10. Product Aligned Dev/Ops Team
Product Aligned Dev/Ops Team
Product Aligned Dev/Ops Team “DevOps Team”
The DevOps team are
responsible for the path to
production.
Tips to make DevOps team a
success:
• Enable other teams
• Don’t become a silo
• Coaching and training
• Reference Architecture
• Automate relentlessly
• Self service for product
aligned teams
Developers Testers IT Ops
Developers Testers IT Ops
Developers Testers IT Ops
13. Training
Evangelism
Enablement
Hiring
Enablement
Working with teams in a dual
delivery and upskilling capacity to
raise their own capability.
Hiring
Bringing in new skills with a
specific aim to upskill people in
DevOps approaches.
Training
Online and classroom based
training to teach people about
higher level or technical concepts
Evangelism
Exposing our people to industry
best practices and modern
approaches related to DevOps
01
02
03
04
Cultural Change, Coaching, Learning & Upskilling
22. 67.00
45.00 55.00 53.00
80.00
49.00
66.00 70.00
45.00 49.00
45.00
55.00
13.00
66.00
35.00 98.00
44.00
55.00
49.00
58.00
68.00
75.00
43.00
90.00
45.00
80.00
18.00
70.00
50.00
60.00
0.00
50.00
100.00
150.00
200.00
250.00
Team A Team B Team C Team D Team E Team F Team G Team H Team I Team J
DevOps Maturity Score
People Process Technology
0
5
10
15
20
25
30
1 2 3 4 5 6 7 8 9 10 11
DevOps Maturity
Team A Team B Team C
23. Technology– Operate & Improve
People –Organisational Design
Technology– Test & Deploy
Technology– Design & Buld
Process – Agile & Lean Maturity Process – Engineering Best Practices
Process – Ways of Working
People - Culture
People –Skills, Recruitment & Retention
30. Example – PCI Compliance
PCI 2.3 - Encrypt all non-console administrative access such as browser/Web-based management tools.
rules ’PCI 2.3 – Confirm telnet port not available'
rule on run_control
when
name = 'should be listening'
resource_type = 'port'
resource_name = '23'
status != 'success'
then
audit:error("PCI 2.3 - Encrypt all non-console
administrative access such as browser/Web-based
management tools.")
notify("security-team@financialcorp.com", "A
machine is listening for connections on port
23/telnet!")
end
end
RuleControl
controls 'port compliance' do
control port(23) do
it "has nothing listening"
expect(port(23)).to_not
be_listening
end
end
end
31. Example – SOX Compliance
SOX Section 302.4.B – Establish verifiable controls to track data access.
rules 'force key based auth'
rule on run_control
when
name = 'is disabled'
resource_type = 'File'
resource_name = '/etc/ssh/sshd_config'
status = 'failed'
then
audit:error("SOX Section 302.4.B – Establish
verifiable controls to track data access.")
notify(‘security-team@financialcorp.com’, "A
machine has password login enabled!")
end
end
RuleControl
controls 'password authentication' do
control file('/etc/ssh/sshd_config') do
it "is disabled”
expect(file('/etc/ssh/sshd_config')).to_not
match(/^s*PasswordAuthentications+yes/i)
end
end
end