Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Communications Between Tribes

714 views

Published on

A discussion of the importance of communication between people in different teams or working in different disciplines, with lots of examples from my time introducing devops practices to the UK Government.

Published in: Technology
  • Be the first to comment

Communications Between Tribes

  1. 1. (without introducing more risk) Communication between Tribes Puppet Gareth Rushgrove A story of silos, Devops and Government
  2. 2. (without introducing more risk) @garethr
  3. 3. (without introducing more risk) Gareth Rushgrove
  4. 4. (without introducing more risk) Backstory The very abridged version
  5. 5. Gareth Rushgrove
  6. 6. GDS
Government Digital Service Gareth Rushgrove
  7. 7. Gareth Rushgrove Gareth Rushgrove Technical Architect Government Digital Service @garethr
  8. 8. I’m no longer a civil servant. Thank you to everyone who is. Gareth Rushgrove
  9. 9. I learned the importance of communication first hand; from successes, failures and relentless observation Gareth Rushgrove
  10. 10. - Stories from Government - The importance of language - The power of stereotypes - A few Gareth Rushgrove Tips
  11. 11. (without introducing more risk) Different Languages One for each silo
  12. 12. Gareth Rushgrove Appreciating you’re a silo
  13. 13. Agile, lean, scrum, containers, iteration, stack, hypervisor, nosql, serverless, cloud, velocity… Gareth Rushgrove
  14. 14. Agile, lean, scrum, containers, iteration, stack, hypervisor, nosql, serverless, cloud, velocity… Gareth Rushgrove Developer silo
  15. 15. Incident, event, problem, COBIT, configuration management, capacity management, CAB… Gareth Rushgrove
  16. 16. Incident, event, problem, COBIT, configuration management, capacity management, CAB… Gareth Rushgrove IT silo
  17. 17. APT, threat model, risk, cyber, mitigation, control, kill chain, threat intelligence, opsec Gareth Rushgrove
  18. 18. APT, assume compromise, threat model, risk, mitigation, control Gareth Rushgrove Security silo
  19. 19. SPAD, MCO, GPG, CESG, CERT, GDS, IDP, DTO, 18F, USDS, IL3, OCTO, EUD Gareth Rushgrove
  20. 20. SPAD, MCO, GPG, CESG, CERT, GDS, IDP, DTO, 18F, USDS Gareth Rushgrove Government silo
  21. 21. the language and speech, especially the jargon, slang or argot, of a particular field, group or individual Gareth Rushgrove lingo noun plural noun: lingoes
  22. 22. Language acts as a barrier to entry to different communities Gareth Rushgrove
  23. 23. Language differences reinforce organisational silos Gareth Rushgrove
  24. 24. Gareth Rushgrove Identify words in your organisation that are only in use in certain groups or teams Tip
  25. 25. (without introducing more risk) The New Service Management Talking ITIL and agile
  26. 26. At GDS we talked a lot about Design, User Research, Agile and Open Source because they were fairly new to Government Gareth Rushgrove
  27. 27. Gareth Rushgrove We talked a lot about discovery and alpha because people started there
  28. 28. Gareth Rushgrove We hired a lot of software developers because Government had very few
  29. 29. Gareth Rushgrove We didn’t talk enough about operations
  30. 30. We didn’t talk enough about operations (to begin with because we weren’t running anything) Gareth Rushgrove
  31. 31. Gareth Rushgrove Don’t take things for granted, communicate about everything you care about Tip
  32. 32. Gareth Rushgrove Words often carry the weight of past experiences and other organisations Tip
  33. 33. Will the release really work? Gareth Rushgrove Paraphrasing one of my colleagues from 2012 ” “
  34. 34. Yes. We’ve done it more than 1000 times. I’m confident it works now Gareth Rushgrove Paraphrasing me ” “
  35. 35. Early members of GDS were mainly from media, startup and technology backgrounds Gareth Rushgrove
  36. 36. The formal language of Service Management* was unfamiliar to most Gareth Rushgrove *Ironically, ITIL was a creation of CCTA, a UK Government agency
  37. 37. But practices like automation, developers on-call, configuration management, continuous deployment, and automated testing were second nature Gareth Rushgrove
  38. 38. Gareth Rushgrove Transformation often means new types of people. They will bring their own language and assumptions Tip
  39. 39. We cancelled one configuration management effort because we couldn’t keep the spreadsheet up to date Gareth Rushgrove Remembering one conversation with an Government department ” “
  40. 40. The recommendation was to move from quarterly releases to one release every 6 months Gareth Rushgrove Remembering one conversation with an Government department ” “
  41. 41. Oh, we use an open source configuration management tool which reports state every 30 minutes for every device Gareth Rushgrove Remembering one conversation with an Government department ” “
  42. 42. Overlapping words from different tribes are often a great place to start collaborating Gareth Rushgrove Tip
  43. 43. (without introducing more risk) Stereotypes Understanding what people think of you
  44. 44. A lack of personal relationships, sometimes caused by the inability to communicate, leads to stereotypes Gareth Rushgrove
  45. 45. a widely held but fixed and oversimplified image or idea of a particular type of person or thing. Gareth Rushgrove stereotype noun plural noun: stereotypes
  46. 46. No Gareth Rushgrove Shiny new technology! We need bimodal IT What grade are you?
  47. 47. No Gareth Rushgrove Shiny new technology! We need bimodal IT What grade are you? Developer
  48. 48. No Gareth Rushgrove Shiny new technology! We need bimodal IT What grade are you? Government
  49. 49. No Gareth Rushgrove Shiny new technology! We need bimodal IT What grade are you? IT
  50. 50. No Gareth Rushgrove Shiny new technology! We need bimodal IT What grade are you? Security
  51. 51. Some silos are organisational Gareth Rushgrove
  52. 52. Many silos are personal Gareth Rushgrove
  53. 53. a fictional rogue systems administrator who takes out his anger on users and others who pester him with computer problems Gareth Rushgrove BOFH Bastard Operator from Hell
  54. 54. Subverting stereotypes as a way to build relationships Gareth Rushgrove Tip
  55. 55. (without introducing more risk) Security Says No? Experts, intermediaries and end users
  56. 56. Gareth Rushgrove
  57. 57. Scaling finite expertise is often done with stacks of paper policy Gareth Rushgrove
  58. 58. Making use of stacks of paper policy often involves middlemen Gareth Rushgrove
  59. 59. Having direct access to real domain experts* is awesome Gareth Rushgrove *Unfairly in my case that mean
  60. 60. I think you’ll find you can’t do that because of my interpretation of this wording in GPG13 Gareth Rushgrove Unfairly paraphrasing countless conversations with intermediaries” “
  61. 61. Let’s just ring Richard from GCHQ and see what he thinks Gareth Rushgrove ” “ Unfairly paraphrasing countless conversations with intermediaries
  62. 62. …! Gareth Rushgrove Paraphrasing countless conversations with intermediaries ” “
  63. 63. Don’t let scarcity of expertise lead to unapproachable stereotypes Gareth Rushgrove Tip
  64. 64. (without introducing more risk) Code as a Communication Medium Bridging policy and practice
  65. 65. The dreaded incident severity conversation Gareth Rushgrove
  66. 66. Critical, Major, Minor, P1, Sev2 Gareth Rushgrove
  67. 67. Stage 1 Everyone thinks everything is critical Gareth Rushgrove
  68. 68. Stage 2 Everyone thinks all incidents for there own service are critical Gareth Rushgrove
  69. 69. (without introducing more risk) Feature: Search @high Scenario: check search results on unified search Given I am testing through the full stack And I force a varnish cache miss When I search for "tax" using unified search Then I should see some search results @normal Scenario: check organisation filtering on unified search Given I am testing through the full stack And I force a varnish cache miss When I search for "policy" using unified search Then I should see organisations in the unified organisation filter @normal Scenario: check sitemap Given I am testing through the full stack And I force a varnish cache miss When I get the sitemap index Then It should contain a link to at least one sitemap file And I should be able to get all the referenced sitemap files GOV.UK Smoke Tests
  70. 70. (without introducing more risk) Feature: Search @high Scenario: check search resul Given I am testing through And I force a varnish cach When I search for "tax" us
  71. 71. The ambiguous nature of the written word Gareth Rushgrove
  72. 72. Lots of opportunities for policy as code Gareth Rushgrove
  73. 73. (without introducing more risk) // Should cache responses for the period defined in a `Cache-Control: // max-age=n` response header. func TestCacheCacheControlMaxAge(t *testing.T) { ResetBackends(backendsByPriority) const cacheDuration = time.Duration(5 * time.Second) headerValue := fmt.Sprintf("max-age=%.0f", cacheDuration.Seconds()) handler := func(w http.ResponseWriter) { w.Header().Set("Cache-Control", headerValue) } req := NewUniqueEdgeGET(t) testRequestsCachedDuration(t, req, handler, cacheDuration) } CDN Acceptance Tests
  74. 74. (without introducing more risk) Scenario: The application should not contain SQL injection vulnerabilities Meta: @id scan_sql_injection @cwe-89 Given a scanner with all policies disabled And the SQL-Injection policy is enabled And the attack strength is set to High And the alert threshold is set to Low When the scanner is run And the XML report is written to the file sql_injection.xml Then no Medium or higher risk vulnerabilities should be present BDD Security
  75. 75. (without introducing more risk) package { 'openssh': ensure => latest } Puppet
  76. 76. Where possible combine policy with implementation Gareth Rushgrove Tip
  77. 77. (without introducing more risk) Conclusions If all you remember is…
  78. 78. Share language as much as possible Gareth Rushgrove
  79. 79. Because sharing language makes shared tooling and process easier Gareth Rushgrove
  80. 80. And learning the language of another tribe is a fantastic way of breaking down silos Gareth Rushgrove
  81. 81. (without introducing more risk) What I Don’t Know How to Do Devops Enterprise Ask
  82. 82. What macro organisational structures limit the emergence of silos? Gareth Rushgrove
  83. 83. (without introducing more risk) Thanks Ask me questions later

×