Blog

How to Build a Mapbox Minimap in a React App

by Tyler Beall Oct 18th, 2021 Technology

My team at Evans and Chambers Technology has been working on an application in the geospatial analytics field for the past few months. Using the React library and Mapbox GL JS, we were able to provide a map which would allow users to perform valuable functions such as drawing geoJSON shapes, identifying locations on a map, and providing layers for data analytics and trends.

As we progressed with the application, it became clear that from a design standpoint, our map needed an overview map to help the user identify their location more easily.

Unfortunately Mapbox does not provide this functionality out of the box, nor do they provide documentation on how implement this relatively common feature request. And to make matters worse, we were unable to find any examples online of any other teams building this feature.

See our post on Medium to learn more about how our team discovered and documented adding this novel feature to a React application.

https://medium.com/@tyler.beall/how-to-build-a-mapbox-minimap-in-a-react-app-608dbb43cbb2

No Comments »

Tech Talk: AWS Cloud Formation

by Alice Swan Feb 26th, 2021 Cloud EC Inside Tech Talks Technology

Amazon Web Services (AWS) CloudFormation is Amazon’s primary infrastructure-as-code (IaC) service. Nearly any resource that can be created through the AWS console can (and should) be created using CloudFormation templates. IaC is a cornerstone of the modern software development lifecycle. With IaC, solutions can be deployed, downtown, and redeployed as often as needed. 

Quoting the noted software developer Spider Man, “with great power comes great responsibility.” CloudFormation tools need to be used with care and with future maintainability in mind. The objective is always to be able to deploy an entire solution from scratch and with the least amount of code in your templates. 

Pat Ryan, cloud practice lead for Evans & Chambers, has been working with AWS for 4 years, and he presented the following lessons learned during the Tech Talk. 

  • Deploy early and often.
  • Always be able to deploy your entire solution from scratch.
  • YAML is preferred over JSON, as YAML supports comments and is more compact.
  • Make use of the built-in constants that are available when a stack deploys—for example,  AWS::StackId
  • Make resource identifiers unique to the stack.
  • Nest, but not too deep.
  • IAM policies can be complicated to get right in CloudFormation. Separate them into their own template.
  • Give your template to a colleague and ask her or him to deploy it. If the deployment fails, you will find out what resources you forgot to put in the template or what dependencies you did not properly factor out.
  • Deploy from the command line, as it is faster and more easily repeatable than deploying from the console.
  • When creating the template definition for an AWS service that you have never used before, use the documentation and keep the definition as minimal as possible.
  • CloudFormation has its limits. Consider other solutions such as AWS Cloud Development Kit (CDK), Ansible, and Terraform.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: Building Out a DevSecOps Pipeline

by Alice Swan Jan 27th, 2021 Cloud EC Inside Tech Talks Technology

Anyone who is familiar with the process to achieve Authority to Operate (ATO) understands that it is often fraught with issues that can holdup development and delivery of software products to their customers. Software development teams are in need of an effective development strategy to shorten these timelines and even make a continuous ATO possible. 

DevSecOps is becoming increasingly popular in the Federal Government to push through these limitations. Leveraging the continuities gained with DevSecOps such as Continuous Monitoring, Continuous Inspection and Continuous Testing, a development team’s security & development posture is robust and can more easily navigate the Risk Management Framework (RMF) & ATO process.

Dave Rabrun, a software architect at Evans & Chambers, presented a virtual tech talk on building out a DevSecOps Pipeline with readily available open-source tools & libraries. Dave was able to showcase the benefits of continuous inspection tools such as SonarQube and Arachni. From there, Dave presented a seamless DevSecOps pipeline that leveraged development with Github, integration with Jenkins and deployment with AWS CloudFormation.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: Amazon S3 Tools and Best Practices

by Alice Swan Oct 9th, 2020 EC Inside Tech Talks Technology

With cloud storage becoming an increasingly attractive option for businesses due to cost-savings and no physical hardware management, many products & services have been moving to the cloud.

Amazon’s S3 is one of the most popular cloud storage services on the market. It offers industry-leading scalability, availability, security, and performance. S3 can integrate with websites, applications, and much more. While AWS handles many aspects of security ranging from physical hardware security to network security, the customer is still tasked with configuring S3 to meet their regulatory and compliance needs.

On October 8th, Colin Ardizzone, a software engineer on the Security Control team at Evans & Chambers, held a virtual tech talk to provide an overview of S3 tools & best practices for meeting regulatory and compliance requirements. He discussed configurations and practices you can take when managing your S3 infrastructure to provide security and redundancy when handling data in S3. He also discussed how to enable inventory reports which can be used to help identify gaps in your configuration and prove you are meeting compliance regulations.  Using Amazon Athena, inventory reports were queried using SQL, allowing for a quick and easy analysis of large batches of files. Lastly, he demoed Amazon Macie, a fully managed data security and privacy service that uses machine learning and pattern matching to help identify and protect sensitive data in S3.

Security in S3 is a shared responsibility between AWS and the customer. Tools like S3 inventory, Macie, and Athena can help alleviate the customer’s burden by staying on top of security risks and helping maintain an evidence trail.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: DevOps with AWS

by Alice Swan Jul 2nd, 2020 Cloud EC Inside Tech Talks Technology

DevOps has reshaped the way software is processed and delivered by providing a structured and decoupled approach by way of the DevOps toolchain.

Using CI/CD (continuous integration/continuous delivery) in your DevOps pipeline provides automation that improves delivery time, thus allowing developers a faster and more reliable way to go from code to deployment.

If you’re already invested in AWS cloud infrastructure, then it’s worth checking out AWS’s DevOps suite, as they’ve created tools designed to integrate their services for a quick to implement solution. AWS CodePipeline allows you to create custom workflows and control how CI/CD is implemented in your system.

In June 30th, Jim Davis, a senior software engineer and tech lead at Evans & Chambers, conducted a tech talk on the advantages of incorporating DevOps into one’s software development cycle, and demoed a “hello world” application going from code to a hosted deployment in about 15 minutes with the push of a button.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

Screen Shot 2020-07-13 at 4.20.08 PM Screen Shot 2020-07-13 at 4.20.29 PM Screen Shot 2020-07-13 at 4.22.44 PM

No Comments »

Tech Talk: AWS Amplify

by Alice Swan May 28th, 2020 Cloud Tech Talks Technology

In the fast paced and ever-expanding world of software development cloud computing has become the new norm. AWS, being a leader in providing on-demand cloud computing services, is always looking to make it easier for the customer to build end to end solutions.

The traditional cloud model is to provision servers for computation and storage. This requires developers to manage and maintain operating systems, size, scaling policies and much more. What id there was a way to have a backend provisioned in the cloud without having to manage servers? AWS Amplify was introduced in 2017 to do just that.

On May 26th, Nate Ostrander, a software developer at Evans & Chambers Technology, gave a Tech Talk on how to utilize AWS Amplify to quickly build serverless solutions in the cloud. Nate gave a brief overview of the Amplify framework and which AWS services/coding frameworks are currently supported. He also demoed on how to build a reactive mobile application using Amplify, App-Sync and DynamoDB.

AWS Amplify gives developers the ability to rapidly prototype solutions that are built to scale for production. We will see more growth in the software development community as it is easier to quickly build cheap solutions with services like Amplify.

Screen Shot 2020-06-09 at 12.51.10 PM Screen Shot 2020-06-11 at 11.37.17 AM  Screen Shot 2020-06-09 at 12.50.38 PM

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: Amazon Textract

by Alice Swan Apr 30th, 2020 Cloud EC Inside Tech Talks Technology

In industries from government services to insurance, paper forms that were designed for physical use are increasingly sent over the internet. These forms have proved difficult to incorporate with digital tools and applications in the past.

As a result, demand has increased for robust Optical Character Recognition (OCR) tools that turn written forms and tables into machine-readable text. Document processors that require users to define a template are excellent for certain applications, but in situations with scanned or faxed documents, there are often problems with text recognition. Amazon released Textract in late 2018 to serve as a template-free OCR solution that serves as both an extractor and analyzer of text.

On April 28, Kayla Cross, a software engineer on the Security Control team at Evans & Chambers, held a virtual Tech Talk to provide an overview of Textract’s functionality. She outlined its advantages, such as reducing the burden on the user, and highlighted its easy-to-use API. She also outlined its possible uses, including identifying text for natural language processing, analyzing data with multiple columns, and parsing complex government forms like DD254s and SF86s. She ended with two demonstrations that showed different approaches to using Textract in the Amazon ecosystem to parse a government form and a picture of a blog post taken with a phone.

Tools like Textract can prevent the arduous experience of re-entering information that is already contained in a form into separate software, which makes it an attractive solution for developers seeking to improve user experiences and streamline their applications.

image (3)     image (2)

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

Tech Talk: AWS CloudFormation

by Alice Swan Feb 28th, 2020 Cloud EC Inside Tech Talks Technology

Infrastructure as Code (IaC) is a powerful method for safely and reliably managing complex solution deployments. IaC reduces or eliminates manual steps, limiting the opportunities for human error. AWS CloudFormation is a managed IaC solution for representing and deploying solutions in the AWS platform.

On February 27, Pat Ryan, cloud practice lead for Evans & Chambers, held a Tech Talk to provide a basic introduction on the core concepts and practices of CloudFormation. He described the key syntactical elements of a CloudFormation template as well as the built-in functions and variables.

Following the discussion on CloudFormation basics, Pat walked through an example of a complex template that he produced for a government client.

The presentation provided an introductory understanding of CloudFormation and introduced other IaC solutions such as Ansible and Terraform.

IMG_5686  IMG_0593 IMG_3345

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.

No Comments »

The 5 Coolest Things We Learned at AWS re:invent

by Kayla Cross Jan 16th, 2020 Cloud Events Technology

This past December, I and six other EC team members used our annual training budgets to attend Amazon Web Services’ (AWS’s) annual re:invent conference in Las Vegas. We participated in small workshops, informational sessions, and hackathons alongside a staggering 60,000 attendees who descended upon the city to learn more about the services AWS offers.

Conference activities ranged from an enormous expo where companies showed off their products to small “Builder’s Workshops” that offered personalized instruction to no more than a dozen attendees at a time. In between activities, conference sessions explored each of AWS’s offerings as well as unveiled new services (such as Kendra, a search tool powered by machine learning). EC team members attended some sessions together and some individually  based on our professional interests. We will each give a Tech Talk in the coming months to share what we learned with the rest of our EC colleagues.

Having one of the entertainment capitals of the world as the backdrop for the conference meant plenty of options for fun as well. Attending the public sector happy hour afforded us the opportunity not only to unwind from a long day of workshops but also to connect with organizations with which EC could potentially partner. Our team has already done a demo with one of the companies we met there, LogRocket, that could help us more quickly identify bugs in production.


The 5 coolest things we learned at re:invent

After returning from the conference and having some time to reflect, the team got on Slack to share our notable  takeaways from re:invent:  

1. FedRAMP accreditation support for AWS partners

Jamil Evans: “My one thing: I met the head of ISV alliances for the public sector at a public sector reception. He shared that as a trusted partner, AWS will provide us with dedicated support as we move Security Control through the FedRAMP accreditation process!

2. Patch automation with AWS Systems Manager

Colin Ardizzone: “One cool thing I learned about was the Patch Manager capability within AWS Systems Manager which lets you automate patching of EC2 instances with custom scripts and gives ample feedback in the form of logs to CloudWatch. It also lets you patch fleets of instances at a time and will smartly distribute the patch schedule so all your instances aren’t affected at once.”

3. VPC Ingress routing rules!

Pat Ryan: “AWS’s new VPC Ingress Routing features can be used to simplify integration of 3rd party security appliances.”

4. Amazon Textract rocks!

Kayla Cross: “I was impressed with Amazon Textract for importing documents and forms into applications. I thought it would be especially applicable to a lot of projects at EC that may deal with modeling information from complicated government forms.

5. Mobile development with offline support using AWS Amplify

Nate Ostrander: “I learned about AWS Amplify, a development platform that helps you build mobile and web applications without managing compute servers. Amplify also offers offline integration. While offline, the user’s device can query and write to a local cache which will automatically synchronize with the data source when back online.”

 

image  Image from iOS (3)  Image from iOS (4)

No Comments »

Case Study – Security Control

by Jamil Evans Dec 10th, 2019 Business Software Technology

 

The Challenge:

seccon-image-png128
If you work as a security officer in private industry or many government agencies, chances are you are responsible for multiple security domains, to include personnel security, industrial security, incident management, operations security, foreign disclosure, and insider threat for your entire organization. The current management tools for these areas are generally paper files, excel spreadsheets, SharePoint sites, email inboxes, and at best multiple stove-piped and antiquated software solutions. This leads to time lost searching for and providing information. The disconnection of systems has institutionalized inefficient processes that create additional work for each specialist handling a transaction. In a surprising large number of cases, inaccurate or absent data entry has led to missed handoffs, lengthening the clearance processing time, which hits an organization’s bottom-line unnecessarily. In the most heartbreaking cases, these organizations lose their ability to hold classified contracts completely due to non-compliance with the NISPOM (view pdf here) and failed inspections.

 

The Approach:

Evans & Chambers, in partnership Industrial Security Integrators (IsI), designed and developed Security Control to be the market leader in the industrial security software sector.  Security Control is a cloud-native SaaS solution for industry and government that centralizes all aspects of industrial security to include modules for classified contracts, personnel, secure facilities, safes, classified materials, visits, incident management and insider threat. Our product notifies security officers and clearance holders of actions necessary to remedy issues to stay in compliance with security and agency policy directives. Rather than require security officers to hunt down employees for annual training via email and phone, Security Control assigns actions items to employees within the application. Users then click the email link to launch an employee portal to view their action items and complete them.

For incident management and insider threat, Security Control offers submission forms enabling employees to report their incident along with supporting details and attachments. The entire submission is then routed to the supervisor, security officer, insider threat personnel security officer (ITPSO), and any key personnel within the organization, as required by your organizational policies. Finally, a simple export is needed to provide the report to the relevant government authorities.

Security Control’s latest feature is automated DCSA self inspections. Prior to this breakthrough feature, organizations would spend up to a month emailing an MS Word questionnaire around to key corporate personnel, and approximately 15% of your cleared workforce.  This process requires each recipient to answer a subset of questions. After herding cats to get the questions answered, and verifying accuracy and completeness, the data would be manually compiled into a coherent report with a cover letter and made available to DCSA with the hopes that it would fit compliance requirements. Security Control’s automated self inspection feature with workflows enables the security office to complete this entire process accurately in just a few clicks.

Security Control was built on the Amazon Web Services GovCloud regions with a security-first approach. Our product offers both SaaS and on-premise versions. The SaaS option ensures data isolation and integrity without requiring dedicated hardware. Our Multi-tenant architecture balances security with cost-effectiveness by segmenting customer information via unique databases per tenant while also employing auto-scaling through multiple web servers that share customer computational workloads. Private subnets are used to keep customer data secure and prevent any unauthorized access. Security Control is in the process of achieving a FedRAMP moderate compliance level.

 

The Results:

Industrial Security Integrators, our strategic partner, came onboard as our first client in 2017. Together, we migrated 4,000 personnel clearances from over 200 Federal government contracting firms into the system. Today, our product has achieved a client base of 14,000 employee personnel clearances and over 550 Federal Government contractors. As Security Control continues to grow, the number of clerical errors and time lost during the clearance process will continue to decrease. We are committed to staying ahead of the compliance curve through the production of innovative new features as DCSA continues to add more regulations to the NISPOM. Through these efforts, we are excited to be recognized as a leading contributor in helping our clients achieve and maintain their levels of security, efficiency, and compliance.

No Comments »