Barbarians Inside the Gates: AWS Security Roadshow

AWS Security Roadshow, Tysons Corner, VA (5/23/2017)

I attended the AWS Security Roadshow yesterday in Tysons Corner, VA (5/23/2017).  Members of the AWS Technical Services Team delivered various briefings and answered one-on-questions regarding best practices for securing one’s AWS Cloud-Based Software Solutions.  One of my biggest take-a-ways was the idea of ‘DevSecOps’.

The software development life cycle (SDLC) is typically a process balanced by two competing forces: Development and Operational Staff.  The Development Staff is typically motivated by the imperative to deliver quality code quickly and often, while the Operations Staff is typically motivated by the imperative to keep the Production Environment running and stable, with as few changes as possible.  AWS are encouraging users of their platform to include a third competing component in the typical SDLC: Security Staff.

Security Staff, the ‘Sec’ in the term ‘DevSecOps’, are motivated by the imperative to keep the bad guys away from Enterprise Data, promising to make the balancing act between Development and Operational imperatives even more contentious, albeit a necessary contention at that.  Security Engineers need to be integral components of any Enterprise Software Engineer Team, and they need to be driving Security concerns and architectural decisions from the very beginning of the SDLC.  Computer Security is not a quality gate, but an integral part of the SDLC.

Security Inconsistencies

While overall I am impressed by AWS’ focus on Cloud Security, and their desire to ensure that AWS customers practice ‘Safe OpSec’ (Safe Operational Security, for you AFN Fans) on their platform, I have noticed a few inconsistencies in the overall security messaging:

Practicing Safe OpSec Costs More

Keeping technical assets secure in the AWS Cloud costs more.  For example, if you want to keep your Lambda function safe from the wily internet behind a Virtual Public Cloud (VPC), the VPC is going to cost you.  Moreover, if your Lambda function, running safely on your VPC subnet, needs to access the public network for anything, like to access SES to send out an email notification, your VPC will need to be attached to a NAT to forward internet bound requests out through an Internet Gateway.  The NAT/Gateway implementation is also going to cost you.  So, in reality (and this may matter quite a bit to bootstrapped startups using AWS), it will cost a customer significantly more to secure their cloud-based solution than not.

Even Ehrlich Bachman and his ‘See Food’ startup express angst over AWS charges…

Penetration Testing Can Get You In Trouble

The AWS Staff encouraged participants at this particular Road Show gathering to automate security testing, and penetration testing in particular, into the CI/CD code build and deployment pipeline.  However, penetration testing, in someone else’s cloud infrastructure, can land you in hot water.  You need to be sure to read the law of the land on this issue, and request permission to pen-test from AWS (https://aws.amazon.com/security/penetration-testing/).  From a newbie customer’s perspective, these instructions seem a bit ominous and could deter folks from even bothering.

Alexa Skill Security

I asked one AWS Engineer some questions about Alexa Security and how Alexa might be securely utilized in the Enterprise.  The engineer I asked was not an Alexa engineer, so agreed to forward my question to the Alexa Engineering Staff.  I have not heard anything back yet on my questions, but I suspect IT security and Alexa Skills have yet to meet one another.

Think Like A Barbarian

I am impressed that AWS is concerned enough about sharing security concerns with their customers that they are traveling around the United States to help ensure that IT security remains a primary concern.  AWS have a vested interest in customers who are well educated on AWS Cloud services and security best practices.  Their message is clear: when deploying applications to the AWS infrastructure, think like a Black Hat and use AWS services and best practices to help protect your assets.  As more and more organizations move to AWS, IT Security becomes increasingly important for the growing universe of AWS Cloud Customers.

Marine Corps Historic Half 2017

One of my goals this year was to run the Marine Corps Historic Half, on May 21st, 2017, with two of my three kids this year (my youngest has no interest in running 13.1 miles, understandably…).  The last time I ran with my oldest two kids was in 2011 when we ran the Marine Corps Irish 10k.  Here are some pictures from our 10k run on March 26th, 2011:

We have not run together since 2011, so I wanted all of us to get back out there to tackle bigger and better challenges.  We had a great time yesterday at the Marine Corps Historic Half Marathon (13.1 miles) in Fredricksburg, Virginia.  My kids and I have come a long way since the last 10k run we did together!  My girlfriend joined us on the run.

Our next big goal is to run the Marine Corps Marathon together this October.  Oohrah!

I Command You To Grow!!

Society grows great when old men plant trees whose shade they know they shall never sit in.

I love synchronicity – the Jungian idea that events are “meaningful coincidences” if they occur with no causal relationship yet seem to be meaningfully related. This Spring, I started reading Mike Michalowicz’s book ‘The Pumpkin Plan’. The central idea of his book is that business people should be more inclined to trim away customers to focus solely on their best customers in order to grow them, and their company, to the biggest size possible. Mike likens this business focus on the best customers to a farmer who tries to trim away all pumpkins on a vine to a select one or two in order to grow the biggest pumpkins possible. This Rhode Island farmer’s pumpkin grew to 2,261.5 pounds!! What?!?

Speaking of books, I currently have two books for sale on Amazon if you’re interested: ‘The Lean Startup’ and ‘Sprint’.

Growing is what Spring is all about. For some reason, this Spring in particular has had me focusing inordinately on growth: growing my own vegetables, growing my income, growing my net worth, growing my muscles, growing my cardiovascular strength, growing my family bonds, helping my employer grow. Every day I think about GROWTH. How can I grow more? How can I get bigger? How can I 10x my life??!?! I’m done shrinking!!! I look at the earth – not the World as a whole, but dirt – and biological organisms and how life literally springs forth from it every Spring. No matter what man does to the planet, seemingly, life still springs forth every year. The life force is so strong on earth. Life wants to grow! Life must grow! It can’t be stopped. That’s what this planet does – springs forth life and growth – and humans are no different.

My girlfriend and I started a garden in our back yard a few weeks ago. It was back-breaking work. We got covered in dirt and mud. It rained as we worked. Our backs and hands hurt. I could barely stand upright the next day. It felt awesome. We now have spinach, beans, herbs, bee-balm, tomatoes, potatoes and cucumbers growing. We also have planters of grape vines, black berries and blue berries growing. Despite our lack of farming skills and knowledge, the earth continues to spring forth life. The energy to give life, emerge and grow is unstoppable and everywhere. It’s awesome to think that we humans are products of this energy.

We didn’t stop at a garden in the back yard though. I bought some land down in Southern Virginia this Spring so I could grow even more life! My family and I were down there last weekend (West of the Richmond area) planting Apple, Plum, Cherry and Oak Trees.  We also seeded Sun Flowers, Wild Flowers, and some other seeds.  If we let the land sit for long enough without intervention, trees and weeds of all sorts would eventually take over the land. I am trying to impose my own growth plan and will on the land instead by determining what life I say will grow there.  Why must we grow Fruit and White Oak trees and Sun Flowers, JC? Because I said so, that’s why.  I command it to grow!!

Also in the last few weeks, I discovered this guy, CT Fletcher, and how he uses the phrase, ‘I command you to grow!’, to grow his muscles as he lifts weights. He commands his muscles to grow! Why? Because he said so! It’s his ‘Magnificent Obsession’! This is genius! CT has learned to envision the change he wants to affect in his life, and to impose his will over it to make it so. Can I do that too? Can you?

My new mantra when I look at my Bank Account, my Gardens, my Trees, my Relationships, AND my muscles is: ‘I command you to grow!’ Why JC? Because I said so, that’s why!

Summer’s Comin’. Lock Up Those Bikes, Maties!

Today is March 14th, 2017. I’ve been writing code all day – learning Angular2 – and I need a break, so I thought I’d thrown down some words…from the heart. It’s my favorite son’s birthday. It’s PIrate Day. And, it snowed today. Shiver me timbers!

What could all of these synchronistic events be conspiring to tell to us? I don’t know, but I do know Spring and Summer are just around the corner. And with Summer, comes crime and bad dudes named James. So lock up those bikes folks, and be careful out there.

This one goes out to my girl, ‘She Hulk’ Cindy, and my boy, the real ‘Money Maker’ Mike…

Where Do I Go From Here? I Wanna Know, 2017!

One of the big questions I’ve been asking myself lately is ‘Where do I go from here?’.  Where do I try to take myself spiritually, financially, professionally as a father, boyfriend, and human being…I’m trying to have a longer-term outlook on my life as I get older so I at least try to plan to obtain certain long-term objectives as opposed to simply living in the here-and-now, which I guess is a good thing if you’re Buddhist. But I also believe in long-term planning.  My life has been mostly a mess so far, at least as an adult.  Lots of broken, messed up dreams and relationships.  I’m thinking now that if I plan better, that if I have a longer-term outlook, I can set myself up for better success in the future. If I could just get my act together.  Maybe.  We’ll see.  I think a big part of ‘success’ in life is asking yourself important, meaningful questions and trying to find answers to them.  Put your brain to work on the problem statements, and daily meditate on the solutions. Find the solutions. Where do we go from here?

 

 

Apple Developer Program: Room For Improvement

I’ve wanted to learn to make iOS Apps for some time, so I finally bit the bullet and bought a Mac Mini, downloaded Xcode, and started programming. I’m getting to the point where I want to deploy and test my app on my own iPhone (rather than run in a simulator), but in order to do that, you have to join the Apple Developer Program so you can appropriately sign and deploy your App to real iPhone and iPad hardware. And boy, what a pain joining this program is!

I should qualify this statement…I’ve joined the Apple Developer Program before as an individual. Everything went through ok then, but i never got around to actually building an App. This time, however, I decided to F.O.C.U.S – Follow One Course Until Success – and to actually build an App this time. And this time, I decided to join the Apple Developer Program as a Corporate Entity; you know, with designs of becoming a Billion Dollar Unicorn. Apple gets funny with Corporate Developer Registrations, seemingly. They require that you have a DUNS Number. Ok, whatever. I’m used to bureaucracy. I went and got me a DUNS Number. But for some reason, it took weeks (in reality, months) to associate a DUNS number with my Company in Apple land. Dun and Bradstreet told me to wait a few weeks, after updating some key email and phone number information, before trying to enroll in the Apple Developer Program again. So I waited…and waited…and I’m still waiting…

After waiting entirely too long, I tried to enroll again. This time, Apple complained that my credit card was being rejected. Really? Ok, so I tried another credit card. Rejected again. Really???? I logged in to both credit card accounts. Sure enough, successful charges from Apple on both for $99, but for some reason, Apple would still not let me enroll in their program:

What would Steve Jobs do?

At this point, I am quite flustrated. Of course I will press on, because I am committed to this project and to learning iOS development. But I never had this much problem getting an Android App out into the Google Play Store…I expect much more of Apple.  This process should have been absolutely thoughtless and painless.  But it’s a good reminder of how difficult and tenuous it is to build a company on top of another company’s technology.

EDIT (2/16/2017): I called Apple today and was unable to resolve the technical problem behind registering online, so I registered for the Developer Program over the phone this afternoon.  Part of my urgency in getting this registration done was because I wanted a shot at attending WWDC2017 this year.  Registration for WWDC2017 is by random selection to members of the Developer Program in good standing as of 2/16/2017 at 0530am PST.  I registered online the evening of 2/15/2017, but it failed due to technical problems with the Apple website (my credit cards are fine).  So I’m hoping I can still figure out a way to get in good standing for possible selection to WWDC2017.

EDM Love

When I was in 6th grade, I discovered one of my Dad’s records (what the heck is a ‘record’?) called ‘Switched-On Bach’. I gave it a listen and was ABSOLUTELY mesmerized. I had never heard anything like it! The album was full of J.S. Bach music played on a Moog Synthesizer by Wendy Carlos. According to Wikipedia, this album placed in the top 10 on the US Billboard 200 between 1969 and 1972! The combination of old school Classical Music being played on a high tech instrument like the Moog Synthesizer was a blissful combination to me.

Years later I fell in love with the movie, ‘Tron’. The Tron soundtrack was authored and played by my idle from the ‘Switched-On Bach’ days, Wendy Carlos. It was about this time (I was a freshman in High School), that I started to get what an awesome combination computers and music made.

Since then, I’ve tinkered with digital music. I’ve written a few goofy songs. I’ve tried my hand at producing a few songs on Garage Band. I’ve dreamed of becoming a DJ, even talked to a few DJs about how to go about it. But I’ve never pursued this passion much further than that. I’ve been called a ‘fart in a frying pan’ because I chase alot of different dreams. I do need a bit of focus in my life…Anyway, two years ago I took my girlfriend to U Street in DC once to try to get a feel for the DJ scene in Washington DC. The main DJ was Afrika Bambaattaa, one of my faves in High School. We had an awesome time, but the vibe wasn’t really what I was looking for. U Street is no Ushuaia.

One thing on my bucket list is to party in Ibiza

Fast forward to 2016. Never mind how old I am now. Not important. This past November, I had the privilege of attending a Martin Garrix performance in Las Vegas with my girlfriend. We were blown away by the richness of the bass, the visual sensations, and the overall experience. The Martin Garrix performance was at the AWS re:Invent 2016 Cloud Conference at the re:Play party. I felt I had been reconnected with my childhood fascination with computers and music. It was SENSATIONAL!!!

AWS re:Play Party 2016

Fast forward to today. Where is the EDM scene? Where are the best DJs in the world? Where can we go to hear them and experience the vibe? Turns out one of the best EDM DJ experiences in the world is in Boom, Brussels at Tomorrowland. So guess where we are going this July?!?!?! Headliners currently include most of my favorites, including Martin Garrix, Armin van Buuren, Afrojack, Kaskade, Steve Aoki, etc. I’m hoping that David Guetta, Dmitri Vegas and Like Mike are also there for the Weekend 2 performances – BE THERE OR BE SQUARE!! Tickets have already sold out. We are so stoked!!!!

If you are going to Boom this summer, drop me a line.

Building A Startup On AWS

Let’s Dance

Building on the knowledge learned from my previous two blog posts on my following of the Wild Rydes AWS Serverless Computing Tutorials, ( Wild Rydes Part I and Part Deux), I decided to put some of that information to use in my own work at www.nautilustracker.com.

I’ve been working on some mobile apps and a back-end platform supporting my trans-Atlantic Ocean Rowing attempt last year with my girlfriend, Cindy. I’d like to turn some of the things I’ve developed thus far into a Software as a Service (SaaS) for other people to easily use on similar adventures. To that end, I wanted to quickly create a responsive website to put out some information about my future offerings, including the ability to allow interested parties to contact me by providing their email address and a contact message in a simple contact form.

Know Your Limitations. Build On the Shoulders of Giants

I know I do not have great web design skills. Web Design is just not my focus. But I needed to create a nice looking website for my startup landing page. What to do? I did some quick searches and found lots of free Bootstrap templates I could use for my purposes. Over the course of an afternoon I grabbed a free Bootstrap Template that I liked, cut-in some of my own images, and modified the html to create the menus and sections I wanted in my landing page. I brought in some of the JavaScript from the Wild Rydes tutorial I was working through to connect my Contact Form to my DynamoDB database running in my AWS Account. After I had a look-and-feel I was going for, and the functionality was working ok for the Contact Form, it was simply a matter of uploading my web site assets to my S3 bucket:

> aws s3 sync . s3://www.nautilustracker.com

Stop Daddy

I had previously registered my Domain Name (nautilustracker.com) with GoDaddy last year. Now I wanted to move the DNS Registrar to AWS. This turned out to be very easy. Once I followed the documented steps to move a domain to AWS, I only had to add an A Record to point to the domain to my S3 Bucket containing website artifacts. I will point this A Record to a CloudFront endpoint soon.

Lipstick On A Pig

Now that the landing page is up, there is a mountain of work to do. The next step is to get email working for my domain using AWS SES so I can use that domain email to register as an organization in the Apple iOS Developer Program.

Food As Craft. Craft As Life.

I took my family to Paris, France for the 2016-2017 New Years Eve celebrations. We were essentially just there for the weekend, but it was a fabulous weekend – one that I will never forget. The sites and food were unforgettable. For New Year’s Eve, I treated my family to an 8 course French Meal and Wine/Champagne Pairing at the Hotel Raphael in Paris very close to the Champs-Elysées. My kids and I were definitely not used to fancy food such as this, but it was a beautiful and tasteful introduction to food as art (as opposed to American style ‘fast food’). Here’s a video of my dessert (thanks Alison ;):

In Paris, we were delighted to see the Eiffel Tower, The Arc De Triomphe, The Palace of Versailles, and to listen to Vivaldi’s Four Seasons, and other beautiful musical pieces, performed by a Chamber Orchestra at the Église de la Madeleine Roman Catholic Church. I left Paris with a profound appreciation for the art and beauty that abounds in this wonderful city, from her cuisine to her architecture, to her music and her people. The French seem to have a genetic disposition toward an aesthetic appreciation of life, which I find hard to come by in the United States. The french term, ‘Joi De Vivre,’ comes to mind when I reflect on our weekend trip to France.

According to Wikipedia: “It ‘can be a joy of conversation, joy of eating, joy of anything one might do… And joie de vivre may be seen as a joy of everything, a comprehensive joy, a philosophy of life, a Weltanschauung…'”

I happened to catch a Netflix Documentary this evening called “Chef’s Table, France,” Season I, which was a story about an amazing French Chef, Alain Passard. As I watched the story unfold about how Chef Passard became a Chef, identifying his career path as early as 14 years old, how he found a mentor and soon bought his mentor’s restaurant, which he named ‘Arpege’, I was completely drawn in by Chef Passard’s sense of life purpose, mastery and pursuit of excellence in his craft. It is not often you find or learn of someone who absolutely loves what they do for a living. I hung on his every word in this documentary and even took notes, hoping to graph some of his sense of aesthetics and Joi de Vivre into my own life and professional career. Here are some of Chef Alain Passard’s quotes and anecdotes I noted from the Netflix Documentary, ‘Chef’s Table, France’:

“When you close your eyes at night, what’s important? You’ve spent the day taking risks. You’ve made some people very happy.”

Chef Passard relates that what you create is just as important as how you create it, which he refers to as ‘Gestures’ or ‘Hand Gestures’. The way you move your hands to create something of value is important and takes hours and years and decades of practice. Chef Passard’s Grandmother was an amazing cook; his mother sewed and his father was a musician. His Grandfather was a sculptor who worked with wood. He learned the importance of hand gestures early in his life and applied them to his craft. He works bread dough like it’s fabric. He sews Duck and Chicken together to create a unique dish. With regards to the hand gesture, he says: “In cuisine, in music, in sculpture, in painting, it’s everything. Either we like the gesture, either we like the hand, or we do not. And this hand, if we want it to be more beautiful, we must work seven hours, eight hours, ten hours in the kitchen every day. This makes the hand more precise, and more elegant.” He goes on to say that a 14 year old does not have the precision of hand that a 30 year old cook has. He says, “I am never happier than when I put my fingers on a new gesture or a new flavor. It feels wonderful.”

“You really become a cook between 40 and 50 years old.”

Can the same not also be said about other professions as well?

Allez Chercher

When Chef Passard started his restaurant, Arpege, he says that the one and two star ratings came fairly easily, but the three star rating was very difficult to attain. Three Stars is the highest rating for a restaurant. Maintaining three stars is apparently extremely difficult to do, but Chef Passard’s mentality is to pursue higher and higher standards, never stopping or resting upon his current achievements. The search for excellence is never ending, but it’s something he loves. I was struck how there was no mention of the pursuit of money in this documentary, it was purely the pursuit of passion, excellence, and the art of food. In fact, there came a point in Chef Passard’s professional career where he was losing his passion for cooking meat, so he decided to take a year of introspection to find his passion again. He reinvented himself and his restaurant as primarily vegetarian while still maintaining their three star rating. He found a new hand. A new outlook.

“My only ambition is to love what I do more each day. Just the idea of a job well done. No outside projects, needs, or dreams. If this story exists today, it’s because I love my job more than anything.”

Bon!

Versailles, France