#captain gcis | Explore Tumblr Posts and Blogs

greatworldwar2 · 3 years

Text

• Hugh Dowding

Air Chief Marshal Hugh Caswall Tremenheere Dowding, 1st Baron Dowding, GCB, GCVO, CMG was an officer in the Royal Air Force. He was Air Officer Commanding RAF Fighter Command during the Battle of Britain and is generally credited with playing a crucial role in Britain's defence.

Dowding was born at St. Ninian's Boys' Preparatory School in Moffat, Dumfriesshire, on April 24th, 1882 the son of Arthur John Caswall Dowding and Maud Caroline Dowding. Dowding was educated at St Ninian's School and Winchester College. He trained at the Royal Military Academy, Woolwich before being commissioned as a second lieutenant in the Royal Garrison Artillery on August 18th, 1900. Promoted to lieutenant in May 1902, Dowding served with the Royal Garrison Artillery at Gibraltar, in Ceylon and in Hong Kong before being posted to No. 7 Mountain Artillery Battery in India in 1904. After returning to the United Kingdom, he attended the Army Staff College 1912 before being promoted to captain in August 1913 and being posted with the Royal Garrison Artillery on the Isle of Wight later that year. After becoming interested in aviation, Dowding gained Aviator's Certificate no. 711 on December 19th, 1913 in a Vickers biplane at the Vickers School of Flying, Brooklands. He then attended the Central Flying School, where he was awarded his wings. Although added to the Reserve List of the Royal Flying Corps (RFC), Dowding returned to the Isle of Wight to resume his Royal Garrison Artillery duties. However, this arrangement was short lived and in August 1914, he joined the RFC as a pilot on No. 7 Squadron.

Dowding transferred to No. 6 Squadron in October 1914 and then, after two weeks as a staff officer in France, became a Flight Commander, first with No. 9 Squadron and then with No. 6 Squadron. He became commanding officer of the Wireless Experimental Establishment at Brooklands in March 1915 and went on to be commanding officer of No. 16 Squadron in July 1915. After the Battle of the Somme, Dowding clashed with General Hugh Trenchard, the commander of the RFC, over the need to give pilots some rest and recuperation. Promoted to major on December 30th, 1915, Dowding was recalled to England in January 1916, and, having been promoted to temporary lieutenant colonel on February 1st, 1916 was given command of 7 Wing at Farnborough later that month. He transferred to the command of 9 wing at Fienvillers in June 1916. Returning to England, he was promoted to temporary colonel on January 1st, 1917 on appointment as commander of the Southern Group Command and promoted to temporary brigadier-general on June 23rd, 1917 before being given command of the southern training brigade in August 1917. He was sent to York as chief staff officer to the RAF's senior administrative officer in the area in April 1918. He was appointed a Companion of the Order of St Michael and St George in January 1919. Dowding was given a permanent commission in the RAF on August 1st, 1919 with the rank of group captain. He commanded No. 16 Group from October 1919 and then No. 1 Group from February 1920 where he was responsible for organising two of the annual air displays at Hendon. He was promoted to air commodore on January 1st, 1922, and served as chief staff officer at Inland Area headquarters at Uxbridge from February 1922 before being appointed Chief Staff Officer for RAF Iraq Command in August 1924. Dowding was an accomplished skier, winner of the first ever National Slalom Championship, and president of the Ski Club of Great Britain from 1924 to 1925. In May 1926 Dowding was appointed director of training at the Air Ministry. He was appointed a Companion of the Order of the Bath on January 2nd, 1928 and promoted to air vice-marshal in January 1929.

Trenchard sent him to Palestine and Transjordan to study security problems caused by Arab–Jewish unrest: his reports, which gained Trenchard's approval, were a cause of further career advancement. Dowding became Air Officer Commanding Fighting Area, Air Defence of Great Britain in December 1929 and then joined the Air Council as Air Member for Supply and Research in September 1930. Dowding's time in this office coincided with a period of rapid development in aircraft design and a growing fear that another major war was on the horizon. Although without scientific or technical training, he displayed a great capacity for understanding technical matters. He was promoted to air marshal in January 1933 and advanced to Knight Commander of the Order of the Bath in June 1933. In July 1936 Dowding was appointed commanding officer of the newly created RAF Fighter Command, and was perhaps the one important person in Britain, and perhaps the world, who did not agree with British Prime Minister Stanley Baldwin's 1932 declaration that "The bomber will always get through". He conceived and oversaw the development of the "Dowding system". This consisted of an integrated air defence system which included radar (whose potential Dowding was among the first to appreciate), human observers (including the Royal Observer Corps), who filled crucial gaps in what radar was capable of detecting at the time (the early radar systems, for example, did not provide good information on the altitude of incoming German aircraft), raid plotting, and radio control of aircraft. The whole network was linked in many cases by dedicated telephone cables buried sufficiently deeply to provide protection against bombing. The network had its centre at RAF Bentley Priory, a converted country house on the outskirts of London. The system as a whole later became known as Ground-controlled interception (GCI). Dowding also introduced modern aircraft into service during the pre war period, including the eight gun Spitfire and Hurricane. He is also credited with having fought the Air Ministry so that fighter planes were equipped with bullet proof wind shields. He was promoted to air chief marshal on January 1st, 1937 and appointed a Knight Grand Cross of the Royal Victorian Order in January 1937.

At the time of his retirement in June 1939, Dowding was asked to stay on until March 1940 because of the tense international situation. He was again permitted to continue through the Battle of Britain, first until July and finally until November 1940. In 1940, Dowding, nicknamed "Stuffy" by his men for his alleged lack of humour, proved unwilling to sacrifice aircraft and pilots in the attempt to aid Allied troops during the Battle of France. He, along with his immediate superior Sir Cyril Newall, then Chief of the Air Staff, resisted repeated requests from Winston Churchill to weaken the home defence by sending precious squadrons to France. When the Allied resistance in France collapsed, he worked closely with Air Vice-Marshal Keith Park, the commander of 11 Fighter Group, in organising cover for the evacuation of the British Expeditionary Force at Dunkirk. Through the summer and autumn of 1940 in the Battle of Britain, Dowding's Fighter Command resisted the attacks of the Luftwaffe. Beyond the critical importance of the overall system of integrated air defence which he had developed for Fighter Command, his major contribution was to marshal resources behind the scenes (including replacement aircraft and air crew) and to maintain a significant fighter reserve, while leaving his subordinate commanders' hands largely free to run the battle in detail. Dowding was known for his humility and great sincerity. Fighter Command pilots came to characterise Dowding as one who cared for his men and had their best interests at heart. Dowding often referred to his "dear fighter boys" as his "chicks": indeed his son Derek was one of them. Because of his brilliant detailed preparation of Britain's air defences for the German assault, and his prudent management of his resources during the battle, Dowding is today generally given the credit for Britain's victory in the Battle of Britain.

Dowding's subsequent downfall has been attributed by some to his singlemindedness and perceived lack of diplomacy and political savoir faire in dealing with intra-RAF challenges and intrigues, most obviously the still, even now, hotly debated Big Wing controversy in which a number of senior and active service officers had argued in favour of large set-piece air battles with the Luftwaffe as an alternative to Dowding's successful Fabian strategy. Another reason often cited for his removal, but characterised by some contemporary commentators more as a pretext, was the difficulty of countering German nighttime bombing raids on British cities. Dowding himself showed that he had a good grasp of night fighter defence and was planning a defence system against night bombing in a letter he wrote some time after the Battle of Britain. However, there was great political and public pressure during the Blitz for something to be done, and Fighter Command's existing resources without, as yet, airborne radar, proved woefully inadequate. Dowding was advanced to Knight Grand Cross of the Order of the Bath in October 1940. He unwillingly relinquished command on November 24th, 1940 and was replaced by Big Wing advocate Sholto Douglas. Churchill tried to soften the blow by putting him in charge of the British Air Mission to the US, responsible for the procurement of new aircraft types. After leaving Fighter Command, Dowding was sent on special duty to the United States for the Ministry of Aircraft Production, but there he made himself unpopular with his outspokenness. On his return he headed a study into economies of RAF manpower before retiring from the Royal Air Force in July 1942. He was elevated to the peerage, as Baron Dowding of Bentley Priory on June 2nd, 1943.

Later in life, because of his belief that he was unjustly treated by the RAF, Dowding became increasingly bitter. He approved Robert Wright's book Dowding and the Battle of Britain which argued that a conspiracy of Big Wing proponents, had engineered his sacking from Fighter Command. In the wake of the debate that followed, the RAF passed him over for promotion to Marshal of the Royal Air Force. In his retirement, Dowding became actively interested in Spiritualism, both as a writer and speaker. His first book on the subject, Many Mansions, was written in 1943, followed by Lychgate (1945), The Dark Star and God's Magic. Rejecting conventional Christianity, he joined the Theosophical Society which advocated belief in reincarnation. He wrote of meeting dead "RAF boys" in his sleep – spirits who flew fighters from mountain-top runways made of light. In 1951, Dowding laid the foundation stone of the Chapel of St George at RAF Biggin Hill, now London Biggin Hill Airport, in memory of fallen airmen. Dowding and his second wife Baroness Dowding were both anti-vivisectionists and in 1973 Britain's National Anti-Vivisection Society founded the Lord Dowding Fund for Humane Research in his honour. Dowding became a vegetarian, based on his beliefs as a theosophist and spiritualist. Although he was a vegetarian, he believed that "animals will be killed to satisfy human needs for many a long day to come", and he made several appeals in the House of Lords for the humane killing of animals intended for food. He was also a member of the Fairy Investigation Society. Although he knew that people considered him a crank for his belief in fairies, Dowding believed that fairies "are essential to the growth of plants and the welfare of the vegetable kingdom". Dowding died at his home in Royal Tunbridge Wells, Kent, on February 15th, 1970 at the age of 87. His body was cremated and its ashes were placed below the Battle of Britain Memorial Window in the Royal Air Force chapel in Westminster Abbey. Dowding's son Derek inherited his titles.

#second world war #world war 2 #world war ii #wwii #military history #history #british history #aviation #biography #battle of britain #royal air force #spiritualism #honorable #military technology

56 notes · View notes

bookshelfpassageway · 7 years

Text

Disney viewing continues with: some modern live action interludes until my parents can pick up Pete’s Dragon and Fox & The Hound from the library. Aka, Cinderella 2.0

Ah, Kenneth Branagh… I could not have approached your film with any more of a grumpy old man’s attitude, braced, suspicious, and perpetually complaining about how the logo is no longer blue lines on a blue background because back in my day-…

Alas I must acquiesce and say I actually liked it quite a lot. Familiar enough to recognize, different enough to put in a different mental compartment than the original, and good enough to stand on its own legs WITHOUT the branding and your nostalgia. Patrick Doyle soundtrack def helped.

And now, to repeat this entire process for Jungle Book…

#my posts #Disney #only thing is i wish the fairy godmother was a bit less... frilly?#she is supposed to be a huggable distract-able grandma #somebody get a no-nonsense round old lady to play her like she's supposed to be #but that's my main part #thank you Kenneth and the ghost of Walt for not making the GCI mice sing #thank you thank you thank you i dont think i could have recovered #all the same why is Jacques a girl now?#you gave him that sympathetic human storyline in the sequel...#i got attached #so i stole his name and color scheme and species and general design for an OC #as one does #he was Very Important and stuck around for yeeeaaaaaarrrrrssssssss #also it was hilarious seeing Daisy from Downton Abbey again as whichever-stepsister-she-was-playing #everybody did a good job in general tbh #it was good #...also wait what happened to the Monocle Guy?#was he that dude that the stepmother blackmailed at the end?#or the captain/general fellow that was a good deal friendlier?#did he get divided into two characters?#cause like the Monocle Guy was great #i dont remember his name but like he was There and he Did Stuff even in the sequel

1 note · View note

racefortheironthrone · 5 years

Note

Have you seen Captain Marvel? Thoughts?

thoughts on captain marvel?

Have you seen Captain Marvel?

Have you seen Captain Marvel yet?

Given all your great People’s History of Marvel stuff lately, I assume you’ve been asked already, but any Captain Marvel thoughts you can share?What did you think of Captain Marvel?

Ok, ok already, I’ll write the post!

Full Spoilers Below

I really liked it! As solo origin movies go, it was definitely one of the better ones; personally I’d put it up there with Doctor Strange in how it deals with bringing some big new ideas into the MCU, while having way higher expectations than that film ever did. (Also, I want to plug my colleague @elanabrooklyn‘s podcast episode about the film, which you should listen to while reading this.)

Things I Liked:

I thought the amnesia/false memories plot was a great way to wrong-foot the audience who’re used to superhero origin stories (the good guys are the bad guys, the bad guys are the good guys, Vers is Carol) which worked hand-in-glove with the film’s broader thesis about gender: that male dominated institutions are not just going to try to exclude or diminish you, but also gaslight you about who you are, what strength looks like, etc. to get you to comply. “What was given can be taken away”/”““Don’t let your emotions override your judgments.” are the key throughlines here, a great example of how the writers are taking worn-out Hero’s Journey tropes and flipping them on their head.

I really liked the twist on Mar-Vell. It makes the origin story less of an accident and more of a choice, and I’m always in favor of more active protagonists; there’s really no reason why the Space Alien Defector from Decadence couldn’t be a female scientist instead of a male warrior; and it both honors the original (that no one really cared about, tbh) and surprises the hardestcore of fans. Also having the light speed engine be the Tesseract is a good way to incorporate Captain Marvel into the broader MCU without needing to explain a brand-new source of wibbley-wobbly.

The war metaphor. There was a lot of handwringing before the film about Captain Marvel being pro-military propaganda, because of the Air Force deal that had been worked out. As I suspected going in, the film is a very sneaky subversion of that, with the Kree Starforce being a very clear stand-in for the U.S. Military. The surface level analogy is that the Kree Starforce is a male-dominated institution that tries to gaslight and prevent Carol from reaching her true potential just like the Air Force tried to do, but it goes deeper than that. The whole first act of the film sets up the Starforce as Seal Team Six equivalents - a highly-trained special forces group, fighting an enemy explicitly described as terrorists, but trying to do it in an efficient/precise way that makes them the good guys as opposed to Ronan’s carpet-bombing Accusers - which is a narrative we’ve been conditioned to accept since 9/11 through films like the Hurt Locker/Green Zone/Zero Dark Thirty/etc. However, the second and third acts reveal that’s total bullshit. The Starforce try to kill civilians, do kill their own people to get their hands on military intelligence, and are perfectly happy to carry out the Supreme Intelligence’s imperialist total war, and their supposed commitment to precision and avoiding collateral damage goes out the window the moment it’s the least bit inconvenient.

Seeing Carol Danvers in the Jamie McKelvie suit - fauxhawk and all - blow through an alien warfleet whooping with joy made me ferklempt a little. I think that moment will only grow with time as something on par with the first time that Iron Man does the superhero landing or “I’m always angry” as genuinely worthy of the term iconic.

EDIT: Forgot about Goose. Cute, funny, and instantly wins over the cat-lovers in the audience. I imagine the dog-lovers out there will want a much bigger role for Cosmo in Guardians 3...

Things That Surprised Me

I was genuinely surprised at how good the de-aging CGI has gotten. Coulson looked slightly waxy, but there was a real performance in Samuel L. Jackson playing not just a younger Nick Fury but a younger Nick Fury who is very specifically Samuel L. Jackson in the Long Kiss Goodnight. I have no idea what this means for the future; are we going to see the original Avengers forever, just with more and more de-aging GCI slapped on them? If only for salary and contract reasons, I doubt it’ll go beyond the realm of cameos and secondary performances, but it’s a nice way to try to maintain continuity as the MCU ages into its second decade.

The Skrulls. I had thought that the anti-war message was going to be more of a Kree-Skrull War plague-on-both-your-houses thing, but turning the Skrulls into the equivalent of Syrian refugees totally blindsided me. It’s an incredibly gutsy move, and I’ll echo what @giveamadeuschohisownmovie said about the brilliant bit of culture-jamming that is casting it-bad-guy Ben Mendelsohn as “the lead villain” and Jude Law as “the wise mentor,” judo-flipping audiences with our own expectations about recent films, the hero’s journey, and how we should feel about aliens who look like the Skrulls and aliens who look like us. That being said, part of the reason why it’s a gutsy move is that it precludes a lot of possible stories: I don’t think you could do a Kree-Skrull war, or a Secret Invasion movie, or a Super-Skrull movie after this, given the way that the film deconstructed the entire notion of Skrulls-as-heel-species.

Things I Could Have Used Even More Of:

While I totally understand the pacing reasons why they didn’t do this, I kind of wish there had been more time to do some road-trip banter between Nick Fury and Carol; give Nick a chance to introduce the alien to 90s music and fast food, crack some meta jokes about Pulp Fiction, etc.

I also could have used some more banter with the rest of the Kree team. I think some stuff got cut here, because there’s definitely some shots from trailers of the team walking down a hallway and staring down Ronan coming the other way that didn’t make it into the film. As a result, Carol’s team turning on her and her fighting back doesn’t have as much emotional weight.

Finally, and this is a really small nit-pick, but a bit more budget spent on the CGI during the Supreme Intelligence scenes would have gone a long way. Annette Benning’s dual performance was so good that the slightly dodgy mirror tendril stuff stood out in a negative way. Or just don’t do the mirror tendril stuff and double-down on the memory-warping or dueling beams stuff, which worked much better.

#marvel #marvel meta #mcu #captain marvel #spoilers

90 notes · View notes

filmreviewonline · 4 years

Text

Thunderbirds Are Go 321 “Break Out” - Lowdown

New Post has been published on https://filmreviewonline.com/2020/01/09/thunderbirds-are-go-321-break-out-lowdown/

Thunderbirds Are Go 321 “Break Out” - Lowdown

Check out the lowdown for Thunderbirds Are Go 321 “Break Out” which features the Chaos Crew and the Mechanic!

Thunderbirds Are Go Season 3 Episode 21 will first air on UK’s ITV Saturday, Saturday January 18th, 2020. It will be shown at 8:30 am – 9:05 am. It also airs on CITV at the same time and at other times during the weekend.

This is the first of eight final episodes. Unfortunately it looks like these will be the last episodes of this GCI animated Thunderbirds.

The series is also available Amazon Prime. This current batch will be found is what they call Season 6.

Thunderbirds Are Go 321 Clips

We will update this article with clips as they are released

Thunderbirds Are Go 321 Lowdown

Season 3 Episode 21 “Break Out”

Production Number 2/2131/0073/001

Story Teaser: The Chaos Crew interrupt International Rescue’s plan to break the Mechanic out of prison.

Cast

Lady Penelope… Rosamund Pike Parker… David Graham The Mechanic… Chris Jarman Scott & Alan Tracy… Rasmus Hardiker Kayo… Angel Coulby John Tracy… Thomas Brodie-Sangster Brains & GDF Soldier… Kayvan Novak Captain Rigby… Mark Silk Colonel Casey… Adjoa Andoh Havoc… Aimee-Ffion Edwards Fuse… Craig Stein The Hood… Andres Williams

Production Credits

Writer… Benjamin Townsend Head Writer… Rob Hoegee Original Authors… Gerry & Sylvia Anderson Composers… Barry Gray, Ben Foster & Nick Foster Voice Director… Dave Peacock Producers… Stuart Mcara, Teresa Reed Director… Shinji Dawson Executive Producers… Estelle Hughes, Giles Ridge, Clive Spink, & Richard Taylor

©ITV Studios Limited / Pukeko Pictures LP 2019. All copyright in the original Thunderbirds™ series is owned by ITC Entertainment Group Limited. A Co-production of ITV Studios / Pukeko Pictures in association with ITV Studios Global Entertainment.

#Thunderbirds Are Go (2015 tv)#Thunderbirds Are Go (2015 tv) Season 3

0 notes

digitalmark18-blog · 6 years

Text

20 Ways to Make AppSec Move at the Speed of DevOps

New Post has been published on https://britishdigitalmarketingnews.com/20-ways-to-make-appsec-move-at-the-speed-of-devops/

20 Ways to Make AppSec Move at the Speed of DevOps

Security has been getting a bad rap. For far too long the perceived “inhibitors” have been sidestepped by DevOps in an effort to increase productivity.

As Ryan Davidsen, vp, worldwide security solutions, Secureworks, noted, “Traditional approaches for integrating security oversight with application development aren’t keeping pace with the speed required by today’s DevOps teams.”

But as all parties now realize, avoiding security, or waiting until after the fact is time consuming, costly, risky, and not sustainable.

Are there ways to introduce security that won’t slow down the DevOps team? I asked CISOs and other security professionals, and here’s their advice.

1: Shift left. Shift left again. Did I mention “shift left?”

“Shift left as much as possible,” said John Prokap, CISO, HarperCollins Publishers who echoed the most popular advice of security professionals which is to bring automation, testing, education, and code review to the very beginning of the development process.

Businesses ‘shift left’ because “redoing is much more time consuming than building in up front,” explained Jim Marshall, CTO/CISO, Versiti.

You’ll move faster and keep everyone happier if you build processes in earlier.

“Changing the rules of development during development is going to slow down any team and cause animosity towards the security team,” warned Jerry Gamblin (@jgamblin), principal security engineer, Kenna Security.

“Developers don’t want to be in conflict with security. They want to address software exposure from the start. That means making security available in the very solutions they use from the onset,” said Maty Siman, founder and CTO, .

2: Where’s the security? It’s already in there.

“Build your secure dev life cycle into your dev life cycle before you ever dev anything,” said Eric Cowperthwaite, director of information security, Esterline.

CISO for Cabinet for Health and Family Services (CHFS) for Commonwealth of Kentucky, Dennis Leber, bakes in security by making sure checklists, templates, policies, procedures, framework, and requirements are incorporated into a project’s Gantt chart.

“As long as a developer uses those templates, security doesn’t have to get involved at the beginning of every development effort,” said Lester Godsey, CISO, City of Mesa.

“We’re headed towards a world where security enforcement is built into an application at development time and stays with it all the way through production deployment just as it has been done in the application performance management space,” added Steve Herrod (@herrod), managing director, General Catalyst.

3: Everyone bowls better with guardrails

Build a style guide for developers, suggested April C. Wright (@aprilwright), CEO, Architect Security and author of “Fixing an Insecure Software Life Cycle.”

“By providing common guidance and libraries containing secured functions, security becomes intrinsic and many design flaws and bugs can be prevented,” said Wright.

“DevOps folks need guidance in advance so they know what the right thing is,” added Michael Strong, CISO, GCI General Communication. “No one likes finding out after the fact what other stakeholders’ requirements actually were.”

4: Shields up, captain

“Build a solid front-end tier level of code that is not always subject to the DevOps model,” said Elliot Lewis (@ElliotDLewis), president and chief architect, Lewis Security Consulting. “Design this layer for security, keep it stable, and DevOps on code behind it. The code on the ‘front line’ is the stuff being attacked by hackers.”

5: Walk a mile in each other’s shoes

While there should be guidelines, “security teams should not shove security controls down the throats of development teams,” said Emilio Escobar (@0xexfil), head of InfoSec, Hulu.

“Understand the Dev’s process, tools and procedures, look at their building blocks and libraries,” added Aidan Daly (@AidanDalyKY), senior InfoSec officer, Waging & Racing WA.

“Let DevOps be more engaged and take ownership for building and deploying secure systems, not just systems that meet that meet explicit functional requirements,” said Jim Maloney, CISO, SoFi.

“[The goal is to] get your security people to think like developers and your developers to think like security people,” said Claude Mandy, formerly CISO, QBE Insurance.

The two groups should be seen as peers.

“When the security infrastructure is automated to the same capacity as the operational infrastructure, then there is no slowdown in the DevSecOps process,” said Rick Howard (@racebannon99), CSO, Palo Alto Networks. “Security is just one more automated module checked in the pipeline of deploying, monitoring, and maintaining.”

6: Bet I can learn this faster than you can

“Developers are creative people and always want to learn cool things. They’re also very competitive,” said Yaron Levi (@0xL3v1), CISO, Blue Cross and Blue Shield of Kansas City.

Levi gamified the security training at his company with an “I dare you to break my stuff” competition. Developers were split up in teams to find vulnerabilities in each other’s code. They were graded on severity, creativity, and volume. Winners received challenge coins and t-shirts that they displayed as badges of honor.

The training process is crucial, claims Stan Black, svp and CISO for Citrix, “When they stop learning they write bad code. Every line of code should be written for ‘near’ production quality.”

“When you create a secure coding culture, there’s less work at end of the day for dev and sec teams,” agreed CHFS of Kentucky’s Leber.

7: Get yourself a ringer that knows security

By embedding a security person within the DevOps environment, it fast tracks the previous two tips of educating and cross-pollinating knowledge between the two groups.

That’s exactly what Suzie Smibert, CISO, Finning International did. “It provides secure coding training and ensured the relationship is as strong as can be,” said Smibert.

“Without an embedded resource you end up having someone who just stops the process and checks code,” explained Chris May, InfoSec consultant, Advantage Technology.

“Regardless of what type of environment you have, it is a simple thing to do to invite your CISO to the table at the inception of every project,” said Richard Greenberg (@RAGreenberg), CISO, LA County Department of Public Health. “Need to speed up development? Do it with security on the team. If you bring security in later, it will definitely slow down the entire process.”

8: Test rigorously what’s needed

“In doing testing for vulnerabilities do it based on risk,” advised Richard Rushing (@secrich), CISO, Motorola Mobility.

Focus testing efforts on where the highest vulnerabilities are. It’s no different than if you were tuning a race car, explained Rushing. Since the engine is the most important part, focus the majority of your testing there. You wouldn’t test everything in the car to the same degree you’d test the engine.

“Same is true for your apps,” said Rushing. “You’d test elements such as shopping carts and payment systems with far more due diligence than you would the rest of the platform.”

9: Hunt down and squash coding flaws… automatically

“Embed security-aware self-service automation (where compliance, scanning, and testing is a part of the optimized flow) into the continuous delivery mindset,” said Tyson Martin, CISO, Orvis. “It allows cybersecurity and risk to be an advisor vs. a bottleneck.”

“Will this catch everything?” asked Lewis Security’s Lewis. “Depends on whether the scripting is looking for right anomalies.”

To aggressively uncover those anomalies let “security engineers code in security ‘misuse cases’ into the QA testing,” advised Maxime Rousseau (@maxrousseau), CISO, . “For example, QA testing should check if you try 10 passwords, does the account lock-out as needed?”

Denver Health’s CISO, Randall Frietzsche (@rfrietzche), advised using both static code scanning (SAST) within the dev cycle and dynamic code scanning (DAST) as a pre- and post-go-live step.

For scanning options, chief strategist and CSO of Security Mentor, Dan Lohrmann (@govsco), recommends checking out the vulnerability scanning tools listed by OWASP.

10: Peer review – the stuff the scanners won’t catch

While code scans are necessary, they don’t catch all vulnerabilities.

“Make sure developers aren’t hard coding passwords or putting passwords in comments. These are things that code scanners won’t find,” warned Denver Health’s Frietzsche, who recommends reviews from peers, supervisors, or even a third party.

For an organization that’s aggressive about education and automation, this review process will not be permanent. It will only be a stop gap measure.

“Manual gating processes just before release would disappear as the practices for security and particularly security testing are simplified, codified, and automated within the DevOps team processes,” said former QBE Insurance CISO, Mandy.

11: Invite friends to attack your app

Security Mentor’s Lohrmann is bullish on app soft launches as a means to put a fresh set of eyes and fingers on your app.

He recommends just opening up your app to a wider group of staff members or partners and let them have at it. It’s less formalized than a bug bounty program, which you may want to do subsequently, assuming your company is not afraid of them, said Lohrmann.

12: Don’t store user credentials

“Apps that store user credentials and other personal identifiable information in the app databases should not be deployed and used,” said Vinay Kumar (@9starinc), CIO/CISO, 9STAR. “Apps should support federated identity and single sign-on authentication. Adopting federated identity and access management and single sign-on prevents apps from storing and learning user’s sensitive personal information including passwords, which in turn, reduces incentive for hackers to target apps/websites/portals for user credentials.”

13: Don’t just scan continuously, authenticate continuously

Not only should code be scanned, but “programmers should include a credentials check for each time their service is invoked,” said Scott Foote, founder/vCISO, Phenomenati, who also recommends “hardening APIs and service calls, which are a primary point of attack.”

Motorola’s Rushing agreed, “Always test every API for security issues, focusing on least privileged access and only sending data back that was requested, and understanding authentication that is used.”

14: Keep all your secrets in one safe place, not your exposed code

Keep private information in a safer space with a secure secrets manager, advised Kip Boyle (@KipBoyle), CEO, Cyber Risk Opportunities.

“With a secure secrets manager, like Chef Vault, you can remove passwords and private keys out of scripts, source code, and other text files,” said Boyle. “If you don’t do something like this, then any API keys, database passwords, private encryption keys, and other sensitive stuff that you put into your DevOps pipeline could be exposed to an attacker or malicious insider.”

AWS offers a secrets manager as well.

15: Get invested in the data

“Following a data-centric approach to security really helps a DevOps team get the right security controls in the right place,” said SoFi’s Maloney. “Taking the time to understand what data types are being handled by a system, and then to map out where that data is stored, processed, and transferred, can be very useful in identifying the controls needed for data protection.”

Nishant Bhajaria, manager, trust product programs, Google, advised generating synthetic data in lieu of real production data in the test environments.

“I found it was more innovative to create our own data,” said Bhajaria. “[It allowed us to be] purposeful about what we retained/copied rather than relying on security to protect us from the ‘problem of plenty’ that data often saddles us with,” said Bhajaria.

16: Be where DevOps is – GitHub

“Security needs to be where DevOps is. In many cases, that’s GitHub,” said Personal Capital’s Rousseau. “My favorite approach is to have static code analysis baked into the GitHub pull request review process. This allows you to be right in the action at the right time with the right insight. That’s the type of agility and automation you need otherwise you’re just in the way. Meet the teams where they are rather than expect them to come to you. Own up and solve for your own security friction.”

17: Think like a bad guy. Create a simple threat model

“DevOps teams typically focus on building systems that support legitimate and intended actions, meeting functional requirements and achieving desired attributes such as performance and reliability,” said SoFi’s Maloney. “But the potential for fraudulent and unintended actions need to be considered as well.”

“Teach DevOps to sketch out a threat model,” advised Davi Ottenheimer (@daviottenheimer), product security, MongoDB. “Even the shortest or smallest example will get their creative thoughts going.”

“When dev teams have an idea of what threats are applicable to their app and what they need to focus on to reduce risk, that can get addressed during development rather than trying to fix after code is written,” said Ray Espinoza, information security, Amazon.

“Focus on what you’re working on. What can go wrong? What are you going to do about it?” said Adam Shostack (@adamshostack), author, “Threat Modeling: Designing for Security.”

Previous 1 2 Page 2

Shostack recommends playing his Elevation of Privilege game to help you understand what can go wrong. Once you understand potential failures, then dev teams can build features or deploy controls to address problems.

18: Failure feedback direct to developers

“The best way to stop the cycle of code / release / scan / ticket / repeat is to get the scanning and feedback to the developers faster,” said Robb Reck (@robbreck), CISO, Ping Identity, who suggests cutting security review out of the picture.

“Feedback loops from production to DevOps are critical for understanding if, when, and where application errors are occurring or if portions of the web application are being actively targeted by attackers,” said Ryan Barnett (@ryancbarnett), principal security researcher, Akamai.

James McKinlay (@CISOAdvisor), CISO, Barbican Insurance Group, suggests giving the DevOps staff direct access to security log analytics tools.

“Ideally, security flaws in code should pop up with a red underline like a spellchecker,” said Reck. “Instant feedback is how we change behavior.”

19: Measure, track, and adapt

“Operations, security, and development all need to understand what is being measured, care about what is being measured, and be passionate about finding how to measure better while resolving the finding together,” said Orvis’ Martin.

Martin’s team measures:

How many high severity vulnerabilities there are in different lifecycles

How long those vulnerabilities are open

The frequency of security scanning and automated testing and what it covers

In addition, Orvis’ team determines a risk level for each application by quantifying the number of attacks per application.

20: Incidents are inevitable. How quickly can you respond?

“The true metric is how quickly applications (and everything beneath them) can be recovered once they have failed,” said Chris Baynham-Hughes (@OnlyChrisBH), head of UK DevOps and RedHat emerging tech, Atos. “An incident is going to happen, so a prevention-only strategy is not enough.”

When you see errant behavior, said Baynham-Hughes, initiate an automated response such as notifying the team, killing a container, and creating a new one. To learn from the attack, collect data for forensic analysis to determine the severity of the issue and how you will handle it in the future.

CONCLUSION: Just add water… and a ton of work

As most of the aforementioned advice recommends, embedding security into DevOps takes time and education for all parties involved. As DevOps was a journey, same is true for DevSecOps.

If all of this advice seems daunting, maybe you should just lean on InfoSec professional Marcus Ranum’s advice to just “hire a brilliant team that understands security and never ever makes mistakes.”

The reality is “building products is hard, and all this DevOps posturing doesn’t change the equation,” said Ranum.

Source: https://www.csoonline.com/article/3293924/security/20-ways-to-make-appsec-move-at-the-speed-of-devops.html

0 notes

plasma-space-pirates-blog · 5 years

Note

So, is N here, and who else?

“Ah, yes, Natural is here as well as twelve Planetary Commanders. Then we have the main group on the ship: Vio, Colress, and I. And of course we cannot forget all of our men and women who oh so graciously fight for our cause…”

~ G-Cis

#art tag #mod altair #natural harmonia gropius #captain gcis #((He's answering the question so-))#maskedchaos #ask

11 notes · View notes

plasma-space-pirates-blog · 5 years

Note

Colress studies the effects of gravity on the human bowels by slipping laxatives into Ghetsis’ dinner, pass it on

#oneicedragon #captain gcis #art tag #mod altair #shitpost #((One day in and we're already shitposting - Athena))

24 notes · View notes

plasma-space-pirates-blog · 5 years

Note

can I possibly join y'all?

“Absolutely! Upon joining, you will receive a sword and uniform, which must be clean and wrinkle free at all times. You will attend training seven hours a day, five days a week. There is no backing out, and you will die for our cause.”

#captain gcis #colress #vio #art tag #ask #duraburr #mod altair

21 notes · View notes

plasma-space-pirates-blog · 5 years

Note

Do the Plasma Pirates have their own theme song? (sorry for this stupid question but I thought it was funny--)

They’re trying to make one, but…

Colress with a kazoo, G-Cis with a whistle, and Vio with a recorder, it’s awful! Maybe one day they’ll have a theme of their own… But for now, it’s just a deadly assault to your ears.

#captain gcis #vio #colress #art tag #mod altair #donuts4evry1 #ask

18 notes · View notes

plasma-space-pirates-blog · 5 years

Note

So, G-cis. Are those fancy eyes genetic or prosthetic?

#Anonymous #captain gcis #ask #art tag #mod athena #((yeah mod athena stole a gcis ask bc altair is a lazy fuck))

4 notes · View notes

plasma-space-pirates-blog · 5 years

Photo

“A lot of minor planets did not have strong armies to fend off his forces. G-Cis picks the best of the best to be his commanders. A lot of the minor planets were taken over with ease.” “He…well. I’m sure you’ve noticed the tiny co-pilot that follows G-Cis around. Well, to put it simply, his act of treason allowed G-Cis to overtake Kalos. I and the other leaders of the major planets have been discussing how to free Kalos from his grip.”

#ask #maskedchaos #art tag #captain gcis #ghetsis #((because he's the one answering))#mod athena

6 notes · View notes

plasma-space-pirates-blog · 5 years

Note

Ey G-Cis, did you kill off most of Ghetsis's species

“I would love to have been the one to kill them… Alas, someone beat me to it. How sad! No matter though, I��ll soon end the life of the last remaining Ice Angel. It fills me with joy to know I will be ending an entire species…”

#captain gcis #art tag #mod altair #ask #anonymous

4 notes · View notes

filmreviewonline · 4 years

Text

Thunderbirds Are Go 326 “Long Reach: Part 2” - Final Episode

New Post has been published on https://filmreviewonline.com/2020/02/13/thunderbirds-are-go-326-long-reach-part-2-final-episode/

Thunderbirds Are Go 326 “Long Reach: Part 2” - Final Episode

Check out the lowdown for Thunderbirds Are Go 326 “Long Reach: Part 2”. The story involves the Tracy boys in an attempt to get back their father who has been missing for 8 years!

Your note much of the details are the same as “Long Reach: Part 1” but this episode credits the actor who plays The Hood. We also have Colonel Casey and Captain Rigby from the Global Defence Force.

Thunderbirds Are Go Season 3 Episode 26 will first air on UK’s ITV Saturday, Saturday February 22nd, 2020. The time slot for this episode is 8:30 am – 9:05 am. It will also air on CITV at the same time and at other times during the weekend.

This is the final episode of Season 3 and unfortunately it looks like part 2 will be the last of this GCI animated Thunderbirds.

The series is also available Amazon Prime. This current batch will be found is what they call Season 6.

Thunderbirds Are Go 326 Clips

Final Season 3 Trailer

https://filmreviewonline.com/wp-content/uploads/2020/01/Thunderbirds-Are-Go-Season-3-Final-Season-3-Trailer-FRO.mp4

Thunderbirds Are Go 326 Lowdown

Season 3 Episode 26 “Long Reach: Part 2”

Production Number 2/2131/0078/001

Story Teaser: International Rescue attempt their most difficult mission ever while defending Tracy Island from a dangerous assault.

Cast

Jeff Tracy… Lee Majors Virgil & Gordon Tracy… David Menkin Scott & Alan Tracy… Rasmus Hardiker John Tracy… Thomas Brodie-Sangster Brains… Kayvan Novak Kayo… Angel Coulby Grandma Tracy… Sandra Dickinson The Hood… Andres Williams Lady Penelope… Rosamund Pike Parker… David Graham The Mechanic… Chris Jarman Fuse… Craig Stein Havoc… Aimee-Ffion Edwards Colonel Casey… Adjoa Andoh Captain Rigby… Marc Silk

Production Credits

Writer… Rob Hogee Original Authors… Gerry & Sylvia Anderson Composers… Barry Gray, Ben Foster & Nick Foster Voice Director… Dave Peacock Producers… Stuart Mcara, Teresa Reed Directors… Karl Essex Executive Producers… Estelle Hughes, Giles Ridge, Clive Spink, & Richard Taylor

©ITV Studios Limited / Pukeko Pictures LP 2019. ITC Entertainment Group Limited owned the copyright in the original Thunderbirds™ series. A Co-production of ITV Studios / Pukeko Pictures in association with ITV Studios Global Entertainment.

#Adjoa Andoh #Aimee-Ffion Edwards #Andres Williams #Angel Coulby #Chris Jarman #Craig Stein #David Graham #David Menkin #Kayvan Novak #Lee Majors #Marc Silk #Rasmus Hardiker #Rob Hogee #Rosamund Pike #Sandra Dickinson #Thomas Brodie-Sangster #Thunderbirds Are Go #Thunderbirds Are Go (2015 tv)#Thunderbirds Are Go (2015 tv) Season 3

0 notes