deft/notes/yann_s_personal_retrospective_2023_offsite.org

Yann's Personal Retrospective 2023 Offsite

• Yann's Personal Retrospective 2023 Offsite
  • Short presentation
    • Anecdotes
  • Quick Recap about your main accomplishments these recent years
    • XDR
    • Product
    • Administration
    • Devs
  • Old Important things
  • Working in this Team
  • What we should NOT change (tailwind)
  • What we should improve (headwind)
  • Workstation (demo time optional)

Yann's Personal Retrospective 2023 Offsite

Short presentation

• years of Experience: 22 years (11 in Clojure)
• years at Cisco: 7 years (7 in this team)
• location: France (GMT+1)

Anecdotes

• Math & Abstractions: ML, Probability Automata, indecidability proofs
• bash + Perl + templates CMS with horror stories like HTML Perl template in DB
• VG: nodejs, hyperloglog, then clojure, and real time data analysis on a single dimentional object. SCRUM-hate, etc…

Quick Recap about your main accomplishments these recent years

XDR

• RBAC (technical design)

  • role introspection endpoint to help UI

• Provisioning (with PIAM)

  • provided script handled to TAC team
• HTML templates for IROH-Auth
• Feature-Flag script management
• Rebrand SXSO to SCSO
• Entitlement Summary (technical design)

Product

• Provisioning (with SE, Orbital)
• Dynamic Session Token lifetime (Asked by Security/UI Chris Duane) started but cancelled by XDR
• Delete duplicate accounts (was allowed first)
• Fix Allow all role to login logic (UI bug)
• TAC: expose change user role route
• Replace some JWT by short random strings in IROH-Auth
• UI Session Logout in IROH-Auth
• Support displaying virtual users

Administration

• Fix Cross-Region UI bug
• Links to kibana to see "master-only" events
• Move some OAuth2 clients out of config to DB

Devs

• Matrix role representation
• Eithers in Clojure
• Improve logs; for SSE proxy, for impersonate
• Expose open impersonate for UI devs on INT and TEST
• composable shell.nix to replace docker compose
• default-config.edn
• config.edn as tree structure
• scope aliases

Old Important things

• Structured Logs (riemann not used at its full power)
• TK Store (abstraction learned from CTIA's limitation)
• Admin UI (first)
• Admin UI (second)
• Admin scripts (now)

Working in this Team

• What I expected (7 years ago): Work on real time data streaming
• What I am doing: Work on Authentication and Authorization

• What my day to day looks like?

  • 50 to 70%: lot of communication via; webex, email, meetings, issues

    • planning (design, checking timeline)
    • help people on webex, fix issues, look in kibana, create orgs, create clients, link to documentation, etc….
  • 20% to 50%: lot of time thinking about design improvements;
  • 10% to 20%: lot of time focused on product improvement (not code).
  • 0% to 20%: code, code review, etc…

What we should NOT change (tailwind)

• Not having daily standup

What we should improve (headwind)

• Not having more focus days.

• Advertise that IROH (not XDR, not SecureX, not CTR)

  • IROH is a platform

Workstation (demo time optional)