2021-W24.org
This commit is contained in:
parent
24cad70f8f
commit
2c4b14a4b1
1 changed files with 164 additions and 0 deletions
164
2021-W24.org
Normal file
164
2021-W24.org
Normal file
|
@ -0,0 +1,164 @@
|
||||||
|
** 2021-W24
|
||||||
|
*** 2021-06-14 Monday
|
||||||
|
**** MEETING Irina 1-1 prep (bis) :work:
|
||||||
|
:LOGBOOK:
|
||||||
|
CLOCK: [2021-07-19 Mon 11:02]--[2021-07-19 Mon 11:52] => 0:50
|
||||||
|
CLOCK: [2021-06-14 Mon 16:04]--[2021-06-14 Mon 17:44] => 1:40
|
||||||
|
:END:
|
||||||
|
[2021-05-27 Thu 08:46]
|
||||||
|
- ref ::
|
||||||
|
***** What to talk about?
|
||||||
|
|
||||||
|
1. My personal history with Cisco (presentation) personality/env, etc...
|
||||||
|
2. when/where I will be the more helpful to you
|
||||||
|
3. generic welcome advices (the team, SecureX/CTRl, SBG, Cisco)
|
||||||
|
4. what my day-to-day work looks like
|
||||||
|
5. what am I relevant for, when should you reach out?
|
||||||
|
6. the team spirit/ambiance
|
||||||
|
7. The expected work
|
||||||
|
8. Work organisation/schedule
|
||||||
|
|
||||||
|
|
||||||
|
- Know more about my work:
|
||||||
|
There is a 1h30 pres from previous week where I presented IROH-Auth to the
|
||||||
|
larger team.
|
||||||
|
***** Presentation (History first mine then the Team and the Product)
|
||||||
|
|
||||||
|
1. Ph.D. Machine Learning
|
||||||
|
2. Post Ph.D. Machine Learning
|
||||||
|
3. Work for Airfrace (Perl/scripts/web/)
|
||||||
|
4. Join Vigiglobe via Guillaume (our wives worked together)
|
||||||
|
a. Social Media Analytics, hire Matt, then G2
|
||||||
|
b. lot of pressure, fullstack dev + machine learning
|
||||||
|
c. rewrite in Clojure (lot of pressure)
|
||||||
|
d. bad management (SCRUM hell), wrong decisions, lot of pressure
|
||||||
|
5. Guillaume join Cisco in January, and I join in April.
|
||||||
|
6. Recruited by Craig & Dean. Craig is the mastermind
|
||||||
|
a. small team of 8 people, go to Calgary we are the center of attention
|
||||||
|
(the future!). Meet Al Huger.
|
||||||
|
b. first year work on CTIA (CTIM)
|
||||||
|
c. Cisco Threat Response (CTR); names IROH/Visibility/CTR
|
||||||
|
work on new abstractions / tk-store, inspect, modules, iroh-auth,
|
||||||
|
admin interface, scripts, help ops.
|
||||||
|
d. IROH-Auth: => login via AMP (SAML with Guillaume) (no user in DB)
|
||||||
|
e. IROH-Auth: => login via Threatgrid (OpenId Connect client)
|
||||||
|
f. IROH-Auth: => become OAuth2 provider (grants: client credentials,
|
||||||
|
authorization code, implicit)
|
||||||
|
**User** in DB
|
||||||
|
g. Huge amount of support to help other team integrate with OAuth2.
|
||||||
|
h. make implicit grant deprecated
|
||||||
|
i. SSE Integration (big deal, difficult with many teams)
|
||||||
|
House made integration (user auth hooks, pass tokens by side channels)
|
||||||
|
Matthieu implication
|
||||||
|
j. Orbital (they use our JWT)
|
||||||
|
k. IROH-Auth: => become an OIDC provider (IROH-Auth can be used as an IdP)
|
||||||
|
l. **SecureX** (previously called Platform, ...)
|
||||||
|
Very deep change in IROH-Auth underlying architecture/business logic.
|
||||||
|
8 month of intense work. Main change, user have only one
|
||||||
|
=idp-mapping= and now have multiple =idp-mappings=. Mainly you can
|
||||||
|
login via different login buttons and different identities into the
|
||||||
|
same user inside SecureX.
|
||||||
|
m. Ambrose then Victor join the team
|
||||||
|
n. Craig & Dean resign both; this is *huge*, reorg even though it was
|
||||||
|
prepared for one year.
|
||||||
|
So, Jyoti is put on top of Guillaume, her team (Rob, Ag, Mark) merge
|
||||||
|
with our team. Namrata / Elias replace Dean/Craig.
|
||||||
|
***** Advices
|
||||||
|
|
||||||
|
1. *Evaluation*:
|
||||||
|
Your main evaluation dimension will be *added user value*.
|
||||||
|
- Cisco promote and encourage their employees, if you are useful you will be rewarded.
|
||||||
|
- If you are helpful to other Cisco employees, this will also be visible
|
||||||
|
- If you help to make the internal system work, this will be more
|
||||||
|
difficult to sell to your manager. So my advice, have a 80/20 maximum
|
||||||
|
about; 80% working on visible to your manager stuff, 20% on the
|
||||||
|
necessary/fun stuff.
|
||||||
|
2. Use Cisco resources, ask for it (I have an iMac for example, which is
|
||||||
|
completely out of the normal things to get), do not be afraid to reach
|
||||||
|
other people at Cisco. Note, I am not the best one to follow on this one ;)
|
||||||
|
3. Try to use start-page, more and more people use it, I think this is a pretty
|
||||||
|
good starting point (mothership/work.html).
|
||||||
|
The frequency at which you will use these links (in 1 year from now) will be a good
|
||||||
|
way to evaluate if you are on the right track.
|
||||||
|
4. Do not fear to reach out to other people in other room/teams everyone
|
||||||
|
will be friendly and helpful, this is in fact one of the most important
|
||||||
|
hidden skill at Cisco.
|
||||||
|
5. Try to be aware about the CoC (chain of command), because it is not clearly
|
||||||
|
enforced does not mean it doesn't exists.
|
||||||
|
6. If you have any issue/problem technical/human/HR anything don't wait, be
|
||||||
|
vocal about it
|
||||||
|
7. If you would like to work on something don't let your manager(s) guess
|
||||||
|
for your ask them.
|
||||||
|
8. Depending on your tasks you could be overwhelmed by communication channels
|
||||||
|
(chat, mail, webexes), be prepared to handle this and have
|
||||||
|
***** Day to Day
|
||||||
|
|
||||||
|
1. Open emacs, check my todo list
|
||||||
|
2. Morning tours:
|
||||||
|
- open webex teams, chat morning tour (from 10min to 8h, generally 30min)
|
||||||
|
I frenquently have messages in the morning from Jyoti and other team
|
||||||
|
from India, East Europe.
|
||||||
|
- open mails (from 5min to 30min)
|
||||||
|
- check the agenda webex invitations
|
||||||
|
- Check my PRs (if someone has made some review, work on it)
|
||||||
|
- Check opened PR for review (from 5min to 8h, generally I try to stay
|
||||||
|
under 2h/day)
|
||||||
|
- check chat in "the Frenchies" (we try to avoid it more and more)
|
||||||
|
3. After the tour, check the updated agenda, the new todos, organize the
|
||||||
|
day/priorities work on it (if I can). Number of chat interuption from
|
||||||
|
10h-16h is generally about 4 notifications.
|
||||||
|
4. During my afternoon (>16h, the US wakes up)
|
||||||
|
- If no chat interruption continue the work until 18h/19h and stop my
|
||||||
|
day.
|
||||||
|
- Frequently one to three meetings, frequently during release weeks
|
||||||
|
impromptu webex/chat with QA team.
|
||||||
|
- If chat interruption, stop my work (unless my work is both urgent and
|
||||||
|
need deep concentration) and focus on the chat. Generally from 16->19h30.
|
||||||
|
Sometime a bit exceptionnally, work from 08:30pm->01:00am
|
||||||
|
***** What am I relevant about, when should you reach out?
|
||||||
|
|
||||||
|
- **IROH-Auth**: login, OAuth2, OpenID connect, OAuth2 clients, User/Org/Client
|
||||||
|
management, **scopes**
|
||||||
|
- **API Security**: **scopes**, how to use them, organize, etc...
|
||||||
|
- **TK-Store**: access different DB with interfaces. Has been butchered a bit
|
||||||
|
by Matthieu with its cache interface, he is aware about it.
|
||||||
|
- **Inspect**: extract observables (IP, url, hashes, etc...) from raw text
|
||||||
|
- **Response**: in Module system (iroh-int); now it is more Matthieu
|
||||||
|
- **Admin interface**: hidden but *very important*
|
||||||
|
- **Structured logs** (via Riemann/ES): helped get data for management: now
|
||||||
|
should be moved to G2 (but I am still relevant for kibana access, how to
|
||||||
|
log in our code, still missing structured log, but we are close)
|
||||||
|
- **Code architecture**:
|
||||||
|
- first decided to use lein-monolith (terrible but best from other
|
||||||
|
terrible choices), then removed it recently. Take a look at
|
||||||
|
=CONTRIBUTING.md=. Made =tk-tests= see rationale, etc...
|
||||||
|
- =let-either= in =iroh-int= (monads, etc..)
|
||||||
|
- =tk-store= is structured with the flaws from stores in CTIA
|
||||||
|
- =defwebservice= to centralize how our webservices work
|
||||||
|
***** TODO Team spirit
|
||||||
|
***** TODO Expected work
|
||||||
|
***** TODO Work organization/schedule
|
||||||
|
**** MEETING IROH-Auth and SSO :work:meeting:
|
||||||
|
:LOGBOOK:
|
||||||
|
CLOCK: [2021-06-14 Mon 14:52]--[2021-06-14 Mon 16:03] => 1:11
|
||||||
|
:END:
|
||||||
|
[2021-06-14 Mon 14:52]
|
||||||
|
***** Session depends on URL
|
||||||
|
|
||||||
|
- SXSO has a single URL for the world
|
||||||
|
- IROH-Auth share the same URL as Cisco Threat Response (could be changed
|
||||||
|
to SecureX URL with we expect the default Application to be SecureX)
|
||||||
|
3 URLs (one per zone NAM/EU/APJC)
|
||||||
|
|
||||||
|
The SecureX tenancy is in IROH-Auth (driven by Cisco business logic)
|
||||||
|
***** Easiest way to have a shared Session accross product
|
||||||
|
|
||||||
|
All product should probably use IROH-Auth as IdP (which will still continue
|
||||||
|
to use SXSO as main IdP)
|
||||||
|
*** 2021-06-17 Thursday
|
||||||
|
**** DONE Presentation Jason Chambers :work:meeting:
|
||||||
|
:LOGBOOK:
|
||||||
|
CLOCK: [2021-06-17 Thu 15:02]--[2021-06-17 Thu 16:40] => 1:38
|
||||||
|
:END:
|
||||||
|
[2021-06-17 Thu 15:02]
|
||||||
|
- ref ::
|
Loading…
Reference in a new issue