Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Measuring Value Through Your Software Supply Chain


Published on

This presentation was delivered by Helen Beal at DevSecOps at Infosec on 9th June 2016 at Olympia in London with Sonatype.

Published in: Technology
  • Be the first to comment

Measuring Value Through Your Software Supply Chain

  1. 1. DevOpstastic Measuring Value Through Your Software Supply Chain Helen Beal DevOpsologist @helenranger4
  2. 2. DevOpstastic
  3. 3. DevOpstastic Google Trends search result for search term “DevOps”
  4. 4. DevOpstastic "The world as we have created it is a process of our thinking. It cannot be changed without changing our thinking." Albert Einstein
  5. 5. DevOpstastic DevOps Starts CIO Head of Development Head of Operations PMO/BAs Dev DBAs The rest of the business Test Security Release SupportInfrastructure DevOps often starts as grassroots thinking and can start anywhere
  6. 6. DevOpstastic
  7. 7. DevOpstastic
  8. 8. DevOpstastic
  9. 9. DevOpstastic What’s Different About DevOps? Tools DevOps
  10. 10. DevOpstastic "It may be hard for an egg to turn into a bird: it would be a jolly sight harder for it to learn to fly while remaining an egg." CS Lewis
  11. 11. DevOpstastic Google Trends search result for search terms “DevOps”, “ITSM”, “ITIL”, Agile”, “LeanIT”
  12. 12. DevOpstastic "Change is the process by which the future invades our lives." Alvin Toffler
  13. 13. DevOpstastic
  14. 14. DevOpstastic
  15. 15. DevOpstastic Where is Agile at?
  16. 16. DevOpstastic Agile #Fails • Are you really product centric? • Do the Product Owners get it? • Have you thrown away documentation? • Are you speaking a common language? Do you have a shared vocabulary? • When do you test? • Are Ops ready? Is your service management Agile?
  17. 17. DevOpstastic ScrumBan
  18. 18. DevOpstastic Where is ITSM at?
  19. 19. DevOpstastic Who v’s ITIL?
  20. 20. DevOpstastic "If you want to make enemies, try to change something.” Woodrow Wilson
  21. 21. DevOpstastic The Agile Manifesto While there is value in the items on the right, we value the items on the left more. The underlying concepts of agile software development were first laid out in the Agile Manifesto. WE VALUE Individuals and interactions Working software Customer collaboration Responding to change OVER Processes and tools Comprehensive documentation Contract negotiations Following a plan
  22. 22. DevOpstastic Are these contrary to ITSM values? Individuals and interactions Working software Customer collaboration Responding to change Processes and tools Comprehensive documentation Contract negotiations Following a plan OVER DOES ITSM VALUE While there is value in the items on the left, do we really value the items on the right more?
  23. 23. DevOpstastic Where is Lean at?
  24. 24. DevOpstastic Value Stream Mapping
  25. 25. DevOpstastic
  26. 26. DevOpstastic
  27. 27. DevOpstastic What is the metric that matters most?
  28. 28. DevOpstastic Ideation Integration ValidationOperation Realisation DevOps ©Ranger4
  29. 29. DevOpstastic Organizing around people...
  30. 30. DevOpstastic
  31. 31. DevOpstastic DevOps Nirvana CIO Customer Innovation Management Product A Product B Product C Product D IT IS the business. Everyone is on board with the DevOps way of thinking. Product F Product G Product H Product I Product E Product J The Board The Business Dashboards and automation alignment
  32. 32. DevOpstastic Agile Development Service Management Organisational Management
  33. 33. DevOpstastic “Holacracy structures your organisation for evolution.”
  34. 34. DevOpstastic Organisational Evolution Stage Typified by Current Examples Key Breakthroughs Guiding Metaphor RED Constant exercise of power by chief to keep troops in line. Fear is the glue of the organisation. Highly reactive, short-term focus. Thrives in chaotic environments. • Mafia • Street Gangs • Tribal militia • Division of labour • Command authority Wolf pack AMBER Highly formal roles within a hierarchical pyramid. Top-down command and control (what and how). Stability valued above all through rigorous processes. Future is repetition of past. • Catholic church • Military • Most government agencies • Public school systems • Formal roles (stable and scalable hierachies) • Processes (long-term perspectives) Army ORANGE Goal is to beat competition, achieve profit and growth. Innovation is key to staying ahead. Management by objectives (command and control on what; freedom on the how). • Multinational companies • Charter schools • Innovation • Accountability • Meritocracy Machine GREEN Within the classic pyramid structure, focus on culture and empowerment to achieve extraordinary employee motivation. • Culture driven organisations (e.g. Southwest Airlines, Ben & Jerry’s…) • Empowerment • Values-driven culture • Stakeholder models Family TEAL Self-organising and self-managed teams with coaches when needed. Coaches do not have P&L responsibility or managerial authority. • Spotify, FAVI, Morning Star, Waterstones • Trusting those doing the job • Autonomy, mastery and purpose System From ‘Reinventing Organisations’ by Frederic Laloux
  35. 35. DevOpstastic Things DevOps and Holacracy Have in Common • Self-organising teams • No job titles – focus on roles • Continuous funding • Amplified feedback loops / processing tensions • Flattened hierarchies and distributed authority • Incremental, iterative improvement
  36. 36. DevOpstastic Structure Orange Practices Teal Practices 1. Organisation Structure Hierarchical pyramid - Self-organising teams - When needed, coaches (no P&L responsibility, no management authority) cover several teams 2. Coordination Coordination through fixed meetings at every level (from executive team downward), often leading to meeting overload - No executive team meetings - Coordination and meetings mostly ad hoc when needs arise 3. Projects Heavy machinery (program & project managers, Gantt charts, plans, budgets, etc.) to try and control complexity and prioritise resources - Radically simplified project management - No project managers, people self-staff projects - Minimum (or no) plans and budgets, organic prioritisation 4. Staff Functions Plethora of central staff functions for HR, IT, purchasing, finance, controlling, quality, safety, risk management, etc. - Most functions performed by teams themselves, or by voluntary task forces - Few staff remaining have only advisory role From ‘Reinventing Organisations’ by Frederic Laloux
  37. 37. DevOpstastic Human Resources Orange Practices Teal Practices 1. Recruitment Interviews by trained HR personnel, focus is on fit with job description - Interviews by future colleagues, focus is on fit with organisation and with purpose 2. Onboarding (Mostly administrative onboarding process) - Significant training in relational skills and in company culture - Rotation programs to immerse oneself in the organisation 3. Training - Training trajectories designed by HR - Mostly skill and management training - Personal freedom and responsibility for training - Critical importance of common training that everybody attends 4. Job Titles and Job Descriptions Every job has job title and job description - No job titles - Fluid and granular roles instead of fixed job descriptions 5. Individual purpose (It’s not the organisation’s role to help employees identify their personal calling) - Recruitment, training, and appraisals used to explore juncture of individual calling and organisational purpose 6. Flexibility and time commitment - Honest discussion about individual time commitment to work vs. other meaningful commitments in life - High degree of flexibility in working hours, as long as commitments are upheld 7. Performance Management - Focus on individual performance - Appraisals established by hierarchical superior - Appraisal discussion aims for objective snapshot of past performance - Focus on team performance - Peer-based processes for individual appraisals - Appraisal discussion turned into personal inquiry into one’s learning journey and calling 8. Compensation - Decision made by hierarchical superior - Individual incentives - Meritocratic principles can lead to large salary differences - Self-set salaries with peer calibration for base pay - No bonuses, but equal profit sharing - Narrower salary differences 9. Appointment and promotions - Intense jockeying for scarce promotion leads to politics and dysfunctional behaviour - Silos – every manager is king of his castle - No promotions, but fluid rearrangement of roles based on peer agreement - Responsibility to speak up about issues outside of one’s scope of authority 10. Dismissal - Boss has authority (with JR approval) to dismiss a subordinate - Dismissal mostly a legal and financial process - Dismissal last step in mediated conflict resolution mechanism - In practice very rare - Caring support to turn dismissal into a learning opportunity
  38. 38. DevOpstastic Daily Life Orange Practices Teal Practices 1. Office Spaces - Standardised, soulless professional buildings - Abundant status markers - Self-decorated, warm spaces, open to children, animals, nature - No status markers 2. Meetings (Many meetings but few meeting practices) - Specific meeting practices to keep ego in check and ensure everybody’s voice is heard 3. Decision-making - High up in the pyramid - Any decision can be invalidated by hierarchical superior - Fully decentralised based on advice process (or on holacratic decision-making mechanisms) 4. Conflicts (Conflict often glossed over, no conflict resolution practices) - Regular time devoted to bring to light and address conflicts - Multi-step conflict resolution process - Everyone trained in conflict management - Culture restricts conflict to the conflicting parties and mediators; outsiders are not dragged in 5. Information Flow - Information is power and is released on a need-to-know basis - Secrecy toward the outside world is the default position - - All information available in real-time to all, including about company financials and compensation - Total transparency invites outsiders to make suggestions to better bring about purpose 6. Values (Values often only a plaque on the wall) - Clear values translated into explicit ground rules of (un)acceptable behaviours to foster safe environment - Practices to cultivate discussions about values and ground rules 7. Reflective Spaces - Quiet room - Group meditation and silence practices - Large group reflection practices - Team supervision and peer coaching 8. Mood Management - Conscious sensing of what mood would serve the organisation’s purpose 9. Community Building - Storytelling practices to support self-disclosure and build community
  39. 39. DevOpstastic Major Organisational Processes Orange Practices Teal Practices 1. Purpose (No practices to list to the purpose; self-preservation against competition is the key driver of decision-making) - Organisation is seen as a living entity with its own evolutionary purpose - The concept of competition is irrelevant; “competitors” are embraced to pursue purpose - Practices to listen into the organisation’s purpose - Everyone’s a sensor - Large group processes - Meditations, guided visualisations etc - Responding to outside prompting 2. Strategy Strategy course charted by top leadership - Strategy courses organically from the collective intelligence of self-managing employees 3. Innovation and Product Development - Outside in: customer surveys and segmentation define the offer - Client needs are created if necessary - Inside out: offer is defined by purpose - Guided by intuition and beauty 4. Supplier Management Suppliers chosen based on price and quality - Suppliers chosen also by fit and purpose 5. Purchasing and Investments - Authorisation limits linked to level in hierarchy - Investment budgets steered by top management - Anybody can spend any amount provided advice process is respected - Peer based challenging of team’s investment budget 6. Sales and marketing - Brands positioned to fit consumer segmentation (outside in) - Sales force driven by targets and incentives - Marketing as a simple proposition: this is our offer to the world (inside out) - No sales targets 7. Planning, Budgeting and Controlling - Based on “predict and control” - Painful cycles of mid-term planning, yearly and monthly budgets - Stick to the plan is the rule, deviations must be explained and gaps closed - Ambitious targets to motivate employees - Based on “sense and respond” - No or radically simplified budgets, no tracking of variance - Workable solutions and fast iterations instead of searching for “perfect” answers - Constant sensing of what’s needed - No targets 8. Environmental and Social Initiatives - Money as extrinsic yardstick: Only if it doesn’t cost too much initiate - Only the very top can begin initiatives with financial consequences - Integrity as intrinsic yardstick: What is the right thing to do? - Distributed initiative taking, everyone senses the right thing to do 9. Change Management - Whole arsenal of change management tools to get organisation from A to B - (“Change” no longer a relevant topic because organisation constantly adapts from within) 10. Crisis Management - Small group of advisors meet confidentially to support CEO in top- down decision making - Communication only when decision is made - Everyone involved to let the best response emerge from the collective intelligence - If advice process needs to be suspended, scope and time of suspension is defined
  40. 40. DevOpstastic Be DevOpstastic