Ignite Talks at AI Field Day 5

Accelerate Your SDLC with BEST featuring Calvin Hendryx-Parker of Six Feet Up

Watch on YouTube
Watch on Vimeo

Calvin Hendryx-Parker from Six Feet Up discusses the importance of optimizing the software development lifecycle (SDLC) in his talk at AI Field Day 5. He begins by acknowledging the widespread integration of software in various aspects of life and the common challenges faced by software teams. Calvin introduces Six Feet Up, a Python and AI agency known for tackling complex problems with a highly experienced team. He shares a case study of a client with over 30 sub-organizations, each with its own software development team, struggling to operate efficiently due to siloed operations and lack of collaboration.

To address these inefficiencies, Calvin’s team conducted a thorough two-month evaluation of the client’s software teams, identifying key issues such as the absence of continuous integration/continuous deployment (CI/CD) practices, manual intervention steps, and technical debt. They also assessed the onboarding process for new developers and the overall skill gaps within the teams. The goal was to transform the existing developers into more effective contributors without the need for drastic measures like hiring or firing. This comprehensive analysis led to the development of a scoring system to compare and evaluate the performance of different teams, ultimately providing tailored recommendations for improvement.

Calvin introduces BEST (Best Enterprise Software Techniques), a product designed to streamline the evaluation process. BEST consists of online surveys that assess various aspects of the SDLC across four stages and 19 units, enabling teams to identify areas for improvement quickly. The tool generates heat maps and radar charts to visualize performance and facilitate cross-team learning and collaboration. Calvin emphasizes that while BEST can significantly enhance the SDLC, the underlying principles and evaluation framework can be adopted by any organization to improve their software development processes. He concludes by encouraging teams to focus on continuous improvement and collaboration to achieve a more efficient and effective SDLC.

Personnel: Calvin Hendryx-Parker

FIDO Phishing-Resistant Authentication featuring Jack Poller

Watch on YouTube
Watch on Vimeo

Jack Poller, founder and principal analyst of Paradigm Technica, discusses the evolution and challenges of authentication methods, particularly focusing on the limitations of traditional passwords. He explains that passwords, which have been used since ancient times, are fundamentally flawed because they are shared secrets that can be easily stolen or phished. Despite the implementation of multi-factor authentication (MFA) to enhance security by combining something you know (password) with something you have (a device) or something you are (biometrics), these methods still rely on shared secrets that can be compromised through social engineering tactics.

Poller introduces public key cryptography as a more secure alternative for authentication, which has been around since the 1970s but is relatively new in the context of identity and access management. Public key cryptography involves a pair of keys: a private key that encrypts data and a public key that decrypts it. This method ensures that the private key, stored in a secure vault within a trusted processor module (TPM), cannot be extracted or misused, even under duress. The TPM not only stores the keys securely but also performs the encryption and decryption processes, ensuring that the keys are never exposed.

He further elaborates on how the FIDO (Fast Identity Online) protocol leverages this technology to provide phishing-resistant authentication. When a user attempts to log in to a website, the site sends a challenge to the user’s device, which is then encrypted using the private key stored in the TPM. The encrypted response is sent back to the website, which decrypts it using the corresponding public key to verify the user’s identity. This method eliminates the risks associated with password reuse and phishing, making it a more secure and user-friendly solution. Poller emphasizes the importance of adopting passkeys offered by websites to enhance overall internet security.

Personnel: Jack Poller

Thoughts on Enterprise Ready Solutions featuring Karen Lopez

Watch on YouTube
Watch on Vimeo

Karen Lopez’s talk at AI Field Day 5 delves into the evolution of enterprise software acquisition and the critical considerations that have emerged over her extensive career. Reflecting on her 38 years in the field, Lopez contrasts the early days of software procurement, where software was a tangible product with limited integration capabilities, to the current landscape where integration, security, and compatibility with existing enterprise systems are paramount. She recalls a time when software came in physical boxes, required manual data integration, and had limited scalability and backup options. The roles of system integrators and specialized experts were crucial due to the complexity and cost of integrating disparate systems.

Lopez emphasizes that modern enterprise software acquisition now demands a holistic view that goes beyond the software’s inherent features. She highlights the importance of understanding how new solutions will fit within an organization’s existing infrastructure, including integration with current administrative, security, and privacy tools. Lopez points out that many vendors often gloss over these integration details during their pitches, which can lead to significant hidden costs and implementation challenges. She stresses the need for thorough questioning about a solution’s compatibility with continuous deployment environments, identity systems, governance frameworks, and monitoring tools to ensure that the software can be seamlessly integrated and managed within the enterprise.

In her current approach, Lopez places greater weight on external features such as security practices, data classification capabilities, and the ability to use existing analytical tools. She shares her experience with a recent acquisition project where the lack of granular security controls in a hastily purchased solution posed significant risks. Lopez advocates for a comprehensive evaluation of a solution’s enterprise readiness, including its support for modern security measures like multi-factor authentication and its ability to integrate with existing data management and monitoring systems. By focusing on these broader considerations, Lopez aims to reduce the cost and risk associated with new software implementations, ensuring that they deliver long-term value to the organization.

Personnel: Karen Lopez

CXL Test Drives featuring Andy Banta

Watch on YouTube
Watch on Vimeo

Andy Banta’s talk at AI Field Day 5 delves into the concept of CXL (Compute Express Link) and its potential to revolutionize memory access in computing architectures. He begins by explaining the traditional concept of Non-Uniform Memory Access (Numa), where memory access times vary depending on the proximity of the memory to the processor. CXL extends this idea by allowing memory to be connected via a CXL channel, which operates over a PCI-E bus, rather than the traditional DDR channel. This innovation enables memory to be located both inside and outside the physical box, and even connected through future CXL switches, which will allow shared memory access among multiple hosts. The potential for CXL to incorporate SSDs means that memory access times could range from nanoseconds to milliseconds, offering a wide array of possibilities for memory management.

Banta highlights the current limitations in testing CXL devices, noting that many are still in the conceptual phase and not readily available for purchase or testing. He draws an analogy to test-driving a car, where certain limitations prevent a thorough evaluation of the vehicle’s performance. Similarly, with CXL, the lack of commercially available switches and the ongoing development of standards for shared switches make it challenging to conduct meaningful tests. To address this, Banta proposes a simulation-based approach, akin to practices in other engineering disciplines like electrical or mechanical engineering. He suggests that software engineering and system design should also adopt simulation to evaluate different configurations and workloads, thereby optimizing performance and resource allocation.

Banta introduces Magnition, a company he is consulting with, which has developed a large-scale simulation framework for CXL environments. This framework allows for distributed, multi-processor simulations of various components, enabling users to run genuine applications and workloads to capture memory access patterns. By simulating different configurations and workloads, Magnition’s framework can help identify optimal memory allocation strategies and performance sweet spots. Banta emphasizes the importance of consistent results in performance engineering and demonstrates how their simulation framework can achieve this by running controlled experiments. The ultimate goal is to provide a reliable and efficient way to “test drive” CXL systems, ensuring that users can make informed decisions about their memory management strategies.

Personnel: Andy Banta