DevCentral Visits BlackHat 2023 !!!
Once again, buulam is headed to BlackHat in Las Vegas! He's super-excited to hit the ground in the desert to meet up with the community and some F5 partners! He'll be bringing the experience back to you, right here, so bookmark this article for all the latest news! Find the F5 Booth at Black Hat: Looking for the F5 Booth? Here it is! Check out the prize vending machine, Lego give aways, and the new Frankenstack plushies. 🎁 If you're at the show, keep your peepers peeled 👀 for buulam who would love to say "hi!" A talk with Kara Sprague, Chief Product Officer at F5 Buu Lam talks with F5 Chief Product Officer Kara Sprague about F5 solutions, particularly around APIs and Multi-Cloud Networking, and what's in store for the future. 00:30 - What does the role of Chief Product Officer entail? 01:30 - Why API security has suddenly become so important in recent years? 03:40 - The exponential increase in API sprawl. 04:11 - Multi-Cloud Networking growth as a use case. 05:45 - F5 being able to deliver security embedded within Multi-Cloud networking architecture. 06:30 - What does the future hold for F5? Bots, AI, and Social Engineering with Dan Woods at Black Hat 2023 Buu Lam talks with Dan Woods (Global Head of Bot and Risk Management at F5) about bots and AI bring used to create social influence and enhance the damage of social engineering. 00:45 - Ticket bots and Sneaker bots 01:46 - Are businesses actually trying to fix this? 03:10 - Bots and AI being used to create mass social influence 06:10 - AI being used to greatly enhance the damage of social engineering Quantum Cryptography with Keyfactor at Black Hat 2023 Ted Shorter from Keyfactor talks about post-quantum cryptography, its impact, and how organizations can stay ahead of the curve. 00:40 - Post-Quantum Cryptography 01:00 - KeyFactor's PQC Lab: an educational resources 02:20 - Strategies for thriving in a post-quantum world Check out PQC Labs educational resources here! MazeBolt's RADAR Dashboard Matthew Andriani (Founder and CEO of MazeBolt) walks us through a demo of MazeBolt's RADAR dashboard--showing how vulnerabilities can be remediated, then re-checked with updated results within 5 minutes. Fighting security alert fatigue with Stellar Cyber SOC teams face alert fatigue and the burden of so many tools. Stephen Salinas shares how Stellar Cyber uses AL and ML to reduce the noise. This allows security analysts to use information gathered across all their security tools to reach conclusions quickly. For more coverage from Buu Lam at #BlackHat, check out the DevCentral overview here: https://community.f5.com/t5/devcentral-news/devcentral-visits-blackhat-2023/ta-p/319253 App and Security teams working together with Venafi Teamwork makes the dream work. Paul from Venafi sees app and security teams coming together to resolve conflicts by reaching the outcomes they want without getting in each others way. The API security journey with WWT Where are you at in your API security journey? David and Clint from WWT share their perspective, their education-focused engagement with customers, the importance of real world scenario training. Until next time, Black Hat! That's a wrap for DevCentral at Black Hat 2023! Buu Lam shares some takeaways and observations: API security dominating discussions Hybrid and Multi-Cloud is the new norm Frankenstacks are cool, look for them at future eventsRSA Conference 2022 - That's a wrap! Here's what you may have missed
RSA Conference is one of the biggest conferences you can attend in our industry. It was last held in person in February 2020 with 36,000 attendees, although previous years saw numbers around 45,000 attendees. In 2021, it was held virtually and everyone has been excited to get back to an in-person event in 2022. This year, the show floor had a great amount of energy! I reconnected with many old friends and I met many people for the first time in person, having only seen them online otherwise, whether co-workers or other industry friends. Some common discussions happening around the F5 booth this year were: What's new with F5? and filling them in on Distributed Cloud and WAAP What are you doing for Fraud? What are APIs and how do you protect them? What is your approach to Zero Trust? These themes guided some of the videos that PSilva and I created during the week. We realize not everyone can attend the event so we wanted to document the event as best we can and share the experience with viewers. We even tried using a 360 camera to create a VR experience for everyone. And we also pulled off a Live Stream from the show floor! Below is all of the main videos we created for the week. We created some additional Bonus Content that is geared towards the members of the DevCentral Connects Group as well - please join the group in order to see that feed. Some of the shorter content will just end up on our social accounts so be sure to follow us there as well. Peter: LinkedIn / Twitter Buu: LinkedIn / Twitter Looking forward to seeing everyone again soon!
✨🎩 LIVE DevCentral @ Black Hat USA 2022
Join the DevCentral team (AubreyKingF5, buulam, PSilva) this week in Las Vegas for Black Hat USA 2022! Don't forget to stop by the F5 booth 2140! Grab a t-shirt, some DC trinkets, and a selfie with the gang. We'll be releasing a ton of content live as we explore Black Hat so make sure to subscribe to this post to get the latest from the team! Keep an eye for updates in the comments! Let us know if there's anything you'd like to see at Black Hat. Highlights: Black Hat USA 2022 Partner Preview in 360! @buulam and @PSilva walk the Black Hat Business Hall and give a preview of the F5 Partners they'll be interviewing this week including @Trellix, @OPSWAT (1186), @NonameSecurity (1860), @AppViewX (3144) and @Entrust_Corp. DevCentral Visits Black Hat USA 2022! @buulam and @PSilva guide you to the F5 booth 2140: the place for giveaways and learning about fraud, API security and automated attacks. Ask the Expert: What are Automated Attacks PSilva talks with Dan Woods, F5 Head of Intelligence about Automated Attacks, what they are, what they can do and what you can do about them. Partner Spotlight: OPSWAT Tom Mullen, SVP of Business Development talks about how OPSWAT integrates with F5 solutions on platform, in the cloud, or with a VE. Partner Spotlight: AppViewX buulam sits down with Mike Turner, Worldwide VP Systems Engineering from AppViewX to discuss the benefits of a joint solution with F5 and AppViewX.That's a Wrap! DevCentral Visited: GovWare 2022
A couple months ago, I was asked to attend GovWare, in Singapore. Ignorant to events outside of North America, I was surprised to find out this was an event that attracted 10,000+ attendees from all around Asia and was in fact, Asia's largest Cyber Security conference! Held in the famous Marina Bay Sands Expo and Convention Center, this event was bigger than I imagined and busier than I'd experienced otherwise, all year. What made the difference here was the people. The show floor was extremely energetic with people willing to learn. The talk tracks had some of the worlds brightest talents on stage. F5 even sent our very own Joel Moses, Distinguished Engineer and CTO of Platforms and Systems, as well as Dr. Aditya K. Sood, Senior Director of Threat Research and Security Strategy - 2 folks from our Office of the CTO who are some very bright thinkers. I set out to determine what are some differences in Cyber Security in Asia. In fact, I asked this of nearly everyone I met. Most replied that its not that different. If anything, I just heard amplified messages from earlier this year. API security is a real concern. Enabling security for app developers is a priority so that they can focus on code. One topic that was discussed more than I'd heard before is interesting edge computing use cases. Not just standard compute, but AI/ML use cases and security use cases. So basically, everything is the same, but different 😄 Of course, I created much content for everyone to follow along. In case you hadn't seen it all, I'll link a playlist with everything (over 20 videos) if you'd like to binge. But I'll also list some of my favorite pieces directly, as well! 🎥 DevCentral Visits: GovWare 2022 - Full Playlist 🎥it-sa Expo & Congress in Germany - DevCentral Visits
buulam is heading to it-sa Expo & Congress 2023 in Nuremberg, Germany! Make sure to subscribe to the DevCentral Youtube channel, and follow DevCentral and Buu Lam to get the latest updates from across the pond. And we'll be sure to update this post, too. DevCentral Visits it-sa Expo and Congress Buu Lam says hallo from Nuremberg as he heads to it-sa Expo and Congress, one of the biggest security conferences in Europe. F5 can be found at the Weston, Computacentre, and Magellan booths. Stay tuned for more from it-sa, including Markus Hennig's talk, a live hacking demo, and more. Secure Multi-Cloud Networking with Markus Hennig Markus Hennig, F5 Distributed Cloud Services Specialist, talks secure multi-cloud networking at it-sa Expo and Congress 2023. IT security needs are global at a high level--everyone needs automation and flexible deployment options. Markus shares additional regional insights on local security adoption and prioritization. WebAssembly Support added to F5 NGINX Unit Timo Stark, Principal Technical Product Manager at F5 NGINX (and Docker Captain) talks about the new WebAssembly support added to NGINX Unit. Using F5 for SSLO with the German Pension Fund Alexander Müehleck and Oliver Tönnies from the German Pension Fund Network Infrastructure and Security Gateway team talk about their long-term experiences with F5. Most recently, they implemented an SSLO solution across multiple sites that provides outbound security services for their 60,000 users. One big benefit: flexibility--being able to switch seamlessly back and forth between their data centers enables them to do maintenance easily. Westcon to the rescue Buu Lam interviews Robert Jung (Westcon Managing Director for DACH and Eastern Europe region) about how Westcon enables F5 partners to get more value out of their products via training, go-to-market strategies, financing, and more. Robert also shares insights on what he sees in the security business regionally. Daniel Wolf on what it means to be a leader in the community Daniel_Wolf, Security Solutions Engineer at Controlware GmbH, is well-known in the DevCentral Community! Buu Lam meets up with Daniel IRL and gets the story behind his motivations to become DevCentral MVP.Elevate Your Skills - Register for AppWorld 2025
AppWorld 2025 is set for February 25-27 in Las Vegas. Focusing on application security and delivery, this three-day event is packed with expert-led sessions, hands-on labs, and networking opportunities for practitioners and experts from around the world. F5 Academy is at the Heart of AppWorld 2025. Ideal for those working towards certification. You’ll engage with F5's latest products through hands-on labs, sharpen your skills, and earn digital badges. One free certification practice exam will be available before the event. You can earn (ISC)2 CPE credits for certain security-focused labs, and F5 will handle credit submission for you. --------------------------------- UPDATE Nov 11. --------------------------------------- Labs and Briefings To Attend Find the full list of labs and briefings on the F5 Academy at AppWorld 25 page. F5 in the AI Era: For users who are new to AI, this briefing explores how F5 technology can help organizations with their AI journeys. F5 NGINX One: Learn how the NGINX One console provides visibility into a global fleet of NGINX instances, both NGINX Plus and NGINX Open Source (OSS). F5 Distributed Cloud: Discovering & Securing APIs: Get hands-on experience with the API Discovery and Security capabilities of F5 Web Application and API Protection (WAAP) within F5 Distributed Cloud. -------------------------------------------------------------------------------------------------- Why Attend? Learn: Access a year's worth of knowledge in three days through keynotes, solution-focused breakouts, product deep-dives, and roundtables. Connect: Network with professionals from DevCentral, NGINX, and F5 Insiders communities. Influence: Share your experiences with BIG-IP, Distributed Cloud, and NGINX to influence F5’s technology direction. Elevate your technical skills and connect with peers at AppWorld 2025; a must-attend event. Register for AppWorld 2025 today and join us in Las Vegas!!Community Highlights, Week 41, '22
More of a midweek update this week, but a quick FYI to let you know that going forward I'm adding a section at the bottom to recognize some of our more active members over the past week. I'm always looking for ways to recognize and reward the healthy behaviors that make our community such a helpful place, so if you've got other ideas please let me know in the comments. Since there's a lot of Cybersecurity Awareness Month content this month and we don't want it to get lost, here's a quick list of the past week's security content before I call out individual user posts below: Dharminder wrote about the previous week's events in Binance Hack, Data Leak and Supply Chain Attack - F5 SIRT This Week in Security - Oct 1st to Oct 7th Fouad_Chmainy shared Manage F5 BIG-IP Advanced WAF Policies with Terraform (Best Practices) MichaelatF5 gave us a two-parter: How to Split DNS with Managed Namespace on F5 Distributed Cloud (XC) Part 1 – DNS over HTTPS How to Split DNS with Managed Namespace on F5 Distributed Cloud (XC) Part 2 – TCP & UDP There were two additions to the ongoing SSL Orchestrator Advanced Use Cases article series: Kevin_Stewart wrote about Integrating F5 Intrusion Prevention System (IPS) KevinGallaugher wrote about One-Armed Mode AubreyKingF5 was able to work with F5's Lakhwinder Singh to create the video walkthrough Learn How to Apply F5 Distributed Cloud WAAP with GKE via a Public GCP IP Address. Dave_Potter wrote about how to Use F5 Distributed Cloud to control Primary and Secondary DNS DevCentral's Rebecca_Moloney, who is responsible for our content, wanted to created a series to give insight to what some of our too-often unsung extended teammates do with her Helpers Behind the Scenes article series written by regular and guest authors ed_patron shared his story in Security Operations Center - Helpers Behind the Scenes mpb wrote about how she ended up working in F5 Threat Intelligence - Helpers Behind the Scenes m_heath wrote about his journey to and in F5 Labs - Helpers Behind the Scenes Lior_Rotkovitch wrote A Day in the Life of a Security Engineer from Tel Aviv We've got more Scary Hack Stories! over on the DevCentral YouTube channel Beware What You Download Protect Your Management Interface! Avoid API Assault ! Monitor the Ghosts in Your Graveyard! Forum post highlights: Deena, new to F5 and DevCentral, wants to be proactive about learning about F5 Lingo, and Mohamed_Salah_ and boneyard dropped some knowledge and advice. I'll include LiefZimmerman 's great list of learning resources on Deena's other post here, because it may come in handy to whoever reads this week's Highlights. Welcome to the community, Deena! southern_shredd asked how to write an iRule to redirect to to 301 location , and after a little back and forth, CA_Valli was able to help out Unanswered questions: VFB asks about Adding a dynamic generic host to GTM spalande wants to know about All attack signatures vs server/application specific ASM attack signatures spetrof5 has an issue with Maintenance page with an image using iRule and iFile, image never gets displayed Notable solutions: Michaelyang asked When Active/Standby failover send mail, and Nikoolayy1 jumped in with the answer Notable users (excluding F5 employees): Most kudoed authors: Nikoolayy1 CA_Valli Mohamed_Salah_ Gave the most kudos: Nikoolayy1 Michaelyang boneyard Top kudoed post: CA_Valli's Accepted Solution to Michaelyang's question About log rorate Tip of the week: Remember to mark Accepted Solutions if someone helps solve your issue - not just so they get kudos, but so that future users can easily find the same answer you needed!NGINX Microservices March 2022: Kubernetes Networking
Kubernetes operators (or aspiring operators), be sure to check out Microservices March 2022: Kubernetes Networking, a month-long free educational event by our friends at NGINX. Each week will feature a different unit with useful information for Kubernetes users of all levels (or those planning to adopt Kubernetes within the next year.) Unit 1 (March 7–11): Architecting Kubernetes Clusters for High-Traffic Websites How to route traffic to microservices deployed in Kubernetes. Unit 2 (March 14–18): Exposing APIs in Kubernetes Best practices for deploying API gateways in Kubernetes. Unit 3 (March 21–25): Microservices Security Pattern How to secure apps and APIs to be production-ready. Unit 4 (March 28–31): Advanced Kubernetes Deployment Strategies How to split traffic and use Kubernetes for shadow rollouts. Choose Your Own Adventure Microservices March includes around 16 hours of Kubernetes educational content in total, with three different way of learning: High-level livestreams: Overviews that are technical in nature, but still accessible to people who are not Kubernetes experts or in a technical role. Learning more with blogs and videos: Deeper technical knowledge for those familiar with basic traffic management concepts (for example, load balancing). Hands-on labs: Recommended for participants with some Kubernetes experience as they will be using YAML. Look for the hashtag #microservicesmarch to follow the event on social media. All content will be available on-demand beginning in April.
Just Announced! Attend a lab and receive a Raspberry Pi
Have a Slice of AI from a Raspberry Pi Services such as ChatGPT have made accessing Generative AI as simple as visiting a web page. Whether at work or at home, there are advantages to channeling your user base (or family in the case of at home) through a central point where you can apply safeguards to their usage. In this lab, you will learn how to: Deliver centralized AI access through something as basic as a Raspberry Pi Learn basic methods for safeguarding AI Learn how users might circumvent basic safeguards Learn how to deploy additional services from F5 to enforce broader enterprise policies Register Here This lab takes place in an F5 virtual lab environment. Participants who complete the lab will receive a Raspberry Pi* to build the solution in their own environment. *Limited stock. Raspberry Pi is exclusive to this lab. To qualify, complete the lab and join a follow-up call with F5.
