tldr - powered by Generative AI

• Understanding the context of a system is important in determining how much to spend on defending it and what the value of the thing being defended is
• Establishing trust in the foundation of a system is crucial before building on top of it
• Developing a framework for trust involves asking questions about what is being trusted and why, and what the consequences are if that trust is violated
• The blast radius of an incident should be kept small to minimize the impact of a breach or failure
• The concept of 'zero trust' should be renamed to 'zero implicit trust' to make it explicit that something is being trusted and to encourage proper analysis and risk assessment

tldr - powered by Generative AI

• Take stock of inventory and work with security to change perception of secure software
• Bring in security officers early on and provide education and training
• Transitioning to agile methodology and tying it into deployment and build process takes culture change
• Be mindful of tackling tech debt during migration
• Learn from industry best practices and use relevant templates

tldr - powered by Generative AI

• Research potential mentors and align goals and interests
• Approach mentors professionally and provide meaningful insight into your background and interests
• Utilize open source projects to gain experience and build your resume
• Collaborate with diverse communities to foster innovation and knowledge sharing
• Overcome communication barriers by asking specific questions and seeking out mentorship
• Manage time effectively to balance coursework and open source contributions
• Combat imposter syndrome by recognizing your value and belonging in the community

tldr - powered by Generative AI

• The example architecture includes an external facing service using TLS, mutual TLS for service communication, and web identity federation for accessing AWS services
• Two approaches are presented: a simple web service and a service mesh approach using Istio and OPA
• Data flow diagrams are essential for threat modeling and can be used to apply STRIDE to individual communications
• Prototyping early helps to understand technology integration and potential issues
• The presentation includes a relevant anecdote about a last-minute issue with AWS policies on S3 buckets

tldr - powered by Generative AI

• K-Serve allows for easy deployment and management of machine learning models
• It can handle large language models with billions of parameters
• Observation and analysis of model performance is possible with K-Serve
• The future of K-Serve is to support even larger language models

tldr - powered by Generative AI

• The use of service policies and Argo workflows enables Cloud native open source authorization application architecture.
• Service policies allow for dynamic resolution of authorization checks based on service instances.
• Argo workflows are used for end-to-end workflows for compiling, testing, and validating authorization changes.
• The presentation provides an example of using Argo to submit a job to pull down policies and run tests to validate changes.
• The presentation emphasizes the importance of testing and evolving policies over time.

tldr - powered by Generative AI

• Volcano is a cloud-native batch system that provides a unified job scheduling and management solution for Kubernetes clusters.
• It is designed to be scalable, flexible, and extensible, and it supports a wide range of workloads, including machine learning, data processing, and scientific computing.
• Volcano has several features that make it a powerful tool for managing batch workloads, including job scheduling, resource management, and job dependencies.
• Volcano is used by a diverse group of users, including those in the AI and data areas, and it has a large and active community of contributors.
• Volcano integrates with a variety of other tools and platforms, including Spark, Argo, and Airflow.
• Volcano provides documentation and support for a wide range of training operators, including TensorFlow, MXNet, and MPI.

tldr - powered by Generative AI

• Quantum computing can solve hard problems faster when combined with classical computing
• Kubernetes is a natural orchestrator for workload parallelization
• IBM Cloud and OpenShift can run Kubernetes and serverless workloads
• The presented example shows how to use quantum and Kubernetes to divide and conquer a workload
• The example uses a small quantum circuit to demonstrate the process

tldr - powered by Generative AI

• Tokenization is used to protect patient privacy by changing personally identifiable information to a token based on a hardware security key.
• Strict confinement features of micro-kubernetes distribution are used to ensure tamper-proof tokenization.
• Confidential computing is used to expand local Kubernetes clusters in a safe way by creating a VM on a public cloud and utilizing open enclave and open source projects to configure the confidential compute and underlying hardware features.
• The benefits of using public clouds for research use cases are discussed, including the ability to spike up capacity when training a bigger model.
• The presentation emphasizes the importance of using secure MLOps to comply with industry standards and protect patient privacy.