Speaker

Hasan Yasar

Hasan Yasar

Technical Director, Adjunct Faculty Member

Pittsburgh, Pennsylvania, United States

Hasan Yasar is the Technical Director of Continuous Deployment of Capability group in Software Engineering Institute, CMU. Hasan leads an engineering group to enable, accelerate and assure Transformation at the speed of relevance by leveraging, DevSecOps, Agile, Lean AI/ML and other emerging technologies to create a Smart Software Platform/Pipeline. Hasan has more than 25 years’ experience as senior security engineer, software engineer, software architect and manager in all phases of secure software development and information modeling processes. He is also Adjunct Faculty member in CMU Heinz Collage and Institute of Software Research where he currently teaches “Software and Security” and “DevOps: Engineering for Deployment and Operations ”

Area of Expertise

  • Information & Communications Technology

Topics

  • DevOps
  • DevSecOps
  • AppSec
  • DevOps & Automation
  • Agile Methodologies
  • SRE
  • Testing
  • Software testing
  • Agile Testing
  • deployment
  • App Deployment
  • Dependency Injection
  • SBOM

How to solve technical dept in AI System development with DevOps?

Growing interest in development AI systems also brings some challenges besides data models, such as technical dept, deployment of the AI system timely. Statistically, more than 65% of companies are taking longer than a month to deploy a developed model. There is a huge knowledge gap in understanding how foster collaboration between data science teams and other stakeholders. The purpose of collaboration is to evolve the model and maintain the AI system relevant to a user’s need. However, there are challenges which are hidden feedback loops, configuration management complexity, data dependencies, and end-2-end development pipeline. These challenges can be overcome with common DevOps practices including continuous feedback and continuous integration and deployment. We may call it MlOps or something, but the root of the solution is DevOps.

Continuous Verification & Validation of Critical Software via DevOps

The current challenges to verification and validation of building the right system for fast paced deployment cycle from difficultly of specifying software quality attributes to effectively monitoring artifacts on each phase of software development. We continuously face two questions for V&V: “1. Are we building the right system?" and "2. Are we building the system right?". Although these questions seem distinct, they depend on one another. To answer them correctly it requires planning and exercising various V&V activities. However, it is very challenging when it is done siloed processes or practices. The approach is: V&V should be integrated into system lifecycle process by utilizing continuous integration/delivery (CICD) practices (aka DevOps) for Continuous Verification and Validation of each systems’ feature from inception to production.

Expanding DevOps to Embedded Systems: Lessons Learned!

DevOps practices have become a standard option for entities seeking to streamline and increase comprehensive participation by all stakeholders in their secure Development Lifecycle (SDLC). In most cases in industry, academics, and government, applying DevOps is a straightforward process. There is a subset of entities in these three sectors where applying those practices and principles is challenging. One of these entities is an embedded system as challenged by HW/SW integration for various reasons. The most often being general security and difficulties of early integrations where software and hardware development are executed concurrently as a complete system development effort fully supported by proven DevOps principles. Overall, the key idea is to develop program, performance, security and quality metrics that are critical to a successfully executed software and embedded systems development project; introduce frequent synchronization points throughout software and hardware development cycles; make embedded systems development synchronization with software development practical for complex system’s use; and develop applicable tools to support the synchronization process for a modern software and embedded systems development project.

Continuous ATO: Myth or Reality

Continuous ATO is another overloaded term that folks really don't fully understand. From cyber requirements to automations to process repeatability, CATO can be achieved if organizations understand what's involved.

Hasan Yasar

Technical Director, Adjunct Faculty Member

Pittsburgh, Pennsylvania, United States