This document provides an overview of a presentation given by Joshua Corman and Gene Kim on the topics of security, DevOps, and Rugged DevOps. Some key points:
- Joshua Corman is the director of security intelligence at Akamai Technologies and Gene Kim is a researcher and author known for his work on IT performance and DevOps.
- They discuss how traditional security models are no longer effective due to increasing development speeds and how Rugged DevOps combines principles of DevOps and security.
- Rugged DevOps focuses on operational discipline, situational awareness, and countermeasures to provide security in a way that does not hinder development workflows and speeds.
- The presentation
Kubernetes has evolved from Borg at Google to provide an open source platform for automating deployment, scaling, and management of containerized applications. The presentation discusses how to use Jenkins, Fabric8, and other tools to achieve continuous integration and delivery (CI/CD) with Kubernetes. It provides examples of configuring Jenkins and Fabric8 to build, test, and deploy container images to a Kubernetes cluster, illustrating an end-to-end CI/CD workflow on Kubernetes.
Speaker Recording Tips For Virtual DevOps Enterprise (And Why We're Pre-Recor...Gene Kim
In this presentation, I describe why we've decided to pre-record our talks for DevOps Enterprise Summit, and some of the top lessons learned for any speaker who needs to record their presentations.
I cover microphones, standing up, elevating your camera, adjusting your lighting, picking a good background, and record!
To learn more about the awesome DevOps Enterprise Summit programming here: https://itrevolution.com/london-virtual-what-to-expect/
The Unicorn Project and The Five Ideals (Updated Dec 2019)Gene Kim
It is impossible to overstate how much I’ve learned since co-authoring The Phoenix Project, DevOps Handbook, and Accelerate. I’m so excited that after years of work, The Unicorn Project will be published later this year.
This book is my attempt to frame what I’ve learned studying technology leaders adopting DevOps principles and patterns in large, complex organizations, often having to fight deeply entrenched orthodoxies. And yet, despite huge obstacles, they create incredibly effective and innovative teams that create beacons of greatness that inspire us all.
In this book, we follow a senior lead developer and architect as she is exiled to the Phoenix Project, to the horror of her friends and colleagues, as punishment for contributing to a payroll outage. She tries to survive in what feels like a heartless and uncaring bureaucracy, forced to work within a system where no one can get anything done without endless committees, paperwork, change requests, and approvals. Decades of technical debt make even small changes difficult or impossible, often causing catastrophic outcomes and fear of punishment.
I get tremendous delight and gratification that this book is not about the bridge crew of the Starship Enterprise -- instead, it is about redshirt engineers, which as it turns out, whose heroic work matters most to the long-term survival of almost every organization.
In my previous books, I’ve focused on principles and practices (e.g., Three Ways, Four Types of Work). However, I’ve always wanted to describe the spectrum of cultural, experiential and value decisions we make that either enable greatness, or create chronic suffering and underperformance. They are currently as follows:
• The First Ideal — Locality and Simplicity
• The Second Ideal — Focus, Flow and Joy
• The Third Ideal — Improvement of Daily Work
• The Fourth Ideal — Psychological Safety
• The Fifth Ideal — Customer Focus
In this talk, I’ll share with you my goals and aspirations for The Unicorn Project, describe in detail the Five Ideals, along with my favorite case studies of both ideal and non-ideal, and why I believe more than ever that DevOps will be one of the most potent economic forces for decades to come.
2019 12 Clojure/conj: Love Letter To Clojure, and A Datomic Experience ReportGene Kim
Talk video: https://www.youtube.com/watch?v=5mbp3SEha38&t=1652s
Blog post: https://itrevolution.com/love-letter-to-clojure-part-1
I will explain how learning the Clojure programming language three years ago changed my life. It led to a series of revelations about all the invisible structures that are required to enable developers to be productive. These concepts show up all over The Unicorn Project, but most prominently in the First Ideal of Locality and Simplicity, and how it can lead to the Second Ideal of Focus, Flow, and Joy.
Without doubt, Clojure was one of the most difficult things I’ve learned professionally, but it has also been one of the most rewarding. It brought the joy of programming back into my life. For the first time in my career, as I’m nearing fifty years old, I’m finally able to write programs that do what I want them to do, and am able to build upon them for years without them collapsing like a house of cards, as has been my normal experience.
The famous French philosopher Claude Lévi-Strauss would say of certain tools, “Is it good to think with?” For reasons that I will try to explain in this post, Clojure embraces a set of design principles and sensibilities that were new to me: functional programming, immutability, an astonishingly strong sense of conservative minimalism (e.g., hardly any breaking changes in ten years!), and much more…
Clojure introduced to me a far better set of tools to think with and to also build with. It’s also led to a set of aha moments that explain why for decades my code would eventually fall apart, becoming more and more difficult to change, as if collapsing under its own weight. Learning Clojure taught me how to prevent myself from constantly self-sabotaging my code in this way.
GitHub Universe: 2019: Exemplars, Laggards, and Hoarders A Data-driven Look a...Gene Kim
This document discusses a study of the Java Maven ecosystem to analyze relationships between practices and security/update outcomes. It outlines hypotheses that projects releasing frequently and updating dependencies frequently will have better security. Data on 310,888 components was gathered on attributes like release frequency, dependencies, vulnerabilities. Preliminary findings show a correlation between faster updating and better security. The goals of further studies are outlined.
The Unicorn Project and The Five Ideals (older: see notes for newer version)Gene Kim
Updated version here (Dec 2019): https://www.slideshare.net/realgenekim/the-unicorn-project-and-the-five-ideals-updated-dec-2019
It is impossible to overstate how much I’ve learned since co-authoring The Phoenix Project, DevOps Handbook, and Accelerate. I’m so excited that after years of work, The Unicorn Project will be published later this year.
This book is my attempt to frame what I’ve learned studying technology leaders adopting DevOps principles and patterns in large, complex organizations, often having to fight deeply entrenched orthodoxies. And yet, despite huge obstacles, they create incredibly effective and innovative teams that create beacons of greatness that inspire us all.
In this book, we follow a senior lead developer and architect as she is exiled to the Phoenix Project, to the horror of her friends and colleagues, as punishment for contributing to a payroll outage. She tries to survive in what feels like a heartless and uncaring bureaucracy, forced to work within a system where no one can get anything done without endless committees, paperwork, change requests, and approvals. Decades of technical debt make even small changes difficult or impossible, often causing catastrophic outcomes and fear of punishment.
I get tremendous delight and gratification that this book is not about the bridge crew of the Starship Enterprise -- instead, it is about redshirt engineers, which as it turns out, whose heroic work matters most to the long-term survival of almost every organization.
In my previous books, I’ve focused on principles and practices (e.g., Three Ways, Four Types of Work). However, I’ve always wanted to describe the spectrum of cultural, experiential and value decisions we make that either enable greatness, or create chronic suffering and underperformance. They are currently as follows:
• The First Ideal — Locality and Simplicity
• The Second Ideal — Focus, Flow and Joy
• The Third Ideal — Improvement of Daily Work
• The Fourth Ideal — Psychological Safety
• The Fifth Ideal — Customer Focus
In this talk, I’ll share with you my goals and aspirations for The Unicorn Project, describe in detail the Five Ideals, along with my favorite case studies of both ideal and non-ideal, and why I believe more than ever that DevOps will be one of the most potent economic forces for decades to come.
2019 Top Lessons Learned Since the Phoenix Project Was ReleasedGene Kim
This document summarizes key lessons from a presentation by Gene Kim on building a world-class engineering culture. Some of the main surprises discussed include: (1) the business value of DevOps is even higher than previously thought, (2) DevOps benefits operations and security as much as development, (3) measuring code deployment lead time is more important than deployments per day, and (4) Conway's Law has implications for organizational structure and architecture. The presentation also discusses how DevOps enables organizations to become dynamic learning organizations.
Kubernetes has evolved from Borg at Google to provide an open source platform for automating deployment, scaling, and management of containerized applications. The presentation discusses how to use Jenkins, Fabric8, and other tools to achieve continuous integration and delivery (CI/CD) with Kubernetes. It provides examples of configuring Jenkins and Fabric8 to build, test, and deploy container images to a Kubernetes cluster, illustrating an end-to-end CI/CD workflow on Kubernetes.
Speaker Recording Tips For Virtual DevOps Enterprise (And Why We're Pre-Recor...Gene Kim
In this presentation, I describe why we've decided to pre-record our talks for DevOps Enterprise Summit, and some of the top lessons learned for any speaker who needs to record their presentations.
I cover microphones, standing up, elevating your camera, adjusting your lighting, picking a good background, and record!
To learn more about the awesome DevOps Enterprise Summit programming here: https://itrevolution.com/london-virtual-what-to-expect/
The Unicorn Project and The Five Ideals (Updated Dec 2019)Gene Kim
It is impossible to overstate how much I’ve learned since co-authoring The Phoenix Project, DevOps Handbook, and Accelerate. I’m so excited that after years of work, The Unicorn Project will be published later this year.
This book is my attempt to frame what I’ve learned studying technology leaders adopting DevOps principles and patterns in large, complex organizations, often having to fight deeply entrenched orthodoxies. And yet, despite huge obstacles, they create incredibly effective and innovative teams that create beacons of greatness that inspire us all.
In this book, we follow a senior lead developer and architect as she is exiled to the Phoenix Project, to the horror of her friends and colleagues, as punishment for contributing to a payroll outage. She tries to survive in what feels like a heartless and uncaring bureaucracy, forced to work within a system where no one can get anything done without endless committees, paperwork, change requests, and approvals. Decades of technical debt make even small changes difficult or impossible, often causing catastrophic outcomes and fear of punishment.
I get tremendous delight and gratification that this book is not about the bridge crew of the Starship Enterprise -- instead, it is about redshirt engineers, which as it turns out, whose heroic work matters most to the long-term survival of almost every organization.
In my previous books, I’ve focused on principles and practices (e.g., Three Ways, Four Types of Work). However, I’ve always wanted to describe the spectrum of cultural, experiential and value decisions we make that either enable greatness, or create chronic suffering and underperformance. They are currently as follows:
• The First Ideal — Locality and Simplicity
• The Second Ideal — Focus, Flow and Joy
• The Third Ideal — Improvement of Daily Work
• The Fourth Ideal — Psychological Safety
• The Fifth Ideal — Customer Focus
In this talk, I’ll share with you my goals and aspirations for The Unicorn Project, describe in detail the Five Ideals, along with my favorite case studies of both ideal and non-ideal, and why I believe more than ever that DevOps will be one of the most potent economic forces for decades to come.
2019 12 Clojure/conj: Love Letter To Clojure, and A Datomic Experience ReportGene Kim
Talk video: https://www.youtube.com/watch?v=5mbp3SEha38&t=1652s
Blog post: https://itrevolution.com/love-letter-to-clojure-part-1
I will explain how learning the Clojure programming language three years ago changed my life. It led to a series of revelations about all the invisible structures that are required to enable developers to be productive. These concepts show up all over The Unicorn Project, but most prominently in the First Ideal of Locality and Simplicity, and how it can lead to the Second Ideal of Focus, Flow, and Joy.
Without doubt, Clojure was one of the most difficult things I’ve learned professionally, but it has also been one of the most rewarding. It brought the joy of programming back into my life. For the first time in my career, as I’m nearing fifty years old, I’m finally able to write programs that do what I want them to do, and am able to build upon them for years without them collapsing like a house of cards, as has been my normal experience.
The famous French philosopher Claude Lévi-Strauss would say of certain tools, “Is it good to think with?” For reasons that I will try to explain in this post, Clojure embraces a set of design principles and sensibilities that were new to me: functional programming, immutability, an astonishingly strong sense of conservative minimalism (e.g., hardly any breaking changes in ten years!), and much more…
Clojure introduced to me a far better set of tools to think with and to also build with. It’s also led to a set of aha moments that explain why for decades my code would eventually fall apart, becoming more and more difficult to change, as if collapsing under its own weight. Learning Clojure taught me how to prevent myself from constantly self-sabotaging my code in this way.
GitHub Universe: 2019: Exemplars, Laggards, and Hoarders A Data-driven Look a...Gene Kim
This document discusses a study of the Java Maven ecosystem to analyze relationships between practices and security/update outcomes. It outlines hypotheses that projects releasing frequently and updating dependencies frequently will have better security. Data on 310,888 components was gathered on attributes like release frequency, dependencies, vulnerabilities. Preliminary findings show a correlation between faster updating and better security. The goals of further studies are outlined.
The Unicorn Project and The Five Ideals (older: see notes for newer version)Gene Kim
Updated version here (Dec 2019): https://www.slideshare.net/realgenekim/the-unicorn-project-and-the-five-ideals-updated-dec-2019
It is impossible to overstate how much I’ve learned since co-authoring The Phoenix Project, DevOps Handbook, and Accelerate. I’m so excited that after years of work, The Unicorn Project will be published later this year.
This book is my attempt to frame what I’ve learned studying technology leaders adopting DevOps principles and patterns in large, complex organizations, often having to fight deeply entrenched orthodoxies. And yet, despite huge obstacles, they create incredibly effective and innovative teams that create beacons of greatness that inspire us all.
In this book, we follow a senior lead developer and architect as she is exiled to the Phoenix Project, to the horror of her friends and colleagues, as punishment for contributing to a payroll outage. She tries to survive in what feels like a heartless and uncaring bureaucracy, forced to work within a system where no one can get anything done without endless committees, paperwork, change requests, and approvals. Decades of technical debt make even small changes difficult or impossible, often causing catastrophic outcomes and fear of punishment.
I get tremendous delight and gratification that this book is not about the bridge crew of the Starship Enterprise -- instead, it is about redshirt engineers, which as it turns out, whose heroic work matters most to the long-term survival of almost every organization.
In my previous books, I’ve focused on principles and practices (e.g., Three Ways, Four Types of Work). However, I’ve always wanted to describe the spectrum of cultural, experiential and value decisions we make that either enable greatness, or create chronic suffering and underperformance. They are currently as follows:
• The First Ideal — Locality and Simplicity
• The Second Ideal — Focus, Flow and Joy
• The Third Ideal — Improvement of Daily Work
• The Fourth Ideal — Psychological Safety
• The Fifth Ideal — Customer Focus
In this talk, I’ll share with you my goals and aspirations for The Unicorn Project, describe in detail the Five Ideals, along with my favorite case studies of both ideal and non-ideal, and why I believe more than ever that DevOps will be one of the most potent economic forces for decades to come.
2019 Top Lessons Learned Since the Phoenix Project Was ReleasedGene Kim
This document summarizes key lessons from a presentation by Gene Kim on building a world-class engineering culture. Some of the main surprises discussed include: (1) the business value of DevOps is even higher than previously thought, (2) DevOps benefits operations and security as much as development, (3) measuring code deployment lead time is more important than deployments per day, and (4) Conway's Law has implications for organizational structure and architecture. The presentation also discusses how DevOps enables organizations to become dynamic learning organizations.
Keeping The Auditor Away: DevOps Audit Compliance Case StudiesGene Kim
GenOrganizations and development teams are moving beyond waterfall models to those embracing a continuous delivery/DevOps-style set of processes. The deployment of doing tens, hundreds, or even thousands of deploys per day as 'normal' does not align to the SDLC, separation of duties, and common controls expected by auditors.
In this presentation, we will describe what auditors look for in a compliance audit, how to develop alternate control procedures that fulfill those reporting requirements, how to avoid “red flags” that indicate inadequate controls, and real world case studies and reporting artifacts.
Gene Kim has been studying high performing IT organizations since 1999 and helped develop the SOX scoping guidelines with the Institute of Internal Auditors in 2005. James DeLuccia IV is the leader for the Ernst & Young Americas Certification Services, James oversees all of the audits against common industry standards, and champions several global program implementation roll-outs. Developing and 'translating' the control environment behaviors of clients, such as Google, Amazon, Workday, and others is difficult. This discussion will bridge the needs of auditors with the community of developers by sharing examples, discussing the assurance expectations, and how to communicate to pass an audit.
2014 State Of DevOps Findings! Velocity ConferenceGene Kim
This document summarizes a presentation given by Nicole Forsgren Velasquez, Jez Humble, Nigel Kersten and Gene Kim on the findings from Puppet Labs' 2014 State of DevOps report. Some key findings include organizations with high performing IT having 30x more frequent deployments and being 8,000x faster. Additional findings showed a correlation between IT performance metrics like deployment frequency and mean time to recover with practices like continuous delivery and version control. High performing organizations also had higher levels of organizational culture, job satisfaction, trust and relationships between teams.
DevOps: Who Will Create $2.6 Trillion In Business Value Per Year?Gene Kim
This document discusses the benefits of adopting DevOps practices. It notes that wasted IT spending amounts to $2.6 trillion per year and that traditional divisions between development and operations hamper business goals. Adopting DevOps allows for faster delivery of code changes, more reliable systems through better feedback, and an organizational culture of continual learning through experimentation. Companies that have implemented DevOps see benefits like 30x more frequent deployments, 8,000x faster lead times, and higher success rates and availability. The document advocates that all organizations can achieve these gains through DevOps.
2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!Gene Kim
The document summarizes key findings from a 2012 survey on DevOps practices conducted by Puppet Labs, Gene Kim, and Jez Humble. The survey had over 4000 responses and aimed to understand the link between DevOps behaviors and performance. Key findings included that high performing DevOps teams deployed code much more frequently (30x more), had significantly shorter lead times for changes (8000x shorter), and were more reliable with fewer failed changes and faster mean time to restore service. Technical practices like infrastructure automation and version control correlated strongly with better performance. Organizations that adopted DevOps practices over 12 months prior performed significantly better. The document also discusses challenges in measuring culture and psychographics in DevOps.
The document discusses how to better sell DevOps practices to organizations. It begins by describing the downward spiral of tensions between IT operations and development teams as applications become more fragile and difficult to deploy. It then provides suggestions for framing the problems organizations face in a way that shows how DevOps practices can help address significant business issues. The document concludes by highlighting examples of organizations successfully implementing DevOps and offers additional resources for learning more.
Why Everyone Needs DevOps Now: 15 Year Study Of High Performing Technology OrgsGene Kim
This presentation describes my interpretation of the Why and How of DevOps, and the key findings from my 15 year study of high-performing IT organizations, and how they simultaneously deliver stellar service levels and rapid implementation of new features into the production environment.
Organizations employing DevOps practices such as Google, Amazon, Facebook, Etsy and Twitter are routinely deploying code into production hundreds, or even thousands, of times per day, while providing world-class availability, reliability and security. In contrast, most organizations struggle to do releases more every nine months.
He will present how these high-performing organizations achieve this fast flow of work through Product Management and Development, through QA and Infosec, and into IT Operations. By doing so, other organizations can now replicate the extraordinary culture and outcomes enabling their organization to win in the marketplace.
Kevin Behr: Integrating Controls and Process ImprovementGene Kim
The document discusses integrating controls and process improvement. It notes that human-caused changes are responsible for 78% of system outages. The current approach does little to address this problem. The organization implemented a framework called ITIL and methodology called Visible Ops to better integrate controls and improve processes. This aims to increase operational efficiencies, service levels, and reduce problem resolution times through preventative and detective controls.
2012 Velocity London: DevOps Patterns DistilledGene Kim
2012 Velocity London,
Presentation by Patrick Debois (@patrickdebois), Damon Edwards (@damonedwards), Gene Kim (@realgenekim), John Willis (@botchagalupe)
This document summarizes Gene Kim's presentation on how organizations can adopt a DevOps approach. It outlines three ways to achieve DevOps: (1) use systems thinking to understand workflow and increase flow, (2) amplify feedback loops to improve quality and respond to needs, and (3) foster a culture of continual experimentation and learning. Specific practices are provided for each way, like defining work, embedding dev in ops, and breaking things early. The presentation warns that the status quo leads to a downward spiral but DevOps can help organizations overcome tensions and do more with less effort.
The document is a transcript from a presentation given by Joshua Corman and Gene Kim at a security conference in San Francisco in September 2012. The presentation discusses the problems with current security practices, introduces the concepts of DevOps and Rugged DevOps, and provides three ways ("systems thinking", "amplifying feedback loops", and "culture of continual experimentation") to implement Rugged DevOps practices to improve security. The overall message is that cultural and process changes are needed, not just technical fixes, to build more secure software.
Infosec at Ludicrous Speeds - Rugged DevOps Gene Kim
The document discusses how information security (infosec) teams can adopt a DevOps approach. It describes five "acts" that outline historical tensions between different IT groups like operations, development, and infosec. It then provides three ways for infosec to integrate with DevOps: using systems thinking to understand workflow; amplifying feedback loops to fix issues faster; and embracing a culture of experimentation. Specific practices are outlined for each way to help infosec contribute to the organizational DevOps journey.
This document summarizes Gene Kim's presentation on how IT failures can cause business failures. Some key points:
- IT is now involved in 95% of capital projects and 50% of capital spending, so IT issues directly impact businesses.
- Companies with IT-related weaknesses saw 8x higher CEO turnover and were less profitable than companies without such issues.
- High performing IT organizations have fewer issues, fix problems faster, implement changes more successfully, and have less unplanned work than average organizations.
- The relationship between IT operations and development can spiral downward if too many fragile applications are deployed without sufficient controls.
- Kim's mission is to help organizations understand why IT fails and fix it by chronicling an IT
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev opsGene Kim
This document summarizes a presentation by Gene Kim on DevOps practices. It discusses how high performing IT organizations excel at areas like security, change management and incident response compared to average organizations. The presentation explores how the relationship between development and operations can become strained, leading to a downward spiral. DevOps principles like automation, collaboration and shared goals between Dev and Ops are presented as a way to break this cycle by increasing speed and reliability. The concept of systems thinking is discussed as important for understanding how work flows through the entire system from business to customer.
Kim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6aGene Kim
The document discusses a presentation by Gene Kim on DevOps and high performing organizations. Some key points discussed include:
1) High performing IT organizations maintain compliance, find and fix security issues faster, have fewer failed changes and outages, and manage resources more efficiently.
2) DevOps aims to break the "core chronic conflict" in IT between responding quickly to business needs and providing stable services.
3) DevOps is implemented through three "ways" - systems thinking to increase flow and reduce waste, amplifying feedback loops between development and operations, and fostering a culture of experimentation and learning.
4) Transforming organizations use techniques like integrating development and operations teams, implementing continuous delivery pipelines,
The document discusses how the Sarbanes-Oxley Act of 2002 led to disproportionate focus on IT controls in SOX-404 compliance efforts. This created problems and challenges as there was no clear guidance on how to scope IT processes and controls to specific internal control objectives. The document proposes that defining new terms, similar to how terms like "force" and "mass" helped Newton formulate his laws of motion, could help address this problem. It suggests an approach taken in another document could help create equivalence for exceptions in IT controls.
SecureWorld Kim - Infosec at Ludicrous Speeds - Rugged DevOps 6aGene Kim
The document is a presentation about DevOps and achieving high performance in IT organizations. It discusses how DevOps approaches can help organizations break the "core chronic conflict" between responding quickly to business needs while also providing stable, secure services. It presents three "ways" to achieve DevOps: systems thinking, amplifying feedback loops, and developing a culture of continual experimentation and learning. Examples are given of how different teams like operations, development, security can adopt DevOps approaches. The overall message is that DevOps transformation requires cross-functional collaboration and breaking down barriers between teams.
ServiceNow ITIL at Ludicrous Speeds - Rugged DevOpsGene Kim
The document discusses the DevOps approach to improving collaboration between development and operations teams. It describes three ways to implement DevOps: (1) taking a systems thinking approach to optimize the entire system rather than local parts, (2) amplifying feedback loops to improve communication across teams, and (3) fostering a culture of continual learning through experimentation. Specific practices discussed include integrating operations into the development process, conducting joint root cause analyses, and implementing chaos engineering to increase resiliency. The document argues that DevOps can help break the "IT core conflict" and help the business succeed.
Winnipeg ISACA Security is Dead, Rugged DevOpsGene Kim
This document summarizes a presentation given by Gene Kim on infosec and DevOps. It discusses research that found high performing IT organizations have fewer security issues and implement changes more successfully. The presentation introduces the concepts of Rugged software development and DevOps. It provides an overview of how to implement DevOps through systems thinking, amplifying feedback loops, and developing a culture of experimentation. Key aspects include integrating operations, security and development teams and processes. The goal is to reduce issues and improve flow to help the business.
SecureWorld: Security is Dead, Rugged DevOps 1fGene Kim
This document provides an introduction to a presentation by Joshua Corman and Gene Kim on Rugged DevOps. It includes brief biographies of the presenters and outlines some of the key topics to be covered, including how security is evolving from a separate function to an integrated part of rapid software development. The presentation will explore how organizations can adopt practices like DevOps to help break the chronic conflict between rapid innovation and stable operations.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Keeping The Auditor Away: DevOps Audit Compliance Case StudiesGene Kim
GenOrganizations and development teams are moving beyond waterfall models to those embracing a continuous delivery/DevOps-style set of processes. The deployment of doing tens, hundreds, or even thousands of deploys per day as 'normal' does not align to the SDLC, separation of duties, and common controls expected by auditors.
In this presentation, we will describe what auditors look for in a compliance audit, how to develop alternate control procedures that fulfill those reporting requirements, how to avoid “red flags” that indicate inadequate controls, and real world case studies and reporting artifacts.
Gene Kim has been studying high performing IT organizations since 1999 and helped develop the SOX scoping guidelines with the Institute of Internal Auditors in 2005. James DeLuccia IV is the leader for the Ernst & Young Americas Certification Services, James oversees all of the audits against common industry standards, and champions several global program implementation roll-outs. Developing and 'translating' the control environment behaviors of clients, such as Google, Amazon, Workday, and others is difficult. This discussion will bridge the needs of auditors with the community of developers by sharing examples, discussing the assurance expectations, and how to communicate to pass an audit.
2014 State Of DevOps Findings! Velocity ConferenceGene Kim
This document summarizes a presentation given by Nicole Forsgren Velasquez, Jez Humble, Nigel Kersten and Gene Kim on the findings from Puppet Labs' 2014 State of DevOps report. Some key findings include organizations with high performing IT having 30x more frequent deployments and being 8,000x faster. Additional findings showed a correlation between IT performance metrics like deployment frequency and mean time to recover with practices like continuous delivery and version control. High performing organizations also had higher levels of organizational culture, job satisfaction, trust and relationships between teams.
DevOps: Who Will Create $2.6 Trillion In Business Value Per Year?Gene Kim
This document discusses the benefits of adopting DevOps practices. It notes that wasted IT spending amounts to $2.6 trillion per year and that traditional divisions between development and operations hamper business goals. Adopting DevOps allows for faster delivery of code changes, more reliable systems through better feedback, and an organizational culture of continual learning through experimentation. Companies that have implemented DevOps see benefits like 30x more frequent deployments, 8,000x faster lead times, and higher success rates and availability. The document advocates that all organizations can achieve these gains through DevOps.
2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!Gene Kim
The document summarizes key findings from a 2012 survey on DevOps practices conducted by Puppet Labs, Gene Kim, and Jez Humble. The survey had over 4000 responses and aimed to understand the link between DevOps behaviors and performance. Key findings included that high performing DevOps teams deployed code much more frequently (30x more), had significantly shorter lead times for changes (8000x shorter), and were more reliable with fewer failed changes and faster mean time to restore service. Technical practices like infrastructure automation and version control correlated strongly with better performance. Organizations that adopted DevOps practices over 12 months prior performed significantly better. The document also discusses challenges in measuring culture and psychographics in DevOps.
The document discusses how to better sell DevOps practices to organizations. It begins by describing the downward spiral of tensions between IT operations and development teams as applications become more fragile and difficult to deploy. It then provides suggestions for framing the problems organizations face in a way that shows how DevOps practices can help address significant business issues. The document concludes by highlighting examples of organizations successfully implementing DevOps and offers additional resources for learning more.
Why Everyone Needs DevOps Now: 15 Year Study Of High Performing Technology OrgsGene Kim
This presentation describes my interpretation of the Why and How of DevOps, and the key findings from my 15 year study of high-performing IT organizations, and how they simultaneously deliver stellar service levels and rapid implementation of new features into the production environment.
Organizations employing DevOps practices such as Google, Amazon, Facebook, Etsy and Twitter are routinely deploying code into production hundreds, or even thousands, of times per day, while providing world-class availability, reliability and security. In contrast, most organizations struggle to do releases more every nine months.
He will present how these high-performing organizations achieve this fast flow of work through Product Management and Development, through QA and Infosec, and into IT Operations. By doing so, other organizations can now replicate the extraordinary culture and outcomes enabling their organization to win in the marketplace.
Kevin Behr: Integrating Controls and Process ImprovementGene Kim
The document discusses integrating controls and process improvement. It notes that human-caused changes are responsible for 78% of system outages. The current approach does little to address this problem. The organization implemented a framework called ITIL and methodology called Visible Ops to better integrate controls and improve processes. This aims to increase operational efficiencies, service levels, and reduce problem resolution times through preventative and detective controls.
2012 Velocity London: DevOps Patterns DistilledGene Kim
2012 Velocity London,
Presentation by Patrick Debois (@patrickdebois), Damon Edwards (@damonedwards), Gene Kim (@realgenekim), John Willis (@botchagalupe)
This document summarizes Gene Kim's presentation on how organizations can adopt a DevOps approach. It outlines three ways to achieve DevOps: (1) use systems thinking to understand workflow and increase flow, (2) amplify feedback loops to improve quality and respond to needs, and (3) foster a culture of continual experimentation and learning. Specific practices are provided for each way, like defining work, embedding dev in ops, and breaking things early. The presentation warns that the status quo leads to a downward spiral but DevOps can help organizations overcome tensions and do more with less effort.
The document is a transcript from a presentation given by Joshua Corman and Gene Kim at a security conference in San Francisco in September 2012. The presentation discusses the problems with current security practices, introduces the concepts of DevOps and Rugged DevOps, and provides three ways ("systems thinking", "amplifying feedback loops", and "culture of continual experimentation") to implement Rugged DevOps practices to improve security. The overall message is that cultural and process changes are needed, not just technical fixes, to build more secure software.
Infosec at Ludicrous Speeds - Rugged DevOps Gene Kim
The document discusses how information security (infosec) teams can adopt a DevOps approach. It describes five "acts" that outline historical tensions between different IT groups like operations, development, and infosec. It then provides three ways for infosec to integrate with DevOps: using systems thinking to understand workflow; amplifying feedback loops to fix issues faster; and embracing a culture of experimentation. Specific practices are outlined for each way to help infosec contribute to the organizational DevOps journey.
This document summarizes Gene Kim's presentation on how IT failures can cause business failures. Some key points:
- IT is now involved in 95% of capital projects and 50% of capital spending, so IT issues directly impact businesses.
- Companies with IT-related weaknesses saw 8x higher CEO turnover and were less profitable than companies without such issues.
- High performing IT organizations have fewer issues, fix problems faster, implement changes more successfully, and have less unplanned work than average organizations.
- The relationship between IT operations and development can spiral downward if too many fragile applications are deployed without sufficient controls.
- Kim's mission is to help organizations understand why IT fails and fix it by chronicling an IT
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev opsGene Kim
This document summarizes a presentation by Gene Kim on DevOps practices. It discusses how high performing IT organizations excel at areas like security, change management and incident response compared to average organizations. The presentation explores how the relationship between development and operations can become strained, leading to a downward spiral. DevOps principles like automation, collaboration and shared goals between Dev and Ops are presented as a way to break this cycle by increasing speed and reliability. The concept of systems thinking is discussed as important for understanding how work flows through the entire system from business to customer.
Kim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6aGene Kim
The document discusses a presentation by Gene Kim on DevOps and high performing organizations. Some key points discussed include:
1) High performing IT organizations maintain compliance, find and fix security issues faster, have fewer failed changes and outages, and manage resources more efficiently.
2) DevOps aims to break the "core chronic conflict" in IT between responding quickly to business needs and providing stable services.
3) DevOps is implemented through three "ways" - systems thinking to increase flow and reduce waste, amplifying feedback loops between development and operations, and fostering a culture of experimentation and learning.
4) Transforming organizations use techniques like integrating development and operations teams, implementing continuous delivery pipelines,
The document discusses how the Sarbanes-Oxley Act of 2002 led to disproportionate focus on IT controls in SOX-404 compliance efforts. This created problems and challenges as there was no clear guidance on how to scope IT processes and controls to specific internal control objectives. The document proposes that defining new terms, similar to how terms like "force" and "mass" helped Newton formulate his laws of motion, could help address this problem. It suggests an approach taken in another document could help create equivalence for exceptions in IT controls.
SecureWorld Kim - Infosec at Ludicrous Speeds - Rugged DevOps 6aGene Kim
The document is a presentation about DevOps and achieving high performance in IT organizations. It discusses how DevOps approaches can help organizations break the "core chronic conflict" between responding quickly to business needs while also providing stable, secure services. It presents three "ways" to achieve DevOps: systems thinking, amplifying feedback loops, and developing a culture of continual experimentation and learning. Examples are given of how different teams like operations, development, security can adopt DevOps approaches. The overall message is that DevOps transformation requires cross-functional collaboration and breaking down barriers between teams.
ServiceNow ITIL at Ludicrous Speeds - Rugged DevOpsGene Kim
The document discusses the DevOps approach to improving collaboration between development and operations teams. It describes three ways to implement DevOps: (1) taking a systems thinking approach to optimize the entire system rather than local parts, (2) amplifying feedback loops to improve communication across teams, and (3) fostering a culture of continual learning through experimentation. Specific practices discussed include integrating operations into the development process, conducting joint root cause analyses, and implementing chaos engineering to increase resiliency. The document argues that DevOps can help break the "IT core conflict" and help the business succeed.
Winnipeg ISACA Security is Dead, Rugged DevOpsGene Kim
This document summarizes a presentation given by Gene Kim on infosec and DevOps. It discusses research that found high performing IT organizations have fewer security issues and implement changes more successfully. The presentation introduces the concepts of Rugged software development and DevOps. It provides an overview of how to implement DevOps through systems thinking, amplifying feedback loops, and developing a culture of experimentation. Key aspects include integrating operations, security and development teams and processes. The goal is to reduce issues and improve flow to help the business.
SecureWorld: Security is Dead, Rugged DevOps 1fGene Kim
This document provides an introduction to a presentation by Joshua Corman and Gene Kim on Rugged DevOps. It includes brief biographies of the presenters and outlines some of the key topics to be covered, including how security is evolving from a separate function to an integrated part of rapid software development. The presentation will explore how organizations can adopt practices like DevOps to help break the chronic conflict between rapid innovation and stable operations.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Security is Dead. Long Live Rugged DevOps: IT at Ludicrous Speed
1. Security is Dead.
Long Live Rugged DevOps:
IT at Ludicrous Speed…
Joshua Corman & Gene Kim
Session ID: CLD-106
Session Classification: Intermediate
2. About Joshua Corman
Director of Security Intelligence for Akamai Technologies
Former Research Director, Enterprise Security [The 451 Group]
Former Principal Security Strategist [IBM ISS]
Industry:
Expert Faculty: The Institute for Applied Network Security (IANS)
2009 NetworkWorld Top 10 Tech People to Know
Co-Founder of “Rugged Software” www.ruggedsoftware.org
BLOG: www.cognitivedissidents.com
Things I’ve been researching:
Compliance vs Security
Disruptive Security for Disruptive Innovations
Chaotic Actors
Espionage
Security Metrics
2
3. About Gene Kim
Researcher, Author
Industry:
Invented and founded Tripwire, CTO (1997-2010)
Co-author: “Visible Ops Handbook”(2006), “Visible Ops Security” (2008)
Co-author: “When IT Fails: The Novel,” “The DevOps Cookbook” (Coming
May 2012)
Things I’ve been researching:
Benchmarked 1300+ IT organizations to test effectiveness of IT controls vs.
IT performance
DevOps, Rugged DevOps
Scoping PCI Cardholder Data Environment (#FAIL)
3
4. Agenda
Problem statement
What is DevOps?
What is Rugged?
What is Rugged DevOps?
Things you can do right away
4
5. Potentially Unfamiliar Words You Will See
Kanban
Andon cord
Sprints
Rugged
DevOps
Bottleneck
Systems thinking
Controls reliance
5
21. High Performing IT Organizations
High performers maintain a posture of compliance
Fewest number of repeat audit findings
One-third amount of audit preparation effort
High performers find and fix security breaches faster
5 times more likely to detect breaches by automated control
5 times less likely to have breaches result in a loss event
When high performers implement changes…
14 times more changes
One-half the change failure rate
One-quarter the first fix failure rate
10x faster MTTR for Sev 1 outages
When high performers manage IT resources…
One-third the amount of unplanned work
8 times more projects and IT services
6 times more applications
Source: IT Process Institute, 2008
Source: IT Process Institute, 2008
22. 2007: Three Controls Predict 60% Of
Performance
To what extent does an organization define,
monitor and enforce the following?
Standardized configuration strategy
Process discipline
Controlled access to production systems
Source: IT Process Institute, 2008
56. DevOps: It’s A Real Movement
I would never do another startup that didn’t
employ DevOps like principles
It’s not just startups – it’s happening in the
enterprise and in public sector, too
I believe working in DevOps environments will
be a necessary skillset 5 years from now
58. The Prescriptive DevOps Cookbook
“DevOps Cookbook” Authors
Patrick DeBois, Mike Orzen,
John Willis
Goals
Codify how to start and finish
DevOps transformations
How does Development, IT
Operations and Infosec
become dependable partners
Describe in detail how to
replicate the transformations
describe in “When IT Fails: The
Novel”
59. Arc 1: Decrease Cycle Time Of Releases
Create determinism in the release process
Move packaging responsibility to development
Release early and often
Decrease cycle time
Reduce deployment times from 6 hours to 45 minutes
Refactor deployment process that had 1300+ steps spanning 4
weeks
Never again “fix forward,” instead “roll back,” escalating any
deviation from plan to Dev
Ensure environments are properly built before deployment begins
Control code and environments down the preproduction runways
Hold Dev, QA, Int, and Staging owners accountable for integrity
60. Arc 2: Increase Production Resilience
To preserve and increase throughput, elevate preventive
projects and maintenance tasks
Document all work, changes and outcomes so that it is
repeatable
Protect the flow of planned work (e.g., tickets bouncing
around for weeks, causing features to slip into next sprint)
Ops builds Agile standardized deployment stories
Maintains adequate situational awareness so that incidents
could be quickly detected and corrected
Standardize unplanned work and escalations
Continually seek to eradicate unplanned work and increase
throughput
61. Arc 3: Remove Complexity, Attack Surface And
Waste
Elective complexity adds to technical debt
Infosec (and everyone) wins when we take work
out of the system
Understand where controls reliance is placed
and what matters to the business
61
62. Meeting The DevOps Leadership Team
Typically led by Dev, QA, IT Operations and
Product Management
Our ultimate goal is to add value at every step in
the flow of work
See the end-to-end value flow
Shorten and amplify feedback loops
Help break silos (e.g., server, networking, database)
63. Definition: Agile Sprints
The basic unit of development in Agile Scrums,
typically between one week and one month
At the end of each sprint, team should have
potentially deliverable product
Aha Moment: shipping product implies not just code –
it’s the environment, too!
63
64. Help Dev And Ops Build Code And
Environments
Dev and Ops work together in Sprint 0 and 1 to
create code and environments
Create environment that Dev deploys into
Create downstream environments: QA, Staging,
Production
Create testable migration procedures from Dev all the
way to production
Integrate Infosec and QA into daily sprint
activities
66. Integrate Ops Into Dev
Embed Ops person into Dev structure
Describes non-functional requirements, use cases
and stories from Ops
Responsible for improving “quality at the source”
(e.g., reducing technical debt, fix known problems,
etc.)
Has special responsibility for pulling the Andon cord
67. Integrate Dev Into Ops
MobBrowser case study: “Waking up developers
at 3am is a great feedback loop: defects get
fixed very quickly”
Goal is to get Dev closer to the customer
Infosec can help determine when it’s too close (and
when SOD is a requirement)
68. Keep Shrinking Batch Sizes
Waterfall projects often have cycle time of one
year
Sprints have cycle time of 1 or 2 weeks
When IT Operations work is sufficiently fast and
cheap, we may decide to decouple deployments
from sprint boundaries (e.g., Kanbans)
70. IT Operations Increases Process Rigor
Standardize deployment
Standardize unplanned work: make it repeatable
Modify first response: ensure constrained
resources have all data at hand to diagnose
Elevate preventive activities to reduce incidents
71. Help Development…
Help them see downstream effects
Unplanned work comes at the expense of planned
work
Technical debt retards feature throughput
Environment matters as much as the code
Allocate time for fault modeling, asking “what
could go wrong?” and implementing
countermeasures
72. Help QA…
Ensure test plans cover not only code
functionality, but also:
Suitability of the environment the code runs in
The end-to-end deployment process
Help find variance…
Functionality, performance, configuration
Duration, wait time and handoff errors, rework, …
73. Help IT Operations…
“The best way to avoid failure is
to fail constantly”
Harden the production
environment
Have scheduled drills to “crash
the data center”
Create your “chaos monkeys” to
introduce faults into the system
(e.g., randomly kill processes,
take out servers, etc.)
Rehearse and improve
responding to unplanned work
NetFlix: Hardened AWS service
StackOverflow
Amazon firedrills (Jesse Allspaw)
The Monkey (Mac)
79. Case Studies And Early Indicators
Almost every major Internet online services
company
VERACODE Rapid SaaS Fix Blog Post
http://www.veracode.com/blog/2012/01/vulnerability-
response-done-right/
Pervasive Monitoring
Analytics at LinkedIn viewed by CEO daily:
LinkedIn Engineering: “The Birth Of inGraphs: Eric
The Intern”
81. Things To Put Into Practice Tomorrow
Identify your Dev/Ops/QA/PM counterparts
Discuss your mutual interdependence and shared
objectives
Harden and instrument the production builds
Integrate automated security testing into the build
and deploy mechanisms
Create your Evil/Hostile/Fuzzy Chaos Monkey
Cover your untested branches
Enforce the 20% allocation of Dev cycles to non-
functional requirement
82. Resources
From the IT Process Institute
www.itpi.org
Both Visible Ops Handbooks
ITPI IT Controls Performance Study
Rugged Software by Corman, et al:
http://ruggedsoftware.org
“Continuous Delivery: Reliable Software
Releases through Build, Test, and
Deployment Automation” by Humble,
Farley
Follow us…
@JoshCorman, @RealGeneKim
mailto:genek@realgenekim.me
http://realgenekim.me/blog
83. Interested In “The DevOps Cookbook?”
Give Gene your business card, and get exclusive
access to the first 100 pages of "When IT Fails:
The Novel" and "The DevOps Cookbook" for free
We’ll send it to you as soon as it’s ready!
86. Common Traits of High Performers
Culture of…
Change management
Integration of IT operations/security via problem/change management
Processes that serve both organizational needs and business objectives
Highest rate of effective change
Causality
Highest service levels (MTTR, MTBF)
Highest first fix rate (unneeded rework)
Compliance and continual reduction of
operational variance
Production configurations
Highest level of pre-production staffing
Effective pre-production controls
Effective pairing of preventive and detective controls
Source: IT Process Institute
87. Visible Ops: Playbook of High Performers
The IT Process Institute has been
studying high-performing
organizations since 1999
What is common to all the high
performers?
What is different between them and
average and low performers?
How did they become great?
Answers have been codified in the
Visible Ops Methodology
The “Visible Ops Handbook” is
available from the ITPI
www.ITPI.org
89. A Reframed IT Operations Problem Statement
Increase flow from Dev to Production
Increase throughput
Decrease WIP
Our goal is to create a system of operations that allows
Planned work to quickly move to production
Ensure service is quickly restored when things go wrong
Information security built in every stage of Development, Project
Management, and IT Operations
How does this relate to Visible Ops?
We focused much on “unplanned work”
What’s happening to all the planned work?
At any given time, what should IT Ops be working on?
Now we are focusing on the flow of planned work
92. By The Visible Ops Team:
Gene Kim, Kevin Behr, George Spafford
93. The Theory of Constraints Approach To Visible
Ops
Dr. Goldratt wrote The Goal in
1984, describing Alex’s
challenge to fix his plant’s cost
and due date issues within 90
days
Some tenets that went against
common wisdom:
Every flow of work has a
constraint/bottleneck
Any improvement not made at the
bottleneck is merely an illusion
Fallacy of cost accounting as
operational management tool
94. Interested?
If you’re interested in When IT Fails: The Novel or
The DevOps Cookbook, signup for the list at
http://whenitfails.org
Or:
# mail genek@realgenekim.me
Subject: [ slides | research | list ]
Editor's Notes
Tell story of Amazon, Netflix: they care about, availability, securityIt’s not a push, it’s a pull – they’re looking for our help (#1 concern: fear of disintermediation and being marginalized)
At RSA 2009, Josh Corman, Jeff Williams, and David Rice were chatting at the Greylock cocktail party.
So software not only need
…fast, and…
…agile, but it also needs to be…
…rugged. Capable of withstanding…
…the harshest conditions…
…and most unfriendly environments…
[ text ] My personal goal is to prescriptively define 1) what does Dev need to do to become a reliable partner, 2) what does IT Operations need to do to become a realiable partner, and then 3) how do they work together to deliver unbelievable value to the business.Of course, the goal is more than happy coexistence. It’s to replicate the Etsy and LinkedIn stories:Increase the rate of features that we can put into production, while simultaneously maintaining the reliability, stability, security and survivability of the production environment.
[ picture of stock graph ]There are two main characters: Steve the hard-driving CEO, of a $4B/yr manufacturing/retailing company. In an emergency board meeting, the board conveys two messages:You’ve promised us two projects for over years, to close the gap with the competition. It’s now a year late, $10MM over budget. Your competition is Best Buy, and you’re Circuit City. Hold your CIO accountable. Our job is to hire great CEOs, and fire the ones who can’t deliver. If you can’t fix this, we’ll find one who can.
This story is about how Bill, the thoughtful and methodical VP IT Operations, who saves some of the largest problems of the company. It’s a story about a Visible Ops and DevOps style transformation. It’s how Bill saves the company, helping it achieves their project goals, operational goals, security and compliance goals.And Steve the CEO realizes that Bill, the lowly VP of IT Operations, is the person who saved the company.
[ picture of When IT Fails ]But how do we make this an issue that CEOs actually care about, instead of strictly a grass-roots movement?For five years, I’ve been working on a book called “When IT Fails: The Novel.” Which I think can help.The goal of the book is to help bridge the dysfunctional marriage that often exists between the CIO and the CEO.When I told the CIO of Columbia Sportswear about it, he said, “When you finish that book, not only will everyone on my team need to read this, but my boss will need to read this, and my bosses boss will need to read this.”I was so moved by it, that it was one of the main reasons I wrote Tripwire – make completion of the book my sole focus.