Microservices Maturity Matrix, Token Authentication & API Gateway Mediation (10.30.2015) Cleveland, OH @iryanb 

Microservices Maturity Matrix, Token Authentication & API Gateway Mediation
1080p HD


October 30, 2015 

Cleveland, OH 

13th annual InfoSec Summit 

Posted in Uncategorized | Leave a comment

The Prescience of IoT

Science is rooted in observation. 

Prescience is rooted in imagination.

IT Architecture & Software Engineering is rooted in applying the imagingation in such a way that one does not need to wait for the observation to design for the possibility of failure. 

Iterate Iterate Iterate.


Posted in Uncategorized | Leave a comment

IoT Evolution Expo: Multi-Dimensional IoT Fog Computing Scalability & Security

Recorded: August 20, 2015, Caesar’s LV 


Posted in Uncategorized | Leave a comment

Manage Your IoT Mesh

October 20-21, 2014 video recording of my IoTA Moscone conference presentation on how to manage meshes of IoT enclaves with a focus on API security.


Posted in Uncategorized | Leave a comment

Javascript !=== Infinite

Some of my software engineering friends and I often discuss the concept of infinity and how near it actually is, be it in the form of the infinite number of points on any circle regardless of the circumference or taking an infinite number of half steps between here and there resulting in never actually getting all the way there — which is what coding in javascript has felt like for me.  When attempting to compute large numbers with accurate precision (meaning without scientific notation rounding lossiness) or when bumping into a tiny infinity boundary due to memory limitations of the javascript interpretor engine’s process. 

This week I worked to port javascript code that was performing JSON TO SOAP/XML message transformation on a Java 1.8 Jetty powered API gateway.  As a result of changing the programming model from interpreted js that needed to be compiled for every message passing through the API gateway to precompiled java components that instead read declarative configuration properties from a BPEL process the performance improved by a factor of 4. 

With regards to bumping into a tiny infinity in js when performing simple math operations such as the addition of large numbers, this js performance test is a simple way to benchmark the speed of one’s javascript interpreter ( http://ariya.ofilabs.com/tag/v8 ) while also getting to experience that infinity is just a handful of milliseconds away as this code bumps into that wall after just 1477 additions of fibonacci integers.  I won’t even waste your time with the version that slowly tests to see if each product is prime.  

window.addEventListener(‘load’, function(e) {

  document.querySelector(‘#test’).innerHTML = ‘fibonacci (Phi) Javascript performance test’;

}, false);

var x = 1;

var y = 1;

var n = 1;

var f = 1;

var start = Date.now();

document.writeln(“Phi @iryanb Perf Test” + “<br />”);

for(n = 3; n < 1478; n++){


t=Math.abs(Date.now() – start);

  document.writeln(“F : ” + n + ” is ” + f + ” Time(ms): ” + t);



  document.writeln(” <br />”);


var speed = “average”;

if (t < 24) { speed = “fast”;}

if (t > 50) { speed = “slow”;}

document.writeln(“Results: ” + speed);

Try this code in the JSAnywhere app on your Smartphone to experience the speed of math in js on a mobile device. 

benchmark results: 

F : 1475 is 8.077637632156222e+307 Time(ms): 21 
F : 1476 is 1.3069892237633987e+308 Time(ms): 21 
F : 1477 is Infinity Time(ms): 21 

Posted in Uncategorized | Leave a comment

Mitigating the top five API security weaknesses 


Posted in Uncategorized | Leave a comment

i0t : internet zero trust

While most think the gist of IoT is about the Internet of Things, those of us following the recent events (heartbleeding shellshocked poodles) in the security space know that NIST is spot on with their recommendation to implement a “Zero Trust Architecture.”

If you’ve configured an Arduino, by now you know that it doesn’t take much to get the WiFi SSID and password from one of these little things, especially if it is equipped with a USB port to connect directly to it with a laptop — which most have as that is both the port used for power and for initial setup to configure it to connect to a network.

Having said that, it begs the question if an Arduino even has the computational power and memory required for adequate encryption of any data that the “thing” is sensing once it is on the network. And if data privacy is not a concern for your use case, then losing control of the things connected to it should minimally be a concern. The simplicity of IoT development is attractive to many developers due to the low cost to enter a very compelling market of wirelessly controlling anything with a switch. However simplicity and security are certainly orthogonal concepts.

While it may seem convenient to be able to turn on your air conditioner as you depart a plane so that your home is comfortable before you pull into the driveway, it would not be convenient to find out that somehow the “thing” was hijacked and had instead cranked up the heat while you were away. These are the types of things that should concern the consumer that is so enamored with a winking hub endorsed by a nesting actor obsessed with the fortune of perfectly dimmed lighting.

What is a Zero Trust Architecture? Start here: i0t

Now that we all understand the value of segmentation gateways at the API layer that offer value beyond simply opening and closing ports like a traditional network firewall, we can discuss enclaves of domains of trust and the ability to centrally manage policies across these zones of control.

I’ll be at Cloud Expo in Santa Clara on November 6, 2014 demonstrating how SOA Software API Gateways can play the role of a segmentation gateway Policy Enforcement Point for IoT API controllers, and how the SOA Policy Manager plays the role of the Policy Administration Point and the Policy Decision Point for each gateway.

Posted in Uncategorized | Leave a comment