Hey everyone. Just a short blog following on from my Azure Cyber Security cheat sheet and flashcards. Here is another cheat sheet I created to help people pass their Microsoft Azure Fundamentals AZ-900 exam. This one covers all the key Infrastructure-as-Service (IaaS) components that form the foundation for the Azure Cloud Computing platform.
Click on the cheat sheet to go to the FREE flashcard set, that I've created on Quizlet.
At the top of the cheat sheet, you'll see the relationship between subscriptions, management groups and resource groups, as well as the hierarchy of locations. These concepts are important to understand, as it will be very challenging and time-consuming to change your architecture at this level.
The items in pink are basic services that help to manage, monitor and control costs around your IaaS layer. I've not listed evey single service, just the one's they are likely to test on, for the AZ-900 exam.
If you're feeling a bit anxious about taking the exam, then maybe a 1 day course will help ease your pain. I run them at ALC Training. Check them out by clicking on the opening collage, at the top of this post.
Please DM me on twitter, instagram or linkedin if you found this resource helpful. :-)
26/7/2019 0 Comments
This week I passed my AZ-900 Microsoft Azure Fundamentals exam and I can tell you, it was a little tricky. In this blog post I'm going to share some of my resources, that helped me understand the range of security services that are available in Microsoft Azure.
Firstly here is a simple visual cheat sheet, that fits beautifully on a page. It outlines all the key security services. The only one missing is Network Security Groups (NSGs) and that's because in my taxonomy I keep these in my networking section.
The second resource I wanted to share, was a set of flashcards that I created on Quizlet. That provides a detailed description of each service, but also a useful link to the Microsoft Azure service documentation. This makes it easy to use the cheat sheet and the flashcards in concert.
Remember this is only covering the security component of the AZ-900 exam. I'll share and explore my diagrams relating to IaaS, DevOps, IoT, Serverless and Datastores in future posts....so stay tuned!
In this blog article, I'm going to outline the key steps required to help transform a medium to large organisation. Digital Transformation is the ability of an organisation to change their culture, in order remain competitive. By using new technologies more effectively than their competitors, this leads to greater market share, lower price points, improved product and/or service quality and constant innovation for clients. Notice that I start with culture, not technology.
I'll draw on my 20+ years of hands-on experience as a solution architect and professional technologist with DXC Technology and Santander, as well as my expertise in running cultural change and technical courses at ALC Training & Consulting.
Here are the key steps and they are in order:
This is the Scaled Agile Framework (SAFe):
And this is the top slice of TOGAF. You would use TOGAF as part of the architecture functions in SAFe.
Do you have questions with these steps? Feel free to reach out to me directly:
Have an awesome week, beautiful people.
I don't often write blog posts that claim to be life-changing, but this post really is an exception. Let me start with a story about the "Wiley Old Fox"...well Dr Fox actually.
So about 6 years ago I heard an incredible talk from a very eloquent and charming keynote speaker by the name....yes you guessed it.....Dr Fox. He presented at the MIcrosoft Ignite conference in Australia and he was very exceptionally entertaining. Through his elegant story-telling, he put me onto the idea that we should not check our emails first thing in the morning. Why....because it's makes us unproductive and is a counterpoint to everything agile. I can see the skeptical look in your eyes...so let me explain further.
Tip of the Week:
Reduce the time you spend checking your email....
So we all spend probably too much time checking out email. It's often mis-used and it can lead to hours and hours of reading and responding, that often does not lead to huge productivity gains. I set about putting together some rules, to help fix this up. These rules have stuck with me ever since.
I first implemented these rules around 4 years ago when I was working as a Senior Principal Cloud Architect with DXC Technology. It was a very challenging senior position, reporting to the global CTO of an offering called MyWorkStyle. Ali Shadman was his name and he was a fantastic person to work with.....lots of fun!
I had some simple rules for email engagement. My role was to lead an architecture and engineering team to deploy a private cloud in Australia. Iniitally problems were aired to me via email and it all became unmanageable, and hugely stressful. So, to avoid a burn-out situation for myself, and also to ensure that we could meet the 13 month timelines to deploy 12 brand new offerings, alll fully automated with a team of around 25-30 people.... I set about putting some new rules in place for my team and my key stakeholders:
1) Is it a complex issue and/or is it highly urgent. If YES - call my mobile. If I don't answer text me with a summary of the problem.
2) Is it a YES / NO answer to a simple question. If YES - use email.
3) Else, consider using Instant Messaging, i.e. Skype for Business, or Microsoft Teams (which didn't exist 6 years ago).
This was after taking Dr Fox's advice and doing the following at the beginning of each day:
1) Read your weekly, monthly and yearly outcomes that you wish to achieve. If you haven't already, you should have these in an Outcomes Kanban.
2) Write down all the work that needs to be done for that day in a Task Kanban. If necessary schedule meetings for the next few days.
3) Then.....check your emails.
If you're not sure what a Kanban is....check out this awesome article below from the Scaled Agile Framework, known as SAFe. As an instructor I ran the Leading SAFe courses for ALC Training:
You'll find that when you think about outcomes first, and then think about your daily work, you will focus on what is important. Which should hopefuilly be the outcomes. This will then put your mind into a state where you're not being driven by emails.
Now....it's quite possible there will be some urgent items in the email that require attention. Maybe your sponsor needs someething done urgently today or there is a pressing urgent technical issue that requires some attention. Simple...add 1 task to call your sponsor, and another task to call the person who is raisinig the technical issue. That's it. You don't have to spend hours bouncing emails back and forth, trying to solve just those two problems.
What about the rest of your email......well if you're working with your stakeholders effectively, you will have influenced them to follow the first set of rules. Influencing people in a positive way, is probably another blog post....or two.
It took me a few months, but eventually my emails were down to maybe 5 or 6 a day, that were simply YES/NO questions. All email that I was cc'd in, went into folder. I also encouraged people not to CC me in stuff, as it wasn't ever going to help.
Some people think, but that may be useful one day....well if an issue comes up....there are better ways of resolving....than to point to your past emails and said "I told you so". That doesn't build positive relationships and doesn't help with solution deployment, so why do it.
Feel free to continue the conversation on:
Have an awesome day beautiful people. 😎❤
The Certified Cloud Security Professional certification is offered by the ISC2 and is one of the many courses I have helped develop at ALC Training. It is proving to be one of the most popular certifications that I run....I have 11 others that cover cloud computing, agile, cybersecurity and big data areas. But why?
As you can see, it covers 6 domains and we focus on a range of techniques and best practices associated with cloud computing. For those studying CCSP, I have created a free flashcard quiz below. This is handy for anyone that is involed in CyberSecurity and is a good way to re-enforce your knowledge.
For a detailed list of learning outcomes check out the ISC2 website below....
The reason I think CCSP is popular, is because CyberSecurity is in the Top 5 items that keep senior leaders awake at night. The fear that the organisation you have worked hard to protect, could one day be maliciously attacked is a troubling thought for many...resulting in a cold sweat nightmare at 3am in the morning.
To be honest there are many things that business leaders need to consider. So let me outline 2 of the key items that spring to mind this morning....
1 - Secure the use of Identity and Access Management Systems
The key here is people....because they are the solution....not the problem. Here is a simple checklist that everyone can follow...not just at work...but also at home.
Tip 05 can be adapted for business, by building a list of trusted sources, i.e. a whitelist. You can do this manually, or by using a whitelisting tool, preferably one based on Artificial Intelligence technology. That way it can detect not just trustued sources that you list, but predict or warn when something looks malicious.
2 - Simulate Probable Security Scenarios
Again the key here is people. Create a realistic scenario....data breaches are the most common, so this is a good place to start. Brief a small number of individuals, including leadership, that you're creating a simulated security challenge....execute the scenario for real on a non-production system with the team....then treat it like a fire drill and allow the remainder of the team to see how they react and recover from the simulation. It's a bit like paintballing...where one team attacks the castle....and the other team defends it. Although in this scenario....the defending team is really ascertaining what happened and how best to protect the organisation going forward.
If you need inspiration for what threats you should be simulating....take a look at the Treacherous 12....which we cover in the CCSP course.
Have a secure and safe day beautiful people. ❤😎🚀
Paul Colmer is a digital coach for ALC training and consulting, with a real passion for learning and applying disruptive technologies. Paul has responsibility for building and delivering ALC's digital architecture strategy and the development and execution of a number of cloud courses, including Cloud Security (CCSP), Amazon AWS, DevOps, Microsoft Azure and Office 365.