deft/2021-W24.org

• 2021-W24
  • 2021-06-14 Monday
    • MEETING Irina 1-1 prep (bis)
      • What to talk about?
      • Presentation (History first mine then the Team and the Product)
      • Advices
      • Day to Day
      • What am I relevant about, when should you reach out?
      • Team spirit
      • Expected work
      • Work organization/schedule
    • MEETING IROH-Auth and SSO
      • Session depends on URL
      • Easiest way to have a shared Session accross product
  • 2021-06-17 Thursday
    • Presentation Jason Chambers

2021-W24

2021-06-14 Monday

MEETING Irina 1-1 prep (bis)   work

CLOCK: [2021-07-19 Mon 11:02]–[2021-07-19 Mon 11:52] => 0:50 CLOCK: [2021-06-14 Mon 16:04]–[2021-06-14 Mon 17:44] => 1:40

[2021-05-27 Thu 08:46]

ref

What to talk about?

1. My personal history with Cisco (presentation) personality/env, etc…
2. when/where I will be the more helpful to you
3. generic welcome advices (the team, SecureX/CTRl, SBG, Cisco)
4. what my day-to-day work looks like
5. what am I relevant for, when should you reach out?
6. the team spirit/ambiance
7. The expected work
8. Work organisation/schedule

• Know more about my work:

There is a 1h30 pres from previous week where I presented IROH-Auth to the larger team.

Presentation (History first mine then the Team and the Product)

1. Ph.D. Machine Learning
2. Post Ph.D. Machine Learning
3. Work for Airfrace (Perl/scripts/web/)

4. Join Vigiglobe via Guillaume (our wives worked together)

   1. Social Media Analytics, hire Matt, then G2
   2. lot of pressure, fullstack dev + machine learning
   3. rewrite in Clojure (lot of pressure)
   4. bad management (SCRUM hell), wrong decisions, lot of pressure
5. Guillaume join Cisco in January, and I join in April.

6. Recruited by Craig & Dean. Craig is the mastermind

   1. small team of 8 people, go to Calgary we are the center of attention (the future!). Meet Al Huger.
   2. first year work on CTIA (CTIM)
   3. Cisco Threat Response (CTR); names IROH/Visibility/CTR work on new abstractions / tk-store, inspect, modules, iroh-auth, admin interface, scripts, help ops.
   4. IROH-Auth: => login via AMP (SAML with Guillaume) (no user in DB)
   5. IROH-Auth: => login via Threatgrid (OpenId Connect client)
   6. IROH-Auth: => become OAuth2 provider (grants: client credentials, authorization code, implicit) User in DB
   7. Huge amount of support to help other team integrate with OAuth2.
   8. make implicit grant deprecated
   9. SSE Integration (big deal, difficult with many teams) House made integration (user auth hooks, pass tokens by side channels) Matthieu implication
   10. Orbital (they use our JWT)
   11. IROH-Auth: => become an OIDC provider (IROH-Auth can be used as an IdP)
   12. SecureX (previously called Platform, …) Very deep change in IROH-Auth underlying architecture/business logic. 8 month of intense work. Main change, user have only one idp-mapping and now have multiple idp-mappings. Mainly you can login via different login buttons and different identities into the same user inside SecureX.
   13. Ambrose then Victor join the team
   14. Craig & Dean resign both; this is huge, reorg even though it was prepared for one year. So, Jyoti is put on top of Guillaume, her team (Rob, Ag, Mark) merge with our team. Namrata / Elias replace Dean/Craig.

Advices

1. Evaluation: Your main evaluation dimension will be added user value.

   • Cisco promote and encourage their employees, if you are useful you will be rewarded.
   • If you are helpful to other Cisco employees, this will also be visible
   • If you help to make the internal system work, this will be more difficult to sell to your manager. So my advice, have a 80/20 maximum about; 80% working on visible to your manager stuff, 20% on the necessary/fun stuff.
2. Use Cisco resources, ask for it (I have an iMac for example, which is completely out of the normal things to get), do not be afraid to reach other people at Cisco. Note, I am not the best one to follow on this one ;)
3. Try to use start-page, more and more people use it, I think this is a pretty good starting point (mothership/work.html). The frequency at which you will use these links (in 1 year from now) will be a good way to evaluate if you are on the right track.
4. Do not fear to reach out to other people in other room/teams everyone will be friendly and helpful, this is in fact one of the most important hidden skill at Cisco.
5. Try to be aware about the CoC (chain of command), because it is not clearly enforced does not mean it doesn't exists.
6. If you have any issue/problem technical/human/HR anything don't wait, be vocal about it
7. If you would like to work on something don't let your manager(s) guess for your ask them.
8. Depending on your tasks you could be overwhelmed by communication channels (chat, mail, webexes), be prepared to handle this and have

Day to Day

1. Open emacs, check my todo list

2. Morning tours:

   • open webex teams, chat morning tour (from 10min to 8h, generally 30min) I frenquently have messages in the morning from Jyoti and other team from India, East Europe.
   • open mails (from 5min to 30min)
   • check the agenda webex invitations
   • Check my PRs (if someone has made some review, work on it)
   • Check opened PR for review (from 5min to 8h, generally I try to stay under 2h/day)
   • check chat in "the Frenchies" (we try to avoid it more and more)
3. After the tour, check the updated agenda, the new todos, organize the day/priorities work on it (if I can). Number of chat interuption from 10h-16h is generally about 4 notifications.

4. During my afternoon (>16h, the US wakes up)

   • If no chat interruption continue the work until 18h/19h and stop my day.
   • Frequently one to three meetings, frequently during release weeks impromptu webex/chat with QA team.
   • If chat interruption, stop my work (unless my work is both urgent and need deep concentration) and focus on the chat. Generally from 16->19h30. Sometime a bit exceptionnally, work from 08:30pm->01:00am

What am I relevant about, when should you reach out?

• IROH-Auth: login, OAuth2, OpenID connect, OAuth2 clients, User/Org/Client management, scopes
• API Security: scopes, how to use them, organize, etc…
• TK-Store: access different DB with interfaces. Has been butchered a bit by Matthieu with its cache interface, he is aware about it.
• Inspect: extract observables (IP, url, hashes, etc…) from raw text
• Response: in Module system (iroh-int); now it is more Matthieu
• Admin interface: hidden but very important
• Structured logs (via Riemann/ES): helped get data for management: now should be moved to G2 (but I am still relevant for kibana access, how to log in our code, still missing structured log, but we are close)

• Code architecture:

  • first decided to use lein-monolith (terrible but best from other terrible choices), then removed it recently. Take a look at CONTRIBUTING.md. Made tk-tests see rationale, etc…
  • let-either in iroh-int (monads, etc..)
  • tk-store is structured with the flaws from stores in CTIA
  • defwebservice to centralize how our webservices work

TODO Team spirit

TODO Expected work

TODO Work organization/schedule

MEETING IROH-Auth and SSO   work meeting

CLOCK: [2021-06-14 Mon 14:52]–[2021-06-14 Mon 16:03] => 1:11

[2021-06-14 Mon 14:52]

Session depends on URL

• SXSO has a single URL for the world
• IROH-Auth share the same URL as Cisco Threat Response (could be changed to SecureX URL with we expect the default Application to be SecureX) 3 URLs (one per zone NAM/EU/APJC)

The SecureX tenancy is in IROH-Auth (driven by Cisco business logic)

Easiest way to have a shared Session accross product

All product should probably use IROH-Auth as IdP (which will still continue to use SXSO as main IdP)

2021-06-17 Thursday

DONE Presentation Jason Chambers   work meeting

CLOCK: [2021-06-17 Thu 15:02]–[2021-06-17 Thu 16:40] => 1:38

[2021-06-17 Thu 15:02]

ref