Podcast appearances and mentions of jesse all

Let's talk about digital identity with Jesse Kurtto, DPO and Data Scientist at Ubisecure. Is now the right time to invest into Identity and Access Management (IAM)? Join us for episode 101, as Oscar is exploring why now is the right time to invest into IAM with Jesse Kurtto, DPO and Data Scientist at Ubisecure – as they delve into the current economic situation and some of the key factors of investing into identity management. [Transcript below] "Digitalisation is ongoing, it's accelerating, it's unstoppable." Known as the guy who shortened the world and lived to tell the tale, Jesse's career is gradually arching from the Wild West world of finance to his current position as the DPO and Data Scientist at Ubisecure. Learning to program before learning to read Finnish and visiting 25 countries before 25, he's no stranger in exploring uncharted waters and discovering connections that others might miss. Surrounded by a delicate balance of the latest technology and dozens of carefully tended houseplants, his secret hobby is putting the hiking boots and RPGs aside for a moment in order to write to his beloved snail mail friends across the world. We'll be continuing this conversation on Twitter using #LTADI – join us @ubisecure! Go to @Ubisecure on YouTube to watch the video transcript for episode 101. Podcast transcript Oscar: Is this the right time to invest in Identity and Access Management? This week Jesse Kurtto from Ubisecure has joined us to answer this question and discuss the current economic situation. Stay tuned to find out more. Let's Talk About Digital Identity, the podcast connecting identity and business. I am your host, Oscar Santolalla. Oscar: Today's guest is Jesse Kurtto. Jesse's career has gradually arched from the Wild West world of finance, to his current position as a Data Protection Officer and Data Scientist at Ubisecure. Learning Program before learning to read Finnish and visiting 25 countries before 25. He is no stranger to exploring unchartered waters and discovering connections that others might miss. Surrounded by a delicate balance of the latest technology and dozens of carefully tended houseplants, his secret hobby is writing to his beloved snail mail friends across the world. Welcome Jesse. Jesse: Thank you for the invite, Oscar. Nice to be here. Oscar: Great having you, Jesse, definitely. We're going to have a super interesting conversation about the market in Digital Identity and Identity and Access Management. First of all, we always want to hear more about our guests. So please tell us a bit about yourself and your journey to the world of digital identity. Jesse: All right. So, like many or even most of us in the digital identity field, I actually never really actively sought to be a specialist, IAM specialist, on purpose. And my personal background is actually nothing technology even, but in finance and investing more specifically. So, a chance encounter and I liked the people who interviewed me and decided to stay for a while, and that while has been over seven years now. And I'm still learning something new every day, checking out how we really the world of digital identity like and frankly haven't ever regretted decision. No two days have really been the same and the field continues to evolve and develop quite a bit every year. Oscar: Yeah, excellent and definitely hearing at Ubisecure, we definitely appreciate having this – well call it, like a blend of knowledge - the financial market, not lesser than what you bring with the security and digital identity knowledge, very practical knowledge you also had. So, it's always super interesting having those conversation with you. And for the first time here on the podcast, we are going to have that, a bit more financial touch on that - What is coming, especially in this well this year, and I think also the years to come. The previous year and the year to come I think,

The Prudie fakester: https://www.gawker.com/media/dear-prudie-it-was-me-all-alongHelp! My Friend Thinks I Am Stealing Vaccines From African-American Grandmothers To Attend Sex Resorts: https://slate.com/human-interest/2021/03/dear-prudence-daughter-girlfriend-armed-robbery-murder.html Help! My Husband and I Can’t Agree On What To Name the Baby We Might Get!: https://slate.com/human-interest/2019/11/having-sex-with-nephew-advice.html My Daughter Is Pretending to Be Demonically Possessed… and I Can’t Take It Anymore!: https://slate.com/podcasts/dear-prudence/2020/07/is-it-weird-to-love-giving-gifts-all-the-time-dear-prudence-podcast Previous BARPod coverage of Prudie: https://barpodcast.fireside.fm/71The Goose Post: https://www.thechatner.com/p/i-am-the-horrible-goose-that-lives Fox News on the sex-masking study: https://www.foxnews.com/health/couples-face-masks-sex-study Texas's insane new abortion law: https://legiscan.com/TX/text/SB8/id/2395961After our show went up, our tipster pointed out that he had already done a post about this -- we would have credited him had we known at the time!: https://tracingwoodgrains.medium.com/how-one-tight-knit-circle-of-internet-troublemakers-convinced-professional-journalists-they-were-ac05459aa4c5 “Random strangers can sue any 'abettor' to an abortion anywhere in Texas and collect a minimum of $10,000, plus attorneys’ fees”: https://slate.com/podcasts/dear-prudence/2020/07/is-it-weird-to-love-giving-gifts-all-the-time-dear-prudence-podcast "Reddit Bans Abortion Bounty Hunter Forum": https://www.vice.com/en/article/jg83bg/reddit-bans-abortion-bounty-hunter-forum And Insider: https://www.businessinsider.com/reddit-shuts-down-forum-for-texas-abortion-bounty-hunters-2021-9 Kendall Brown tweet: https://twitter.com/kendallybrown/status/1433588701385400327 Steve Silberman: https://twitter.com/stevesilberman/status/1434223870035169282"Hey Gunslingers come join us on /TXBountyHunters, a new community dedicated to fighting, and profiting from, those who would break the law of our beautiful state": https://rdrama.net/post/12798/hey-gunslingers-come-join-us-onThe subreddit was here -- quickly banned and we can't find an archived version: https://www.reddit.com/r/TXBountyHunters  Celebration: https://rdrama.net/post/13597/vice-gets-bounty-hunted"I think the key takeaway here is when these journos and abortion enthusiasts see a 'Christian' their brains malfunction and they lose what little ability they had to think rationally": https://taytay.life/post/13597/vice-gets-bounty-hunted/272219//?context=5#contexMostly complete transcript, with some minor spelling/other issues cleaned up here and there:Jesse: Hey -- I'm a journalist who cohosts a podcast about internet b******t. We were tipped off to this whole Bounty Hunters thing. I'd love to send you a few questions about it -- particularly about what it's been like to watch this blow up in the way it has, and to see so many people taking it seriously. Any interest? -Jesse https://jessesingal.substack.com/aboutSCD: Text or call?Jesse: Your call. I can send you a URL to the thing we use to record the podcast -- that way we could talk by voice but keep you anonymous if you wanted.SCD: I’m at work and won’t be free until Sunday really, if you wanna shoot some questions here on drama I’ll answer, but tbh I don’t know if I have anything that interesting to add.Jesse: All right let's maybe chat Sunday. In the meantime, just send me anything you're cool sharing about why you did the original post and what it's been like watching it blow up. Thanks.SCD: [I did it] [f]or laughs, that’s literally it. I don’t believe in taking the internet seriously, never have. I grew up using 4chan, where nothing was off limits, nothing was sacred, and the only real rule was “the first to take it seriously loses.” I guess I never really grew out of that mindset. I’m older now, have a career, a fiancé, and a life, but I still like to view the internet as the Wild West it once was. A place where you could say anything, be anyone and act as retarded as you like. Many who saw the post probably assume I’m pro-life, I’m not. The truth is my online positions and my real life ones rarely line up. In real life I’m pro-choice, vote Democrat, vaccinated, and a loving partner. Online I’m often pro-life, avid Trump supporter, and a misogynist, because these are the positions most likely to cause drama in today’s zeitgeist.Jesse: What was your reaction to it blowing up?SCD: Surprise. I made the sub one day before work in about 12 minutes before work, posted the thread, and only had time to check it once or twice before it got banned six hours later. It really just speaks to the current state of the culture war that this thing was ever taken seriously by anyone. So many people on both sides are searching for that next 5-minute hate so hard that whether it’s even real or not is often an afterthought. I’ve lost a lot of respect for journalists, even 2 minutes of digging through my post history would have revealed that it was an obvious troll.Jesse: So your thought process is simply “This would be a funny thing to seed”? I feel like folks who are less online have trouble understanding that someone might say something online they don't agree with in real life, and that this leads to a lot of bad coverage of internet controversies. Any thoughts on this side of stuff? I feel like trolling is just generally misunderstood, sometimes willfully.SCD: I don’t really know man, I’m not some internet trolling mastermind, just another dude with a childish sense of humor and a Reddit account. If I had to guess it would probably be something to do with how the internet has evolved. Today’s internet is largely sterile, commercialized, and in my opinion boring. People don’t see the internet as a place where you can be anybody anymore, but instead as a direct extension of who you already are. Thanks to social media most people’s online presence is the same as their offline, whereas before almost everything was anonymous, and you were conditioned to take everything written online with a grain of salt, because you never really knew who you were talking to.Jesse: Do you think part of it is a reaction against piousness and censoriousness? Even as a grown adult there's some part of me that responds to being told I'm not allowed to say something by just wanting to scream it. It feels like the most intense and creative trolling centers on the most hot-button issues, and I feel like that could help explain why.SCD: Oh that's a huge part of it, there's actually a huge overlap between rdrama and r/stupidpol users ( a subreddit dedicated to critiquing identity politics and wokeness as a whole). Sanctimonious, moral busy bodies are a favorite trolling target, because they’re literally everywhere online these days and take themselves very seriously. This website itself is a product of our original subreddit getting censored.Jesse: Last question, I think: What about someone who says, “Look, it's fine to be trollish but people are gullible -- this did scare folks and spread misinformation”?SCD: The sub was up for six hours and had only 63 members before it was banned. The vast majority of people who were potentially misinformed from it stemmed from the journalists who decided to run a story on an obvious troll attempt. I mean yeah obviously I share some blame for making it in the first place, but I’m not gonna lose any sleep over it. This is a public episode. Get access to private episodes at www.blockedandreported.org/subscribe

Corey: This episode is sponsored in part by our friends at ChaosSearch. You could run Elasticsearch or Elastic Cloud—or OpenSearch as they're calling it now—or a self-hosted ELK stack. But why? ChaosSearch gives you the same API you've come to know and tolerate, along with unlimited data retention and no data movement. Just throw your data into S3 and proceed from there as you would expect. This is great for IT operations folks, for app performance monitoring, cybersecurity. If you're using Elasticsearch, consider not running Elasticsearch. They're also available now in the AWS marketplace if you'd prefer not to go direct and have half of whatever you pay them count towards your EDB commitment. Discover what companies like Klarna, Equifax, Armor Security, and Blackboard already have. To learn more, visit chaossearch.io and tell them I sent you just so you can see them facepalm, yet again.Jesse: Hello, and welcome to AWS Morning Brief: Fridays From the Field. I'm Jesse DeRose.Amy: I'm Amy Negrette.Tim: And I'm Tim Banks.Jesse: This is the podcast within a podcast where we talk about all the ways that we've seen AWS used and abused in the wild. Today, we're going to be talking about the relationship between cost optimization work and investing in reservations or private pricing with AWS. This is kind of a situation conversation. Let's say you've got three months left on your EDP, or maybe your spend is reaching the point where you're starting to think about investing in, or signing an EDP. But you've also got some cost optimization opportunities that you want to work on. How do you prioritize those two ideas?Tim: I think when we're talking about this, first it's important to talk about what goes into an EDP, like, what it is and what it involves. So, EDP for AWS is Enterprise Discount Program, and what it involves is you making a monetary commitment to AWS to spend a certain amount over a certain amount of time. So, a three year EDP, you're going to spend X amount in one year, X amount the next year, and X amount the third year for a total of whatever you decide on. So, you know, AWS typically going to want 20% year-over-year growth, so you're going to say—you're going to spend a million dollars, and then a million dollars plus 20% is something like $1.2 million; then, you know, 20% of that and so forth and so on.And then so your total commit will be somewhere around, like, $3.6, $3.7 million, we'll say, right? Once you signed the EDP, that's how much you're going to get billed for, minimum. So, it's important to cost optimize before you make that commitment because if AWS is expecting you and you're on the hook to make 20% year-over-year growth, but then you optimize and you save 20% of your bill, it won't matter because you're still going to owe AWS the same amount of money even if you cost-optimize.Jesse: Yeah, I want to take a step back and talk about EDP—as we mentioned, Enterprise Discount Program—also has—there's a couple other flavors that give you a variety of different types of discounts. EDP generally focuses on a cross-service discount for a certain annual commit, but there are also private pricing agreements or private pricing addendums, and other private pricing, generally speaking, offered by AWS. All of those basically expect some amount of either spend on a yearly basis or some amount of usage on a yearly basis, in exchange for discounts on that usage. And really, that is something that, broadly speaking, we do recommend you focus on, we do recommend that you invest in those reservations, but it is important to think about that—I agree—I would say after cost optimization work.Amy: The thing is that AWS also provides discounts that are commandment required, that you don't need an EDP for, namely in reservations and savings plans. So, you would similarly be on the hook if you decide, “I have this much traffic, and I want to savings plan or reservation for it.” And then suddenly you don't have that requirement anymore, but you still have to make up that commitment.Tim: I'll say, I think too, that also matters when you're looking at things like reservations. If you're going to reserve instances, you're going to get an idea of how many you're specifically going to need, so that way you're not reserving too many, and then you optimize, you downsize, and all of a sudden, now you have all these reservations that you're not going to use.Jesse: One thing to also call out: when renewing an EDP, or private pricing, or when entering into a new agreement for any kind of private pricing with AWS, they will generally look at the last six months of your usage—either broadly speaking if it's an EDP, or specifically within a specific AWS service if it's private pricing for a specific service—and they will double, basically, that spend over the last six months and expect you to continue spending that. So, if you spent a high amount of money over the last six months, they're going to expect that kind of trend to continue, and if you enter into an agreement with that 12-month spend, essentially, going forward, and then make cost optimization changes, you're ultimately going to be on the hook for this higher level of spending you're not spending any more. So, if you focus on that cost optimization work first, it will ultimately give you the opportunity to approach AWS with a lower commit level, which may ultimately mean a lower tier of percentage discount, but ultimately, then you're not on the hook for spend that you wouldn't otherwise be spending.Tim: I think one of the main things people see, too, is when they've looked at, like, oh, what's the low hanging fruit for me to get lower the cost? They'll think, “Oh, well, I can do EDP,” because AWS is going to want you to sign on; they would love to have that guaranteed money, right? And a lot of times, that's going to be a much easier thing to do, organizationally, than the work of cost optimization because almost always, that involves engineering hours, it involves planning, it involves some changes that are going to have to be made that's probably going to be harder than just signing a contract. But again, it's super necessary because you really need to know, have eyes open, when you're going to go, and figure out what you're going to commit, whether it's private pricing agreement, or an EDP, or reservations. You want to go in there and at least decide what you want to do, what it should look like, get as optimized and as lean as you can, then make your commitments. And then once you get to an EDP, that's when you're going to want to do your reservation or savings plans purchases and things like that, so you do that with a discount across those.Jesse: Yeah, that's another important thing to point out: focus on the cost optimization work first. Get your architecture, your workloads, as optimized as possible, or as optimized as you can within the given timeframe, then focus on the investment because then you'll be able to have a much better idea of what your growth is going to look like year-over-year for an EDP or any kind of private pricing. And then after that, purchase any reservations, like reserved instances or savings plans because ultimately, then you get not only the discount from the EDP that you just signed, but any upfront payments that you make, or partial upfront payments that you make for those reservations applied towards your first year EDP. So ultimately, not only are you getting a discount on that, but you are also able to put money towards that first-year commit; you're essentially giving yourself a little bit more wiggle room by purchasing reservations after you've signed an EDP.Tim: And another way to game that system is if you know that you're going to be undertaking some projects, especially that you want to get discounts around, and you're going to need to utilize software or service or anything like that involves an AWS partner on the AWS marketplace, you're going to want to do that after you sign your EDP, too, because even though you may not get a discount on it, that money will still count towards your commit.Corey: I really love installing, upgrading, and fixing security agents in my cloud estate. Why do I say that? Because I sell things for a company that deploys an agent. There's no other reason. Because let's face it; agents can be a real headache. Well, Orca Security now gives you a single tool to detect basically every risk in your cloud environment that's as easy to install and maintain as a smartphone app. It is agentless—or my intro would have gotten me in trouble here—but it can still see deep into your AWS workloads while guaranteeing 100% coverage. With Orca Security there are no overlooked assets, no DevOps headaches—and believe me, you will hear from those people if you cause them headaches—and no performance hits on live environment. Connect your first cloud account in minutes and see for yourself at orca dot security. That's orca—as in whale—dot security as in that thing your company claims to care about but doesn't until right after it really should have.Tim: It is important to talk about the future goals for your company, from a financial perspective, both at an architectural level but also at a strategic level, so you can make good quality decisions. And, you know, to toot our own horn, that's a lot of where our expertise comes in, where we can say, “These are the order you're going to do these things in, and these are what you should prioritize.” I mean, everyone knows that in the end, the net result should still be the same. You're going to have to do the engineering and architecture work to optimize; you're going to have to do the administrative stuff to sign these agreements to get discounts, but you need to know what to prioritize and what's going to be most important, and sometimes you don't have the insight on that. And that's where if you don't, get someone in there to help you figure out what's what, what's going to give you the best, most bang for your buck, but also what's going to make the most sense for you going forward, six months, a year, two years, three years, and so forth and so on. So, it is okay to not know these things. Nobody's an expert on everything, but it behooves you to rely on the people who are experts when it's a blind spot for you.Jesse: I think that's a really good point that you make, Tim. One of the things that we see in a number of organizations that we work with is essentially a disconnect between the folks who are—well, two disconnects really: one between the folks who are doing the work day-to-day, and another between the folks who are purchasing reservations. But that also a disconnect between the people who are purchasing the reservations and potentially the people who are purchasing or investing in some kind of Enterprise Discount Program or private pricing. And to Tim's point, it's really important to get all of those people in a conversation together, get everybody in a room together, so to speak, to make sure that everybody understands what everybody else is doing so that finance and engineering and product and leadership all understand together that the cost optimization work is going on, that reservations are being purchased, that we're having a conversation about investing in some kind of private pricing with AWS. So collaboratively, collectively, everybody can make a decision together, make a data-driven decision together, that's going to ultimately help everybody, essentially, win and accomplish their goals.Amy: Speaking of collaboration, we often talk about having a good relationship with your AWS account manager, and this is one of those places that having a good rapport really works in your favor because if you are in a lot of communications with your account manager, and you know each other well, and you have a good working relationship, and they are good at their job, then they'll know that you are using XYZ service, and you're using at a high volume, they will be able to tell you, it's like, “Hey, you hit a threshold. Let's see if we can get you some extra discounts.” They'll be the ones who can actually know what those discount programs are and be able to facilitate them.Jesse: All right, well, that will do it for us this week, folks. If you've got questions you'd like us to answer please go to lastweekinaws.com/QA; fill out the form and we'll answer those questions on a future episode of the show. If you've enjoyed this podcast, please go to lastweekinaws.com/review and give it a five-star review on your podcast platform of choice, whereas if you hated this podcast, please go to lastweekinaws.com/review, give it a five-star rating on your podcast platform of choice and tell us how you would cost-optimize your organization.Announcer: This has been a HumblePod production. Stay humble.

LinksPete and Jesse Talk Account ManagersTranscriptCorey: If your mean time to WTF for a security alert is more than a minute, it's time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you're building a secure business on AWS with compliance requirements, you don't really have time to choose between antivirus or firewall companies to help you secure your stack. That's why Lacework is built from the ground up for the Cloud: low effort, high visibility and detection. To learn more, visit lacework.com.Jesse: Hello, and welcome to AWS Morning Brief: Fridays From the Field. I'm Jesse DeRose.Amy: I'm Amy Negrette.Tim: And I'm Tim Banks.Jesse: This is the podcast within a podcast where we talk about all the ways we've seen AWS used and abused in the wild, with a healthy dose of complaining about AWS for good measure. Today, we're going to be talking about, really, a couple things; building your relationship with AWS, really. This stems from one of the questions that we got from a listener from a previous event. The question is, “How do the different companies that we've worked with work with AWS? Is the primary point of contact for AWS at a company usually the CTO, the VP of engineering, an architect, an ops person, a program manager, or somebody from finance, a [unintelligible 00:01:00] trainer? Who ultimately owns that relationship with AWS?”And so we're going to talk about that today. I think there's a lot of really great content in this space. Pete and I, back in the day, recorded an episode talking about building your relationship with your account manager, and with your TAM, and with AWS in general. I'll link that in the show notes. That's a great precursor to this conversation. But I think there's a lot of great opportunities to build your relationship and build rapport with AWS, as you work with AWS and as you put more things on the platform.Amy: I think one of the things we always say right off the bat is that you should introduce yourself and make a good relationship with your account manager and your technical account manager, just because they're the ones who, if you need help, they're going to be the ones to help you.Jesse: Yeah, I think one of the things that we should also take a step back and add is that if you are listening to this and you're saying to yourself, “I don't have an account manager,” that's actually wrong; you do have an account manager. Anybody who's running workloads on AWS has an account manager. Your account manager might not have reached out to you yet because usually speaking, account managers don't reach out unless they see that you're spending a certain amount of money. They usually don't start a conversation with you unless you specifically are spending a certain amount of money, have reached a certain threshold, and then they want to start talking to you about opportunities to continue using AWS, opportunities to save money, invest in AWS. But you definitely have an account manager and you should definitely start building that rapport with them as soon as possible.Amy: First question. How do you actually engage your account manager?Tim: So, there's a couple ways to do it. If you have reached a certain spend threshold where your account manager will reach out to you, it's real simple: you just reply back to them. And it kind of depends. The question most people are going to have is, “Well, why do I need to reach out to my account manager? If I just have, like, a demo account, if I'm just using free tier stuff.”You probably don't ever need to reach out to your account manager, so what are the things, typical things that people need to reach out to their account manager for? Well, typically because they want to grow and want to see what kind of discounts are offered for growth, and I want to see what I can do. Now, you can open a support ticket, you can open a billing ticket, but what will end up happening is once you reach a spend threshold, your account manager will reach out to you because they want to talk to you about what programs they have, they want to see how they can help you grow your account, they want to see what things they can do for you because for them, that means you're going to spend more money. Most account managers within a little bit of time of you opening your account and reaching a lower spend threshold, they're going to send you an email and say, “Hey, this is my name, this is how you reach me,” et cetera, et cetera. And they'll send you some emails with links to webinars or other events and things like that, and you can typically reply back to those and you'll be able to get your account manager sometimes as well. But like I said, the easiest way to get a hold of your account manager or find out who it is, is to start increasing your spend on AWS.Jesse: So, then if you're a small company, maybe a startup or maybe just a student's using AWS for the first time, likely that point of contact within a company is going to be you. From a startup perspective, maybe you are the lead engineer, maybe you are the VP of engineering, maybe you are the sole engineer in the company. We have seen most organizations that we talk to have a relationship with AWS, or build that relationship or own that relationship with AWS at a engineering management or senior leadership level. Engineering management seems to be the sweet spot because usually, senior leadership has a larger view of things on their plate than just AWS so they're focused on larger business moves for the company, but the engineering manager normally has enough context and knowledge of all of the day-to-day specifics of how engineering teams are using AWS to really be involved in that conversation with your account manager, with your technical account manager, or with your solutions architect, or whatever set of folks you have from AWS's side for an account team. And I think that's another thing that we should point out as well, which is, you will always have an account manager; you won't always have a technical account manager.The technical account manager generally comes in once you have signed an enterprise discount program agreement. So, generally speaking, that is one of the perks that comes with an EDP, but obviously, there are other components to the EDP to be mindful of as well.Tim: So, let me clarify that. You get a technical account manager when you sign up for enterprise support. You don't have to have an EDPs to have enterprise support, but when you sign up for enterprise support, you automatically get a technical account manager.Jesse: And, Tim, if you could share with everybody, what kind of things can you expect from a technical account manager?Tim: So, a technical account manager, I mean, they will do—like, all TAMs everywhere pretty much can liaise with support to escalate tickets or investigate them and see what's going on with them, try and, kind of, white-glove them into where they need to be. AWS TAM's, they also have the same—or a lot of the same access to the backend. Not your data because no one at AWS actually has access to your data or inside your systems, but they have access to the backend so they can see API calls, they can see logs, and they can see other things like that to get insight into what's going on in your system and so they can do analytics. They have insight to your billing, they can see your Cost Explorer, they can see what your contract spends are, they can see all the line items in your bills, they have access to the roadmaps, they have access to the services and the service teams so that if you need to talk to someone at a particular service team, they can arrange that meeting for you. If you need to talk to specialists SAs, they can arrange those meetings for you.With a TAM, you—and if you have enterprise support, and they're looking you for an EDP, you can have what's called an EBC or an Executive Briefing Council, where they, in non-pandemic times, they will bring you to Seattle, put you up for a couple of days and you'll have a couple of days of meetings with service teams to go over, kind of like, what the roadmap looks like, what your strategy for working with those teams are or working with those services are. And you can get good steps on how to utilize these services, whether it's going to be some more deep dives on-site, or whether it's going to be some key roadmap items that the service team is going to prioritize and other things like that. And the EBC is actually pretty neat, but you know, you have to be larger spender to get access to those. Another thing that a TAM can do is they can actually enter items on the roadmap for you. They have access to and can provide you access to betas, or pilot programs, or private releases for various services.You'll have access to a weekly email that include what launches are pending, or what releases are pending over the next week or two weeks. You'll have access to quarterly or monthly business reviews where you get access to see what your spend looks like, what your spending trends are, support ticket trends, you know, usage and analytics, and things like that. So, a TAM can be quite useful. They can do quite a lot for you, especially in the realm of cloud economics. That said, every TAM has their specialty.I mean, depending on how many customers they have, the level of engagement you may get. And, you know, some TAMs are super, super, really good at the financial aspects, some are better at the technical aspects. So, to be fair because the TAM org is so large at AWS, you don't always have the same experience with all your TAMs, and the level of depth to which they can dive is going to vary somewhat.Corey: This episode is sponsored in part by ChaosSearch. You could run Elastic Search or Elastic Cloud or Open Search, as they're calling it now, or a self hosted out stack. But why? ChaosSearch gives you the same API you've come to know and tolerate, along with unlimited data retention and no data movement. Just throw your data into S3 and proceed from there as you would expect. This is great for IT operations folks, for App performance monitoring, cyber security. If you're using ElasticSearch consider not running ElasticSearch. They're also available now on the AWS market place, if you prefer not to go direct and have half of whatever you pay them count toward your EDP commitment. Discover what companies like, Klarna, Equifax, Armor Security and Blackboard already have. To learn more visit chaossearch.io and tell them I sent you just so you can see them facepalm yet again. Amy: So, let's say we got the best TAM—even though he technically works for us now—when trying to envision what our relationship with the world's best TAM is going to be—and I just imagine that as a nice little block text on a white mug—what is that relationship going to look like? How are we going to engage with them? And even, how often should we talk to them?Jesse: I used to work for an organization that had, I believe, quarterly meetings with our account manager and our TAM, and every time we met with them, it felt like this high stakes poker game where we didn't want to show our cards and they didn't want to show their cards, but then nobody really was able to do anything productive together. And I have to say that is the exact opposite of how to engage your account manager and your TAM.Tim: Yeah, that doesn't sound great.Jesse: No, it was not great. I do not recommend that. You want to have an open, honest conversation about your roadmap, about what you want to do with AWS.Amy: They're not getting that mug.Tim: No, no.Jesse: [laugh].Tim: So, if you have a super-engaged TAM—and I will use my own experience as a TAM at AWS—that we had office hours, routinely, bi-weekly. One customer I had, I would have onsite office hours at their offices in LA, and I would have virtual office hours in offices in London. And those office hours, sometimes I'd have—we—that—we would use those to bring in, whether it was specialist SAs, whether we go over roadmap items, or tickets, or something like that, or we do architectural reviews, or cost reviews, we would schedule quarterly business reviews aside from that, typically sometimes the same day or on the same group of days, but there was typically be different than office hours. I was in their Slack channel so they needed to ping me on something that's not a ticket but a question, we could have conversations in there. A couple of their higher points of contact there had my phone number, so they would call me if something was going on. They would page me—because AWS TAMS have pagers—if they had a major issue, or, like, an outage or something [unintelligible 00:11:05] that would affect them.Jesse: I'm sorry, I just have to ask really quick. Are we talking, like, old school level pager?Tim: No, no, no. Like on your phone, like PagerDuty.Jesse: Okay, okay. I was really excited for a minute there because I kind of miss those old-school pagers.Tim: Let me say, it was like PagerDuty; it wasn't actual PagerDuty because AWS did not actually use PagerDuty. They had something internal, but PagerDuty was the closest analog.Amy: Internal PagerDuty as a Service.Tim: Something like that.Jesse: Oh, no.Amy: So, you know, if you have a very engaged TAM, you would have regular, several times a week, contact if not daily, right? Additionally, the account team will also meet internally to go over strategy, go over issues, and action items, and things like that once or twice a week. Some accounts have multiple TAM, in which case then, you know, the touchpoints are even more often.Jesse: I feel like there's so much opportunity for engagement with your AWS account team, your account manager, your TAM. It's not entirely up to you to build that relationship, but it is a relationship; it definitely requires investment and energy from both sides.Tim: And I would say in the context of who's working with a TAM, ideally, the larger contact paths you have at an org with your TAM, the better off it's going to be. So, you don't want your TAM or account team to only talk to the VP of engineering, or the DevOps manager, or the lead architect; you want them to be able to talk to your devs, and your junior devs, and your finance people, and your CTO, and other folks like that, and pretty much anyone who's a stakeholder because they can have various conversations, and they can bring concerns around. If they're talking about junior devs, your TAM can actually help them how to use CloudFormation, and how to use a AWS CLI, or do a workshop on the basics of using Kubernetes, or something like that. Whereas if you're going to have a conversation with the VP of engineering, they're going to talk about strategies, they're going to talk about roadmap items, they're going to talk about how things can affect the company, they're going to talk about EDPs and things like that. So ideally, in a successful relationship with your TAM, your TAM is going to have several people in your org are going to have that TAM's contact information and will talk with them regularly.Jesse: One of the clients that we worked with actually brought us in for a number of conversations, and brought their TAM in as part of those conversations, too. And I have to say, having the TAM involved in those conversations was fantastic because as much as I love the deep, insightful work that we do, there were certain things about AWS's roadmap that we just don't have visibility into sometimes. And the TAM had that visibility and was able to be part of those conversations on multiple different levels. The TAM was able to communicate to multiple audiences about both roadmap items from a product perspective, from a finance perspective, from an engineering architecture perspective; it was really great to have them involved in the conversation and share insights that were beneficial for multiple parties in that meeting.Tim: And oftentimes, too, involving your TAM when you do have this one thing in your bill you can't figure out, saying, “We've looked and this spend is here, but we don't know exactly why it is.” Your TAM can go back and look at the logs, or go back and look at some of the things that were spun up at the specific time and say, “Oh, here was the problem. It was when you deploy this new AMI, it caused your CPU hours to go way, way up so you had to spin up more instances.” Or a great one was a few years back when Datadog changed its API calls and a lot of people's CloudWatch costs went through the roof. And then several TAMs had to through and figure out, it was this specific call and this is how you fix that and give that guidance back to their customers to reduce their spend. So, being able to have that backend access is very, very useful, even when you are working with an optimization group like ourselves or other folks, to say, “Hey, we've noticed these things. These are the line items we want to get some insight into.” I mean, your TAM can definitely be a good partner in that.Jesse: All right, folks, well, that'll do it for us this week. If you've got questions that you'd like us to answer, please go to lastweekinaws.com/QA. Fill out the form; we'd be happy to answer those on a future show. If you've enjoyed this podcast, please go to lastweekinaws.com/review and give it a five-star review on your podcast platform of choice, whereas if you hated this podcast, please go to lastweekinaws.com/review. Give it a five-star rating on your podcast platform of choice and tell us, did Tim pronounce the shortening of ‘Amazon Machine Image' correctly as ‘ah-mi' or should he have said ‘A-M-I?'Amy: I heard it and I wasn't going to say it. [laugh].Jesse: [laugh].Amy: I was just going to wait for someone to send him the t-shirt.Tim: Just to note, if you put beans in your chili, you can keep your comments to yourself.Jesse: [laugh].Amy: You're just going to keep fighting about everything today, is all I'm—[laugh].Jesse: [laugh]. Oh, no.Announcer: This has been a HumblePod production. Stay humble.

TranscriptCorey: This episode is sponsored in part by LaunchDarkly. Take a look at what it takes to get your code into production. I'm going to just guess that it's awful because it's always awful. No one loves their deployment process. What if launching new features didn't require you to do a full-on code and possibly infrastructure deploy? What if you could test on a small subset of users and then roll it back immediately if results aren't what you expect? LaunchDarkly does exactly this. To learn more, visit launchdarkly.com and tell them Corey sent you, and watch for the wince.Jesse: Hello, and welcome to AWS Morning Brief: Fridays From the Field. I'm Jesse DeRose.Amy: I'm Amy Negrette.Tim: And I'm Tim Banks.Jesse: This is the podcast within a podcast where we talk about all the ways we've seen AWS used and abused in the wild, with a healthy dose of complaining about AWS for good measure. Today is a very special episode for two reasons. First, we're going to be talking about all the things that you want to talk about. That's right, it's time for another Q&A session. Get hyped.Amy: And second as is Duckbill's customary hazing ritual, we're putting a new Duckbill Group Cloud Economist Tim Banks through the wringer to answer some of your pressing questions about cloud costs and AWS. And he has pretty much the best hobbies.Tim: [laugh].Jesse: Absolutely.Tim: You know, I choke people for fun.Jesse: [laugh]. I don't even know where to begin with that. I—you know—Amy: It's the best LinkedIn bio, that's [laugh] where you begin with that.Tim: Yeah, I will change it right after this, I promise. But no, I think it's funny, we were talking about Jiu-Jitsu as a hobby, but my other hobby is I like to cook a lot, and I'm an avid, avid chili purist. And we were in a meeting earlier and Amy mentioned something about a bowl of sweet chili. And, dear listeners, let me tell you, I was aghast.Amy: It's more of a sweet stewed meat than it is, like, some kind of, like, meat candy. It is not a meat candy. Filipinos make very sweet stews because we cannot handle chili, and honestly, we shouldn't be able to handle anything that's caramelized or has sugar in it, but we try to anyway. [laugh].Tim: But this sounds interesting, but I don't know that I would categorize it as chili, especially if it has beans in it.Jesse: It has beans. We put beans in everything.Tim: Oh, then it can't be chili.Jesse: Are you a purist that your chili cannot have beans in it?Tim: Well, no. Chili doesn't have beans in it.Amy: Filipino food has beans in it. Our desserts have beans in it. [laugh].Jesse: We are going to pivot, we're going to hard pivot this episode to just talk about the basis of what a chili recipe consists of. Sorry, listeners, no cost discussions today.Tim: Well, I mean, it's a short list: a chili contains meat and it contains heat.Jesse: [laugh].Tim: That's it. No tomatoes, no beans, no corn, or spaghetti, or whatever people put in it.Amy: Okay, obviously the solution is that we do some kind of cook-off where Tim and Pete cook for everybody, and we pull in Pete as a special quote-unquote, outside consultant, and I just eat a lot of food, and I'm cool with that. [laugh].Jesse: I agree to this.Tim: Pete is afraid of me, so I'm pretty sure he's going to pick my chili.Jesse: [laugh].Amy: I could see him doing that. But also, I just like eating food.Tim: No, no, it's great. We should definitely do a chili cook-off. But yeah, I am willing to entertain any questions about, you know, chili, and I'm willing to defend my stance with facts and the truth. So…Amy: If you have some meat—or [sheet 00:03:19]—related questions, please get into our DMs on Twitter.Jesse: [laugh]. All right. Well, thank you to everyone who submitted their listener questions. We've picked a few that we would like to talk about here today. I will kick us off with the first question.This first question says, “Long-time listener first-time caller. As a solo developer, I'm really interested in using some of AWS's services. Recently, I came across AWS's Copilot, and it looks like a potentially great solution for deployment of a basic architecture for a SaaS-type product that I'm developing. I'm concerned that messing around with Copilot might lead to an accidental large bill that I can't afford as a solo dev. So, I was wondering, do you have a particular [bizing 00:04:04] availability approach when dealing with a new AWS service, ideally, specific steps or places to start with tracking billing? And then specifically for Copilot, how could I set it up so it can trip off billing alarms if my setup goes over a certain threshold? Is there a way to keep track of cost from the beginning?”Tim: AWS has some basic billing alerts in there. They are always going to be kind of reactive.Jesse: Yes.Amy: They can detect some trends, but as a solo developer, what you're going to get is notification that the previous day's spending was pretty high. And then you'll be able to trend it out over that way. As far as asking if there's a proactive way to predict what the cost of your particular architecture is going to be, the easy answer is going to be no. Not one that's not going to be cost-prohibitive to purchase a sole developer.Jesse: Yeah, I definitely recommend setting up those reactive billing alerts. They're not going to solve all of your use cases here, but they're definitely better than nothing. And the one that I definitely am thinking of that I would recommend turning on is the Cost Explorer Cost Anomaly Detector because that actually looks at your spend based on a specific service, a specific AWS cost category, a specific user-defined cost allocation tag. And it'll tell you if there is a spike in spend. Now, if your spend is just continuing to grow steadily, Cost Anomaly Detector isn't going to give you all the information you want.It's only going to look for those anomalous spikes where all of a sudden, you turned something on that you meant to turn off, and left it on. But it's still something that's going to start giving you some feedback and information over time that may help you keep an eye on your billing usage and your spend.Amy: Another thing we highly recommend is to have a thorough tagging strategy, especially if you're using a service to deploy resources. Because you want to make sure that all of your resources, you know what they do and you know who they get charged to. And Copilot does allow you to do resource tagging within it, and then from there should be able to convert them to cost allocation tags so you can see them in your console.Jesse: Awesome. Well, our next question is from Rob. Rob asks, “How do I stay HIPAA compliant, but keep my savings down? Do I really need VPC Flow Logs on? Could we talk in general about the security options in AWS and their cost impact? My security team wants everything on but it would cost us ten times our actual AWS bill.”Rob, we have actually seen this from a number of clients. It is a tough conversation to have because the person in charge of the bill wants to make sure that spend is down, but security may need certain security measures in place, product may need certain measures in place for service level agreements or service level objectives, and there's absolutely a need to find that balance between cost optimization and all of these compliance needs.Tim: Yeah, I think it's also really important to thoroughly understand what the compliance requirements are. Fairly certain for HIPAA that you may not have to have VPC Flow Logs specifically enabled. The language is something like, ‘logging of visitors to the site' or something like that. So, you need to be very clear and concise about what you actually need, and remember, for compliance, typically it's just a box check. It's not going to be a how much or what percent; it's going to be, “Do you have this or do you not?”And so if the HIPAA compliance changes where you absolutely have to have VPC Flow Logging turned on, then there's not going to be a way around that in order to maintain your compliance. But if the language is not specifically requiring that, then you don't have to, and that's going to become something you have to square with your security team. There are ways to do those kinds of logging on other things depending on what your application stack looks like, but that's definitely a conversation you're going to want to have, either with your security team, with your product architects, or maybe even outside or third-party consultant.Jesse: Another thing to think about here is, how much is each of these features in AWS costing you? How much are these security regulations, the SLA architecture choices, how much are each of those things costing you in AWS? Because that is ultimately part of the conversation, too. You can go back to security, or product, or whoever and say, “I understand that this is a business requirement. This is how much it's costing the business.”And that doesn't mean that they have to change it, but that is now additional information that everybody has to collaboratively decide, “Okay, is it worthwhile for us to have this restriction, have this compliance component at this cost?” And again, as Tim was mentioning, if it is something that needs to be set up for compliance purposes, for audit purposes, then there's not really a lot you can do. It's kind of a, I don't want to say sunk cost, but it is a cost that you need to understand that is required for that feature. But if it's not something that is required for audit purposes, if it's not something that just needs to be, like, a checkbox, maybe there's an opportunity here if the cost is so high that you can change the feature in a way that brings the cost down a little bit but still gives security, or product, or whoever else the reassurances that they need.Tim: I think the other very important thing to remember is that you are not required to run your application in AWS.Jesse: Yeah.Tim: You can run it on-premise, you can run at a different cloud provider. If it's going to be cost-prohibitive to run at AWS and you can't get the cost down to a manageable level, through, kind of, normal cost reduction methods of EDPs, or your pricing agreement, remember you can always put that on bare metal somewhere and then you will be able to have the logging for free. Now, mind you, you're going to have to spend money elsewhere to get that done, but you're going to have to look and see what the overall cost is going to be. It may, in fact, be much less expensive to host that on metal, or at a different provider than it would be at AWS.Corey: This episode is sponsored by ExtraHop. ExtraHop provides threat detection and response for the Enterprise (not the starship). On-prem security doesn't translate well to cloud or multi-cloud environments, and that's not even counting IoT. ExtraHop automatically discovers everything inside the perimeter, including your cloud workloads and IoT devices, detects these threats up to 35 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS today at extrahop.com/trial.Jesse: Our next question is from Trevor Shaffer. He says, “Loving these Friday from the field episodes and the costing”—thank you—“I'm in that world right now, so all of this hits home for me. One topic not covered with the cost categorization, which I'm tasked with, is how to separate base costs versus usage costs. Case in point, we're driving towards cost metrics based on users and prices go up as users go up. All of that makes sense, but there's always that base load required to serve quote-unquote, ‘no users.'“The ALP instance hours, versus the LCU hour, minimum number of EC2 instances for high availability, things like that. Currently, you can't tag those differently, so I think I'm just doomed here and my hopes will be dashed. For us, our base costs are about 25% of our bill. Looking for tricks on how to do this one well. You can get close with a lot of scripting and time, teasing out each item manually.” Trevor, you can, and I also think that is definitely going to be a pain point if you start scripting some of these things. That sounds like a lot of effort that may give you some useful information, but I don't know if it's going to give you all of the information that you want.Tim: Well, it's also a lot of effort, and it's also room for error. It won't take but a simple error in anything that you write where these costs can then be calculated incorrectly. So, that's something to consider as well: is it worth the overall costs of engineering time, and maintenance, and everything like that, to write these scripts? These are decisions that engineers groups have to make all the time. That said, I do think that this is, for me I think, one of the larger problems that you see with AWS billing is that it is difficult to differentiate something that should be reasonably difficult to differentiate.If I get my cell phone bill, I know exactly how much it's going to cost us to have the line, and then I can see exactly how much it's going to cost me for the minutes. The usage cost is very easily separated from—I'm sorry, the base cost is very easily separated from the usage cost. It's not always that way with AWS, I do think that's something that they could fix.Jesse: Yeah, one thing that I've been thinking of is, I don't want to just recommend turning things on and measuring, but I'm thinking about this from the same perspective that you would think about getting a baseline for any kind of monitoring service: as you turn on a metric or as you start introducing a new metric before you start building alerts for that metric, you need to let that metric run for a certain amount of time to see what the baseline number, usage amount, whatever, looks like before you can start setting alerts. I'm thinking about that same thing here. I know that's a tougher thing to do when this is actually cost involved when it's actually costing you money to leave something on and just watch what usage looks like over time, but that is something that will give you the closest idea of what base costs look like. And one of the things to think about, again, is if the base costs are unwieldy for you or not worthwhile for you in terms of the way the architecture is built, is there either a different way that you can build the architecture that is maybe more ephemeral that will make it cost less when there are no users active? Is there a different cloud provider that you can deploy these resources to that is going to ultimately cost you less when you have no users active?Tim: I think too, though, that when you have these discussions with engineering teams and they're looking at what their priorities are going to be and what the engineering cost is going to be, oftentimes, they're going to want metrics on how much is this costing us—how much would it cost otherwise? What is our base cost, what's our usage cost?—so that you can make a case and justify it with numbers. So, you may think that it is better to run this somewhere else or to re-architect your infrastructure around this, but you're going to have to have some data to back it up. And if this is what you need to gather that data, then yeah, it is definitely a pain point.Amy: I agree. I think this is one of those cases where—and I am also loath to just leave things on for the sake of it, but especially as you onboard new architectures and new applications, this should be done at that stage when you start standing things up and finalizing that architecture. Once you know the kind of architecture you want and you're pushing things to production, find out what that baseline is, have it be part of that process, and have it be a cost of that process. And finally, “As someone new to AWS and wanting to become a software DevOps insert-buzzword-here engineer”—I'm a buzzword engineer—“We've been creating projects in Amplify, Elastic Beanstalk, and other services. I keep the good ones alive and have done a pretty good job of killing things off when I don't need it. What are your thoughts on free managed services in general when it comes to cost transparencies with less than five months left on my free year? Is it a bad idea to use them as someone who is just job hunting? I'm willing to spend a little per month, but don't want to be here with a giant bill.”So, chances are if you're learning a new technology or a new service, unless you run into that pitfall where you're going to get a big bill as a surprise and you've been pretty diligent about turning your services off, your bill is not going to rise that much higher. That said, there have been a lot of instances, on Twitter especially, popping up where they are getting very large bills. If you're not using them and you're not actively learning on them, I would just turn them off so you don't forget later. We've also talked about this in our build versus buy, where that is the good thing about having as a managed service is if you don't need it anymore and you're not learning or using them, you can just turn them off. And if you have less than half a year on your first free year, there are plenty of services that have a relatively free tier or a really cheap tier at the start, so if you want to go back and learn on them later, you still could.Tim: I think too, Amy, it's also important to reflect, at least for this person, that if they're in an environment where they're trying to learn something if maintaining infrastructure is not the main core of what they're trying to learn, then I wouldn't do it. The reason that they have these managed services is to allow engineering teams to be more focused on the things that they want to do as far as development versus the things they have to do around infrastructure management. If you don't have an operations team or an infrastructure team, then maintaining the infrastructure on your own sometimes can become unwieldy to the point that you're not really even learning the thing you wanted to learn; now you're learning how to manage Elasticsearch.Amy: Yeah.Jesse: Absolutely. I think that's one of the most critical things to think about here. These managed services give you the opportunity to use all these services without managing the infrastructure overhead. And to me, there may be a little bit extra costs involved for that, but to me that cost is worth the freedom to not worry about managing the infrastructure, to be able to just spin up a cluster of something and play with it. And then when you're done, obviously, make sure you turn it off, but you don't have to worry about the infrastructure unless you're specifically going to be looking for work where you do need to manage that infrastructure, and that's a separate question entirely.Amy: Yeah. I'm not an infrastructure engineer, so anytime I'm not using infrastructure, and I'm not using a service, I just—I make sure everything's turned off. Deleting stacks is very cathartic for me, just letting everything—just watching it all float away into the sunset does a lot for me, just knowing that it's not one more thing I'm going to have to watch over because it's not a thing I like doing or want to do. So yeah, if that's not what you want to do, then don't leave them on and just clean up after yourself, I suppose. [laugh].Tim: I'll even say that even if you're an infrastructure engineer, which is my background, that you can test your automation of building and all this, you know, building a cluster, deploying things like that, and then tear it down and get rid of it. You don't have to leave it up forever. If you're load testing an application, that's a whole different thing, but that's probably not what you're doing if you're concerned about the free tier costs. So yeah, if you're learning Terraform, you can absolutely deploy a cluster or something and just tear it back out as soon as you're done. If you're learning how to manage whatever it is, build it, test it, make sure it runs, and then tear it back down.Jesse: All righty, folks, that's going to do it for us this week. If you've got questions you would like us to answer, please go to lastweekinaws.com/QA, fill out the form and we'd be happy to answer those on a future episode of the show. If you've enjoyed this podcast, please go to lastweekinaws.com/review and give it a five-star review on your podcast platform of choice, whereas if you hated this podcast, please go to lastweekinaws.com/review, give it a five-star rating on your podcast platform of choice and tell us whether you prefer sweet chili or spicy chili.Announcer: This has been a HumblePod production. Stay humble.

Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you're about to listen to.Show Notes:Links: Report finds old misconfiguration woes continue to hammer corporate clouds: https://www.scmagazine.com/home/security-news/cloud-security/report-finds-old-misconfiguration-woes-continue-to-hammer-corporate-clouds/ Pentagon Weighs Ending JEDI Cloud Project Amid Amazon Court Fight: https://www.wsj.com/articles/pentagon-weighs-ending-jedi-cloud-project-amid-amazon-court-fight-11620639001 Netflix Exec Explains Where Infosec Pros are Going Wrong: https://www.infosecurity-magazine.com/news/netflix-exec-infosec-pros-going/ Firms Struggle to Secure Multicloud Misconfigurations: https://www.darkreading.com/cloud/firms-struggle-to-secure-multicloud-misconfigurations/d/d-id/1341008 Researchers Create Covert Channel Over Apple AirTag Network: https://nmap.online/news/2021/researchers-create-covert-channel-over-apple-airtag-network Ransomware is Getting Ugly: https://www.schneier.com/blog/archives/2021/05/ransomware-is-getting-ugly.html Try this One Weird Trick Russian Hackers Hate: https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/ Attorneys share worst practices for data breach response: https://searchsecurity.techtarget.com/news/252501054/Attorneys-share-worst-practices-for-data-breach-response Ransomware Guidance and Resources: https://www.cisa.gov/ransomware How to Get Employees to Care About Security: https://www.darkreading.com/theedge/how-to-get-employees-to-care-about-security-/b/d-id/1341058 Corey Quinn's Twitter: https://twitter.com/QuinnyPig TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Announcer: If your mean time to WTF for a security alert is more than a minute, it's time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you're building a secure business on AWS with compliance requirements, you don't really have time to choose between antivirus or firewall companies to help you secure your stack. That's why Lacework is built from the ground up for the cloud: low effort, high visibility, and detection. To learn more, visit lacework.com. That's lacework.com.Jesse: All the rage is DevOps, for good reasons: it works. You can't do good cloud work without a flexible and functional DevOps operation. Similarly, you can't do good security in the cloud without DevSecOps. However, [laugh] security people love their cryptic and geeky terms, so you hear, “You should shift left.” This is derived from the left shift bitwise operators that do binary math that moves values to the left. I told you it's geeky.This moving left translates to moving security integration into a project farther left in the development process when you start on the left and move to production on the right. Ultimately, this means you bring security into the very beginning of your conceptual designs, and write your first lines of code with security processes and methods in mind from the very start. Use more security tools, authentication and authorization hooks, and more granular encryption methods in your underlying services structures through your more complex processing. More work on literally coding security in at the start could save you several orders of magnitude of direct and indirect costs in the future. Don't get owned, don't get ransomed.Meanwhile, in the news, Report finds old misconfiguration woes continue to hammer corporate clouds. If you haven't heard me and countless others rant about going back to basics of cloud security, you haven't been listening. This article should scare you into finally checking your basic permissions on things like storage and services so you don't get pwned by being stupid.Pentagon Weighs Ending JEDI Cloud Project Amid Amazon Court Fight. When a nearly $2 trillion company drags anyone into court, things will change. The largest move to cloud services by the US Department of Defense might not happen because Amazon got pissed and sent lawyers. Watch how this unfolds to learn both how Amazon the company operates and how the market moves toward or away from cloud in general and either Azure or AWS specifically as a result of this legal challenge.Netflix Exec Explains Where Infosec Pros are Going Wrong. Most of us who work in cybersecurity will read this piece and have one of two strong reactions. People like me and everyone who isn't a security professional will nod and smile and agree that times are changing and security needs to get with the times. Everyone else in security will scowl, and pout, and get mad.Firms Struggle to Secure Multicloud Misconfigurations. We all struggle to secure all the things, but this report shows that most of us struggle to secure any of the things. Back to basics; I keep hammering on this because things like shutting down or securing ports and services and locking up cloud storage objects get you the biggest improvement in security posture out of almost anything else you do.Announcer: This episode is sponsored by ExtraHop. Extrahop provides threat detection and response for the Enterprise (not the starship). On-prem security doesn't translate well to cloud or multi-cloud environments, and that's not even counting IoT. Extrahop automatically discovers everything inside the perimeter, including your cloud workloads and IoT devices, detects these threats up to 35 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS today at extrahop.com/trial. That's extrahop.com/trial.Jesse: Researchers Create Covert Channel Over Apple AirTag Network. As this article says at the end, most people won't care about this obscure and difficult security thing to do. This is interesting reading, but the most important takeaway for you is to know that this type of technical wizardry is so far outside the realm of feasibility for most anyone on the planet that it should not scare you. For most of us, when we see big news about weird things like this, geek out on it and ignore it.Ransomware is Getting Ugly. The only way to not be a victim of ransomware is to not let it into your network. If you don't protect access to your systems, you won't protect access to your data, and eventually, you'll be paying to keep your information private. Even then, it may end up online for the world to peruse after you've paid.Try this One Weird Trick Russian Hackers Hate. Wow, install the right virtual keyboard and reduce your risk of getting hit with ransomware? If I ran Windows anywhere, I'd already have installed it before talking about it.Attorneys share worst practices for data breach response. I cannot stress enough that every single thing you do or say or type into any device or service could be subject to legal discovery and disclosure. Don't make bad jokes; don't make sarcastic comments that aren't sarcastic out of context, and well just don't be stupid. Any or all of it could land in a global headline.CISA Ransomware Guidance and Resources. You need to understand ransomware. It's a terrifying problem and it's not going away. Go skim this guide, which is quite short, then follow links to the trainings and webinars, and the guides and services. Be prepared to face ransomware because it's looking like we'll see it in action ourselves as time marches on.How to Get Employees to Care About Security. Fresh from the annual RSA security conference, the largest of its kind in the world. For us followers of Corey Quinn, QuinnyPig on Twitter, and chief cloud economist at The Duckbill Group, we already know humor teaches us faster than pain and suffering. Well, maybe. Make security training funny.And now for the tip of the week. Aws CloudTrail is your security friend. It's your best Robo-pet, fetching the morning paper. By default, it should be enabled, but you need to do something to make it useful. Go to your AWS Management Console, show all services, and find CloudTrail under the management and governance section.Create a trail, name it's something—anything at all that makes sense to you—and then read the notice there that you do not get charged for the creation of the logs but you will pay for the S3 bucket storage. Of course, right? Please monitor the size of this thing so you don't get shocking charges. The best thing to do is open the full create trail workflow as the fine print under trail detail says, then choose ‘sane setting' for what to log and which buckets to use. Next, ensure you have something reading those logs like using CloudWatch to pop alerts for you. Better yet, shove them into your Log Analyzer or your SEM.And that's it for the week. Securely yours Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.

Links: Cloud FinOps: https://www.amazon.com/Cloud-FinOps-Collaborative-Real-Time-Management/dp/1492054623 FinOps Foundation: https://www.Finops.org/ AWS cost management blog: https://aws.amazon.com/blogs/aws-cost-management/ Mastering AWS Cost Optimization: https://www.amazon.com/Mastering-AWS-Cost-Optimization-operational/dp/965572803X TranscriptCorey: This episode is sponsored in part by LaunchDarkly. Take a look at what it takes to get your code into production. I’m going to just guess that it’s awful because it’s always awful. No one loves their deployment process. What if launching new features didn’t require you to do a full-on code and possibly infrastructure deploy? What if you could test on a small subset of users and then roll it back immediately if results aren’t what you expect? LaunchDarkly does exactly this. To learn more, visit launchdarkly.com and tell them Corey sent you, and watch for the wince.Pete: Hello, and welcome to the AWS Morning Brief: Fridays From the Field. I am Pete Cheslock.Jesse: I’m Jesse DeRose.Pete: Wow, we’re back again. And guess what? We have even more questions. I am… I am… I don’t even know. I have so many emotions right now that are conflicting between a pandemic and non-pandemic that I just—I’m just so happy. I’m just so happy that you listen, all of you out there, all you wonderful humans out there are listening. But more importantly, you are going into lastweekinaws.com/QA and you’re sending us some really great questions.Jesse: Yeah.Pete: And we’re going to answer some more questions today. We’re having so much fun with this, that we’re just going to keep the good times rolling. So, if you also want to keep these good times rolling, send us your questions, and we’ll just—yeah, we’ll just roll with it. Right, Jesse?Jesse: Absolutely. We’re happy to answer more questions on air, happy to let you pick our brains.Pete: All right. Well, we got a couple more questions. Let’s kick it off, Jesse.Jesse: Yeah. So, the first question today is from Barry. Thank you, Barry. “New friend of the pod here.” Always happy to have friends of the pod. Although I do feel like that starts to get, like, Children of the Corn, kind of. I think we started that, and I also am excited about it, and also upset with myself for starting that.Pete: That’s all right. Friend of the pod. Friend of the pod.Jesse: “New friend of the pod here. I work in strategic sourcing and procurement and I was curious if there are any ways that you recommend to get up to speed with managing cloud spend. This is usually closely monitored by finance or different groups in product, but I can see a significant potential value for a sourcing professional to help, also.” And that’s from Barry, thank you, Barry.Pete: Well, I’m struggling not to laugh. “This is usually closely monitored by finance or different groups in product.”Jesse: Yeah…Pete: But I mean, let’s be honest, it’s not monitored by anyone. It’s just running up a meter in a taxi going 100 miles an hour.Jesse: Yeah, that’s the hardest part. I want everybody to be involved in the cloud cost management practice, but there’s that same idea of if it’s everyone’s responsibility, it’s no one’s responsibility. And so this usually ends up at a point where you’ve got the CFO walking over to the head of engineering saying, “Why did the spend go up?” And that’s never a good conversation to have.Pete: No, never a good one. Well, Barry because you’re a friend of the pod, we will answer this question for you. And honestly, I think it’s a great question, which is, we actually have been working with a lot of larger enterprises and these enterprises still have their classic sourcing and procurement teams. That’s not an expertise that is going away anytime soon, but like most teams within the company that are adopting cloud, it’s obviously going to evolve as people are moving away from, kind of, capital intensive purchases and into, honestly, more complex, multi-year OpEx style purchases, with cloud services and all the different vendors that come with it. It’s going to just get a lot harder.I mean, it’s probably already a lot harder for those types of teams. And so there’s a bunch of places I think that you can go that can help level up your skills around cloud spend. And I would say the first place that I personally got to dive in a little bit more—I mean, my history has been using Amazon cloud and being a person who cared about how much my company spent on it, but when you—joining Duckbill, you need to dive into other areas around the FinOps world. And the book, the O’Reilly book, Cloud FinOps is actually a really great resource.Yeah, I think it’s really well written and there’s a lot of great chapters within there that you can kind of pick and choose based on what you’re most interested in learning about. If you’re trying to learn more about unit economics, or you’re trying to learn more about how to monitor and track things like that, it’s a great book to dive into, and becomes a really great reference that you can leverage as you’re trying to level up this expertise within yourself or your team.Jesse: It’s a really, really great resource. The other thing to think about is any kind of collaborative social spaces where you can be with like-minded individuals who also care about cloud costs. Now, there’s a number of meetups that exist under the FinOps title that may be worth looking into. Obviously, we’re recording this during the pandemic so I don’t recommend doing those in person. But as you are able to, there may be opportunities for in-person meetups and smaller local groups focusing on cloud cost management strategies together. But also check out the FinOps Foundation. They have a Slack space that I would love to tell you more about, but unfortunately, we’re not allowed to join. So—Pete: Yep.Jesse: —I can’t really say more about it than that. I would hope that you’re allowed to join, but they have some strict guidelines. So, I mean, the worst that can happen is they say no; it’s definitely worth signing up.Pete: Yeah, and they have to us. [laugh].Jesse: Yeah.Pete: I think when you get into the FinOps Foundation, you should angrily say that we should have more FinOps experts in here like the great Jesse DeRose should be a member of this one because right now, he’s just framed his rejection notice from there, and—Jesse: Oh, yeah.Pete: —while it looks beautiful on the wall, while I’m on a Zoom with him, I want more for you, Jesse.Jesse: I want more for me, too. I’m not going to lie.Pete: So, I don’t know this might sound a little ridiculous that I’m going to say something nice about AWS, but they have a fantastic cost management blog. This is a really fantastic resource, really incredible resource, with a lot more content more recently. They seem to be doing some great work on the recruiting side and bringing on some real fantastic experts around cost management.I mean, just recently within the past few months they talk about unit economics: How to select a unit metric that might support your business, talking more about unit metrics in practice. They start at the basics, too. I mean, obviously, we deal a lot in unit economics and unit metrics; they will start you off with something very basic and say, “Well, what even is this thing?” And talk to you more about cost reporting using AWS organizations for some of this. It’s a really fantastic resource.It’s all free, too, which is—it’s weird to say that something from AWS is free. So, anytime that you can find a free resource from Amazon, I say, highly recommend it. But there are a lot of blogs on the AWS site, but again, the Cost Management Blog, great resource. I read it religiously; I think what they’re writing is some of, really, the best content on the blog in general.Jesse: There’s one other book that I want to recommend called Mastering AWS Cost Optimization and we’ll throw links to all these in the [show notes 00:07:30], but I, unfortunately, have not read this book yet, so I can’t give strong recommendations for it, but it is very similar in style and vein to the Cloud FinOps book that we just mentioned, so might be another great resource to pick up to give you some spot learning of different components of the cloud cost management workflow and style.Pete: Awesome. Yeah, definitely agree. I’d love to see, again, more content out here. There’s a lot of stuff that exists. And even A Cloud Guru has come up with cost management training sessions.Again, we’d like to see more and more of this. I’d love to see more of this come from Amazon. I’d love to see—you know, they have a certification path in all these different areas; I’d love to see more of that in the cost management world because I think it’s going to become more complex, and having that knowledge, there is so much knowledge, it’s spread so far across AWS, helping more people get up to speed on it will be just critical for businesses who want to better understand what their spend is doing. So, really great question, Barry, friend of the pod. We should get some pins for that, right? Friend of the pod pins?Jesse: Oh, yeah.Pete: And yeah, really great question. Really appreciate you sending it and hopefully that helps you. And if not, guess what? You can go to lastweekinaws.com/QA, and just ask us a follow-up question, Barry. Because you’re a friend of the pod. So, we’ll hopefully hear from you again soon.Jesse: Thanks, Barry.Pete: Thanks.Announcer: If your mean time to WTF for a security alert is more than a minute, it’s time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you’re building a secure business on AWS with compliance requirements, you don’t really have time to choose between antivirus or firewall companies to help you secure your stack. That’s why Lacework is built from the ground up for the cloud: Low effort, high visibility, and detection. To learn more, visit lacework.com.Pete: All right, we have one more question. Jesse, what is it?Jesse: “All right, most tech execs I speak with have already chosen a destination hyperscaler of choice. They ask me to take them there. I can either print out a map they can follow, procedural style, or I can be their Uber driver. I could be declarative. I prefer the latter for flexibility reasons, but having said that, where does one actually start?Do you start with Infrastructure as a Service and some RDS to rid them of that pesky expensive Oracle bill? Do we start with a greenfield? I mean, having a massive legacy footprint, it takes a while to move things over, and integrating becomes a costly affair. There’s definitely a chicken and egg scenario here. How do I ultimately find the best path forward?” That question is from Marsellus Wallace? Thank you, Marsellus.Pete: Great question. And I’m not just saying that. I guess I have a question. Or at least, maybe we have different answers based on what this really looks like. Is this a legacy data center migration?The solution here is basically lift-and-shift. Do it quickly. And most importantly, don’t forget to refactor and clean up after you shut down your old data center. Don’t leave old technical debt behind. And, yeah, you’re going to spend a lot, you’re going to look at your bill and go, “Holy hell, what just happened here?”But it’s not going to stay that way. That’s probably—if you do it right—the highest your bill is going to be because lift-and-shift means basically just moving compute from one location to another. And if you’re—as we spoken about probably a million times, Jesse and I, if you just run everything on EC2 like a data center, it’s the most expensive way to do the cloud stuff. So, you’re going to then refactor and bring in ephemerality and tiering of data and all those fun things that we talk about. Now, is this a hybrid cloud world?That’s a little bit different because that means you’re not technically going to get rid of, maybe, physical locations or physical data centers, so where do you start? It’s my personal opinion—and Jesse has his own opinion, too, and guess what it’s our podcast and we’re going to tell it like it is.Jesse: [laugh].Pete: [laugh]. You know, my belief is, starting with storage is honestly a great way to get into cloud. Specifically S3. Maybe even your corporate file systems, using a tool like FSX. It’s honestly why many businesses start their cloud journey, by moving corporate email and file systems into the cloud.I mean, as a former Microsoft Exchange administrator, I am thoroughly happy that you don’t have to manage that, really, anymore and you can push that in the cloud. So, I think storage is honestly a great way to get started within there: Get S3 going, move your file systems in there, move your email in there if you haven’t yet. That’s a really great way to do it. Now, the next one that I would move probably just as aggressively into and, Marsellus, you mentioned it: RDS, right? “Should we move into RDS, get rid of expensive Oracle bills?”Yeah, anytime you can pay ol’ Uncle Larry less money is better in my mindset. Databases are, again, another really great way of getting into AWS. They work so well, RDS is just such a great service, but don’t forget about DMS, the database migration service. This is the most underrated cloud service that Amazon has in there, it will help you migrate your workloads into RDS, into Amazon Aurora. But one thing I do want to call out before you start migrating data in there, talk to your account manager—you have one even if you don’t think you have one—before starting anything, and have them help you identify if there are any current programs that exist to help you migrate that data in.Again, Amazon will incentivize you to do it, they will provide you credits, like map credits or other investment credits, maybe even professional services that can help you migrate this data from an on-premise Oracle into AWS, I think you will be very pleasantly surprised with how aggressive that they can be to help you get into there. The last thing that I would say is another great thing to move in our data projects. So, let’s say you want to do a greenfield one, greenfield type of project into Amazon, data projects are a really great way to move in there. I’m talking things like EMR, Databricks, Qubole, you get to take advantage of Spot Fleets with EMR, but also Databricks and Qubole can manage Spot infrastructure and really take advantage of cloud ephemerality. So if, like I said, you started by pushing all your data into S3, you’re already halfway there on a really solid data engineering project, and now you get to leverage a lot of these other ancillary services like Glue, Glue DataBrew, Athena, Redshift.I mean, once the data is in S3, you have a lot of flexibility. So, that’s my personal opinion on where to get started there. But Jesse, I know you always have a different take on these, so where do you think that they should start?Jesse: Yeah, I think all of the recommendations you just made are really, really great options. I always like to look at this from the perspective of the theory side or the strategy side. What ultimately do these tech execs want to accomplish? Is it getting out of data centers? Is it better cost visibility?Is it optimizing spend? Is it better opportunity to move fast, get new R&D things that you can’t get in a data center? What do these tech execs ultimately want to accomplish? And ask them. Start by asking them.Prioritize the work that they want to accomplish first, and work with teams to change their behaviors to accomplish their goals. One of the biggest themes that we see in the space moving from data centers into cloud providers or even just growing within a given cloud provider is cost visibility. Do teams know why their spend is what it is? Do they know why it went up or down month-over-month? Can they tell you the influences and the drivers that cause their spend to go up or down?Can they specifically call out which teams or product usage increased or decreased, and what ultimately led to your spending changing? Make sure that every team has an architecture diagram and they can explain how they use AWS, how data moves from one service to another, both within their product and to other products. Because there’s definitely going to be sharp edges with data transfer between accounts. We’ve seen this happen to a number of clients before; I’ve gotten bit by this bullet. So, talk to your teams, or talk to your tech executives and have those tech executives talk to their teams to understand what do they ultimately want to accomplish?Can they tie all of what they’re trying to accomplish back to business metrics? Maybe a spike in user logins generated more usage? If you’re a photo storage company, did a world event prompt a lot of users to upload photos prompting higher storage costs? Are you able to pull out these specific insights? That’s ultimately the big question here. Can you boil it down to a business KPI that changed, that ultimately impacted your AWS spend?Pete: I think this is a scenario of where you get started. Why not both? Just maybe do both of these things that we’re saying.Jesse: Yeah.Pete: And honestly, I think you’ll end up in a pretty great place. So, let us know how that works out, Marsellus, and thank you for the question. Again, you also can send us your questions, and we will maybe answer these on a future episode; lastweekinaws.com/QA, drop a question in there, put your name, or not or a fake name, or even a joke. That’s fine, too. I don’t know what the text limit is on the name, Jesse. Can you put a joke there? I don’t know. You know what? Test that out for us. It’s not slash QA for nothing. So, give that a little QA, or a question and answer and [unintelligible 00:17:29]. All right. Well, thanks, Jesse, for helping me out answering more questions.Jesse: Thanks, everybody for the awesome questions.Pete: If you enjoyed this podcast, please go to lastweekinaws.com/review, give it a five-star review on your podcast platform of choice, whereas if you hated this podcast, please go to lastweekinaws.com/review and give it a five-star rating on your podcast platform of choice and tell us, what would be the last thing that you would move to AWS? It’s QuickSight, isn’t it?Jesse: [laugh].Pete: Thanks, everyone. Bye-bye.Announcer: This has been a HumblePod production. Stay humble.

In this episode Nick and Alex discuss season 4 episode 4 of AMC’s Preacher titled “Search and Rescue”! Does God know Starr is lying about Humperdoo? Has Jesse learned his lesson about using the Word? Why does the Saint still want to kill Jesse? All of that and more on this week’s episode! Become a Patron! … The post 4×04 Search and Rescue appeared first on Gone to Texas - A Podcast About AMC's Preacher.

In this episode Nick and Alex discuss season 3 episode 7 of AMC’s Preacher titled “Hilter”! Why are Featherstone and Tulip fighting so much? Was the use of Hitler in seasons 2 and 3 worth it? How will Starr gain leverage over Jesse? All of that and more on this week’s episode! Become a Patron! You … The post 3×07 Hilter appeared first on Gone to Texas - A Podcast About AMC's Preacher.

2018/4/29 Joshua O'Sullivan ジョシュア・オサリバン Categories: Video: https://yokohama.mylifehouse.com/tv/message/we-are-called We Are Called 私たちは呼ばれる (Ephesians 1:3-4 NKJV) Blessed be the God and Father of our Lord Jesus Christ, who has blessed us with every spiritual blessing in the heavenly places in Christ, (4) just as He chose us in Him before the foundation of the world, that we should be holy and without blame before Him in love, (エペソ 1:3-4 新改訳)私たちの主イエス・キリストの父なる神がほめたたえられますように。神はキリストにおいて、天にあるすべての霊的祝福をもって私たちを祝福してくださいました。(4)すなわち、神は私たちを世界の基の置かれる前からキリストのうちに選び、御前で聖く、傷のない者にしようとされました。 My calling 自分の使命 (Isaiah 42:6 NKJV) I, the Lord, have called You in righteousness, And will hold Your hand; I will keep You and give You as a covenant to the people, As a light to the Gentiles, (イザヤ 42:6 新改訳)わたし、主は、義をもってあなたを召し、あなたの手を握り、あなたを見守り、あなたを民の契約とし、国々の光とする。 (called - OT - 800 times and NT - 225 times) (呼ばれてる – 旧約聖書　– ８００回＆新約聖書 – ２２５回) 1.God chooses to choose people 神様は人を選ぶことを選んだ a. A King: David's story: 王：ダビデのストーリー (1 Samuel 16:6-13 Voice) When they came, he noticed the eldest son, Eliab. Samuel (to himself): Surely this is the one the Eternal One will anoint. Eternal One (to Samuel): (7) Take no notice of his looks or his height. He is not the one, for the Eternal One does not pay attention to what humans value. Humans only care about the external appearance, but the Eternal considers the inner character. (8) Jesse called his son Abinadab and brought him to Samuel. Samuel looked at him. Samuel: The Eternal has not chosen him either. (9) Then Jesse brought his son Shammah in front of Samuel. Samuel: The Eternal has not chosen him either. (10) Jesse walked seven of his sons in front of Samuel, and each time, Samuel refused them because the Eternal One had chosen none of them. Samuel (to Jesse): (11) Are all your sons here? Jesse: All but the youngest. He is off keeping the sheep. Samuel: Send for him, and bring him here. We will not sit down until he arrives. (12) Jesse sent for the youngest son, David, and he came in front of Samuel. He was a handsome boy, with a healthy complexion and bright eyes. Eternal One: Rise and anoint him, because this is the one. (13) Then Samuel took the horn filled with olive oil and anointed him in the presence of his brothers, and the Spirit of the Eternal fell strongly on David and remained from that day on. Samuel then left for Ramah. (1 サムエル 16:6-13 JCB)彼らが来た時、サムエルはそのうちの一人、エリアブをひと目見るなり、「この人こそ、主がお選びになった人に違いない」と思いました。(7)しかし、主は言いました。「容貌や背の高さで判断してはいけない。彼ではない。わたしの選び方は、あなたの選び方とは違う。人は外見によって判断するが、わたしは心と思いを見るからだ。」(8)次はアビナダブが呼ばれ、サムエルの前に進み出ました。しかし、「主は彼も選んでおられない」とサムエルは言いました。(9)続いてシャマが呼ばれましたが、主からは、「彼もわたしの目にかなわない」という返事しかありませんでした。同様にして、エッサイの七人の息子がサムエルの前に立ちましたが、みな主に選ばれませんでした。(10-11)サムエルはエッサイに言いました。「どうも主は、この息子さんたちのだれをも選んでおられないらしい。もうほかに息子さんはいないのですか。」「いいえ、まだ末の子がおります。今、野で羊の番をしておりますが。」「すぐ呼びにやってください。その子が来るまで、食事は始めませんから。」(12)エッサイはすぐに彼を迎えにやりました。連れて来られたのは、見るからに健康そうで、きれいな目をした少年でした。その時、「この者だ。彼に油を注ぎなさい」と、主の声がありました。(13)サムエルは、その少年ダビデを兄弟たちの真ん中に立たせて、持って来たオリーブ油を取り、彼の頭に注ぎました。すると、主の霊がダビデに下り、その日から彼には卓越した力が与えられたのです。こののち、サムエルはラマへ帰って行きました。 b. A skilled artist: Bezalel's story 才能溢れたアーティスト：べツァルエルのストーリー (Exodus 31:1-5 Voice) Eternal One: (2) Look, I have a special calling upon one of the sons of Judah. His name is Bezalel (the son of Uri, son of Hur). (3) I have filled him with God's Spirit, gifted him with wisdom, understanding, knowledge, and skills with a variety of crafts. (4) He is an expert designer and works well with gold, silver, and bronze. (5) He is able to cut and set gems, work with wood, and skillfully perform any craft needed to help construct the congregation tent and its furnishings. (出エジプト 31:1-5 JCB)主はまた、モーセに告げました。「わたしはユダ族のウリの子で、フルの孫に当たるベツァルエルを選んだ。(3)彼に神の霊を満たし、幕屋とその中にある物いっさいを作るのに必要な、知恵と才能と技術を与えた。(4)彼は、金、銀、青銅の細工を美しくデザインすることができる。(5)また宝石の細工にも、木の彫刻にも熟練した腕を持っている。 c.12 ordinary guys' story 12人の普通の男たちのストーリー (Luke 6:13 NKJV Read rest of the notes 続きを読む https://yokohama.mylifehouse.com/tv/message/we-are-called

2018/4/22 Pastor Richard Welsh 韋日卓牧師 Categories: Video: https://hongkong.mylifehouse.com/tv/message/we-are-called We Are Called 我們被呼召 (Ephesians 1:3-4 NKJV) Blessed be the God and Father of our Lord Jesus Christ, who has blessed us with every spiritual blessing in the heavenly places in Christ, (4) just as He chose us in Him before the foundation of the world, that we should be holy and without blame before Him in love, 以 弗 所 書 1:3-4 CUV [3] 願 頌 讚 歸 與 我 們 主 耶 穌 基 督 的 父 神 ！ 他 在 基 督 裡 曾 賜 給 我 們 天 上 各 樣 屬 靈 的 福 氣 ： [4] 就 如 神 從 創 立 世 界 以 前 ， 在 基 督 裡 揀 選 了 我 們 ， 使 我 們 在 他 面 前 成 為 聖 潔 ， 無 有 瑕 疵 ； (Isaiah 42:6 NKJV) I, the Lord, have called You in righteousness, And will hold Your hand; I will keep You and give You as a covenant to the people, As a light to the Gentiles, 以 賽 亞 書 42:6 CUV [6] 我 ─ 耶 和 華 憑 公 義 召 你 ， 必 攙 扶 你 的 手 ， 保 守 你 ， 使 你 作 眾 民 的 中 保 （ 中 保 ： 原 文 是 約 ） ， 作 外 邦 人 的 光 ， 1. God chooses to choose people 1. 神選擇去選擇人 (1 Samuel 16:6-13 Voice) When they came, he noticed the eldest son, Eliab. Samuel (to himself): Surely this is the one the Eternal One will anoint. Eternal One (to Samuel): (7) Take no notice of his looks or his height. He is not the one, for the Eternal One does not pay attention to what humans value. Humans only care about the external appearance, but the Eternal considers the inner character. (8) Jesse called his son Abinadab and brought him to Samuel. Samuel looked at him. Samuel: The Eternal has not chosen him either. (9) Then Jesse brought his son Shammah in front of Samuel. Samuel: The Eternal has not chosen him either. (10) Jesse walked seven of his sons in front of Samuel, and each time, Samuel refused them because the Eternal One had chosen none of them. Samuel (to Jesse): (11) Are all your sons here? Jesse: All but the youngest. He is off keeping the sheep. Samuel: Send for him, and bring him here. We will not sit down until he arrives. (12) Jesse sent for the youngest son, David, and he came in front of Samuel. He was a handsome boy, with a healthy complexion and bright eyes. Eternal One: Rise and anoint him, because this is the one. (13) Then Samuel took the horn filled with olive oil and anointed him in the presence of his brothers, and the Spirit of the Eternal fell strongly on David and remained from that day on. Samuel then left for Ramah. 撒 母 耳 記 上 16:6-13 CUV [6] 他 們 來 的 時 候 ， 撒 母 耳 看 見 以 利 押 ， 就 心 裡 說 ， 耶 和 華 的 受 膏 者 必 定 在 他 面 前 。 [7] 耶 和 華 卻 對 撒 母 耳 說 ： 不 要 看 他 的 外 貌 和 他 身 材 高 大 ， 我 不 揀 選 他 。 因 為 ， 耶 和 華 不 像 人 看 人 ： 人 是 看 外 貌 ； 耶 和 華 是 看 內 心 。 [8] 耶 西 叫 亞 比 拿 達 從 撒 母 耳 面 前 經 過 ， 撒 母 耳 說 ： 耶 和 華 也 不 揀 選 他 。 [9] 耶 西 又 叫 沙 瑪 從 撒 母 耳 面 前 經 過 ， 撒 母 耳 說 ： 耶 和 華 也 不 揀 選 他 。 [10] 耶 西 叫 他 七 個 兒 子 都 從 撒 母 耳 面 前 經 過 ， 撒 母 耳 說 ： 這 都 不 是 耶 和 華 所 揀 選 的 。 [11] 撒 母 耳 對 耶 西 說 ： 你 的 兒 子 都 在 這 裡 麼 ？ 他 回 答 說 ： 還 有 個 小 的 ， 現 在 放 羊 。 撒 母 耳 對 耶 西 說 ： 你 打 發 人 去 叫 他 來 ； 他 若 不 來 ， 我 們 必 不 坐 席 。 [12] 耶 西 就 打 發 人 去 叫 了 他 來 。 他 面 色 光 紅 ， 雙 目 清 秀 ， 容 貌 俊 美 。 耶 和 華 說 ： 這 就 是 他 ， 你 起 來 膏 他 。 [13] 撒 母 耳 就 用 角 裡 的 膏 油 ， 在 他 諸 兄 中 膏 了 他 。 從 這 日 起 ， 耶 和 華 的 靈 就 大 大 感 動 大 衛 。 撒 母 耳 起 身 回 拉 瑪 去 了 。 (Exodus 31:1-5 Voice) Eternal One: (2) Look, I have a special calling upon one of the sons of Judah. His name is Bezalel (the son of Uri, son of Hur). (3) I have filled him with God’s Spirit, gifted him with wisdom, understanding, knowledge, and skills with a variety of crafts. (4) He is an expert designer and works well with gold, silver, and bronze. (5) He is able to cut and set gems, work with wood, and skillfully perform any craft needed to help construct the congregation tent and its furnishings. 出 埃 及 記 31:2-5 CUV [2] 看 哪 ， 猶 大 支 派 中 ， 戶 珥 的 孫 子 、 烏 利 的 兒 子 比 撒 列 ， 我 已 經 題 他 的 名 召 他 。 [3] 我 也 以 我 的 靈 充 滿 了 他 ， 使 他 有 智 慧 ， 有 聰 明 ， 有 知 識 ， 能 做 各 樣 的 工 ， [4] 能 想 出 巧 工 ， 用 金 、 銀 、 銅 製 造 各 物 ， [5] 又 能 刻 寶 石 ， 可 以 鑲 嵌 ， 能 雕 刻 木 頭 ， 能 做 各 樣 的 工 。 (Luke 6:13 NKJV) And when it was day, He called His disciples to Himself; and from them He Read rest of the notes 続きを読む https://hongkong.mylifehouse.com/tv/message/we-are-called

In this episode Nick and Alex discuss episode seven of season 2 of AMC’s Preacher titled “Pig”! What is Tulip’s existential dread all about? Who is Herr Starr talking to on the phone back at the Grail headquarters? What effect will losing 1% of his soul have on Jesse? All of that and more on this week’s … The post 2×07 Pig appeared first on Gone to Texas - A Podcast About AMC's Preacher.

In this episode Nick and Alex discuss episode six of season 2 of AMC’s Preacher titled “Sokosha”! Was all of that soul-selling stuff in the comics? What happened to Tulip when she was touched by the Saint? Why does the Saint so readily believe Jesse? All of that and more on this week’s episode! Find a link … The post 2×06 Sokosha appeared first on Gone to Texas - A Podcast About AMC's Preacher.

In this episode Nick and Alex discuss episode five of season 2 of AMC’s Preacher titled “Dallas”! Why so many close-ups on the Bible in the window? What’s Cassidy hiding behind all of his charisma and charm? What differences are we seeing between book and TV Tulip and Jesse? All of that and more on this week’s … The post 2×05 Dallas appeared first on Gone to Texas - A Podcast About AMC's Preacher.