development posture is robust and can more easily navigate the Risk Management Framework (RMF) & ATO process.

Dave Rabrun, a software architect at Evans & Chambers, presented a virtual tech talk on building out a DevSecOps Pipeline with readily available open-source tools & libraries. Dave was able to showcase the benefits of continuous inspection tools such as SonarQube and Arachni. From there, Dave presented a seamless DevSecOps pipeline that leveraged development with Github, integration with Jenkins and deployment with AWS CloudFormation.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: Amazon S3 Tools and Best Practices

by Alice Swan Oct 9th, 2020 EC Inside Tech Talks Technology

With cloud storage becoming an increasingly attractive option for businesses due to cost-savings and no physical hardware management, many products & services have been moving to the cloud.

Amazon’s S3 is one of the most popular cloud storage services on the market. It offers industry-leading scalability, availability, security, and performance. S3 can integrate with websites, applications, and much more. While AWS handles many aspects of security ranging from physical hardware security to network security, the customer is still tasked with configuring S3 to meet their regulatory and compliance needs.

On October 8th, Colin Ardizzone, a software engineer on the Security Control team at Evans & Chambers, held a virtual tech talk to provide an overview of S3 tools & best practices for meeting regulatory and compliance requirements. He discussed configurations and practices you can take when managing your S3 infrastructure to provide security and redundancy when handling data in S3. He also discussed how to enable inventory reports which can be used to help identify gaps in your configuration and prove you are meeting compliance regulations.  Using Amazon Athena, inventory reports were queried using SQL, allowing for a quick and easy analysis of large batches of files. Lastly, he demoed Amazon Macie, a fully managed data security and privacy service that uses machine learning and pattern matching to help identify and protect sensitive data in S3.

Security in S3 is a shared responsibility between AWS and the customer. Tools like S3 inventory, Macie, and Athena can help alleviate the customer’s burden by staying on top of security risks and helping maintain an evidence trail.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: DevOps with AWS

by Alice Swan Jul 2nd, 2020 Cloud EC Inside Tech Talks Technology

DevOps has reshaped the way software is processed and delivered by providing a structured and decoupled approach by way of the DevOps toolchain.

Using CI/CD (continuous integration/continuous delivery) in your DevOps pipeline provides automation that improves delivery time, thus allowing developers a faster and more reliable way to go from code to deployment.

If you’re already invested in AWS cloud infrastructure, then it’s worth checking out AWS’s DevOps suite, as they’ve created tools designed to integrate their services for a quick to implement solution. AWS CodePipeline allows you to create custom workflows and control how CI/CD is implemented in your system.

In June 30th, Jim Davis, a senior software engineer and tech lead at Evans & Chambers, conducted a tech talk on the advantages of incorporating DevOps into one’s software development cycle, and demoed a “hello world” application going from code to a hosted deployment in about 15 minutes with the push of a button.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

Screen Shot 2020-07-13 at 4.20.08 PM Screen Shot 2020-07-13 at 4.20.29 PM Screen Shot 2020-07-13 at 4.22.44 PM

No Comments »

Tech Talk: AWS Amplify

by Alice Swan May 28th, 2020 Cloud Tech Talks Technology

In the fast paced and ever-expanding world of software development cloud computing has become the new norm. AWS, being a leader in providing on-demand cloud computing services, is always looking to make it easier for the customer to build end to end solutions.

The traditional cloud model is to provision servers for computation and storage. This requires developers to manage and maintain operating systems, size, scaling policies and much more. What id there was a way to have a backend provisioned in the cloud without having to manage servers? AWS Amplify was introduced in 2017 to do just that.

On May 26th, Nate Ostrander, a software developer at Evans & Chambers Technology, gave a Tech Talk on how to utilize AWS Amplify to quickly build serverless solutions in the cloud. Nate gave a brief overview of the Amplify framework and which AWS services/coding frameworks are currently supported. He also demoed on how to build a reactive mobile application using Amplify, App-Sync and DynamoDB.

AWS Amplify gives developers the ability to rapidly prototype solutions that are built to scale for production. We will see more growth in the software development community as it is easier to quickly build cheap solutions with services like Amplify.

Screen Shot 2020-06-09 at 12.51.10 PM Screen Shot 2020-06-11 at 11.37.17 AM  Screen Shot 2020-06-09 at 12.50.38 PM

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: Amazon Textract

by Alice Swan Apr 30th, 2020 Cloud EC Inside Tech Talks Technology

In industries from government services to insurance, paper forms that were designed for physical use are increasingly sent over the internet. These forms have proved difficult to incorporate with digital tools and applications in the past.

As a result, demand has increased for robust Optical Character Recognition (OCR) tools that turn written forms and tables into machine-readable text. Document processors that require users to define a template are excellent for certain applications, but in situations with scanned or faxed documents, there are often problems with text recognition. Amazon released Textract in late 2018 to serve as a template-free OCR solution that serves as both an extractor and analyzer of text.

On April 28, Kayla Cross, a software engineer on the Security Control team at Evans & Chambers, held a virtual Tech Talk to provide an overview of Textract’s functionality. She outlined its advantages, such as reducing the burden on the user, and highlighted its easy-to-use API. She also outlined its possible uses, including identifying text for natural language processing, analyzing data with multiple columns, and parsing complex government forms like DD254s and SF86s. She ended with two demonstrations that showed different approaches to using Textract in the Amazon ecosystem to parse a government form and a picture of a blog post taken with a phone.

Tools like Textract can prevent the arduous experience of re-entering information that is already contained in a form into separate software, which makes it an attractive solution for developers seeking to improve user experiences and streamline their applications.

image (3)     image (2)

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »