Thanksgiving is rapidly approaching in the US (as is a sense of Armageddon, for that matter). Far from slowing down, last week was a flurry of activity for me, with four days of back to back meetups on a diverse variety of subjects. A recap each of the meetups and some of the major points is included below for your reading pleasure. To mangle Twain, I regret that this summary is not more concise, but I am pressed for time.
Seattle AWS Architects & Engineers
This meetup is one of the most regular and high quality AWS-focused meetups in the Seattle area. Topics for this night included presentation on the Inspector and Elasticsearch services. Inspector is a service I’ve done a casual bit of exploration with previously and I appreciate the chance to hear more from AWS’ own Jim Fink on the intent and direction of the product. I’m a bit undecided on my opinions on this one. On the one hand, having an agent that can be deployed to review security settings and vulnerabilities baked into the AWS ecosystem is terrific. At the same time, the product is currently very limited on reporting and design decisions such as collapsing everything into qualitative high-medium-low buckets reflects a checkbox compliance mentality. There are a number of changes coming to this new service and I don’t doubt it will grow into something useful. At the moment, this seems like a bit of an odd duckling with the move towards immutable servers and function-based (I can’t quite bring myself to say “serverless”) computing.
Steve McPherson presented on the AWS Elasticsearch offering. Steve jumped in at the last minute to fill a gap in the schedule and was operating at a bit of a disadvantage. That’s a shame as AWS ES is a service I grumble about a lot. After initially being excited about the release of a hosted ES service on AWS (having run ELK clusters before, it’s not something I want to repeat), I grew very disenchanted with the ES offering. At the moment, AWS ES does not support VPC hosting, which is simply unconscionable for any new AWS offerings these days. Putting a ES cluster on the public internet, regardless of the IAM code AWS has baked into their version, is not a wise idea. Coupled with the glacial release of new code to the service (the current available versions are several point and now even major versions behind the GA open source code), and ES is a service that fails to deliver on what I consider a MVP for a AWS service. The standards have shifted and what could be a MVP for AWS in 2012 no longer cuts it. Customers should – and in my case, do – demand more.
Security and Machine Learning with Apache Spark
The Spark meetup benefits from support by Databricks. This month’s topic was very exciting, with both talks from and hosted by a firm I had heard of, but knew very little details about, Context Relevant. CR applies some custom magic within on-premises (!) Spark clusters of large organizations to use network log data to detect security issues (yes, the APTz). I’ve done a fair amount of work with organizations and companies doing similar work, and the CR approach of actually targeting the most sophisticated of attacks, combined with the on-premises model and the focus on internal lateral detection is an interesting one. There weren’t many security focused individuals at this event, nor are there that many security focused data science folks in general, so getting full details on what is going on here and the success of the Context Relevant approach was hard to obtain. This is an interesting area of development as well as one that is easy to spend a lot of time in for little real return. Personally, I see these sorts of products fitting into a larger framework of data-driven security risk management. I have some nascent thoughts on what elements of such a framework might entail, as well as how various techniques and tools may fit into such a program, for a future post.
Seattle Data/Analytics/Machine Learning (DAML)
The DAML meetup is one I try to attend as often as I can for a bit of a brain stretch. Most of my own machine learning work is relatively simple (security is far more limited by people and data issues than by algorithmic ones) compared to the problems this group addresses. When I do make it out, I’m invariably impressed with the types of research and development right outside my door. In the case of this Allen Institute for Artifical Intelligence event, the Wallingford location was literally just blocks from my doorstep. The AI2 folks are tackling tough problems with amazing approaches. For a tiny taste of the work they do, check out Semantic Scholar.
I only discovered the Seattle CoffeeOps meetup a few months ago but have been a regular attendee since my first meeting. This group meets every two weeks and uses a Lean Coffee format to bring practitioners, enthusiasts, and the curious together on a variety of DevOps related topics. If you’ve ever participated in an Open Space or unconference event you’ll grok the format very quickly. Many of the participants are deep in the technology side of things, while remaining in touch with the culturally and empathetic aspects of the DevOps movement that are just as important (I argue even more important) as the technological aspects. Recently the group has outgrown the Starbucks space we’ve been using and we’ve moved to using the Chef corporate HQ building for our space. Even with the larger size, the spirit and accessibility of this meetup continues. Even as one of those weird infosec data science type, I come away with something usable every time.