Agile has become mainstream in the IT industry, since that the multiplication of Agile practices which makes Agile implementation complex and uncertain, we have started to see failure in Agile implementations.
During this presentation we will start a simplification process by going back to the source of Agile, understand what Agile is and what it is not. We will discover what is the Heart of Agile, its essence, and how it embraces management.
Reference: Agile Manifesto, Heart of Agile blogs Alistair Cockburn, plus historical information about Agile mouvement
Real world experience from Microsoft - Deniz ErcoskunAgileSparks
Microsoft developer division has implemented SCRUM while developing Visual Studio 2012, and TFS 2012. In this talk we will cover information on this implementation. You will learn about why Microsoft has decided to implement SCRUM, best practices that was helpful for us. How implementing SCRUM has changed our cadence and product delivery cycle. The content will be our developer division SCRUM journey. We are not pure SCRUM put at future leavel we are. I will also discuss which part of our process is SCRUm which part still is not.
The complexity in the simplicity of Agile? by Arie van BennekumAgile ME
Looking at Agile, it is so simple. In fact Agile is just structured common sense. Still so many people struggle to get their success in Agile. What is going on? The point is Agile, with all its simplicity, is based on different paradigms and the old paradigms hinder. The question is, can you identify thew old paradigms and furthermore, how do you change them. Arie van Bennekum will take you in his talk on his 22 years Agile journey and share his experience, successes, his delta’s and IATM, the Integrated Agile Transformation Model he developed for Agile transformations. IATM is a successful Agile change process to (the next level of) Agile he and his teams use doing international Agile transformations.
Agile has become mainstream in the IT industry, since that the multiplication of Agile practices which makes Agile implementation complex and uncertain, we have started to see failure in Agile implementations.
During this presentation we will start a simplification process by going back to the source of Agile, understand what Agile is and what it is not. We will discover what is the Heart of Agile, its essence, and how it embraces management.
Reference: Agile Manifesto, Heart of Agile blogs Alistair Cockburn, plus historical information about Agile mouvement
Real world experience from Microsoft - Deniz ErcoskunAgileSparks
Microsoft developer division has implemented SCRUM while developing Visual Studio 2012, and TFS 2012. In this talk we will cover information on this implementation. You will learn about why Microsoft has decided to implement SCRUM, best practices that was helpful for us. How implementing SCRUM has changed our cadence and product delivery cycle. The content will be our developer division SCRUM journey. We are not pure SCRUM put at future leavel we are. I will also discuss which part of our process is SCRUm which part still is not.
The complexity in the simplicity of Agile? by Arie van BennekumAgile ME
Looking at Agile, it is so simple. In fact Agile is just structured common sense. Still so many people struggle to get their success in Agile. What is going on? The point is Agile, with all its simplicity, is based on different paradigms and the old paradigms hinder. The question is, can you identify thew old paradigms and furthermore, how do you change them. Arie van Bennekum will take you in his talk on his 22 years Agile journey and share his experience, successes, his delta’s and IATM, the Integrated Agile Transformation Model he developed for Agile transformations. IATM is a successful Agile change process to (the next level of) Agile he and his teams use doing international Agile transformations.
Collaborative Agile Development in Virtual Reality by Talal ShaikhAgile ME
he Application of agile software development process to engineering software projects has shown good progress over the years. However, in a globally connected world having an entire team working on developing the software from one location does not typically happen. Agile techniques and processes are successful when teams are co-located. This project tries to find a solution to this problem by using virtual reality to fill the gap between remote located teams and fast paced development environment. This provides an immersive feeling of being in office with colleagues even if the participants are not in same room physically. This can greatly improve the collaborative work.
A Virtual Reality (VR) environment is developed for the team members to interact in. We used Oculus DK2 as the headset and Leap Motion to interact within that world.
We have explored Implementation of pair programming. The VR application developed has a browser which can be interacted with VR controls. The browser syncs itself across all windows and users. When this feature of browser is used with cloud services, it helps to provide a screen sharing without actually sharing the screen. This application features a board where people can come and discuss meeting agenda. The participants in the meeting can walk to different virtual rooms. The participants can go to virtual outdoors from the virtual office. The application works with both VR headset and without VR headset.
This application was tested among few students to get the feedback. The programmers reported that this application could really improve communication.
Future
The project can be developed in different stages in future. The first step will be adding leap motion controls to move around in the virtual office. More browser controls will be moved to leap motion interactable buttons from gaze based interaction. In the future, the project will be developed to have multiple platforms such as android and iOS. The project must be updated frequently to use new and better VR devices and its controls.
Agile Development – Why requirements matter by Fariz SaracevicAgile ME
The clear benefits of agile development is a better collaboration, incremental delivery, early error detection and the elimination of unnecessary work—have made it the default approach for many teams. Some developers have questioned whether requirements fall into the category of unnecessary work, and can be cut down or even completely eliminated. Meanwhile, teams developing complex products, systems and regulated IT continue to have requirements-driven legacy processes.
So how does requirements management fit in an agile world? This meetup will take a look at requirements management and how it can bring significant value to agile development in regulated IT and complex product development projects, and sets out the characteristics of an effective requirements management approach in an agile environment.
Why Scaling Agile Doesn't Work (and What to Do About It)Jez Humble
There are now several frameworks designed to address the demand for "big agile."
In this talk Jez will explain the flaws in such frameworks, why they so often fail to produce the desired effects, and what we should do instead. He will also address some common organizational obstacles to moving fast at scale: governance, budgeting, and the project paradigm - and discuss how to address them. Warning: this talk will include liberal use of real, statistically sound data.
Presentation I gave to the Chicago ACM about Lean Software Development. Full audio can be found here:
https://soundcloud.com/griffinc/intro-to-lean-software
Robert Martin in his book The Clean Coder mention about the Professional Developer, later Sandro Mancuso repeat it in his book Software Craftsmanship. On the several Agile Transformation I coach around the world, I saw the same problem, the process is applied, but the developers continue to work the same way. It is even worse; some company expects process improvement without a new Developer mindset.
In December 2008 the Software Craftsmanship manifesto was written. Since then several companies were created around the Software Craftsmanship communities. I will present you what it is about and what are the tools I used to promote Software Craftsmanship in my company and during my coaching missions around the world from Europe to Asia.
This presentation is for the developers to become better, but also to the executive that wants to build a better company with excellent software developers than just basic one who at the end will cost more.
Technical Debt is a gap between Computer Science and Software Engineering. Common understanding of causes for the Technical Debt is centered on the careless software development choices for the sake of speed and expediency. However Technical Debt usually goes beyond just Technology. This presentation covers the origins of Technical and Product Debt, how to manage it and mitigate it
Дмитро Бузоверя
Директор Cloud Computing департаменту в компанії AMC Bridge
Agile підхід до управління проектами існує вже більше 15 років, він досі є об’єктом багатьох дискусій та вважається інноваційним у деяких областях.
Дмитро Бузоверя, зробить огляд методології Agile у розробці програмного забезпечення. Він розкаже про історію Agile, його принципи та більш детально зупиниться на різних методиках: Extreme Programming (XP), Scrum, Lean та Kanban.
Ця лекція допоможе зібрати пазл з Agile термінології в єдину картинку.
Introductionto Agile Executive Overview Gpi Asia Rev2Benjamin Scherrey
Our training partner, GPIAsia, asked us to produce an executive overview version of our 2-day Introduction to Agile course for an iTAP program intended to introduce Agile concepts to CMMI practitioners. Was an interesting challenge. Should know in a week or two if any of this gets traction from that audience. If it does, I'll take credit. If not - I'll blame my colleague Pam who delivered it with me. :-) As with all my presentations, you really need to hear the talk to get the full benefit but at least you can see the subjects we touch on.
Pair programming pair testing working together with the developers by Simon ...Agile ME
In my scrum team, as a tester, I'm responsible for the test work to be done. Most of that test work is done manually. We need to automate those test cases. But, when? And how?
The developers and and the tester can do a lot together. Some times we test together. Some times we program together. Some times I'm on my own, testing or creating/writing automation scripts.
In my talk I will share my experiences what I'm doing with my developer colleagues. From the moment we start development on the feature (Epic or user story) up until we ship it.
We explore, build and test the feature. Based on that we create scripts for automation on various levels. From unit test level up until end to end testing.
Take aways from this session are:
- How to work together with your developer(s)
- Motivate your stakeholders to work this way
- Give tester a way to participate in coding and learn from the experience
- Provide Agile coaches a way how to set up automation in a scrum team
What are the Agile Metrics That Matter Most? Are they at the team-level? project/project? What about the people-side of agile (the "soft stuff"). What are common pitfalls to avoid? We categorize agile metrics into those about Value, Flow, Quality & Culture, and identify the most frequently used (and misused) in each of those areas.
Modernizing Development - The Road to Agility and DevOps at CompuwareAtlassian
Transforming a development organization from waterfall to agile is a big undertaking. Even larger when it’s a 40-year-old mainframe development organization. Having the vision for the future and the proper tools to enable that vision is essential. Join David Rizzo, an IT veteran, who led the transformation of Compuware from waterfall to agile and implementation of DevOps. You’ll see how Confluence was used to promote collaboration, in the office and in the field. How JIRA Software was used to track agile tasks and projects and how Bitbucket was utilized for handling source code. A modern DevOps toolchain is key to successful implementation. Using the Atlassian tools, Agile and DevOps were fully implemented across the entire organization.
Post-agile approaches - agile for the real world and how to avoid agile failureYuval Yeret
A session for an ILTAM forum in Israel - Agile is really great. Can it fail? Are failures due to mismatch of practices? principles? Only implementation details?
We will look at the strengths weaknesses opportunities threats related to the major agile frameworks as well as common failure modes and what to do about them
(the actual session includes case studies from audience and agilesparks experience)
Panel Discussion "Agile and Business Analysis" Dr. Mohamed Salama, Hind Zanto...Agile ME
Agile and Business Analysis (Girvan, L., Paul, D.) was published in 2017 by BCS, The Chartered Institute for IT. This book will be reviewed by two academics (Hind Zantout and Mohammad Hamdan) and the key strengths and weaknesses presented. It is anticipated that a reviewer from industry will join the presenters and contribute the view from industry.
Open Source Security: How to Lay the Groundwork for a Secure CultureWhiteSource
Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements.
However, taking into consideration the fact that recent years have seen an upsurge in reported open-source vulnerabilities, whose details and exploits are publicly available, it's no wonder that organizations are increasingly directing focus towards ensuring that their open-source components are securely integrated into their software.
Join Guy Bar-Gil, Product Manager at WhiteSource, as he discusses:
1. The four layers of open-source security
2. How to integrate continuous security into your SDLC
3. Best practices for organizations to own and execute the security process
Open Source Security: How to Lay the Groundwork for a Secure CultureDevOps.com
Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements.
However, taking into consideration the fact that recent years have seen an upsurge in reported open-source vulnerabilities, whose details and exploits are publicly available, it's no wonder that organizations are increasingly directing focus towards ensuring that their open-source components are securely integrated into their software.
Join Guy Bar-Gil, Product Manager at WhiteSource, as he discusses:
The four layers of open-source security;
How to integrate continuous security into your SDLC;
Best practices for organizations to own and execute the security process.
Collaborative Agile Development in Virtual Reality by Talal ShaikhAgile ME
he Application of agile software development process to engineering software projects has shown good progress over the years. However, in a globally connected world having an entire team working on developing the software from one location does not typically happen. Agile techniques and processes are successful when teams are co-located. This project tries to find a solution to this problem by using virtual reality to fill the gap between remote located teams and fast paced development environment. This provides an immersive feeling of being in office with colleagues even if the participants are not in same room physically. This can greatly improve the collaborative work.
A Virtual Reality (VR) environment is developed for the team members to interact in. We used Oculus DK2 as the headset and Leap Motion to interact within that world.
We have explored Implementation of pair programming. The VR application developed has a browser which can be interacted with VR controls. The browser syncs itself across all windows and users. When this feature of browser is used with cloud services, it helps to provide a screen sharing without actually sharing the screen. This application features a board where people can come and discuss meeting agenda. The participants in the meeting can walk to different virtual rooms. The participants can go to virtual outdoors from the virtual office. The application works with both VR headset and without VR headset.
This application was tested among few students to get the feedback. The programmers reported that this application could really improve communication.
Future
The project can be developed in different stages in future. The first step will be adding leap motion controls to move around in the virtual office. More browser controls will be moved to leap motion interactable buttons from gaze based interaction. In the future, the project will be developed to have multiple platforms such as android and iOS. The project must be updated frequently to use new and better VR devices and its controls.
Agile Development – Why requirements matter by Fariz SaracevicAgile ME
The clear benefits of agile development is a better collaboration, incremental delivery, early error detection and the elimination of unnecessary work—have made it the default approach for many teams. Some developers have questioned whether requirements fall into the category of unnecessary work, and can be cut down or even completely eliminated. Meanwhile, teams developing complex products, systems and regulated IT continue to have requirements-driven legacy processes.
So how does requirements management fit in an agile world? This meetup will take a look at requirements management and how it can bring significant value to agile development in regulated IT and complex product development projects, and sets out the characteristics of an effective requirements management approach in an agile environment.
Why Scaling Agile Doesn't Work (and What to Do About It)Jez Humble
There are now several frameworks designed to address the demand for "big agile."
In this talk Jez will explain the flaws in such frameworks, why they so often fail to produce the desired effects, and what we should do instead. He will also address some common organizational obstacles to moving fast at scale: governance, budgeting, and the project paradigm - and discuss how to address them. Warning: this talk will include liberal use of real, statistically sound data.
Presentation I gave to the Chicago ACM about Lean Software Development. Full audio can be found here:
https://soundcloud.com/griffinc/intro-to-lean-software
Robert Martin in his book The Clean Coder mention about the Professional Developer, later Sandro Mancuso repeat it in his book Software Craftsmanship. On the several Agile Transformation I coach around the world, I saw the same problem, the process is applied, but the developers continue to work the same way. It is even worse; some company expects process improvement without a new Developer mindset.
In December 2008 the Software Craftsmanship manifesto was written. Since then several companies were created around the Software Craftsmanship communities. I will present you what it is about and what are the tools I used to promote Software Craftsmanship in my company and during my coaching missions around the world from Europe to Asia.
This presentation is for the developers to become better, but also to the executive that wants to build a better company with excellent software developers than just basic one who at the end will cost more.
Technical Debt is a gap between Computer Science and Software Engineering. Common understanding of causes for the Technical Debt is centered on the careless software development choices for the sake of speed and expediency. However Technical Debt usually goes beyond just Technology. This presentation covers the origins of Technical and Product Debt, how to manage it and mitigate it
Дмитро Бузоверя
Директор Cloud Computing департаменту в компанії AMC Bridge
Agile підхід до управління проектами існує вже більше 15 років, він досі є об’єктом багатьох дискусій та вважається інноваційним у деяких областях.
Дмитро Бузоверя, зробить огляд методології Agile у розробці програмного забезпечення. Він розкаже про історію Agile, його принципи та більш детально зупиниться на різних методиках: Extreme Programming (XP), Scrum, Lean та Kanban.
Ця лекція допоможе зібрати пазл з Agile термінології в єдину картинку.
Introductionto Agile Executive Overview Gpi Asia Rev2Benjamin Scherrey
Our training partner, GPIAsia, asked us to produce an executive overview version of our 2-day Introduction to Agile course for an iTAP program intended to introduce Agile concepts to CMMI practitioners. Was an interesting challenge. Should know in a week or two if any of this gets traction from that audience. If it does, I'll take credit. If not - I'll blame my colleague Pam who delivered it with me. :-) As with all my presentations, you really need to hear the talk to get the full benefit but at least you can see the subjects we touch on.
Pair programming pair testing working together with the developers by Simon ...Agile ME
In my scrum team, as a tester, I'm responsible for the test work to be done. Most of that test work is done manually. We need to automate those test cases. But, when? And how?
The developers and and the tester can do a lot together. Some times we test together. Some times we program together. Some times I'm on my own, testing or creating/writing automation scripts.
In my talk I will share my experiences what I'm doing with my developer colleagues. From the moment we start development on the feature (Epic or user story) up until we ship it.
We explore, build and test the feature. Based on that we create scripts for automation on various levels. From unit test level up until end to end testing.
Take aways from this session are:
- How to work together with your developer(s)
- Motivate your stakeholders to work this way
- Give tester a way to participate in coding and learn from the experience
- Provide Agile coaches a way how to set up automation in a scrum team
What are the Agile Metrics That Matter Most? Are they at the team-level? project/project? What about the people-side of agile (the "soft stuff"). What are common pitfalls to avoid? We categorize agile metrics into those about Value, Flow, Quality & Culture, and identify the most frequently used (and misused) in each of those areas.
Modernizing Development - The Road to Agility and DevOps at CompuwareAtlassian
Transforming a development organization from waterfall to agile is a big undertaking. Even larger when it’s a 40-year-old mainframe development organization. Having the vision for the future and the proper tools to enable that vision is essential. Join David Rizzo, an IT veteran, who led the transformation of Compuware from waterfall to agile and implementation of DevOps. You’ll see how Confluence was used to promote collaboration, in the office and in the field. How JIRA Software was used to track agile tasks and projects and how Bitbucket was utilized for handling source code. A modern DevOps toolchain is key to successful implementation. Using the Atlassian tools, Agile and DevOps were fully implemented across the entire organization.
Post-agile approaches - agile for the real world and how to avoid agile failureYuval Yeret
A session for an ILTAM forum in Israel - Agile is really great. Can it fail? Are failures due to mismatch of practices? principles? Only implementation details?
We will look at the strengths weaknesses opportunities threats related to the major agile frameworks as well as common failure modes and what to do about them
(the actual session includes case studies from audience and agilesparks experience)
Panel Discussion "Agile and Business Analysis" Dr. Mohamed Salama, Hind Zanto...Agile ME
Agile and Business Analysis (Girvan, L., Paul, D.) was published in 2017 by BCS, The Chartered Institute for IT. This book will be reviewed by two academics (Hind Zantout and Mohammad Hamdan) and the key strengths and weaknesses presented. It is anticipated that a reviewer from industry will join the presenters and contribute the view from industry.
Open Source Security: How to Lay the Groundwork for a Secure CultureWhiteSource
Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements.
However, taking into consideration the fact that recent years have seen an upsurge in reported open-source vulnerabilities, whose details and exploits are publicly available, it's no wonder that organizations are increasingly directing focus towards ensuring that their open-source components are securely integrated into their software.
Join Guy Bar-Gil, Product Manager at WhiteSource, as he discusses:
1. The four layers of open-source security
2. How to integrate continuous security into your SDLC
3. Best practices for organizations to own and execute the security process
Open Source Security: How to Lay the Groundwork for a Secure CultureDevOps.com
Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements.
However, taking into consideration the fact that recent years have seen an upsurge in reported open-source vulnerabilities, whose details and exploits are publicly available, it's no wonder that organizations are increasingly directing focus towards ensuring that their open-source components are securely integrated into their software.
Join Guy Bar-Gil, Product Manager at WhiteSource, as he discusses:
The four layers of open-source security;
How to integrate continuous security into your SDLC;
Best practices for organizations to own and execute the security process.
Continuous Delivery presents a compelling vision of builds that are automatically deployed and tested until ready for production.
Most teams aren't there yet. Some never want to go that far. Others want to push the envelope further.
This deck presents a model for scoring yourself on the continuum and examples of how companies can decide what parts of CD to adopt first, later and not at all.
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...XebiaLabs
For most of us, compliance audits are painful processes that interfere with our ability to do our job – building and delivering software – and steal time and resources away from that next great innovation. Until now.
The XebiaLabs Software Chain of Custody provides everything you need to visualize, monitor, and prove the integrity of your software delivery pipelines on demand. Push the button, get the report. You’re done. No more audit hell.
Learn how a Software Chain of Custody helps:
DevOps teams focus on doing what they love, rather than wasting valuable time putting together audit reports
Executives gain full visibility into release pipelines so they can stop losing sleep over governance and security audits
InfoSec teams and auditors instantly get the reports they need so they can quickly approve releases
Road to agile: federal government case studyDavid Marsh
Presentation to PMI Government Community of Practice on March 21, 2014. Case study of a transformation from traditional to agile way of working on a re-engineering project for a mission-critical financial system. Includes ideas behind transformation, specific techniques and tools used, as well as the outcomes.
Performance is a key aspect when developing an application, but for developers, production performance usually is a black box. When production problems arise, a lack of insight into log files and performance metrics forces us to reproduce issues locally before we can start to tackle the root cause. Using real world examples, we show how a unified performance management platform helps teams across the lifecycle to monitor applications, detect problems early on, and collect data that enables developers to efficiently solve problems.
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
Waterfall is based on the concept of sequential software development—from conception to ongoing maintenance—where each of the many steps flowed logically into the next.
Join this webinar presentation to learn:
- Why DevOps cannot effectively work in waterfall
- How to use DevOps tools to optimize processes in either development or operations through automation
We will also discuss what is needed to support full DevOps
DevOps provides the ability to increase time to market to an new level. The question is no longer if we need to speed up our delivery. The challenge is to find the right „pace“ for your product. Not every organization and every product needs to run at the speed of Netflix and Spotify, even if we’d like it to be like this. We need to adjust the organization, processes and tools appropriatly and to identify the real bottlenecks in the delivery pipeline continuously. And by the way, we need to justify our investment in the DevOps mission. Are we just automating the current processes or can we use this DevOps thing to really support our business? In this talk, I’d like to discuss with you how to find the right design for your delivery process and your organization to behave as a business enabler and how you can scale DevOps within your organization without loosing agility. Let’s explore how we can listen carefully to the unknown customer out there and to build software they really like in the speed of your business.
Continuous Performance Testing and Monitoring in Agile DevelopmentDynatrace
Continuous Performance Testing and Monitoring in Agile Development
Continuous Performance testing and monitoring is the best way to ensure application performance with quicker development cycles. Balancing agile and DevOps velocity with the need for ongoing performance testing and monitoring is essential. We call it Continuous Performance Validation.
In this webinar, we will show how you can get performance guidance and metrics throughout development, making sure apps perform well from inception to production and beyond.
In this webinar you will learn:
• How to automate performance testing and which tools you need to be successful
• How to use APM during load and performance testing
• How to create a continuous performance validation strategy from Dev to QA and Ops
• Ways teams can collaborate to ensure top application performance
Session on evaluation of DevSecOps. This tutorial is made the very basic process of the DevOps cycle for the beginner level. So sometimes we won’t use very deep technical terms to understand.
DevSecOps - It can change your life (cycle)Qualitest
QualiTest explains how a secured DevOps (DevSecOps) delivery process can be achieved using automated code scan, enabling significant shift left of issues detection and minimizing the time to fix. Whether you are considering DevSecOps, on the path, or already there, this slide is for you.
For more information, please visit www.QualiTestGroup.com
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
2. 2
Where to Start
The single most important step in preparing for an audit or
examination is to put yourself in the auditors shoes and
understand their goals:
• Does this entity have a sound development practice?
• Do they have repeatable processes that ensure
consistent results?
• Do they have the appropriate controls in place?
• Does the management team understand the risk they
are exposed to?
3. 3
Taking a Step Back…Let’s Start with the Bible
During an examination, the examiner explained that he
wanted to see our “Bible”, aka our SDLC. He wanted every
step to be documented and auditable so he could be sure
that every project followed the exact process, every time.
Credit: http://www.stpatselkhorn.org/AdultFormation/BibleStudy.aspx
4. 4
How We Responded
1. The Mammoth Waterfall SDLC
2. The Mammoth SDLC & SDLC Lite
3. Agile SDLC
4. Agile & Continuous Delivery
5. 5
Enough about us…
We have turned the corner and are now reaping the
rewards of properly implementing Agile and Continuous
Delivery.
We now find that WE HAVE TIME to automate and
strengthen our processes.
Let’s get to the 25 things you can do to better prepare for
your next audit or exam!
6. 6
Tips and Tricks for Audits and Exams
1 - 6 : Agile Education
7 - 12 : Continuous Delivery Education
13 - 18 : Demonstrating Maturity
19 - 21 : Orchestrate for Improved Quality
22 - 24 : Source Code Control is KEY
25 : Getting Ahead
8. 8
#1 – Socialize Your Plans
Don’t surprise your auditor with a major change to your
process.
Provide Useful Information:
• Agile Overview:
https://www.youtube.com/watch?v=502ILHjX9EE
• Continuous Delivery Overview:
Continuous Delivery: Reliable Software Releases Through Build, Test
and Deployment Automation by Jez Humble and David Farley
• Continuous Delivery Adoption:
http://www.thoughtworks.com/insights/blog/case-continuous-delivery
http://www.perforce.com/continuous-delivery-report
9. 9
#2 – Don’t Risk the Crown Jewels
If possible, demonstrate the new technologies and
procedures on a lower risk application.
You will thank me later….because there will be bumps
If you do start with a major application, find a way to
segment the implementation to minimize the up front risk
10. 10
#3 – Demonstrate Your Expertise
While many of these technologies and procedures are not
new, they may be new to you or your organization. Make
sure you can demonstrate your expertise:
Certifications - Scrum Alliance, etc.
Training Programs – Learning Tree, Scrum Alliance, etc.
Meetups & User Groups – Continuous Delivery, Agile, etc.
Social Media – LinkedIn Continuous Delivery Group, etc.
11. 11
#4 - Map Agile SDLC to Waterfall SDLC
Design Waterfall Agile
Design The entire application is designed at one
time
The design evolves as the application is
developed
The design is created by technical resources
working from the requirements
The design is created by the developers
working with the key stakeholders
The design is based on the best estimate of
how the application is used
The design is based on customer behavior
Design Review The design is reviewed by technical
resources to ensure completeness and
accuracy
The design is shown as a working solution to
the Product Owner and other stakeholders
Changes to the design may have a major
ripple effect to the rest of the application
The design is continually revisited and
adjusts to customer need
Design Sign Off Specific step where designated parties agree
that the design is complete and accurate
Implicit to the process when everyone
agrees that the work is acceptable to go to
production (Sprint Review)
12. 12
#5 – Explain Benefits of Shorter Cycle Time
When a vulnerability is found, how quickly
can you address it?
When a new OS patch is released, how long
until it is on all of your servers?
13. 13
#6 – Explain How Small Batches Reduces Risk
• Schedule risk
– Feature creep
– Gold plating
• Quality risk
– New bugs
– Instability
• Business risk
– Wrong functionality
– Missed opportunity
15. 15
#7 – A More Auditable Process
The key takeaway….
An automated process is far more auditable!
16. 16
#8 – Correct Version of the Application
Everyone needs environments and now there are great tools
that make it even easier to enable environment sprawl.
Every developer has a local environment
3 Development environments
4 QA environments
4 Staging environments
4 Production environments
17. 17
#9 – Infrastructure as Code
1. Baseline Image
– The latest patched base server OS, ssh, etc
2. Apply common applications (that require configuration)
– TripWire, Splunk, PostFix, etc
3. Application critical applications
– Java, App server, etc
4. Deploy your software
** Even with configuration management, you still need a tool like TripWire
18. 18
Infrastructure as Code – Benefits
• Environments stay in sync
– Changes are made in development and migrated
– Administrators should not make changes directly to environments
– Changes made manually to an environment are undone with the
next migration through the pipeline
• Environments can be built on demand
– Becomes faster to rebuild an environment than to troubleshoot
– A process to build an environment that took weeks can now be
completed in under an hour
– Environments will no longer be a bottleneck to new functionality
• Environments are documented and version controlled
– Each setting change is a line of code that can be read
– All configurations reside in GIT so that the team can recover or
revert to a prior configuration
22. 22
Sonar – Additional Tracking
0
2000
4000
6000
8000
10000
12000
14000
16000
18000
Number of Issues
Issues
Issues - Blocker
Issues - Critical
Issues - Major
Issues - Minor
Issues - Info
23. 23
#11 – Automated Testing
Automated tests are the answer to MANY questions about
reducing risk….but they open the door to a whole new
world of questions
• Who validated that the automated test worked
correctly?
• How do you know that the test meets the desired
result?
• How can you be sure you have sufficient coverage?
• Where are the tests for specific user stories?
25. 25
#12 – Repository Management
Single source for software, binaries & libraries
demonstrates:
• Consistency across environments
• Single, auditable repository of external resources
• Control access to external sites
27. 27
#13 – Go Digital
Online Agile Boards
An Auditor once pulled a sticky off our physical board that
was in the Ready for Test queue. He asked “if I don’t put
this back, how do you know this was tested?”
33. 33
#18 – Add one more meeting
Sprint Planning Review Meeting
• Additional demonstration of oversight
• Shows that we are willing to adapt to meet company
goals
• Great catch-all for interested stakeholders
35. 35
#19 – Keep QA Firmly in the Process
• When new code comes into Test Environment
• When new code can be moved to a higher environment
• Perform the deployment to the Staging Environment
• Perform the deployment to Production Environment
36. 36
#20 – Don’t Forget Operations
The System Engineering
Team to controls when
code can enter the
Staging Environment
Application Engineering
Team controls when
code can enter the
Production Environment
39. 39
#22 – Demonstrate Permissions
Making sure that the appropriate controls are in place in
GIT are critical. You will need to use a management tool on
top of GIT like Stash.
44. 44
#25 - Be Aware of Outstanding Audit Risks
• Get Ahead of Permission Questions
– Jenkins, Puppet, Nexus, Stash, etc.
• Continuous Improvement means that you are not
following the same process over and over
– Allowing Agile Teams to change their development process to
make themselves more efficient is scary to auditors
• Management (e.g. upgrades) of Pipeline software
• Separation of duties
• Management aware (and approving) work
• Continuous Deployment may be a step too far
– There is a lot of value in ensuring that humans are involved in
the process
182 slides for last audit
85 slides with a lot of content for Gene Kim - Phoenix Project
The last two bullets are key - COMPENSATING CONTROLS
IF IT IS HARD DO IT MORE OFTEN
– Super detailed including RACI charts, tractability matrices…even included who to invite to meetings and required meeting invitations to be saved!
Result: Development came to a grinding halt.
– A second SDLC was written which stripped away 90% of the full SDLC rigor
Result: Every project became SDLC Lite.
Agile – We obviously blamed Waterfall for our shortcomings (it couldn’t be us). We went Agile….sort of.
Result: Chaos. Team was not ready for quick sprints, documentation wasn’t done, code wasn’t finished…..
Agile & Continuous Delivery – A proper implementation of Agile with the technical craftsmanship that is required.
Result: A successful and strong base in which to build
Counter intuitive - You may not get the best bang for the buck
David Farley answers posts in LinkedIn
Some auditors and examiners are very familiar with Agile. Many even have CSM and CPO certifications. However, some are entrenched in Waterfall.
Also, keep in mind that many guidelines that examiners are required to follow are based on the Waterfall methodology.
Shows that the check points still exist, just a little in a different order or a little more often
Infrastructure as Code enabled us to reduce our OS patching frequency from quarterly to every two weeks
A finding from our penetration testing exercise is added to the next sprint which means it is in production in just over two weeks
A change in our process is added and adopted by the feature team by redefining the definition of “done”
WHAT IT ALL COMES DOWN TO IS MANAGING RISK
A quarterly release cycle contains months and months of code. This is harder to test, harder to perform a proper code review, and significant amount of change to the application is introduced at one time.
Changes performed in small batches reduces the risk of any one release. Even if the entire release needs to be backed out, only two weeks of work is lost which reduces the company’s financial risk
Schedule risk can also be mitigated by reducing feature creep, gold-plating and by keeping stakeholders aware of progress
At this point, you may have shown some good insights about Agile, but chances are, your auditor already knew about it.
CD is a different story. There are LOTS of levels of maturity
Going back to the Bible
We regularly found ourselves falling behind in signing off on documents even though the work was done and already in production.
With automated processes every step can be tracked so the need to manually say it was done is no longer needed.
Log files and reports can show that all the appropriate work was completed.
Auditors and Examiners regularly want to understand how environments are kept in sync. This is complicated for endless reasons like history, culture, funding, etc. It becomes exponentially more complicated if you have multiple development environments, multiple QA environments, etc.
However, a CD Pipeline which performs the exact same deployment in every environment forces a team to have consistent environments.
Infrastructure as code will overwrite any non-standard changes. Changes need to be made in Development and then they are migrated through the environments.
When you get to the point where your entire server is managed by a configuration management tool like Puppet or Chef, it will mean that the server will be rebuilt to the standard with every release.
MANAGEMENT OVETSIGHT
It is important to note that a little while back we changed our rule set which resulted in more critical issue
Static Code Analysis Tools brings constant awareness of code quality to management. This is a fantastic tool to demonstrate maturity and constant improvement.
We use Sonar, but the key is to have a tool in place and to take action on the results.
RESULTED IN A SURPRISE
Automated tests are key to any Continuous Delivery Pipeline otherwise it is simply not possible to have regular deployments due to the time needed for manual regression testing.
However, test automation is also very helpful for auditors and examiners to see because it helps explain how code can be deployed faster but the team still has the same (or greater) level of confidence
It is important to show that your pipeline will STOP until any failed automated test is corrected.
Another important tool in any Continuous Delivery Pipeline is a Repository Management Tool like Nexus. This tool is used to hold binary files for deployments as well as all of the dependencies that the application and infrastructure pipelines may need.
Probably one of the more unpopular changes is to switch to an electronic board like Jira. Many teams are very fond of have note cards and post-its on walls, but digital boards are more auditable.
Once you make the switch, you will have lots of unexpected benefits….here are some more!
We use a Jira plugin called Group Sign-Off for Jira. It allows a story to capture key sign-offs from management, security, and compliance.
We include a sign-off story in every sprint and now no longer need to print and get manual signatures.
Using permissions in Jira, I can only sign-off as myself.
This was one of those dreams that I never thought would come true, but with the Xporter Plugin for Jira we are able to perform a mail merge into our SDLC template. We capture the stories and sign-offs for every release to fulfill auditor and examiners requests for documentation.
We do still have the manual step of maintaining master requirements documents for major pieces of functionality.
Using the logs captured by Jenkins, we created a report to show when each step in the pipeline occurred and who initiated it.
The report is the last step in our Pipeline. It emails a copy of the report to all interested parties and places a copy in Nexus for archival purposes.
All of the activity logging is beneficial as it shows that all the steps were performed and who performed them. However, they are also rich with information about your own processes.
Graphing the metrics from various points in your development process will again show that management is involved in the process and providing proper oversight.
With a self managing team that is making small changes every two weeks, it is easy for management to not know exactly what is going on.
We added a Sprint Planning Review Meeting after every sprint planning session. This was facilitated by our ScrumMaster and was found to be very helpful to bring Security, Compliance and anyone else into the process.
Not only was this meeting helpful, but it also demonstrated to auditors and examiners that we were thoughtful about the process and made improvements when needed.
ACTIVE DIRECTORY - NEED TO HAVE A PERIODIC REVIEW OF WHO IS IN GROUPS
Our QA Team performs and important check to ensure that a quality product is deployed. They are also a critical team to maintaining separation of duties. They don’t write the code and they also have the best understanding of how the applications should work. We found they were best suited to facilitate the deployment. They control:
We have four Operations Teams: System Engineers, Application Engineers, Network Engineers and Database Administrators. The System and Application Engineering teams are very interested in deployments so they can be extra vigilant in their monitoring during and after deployments. To keep them involved we added steps in Jenkins to allow:
The rapid deployments still resulted in the occasional incident where someone was caught off guard. We addressed this by adding an email step before Staging and before Production to notify all interested parties that a deployment was coming through.
Only a select number of senior developers and architects have the ability to merge code into the development branch
Users ended up with Local Admin and Regular User
Local Admin users are only allowed to MERGE - by policy
Wrote custom code to only allow ACTIVE DIRECTORY USERS to check in and approve PULL REQUESTS
The number one concern that an Auditor will raise is how can they be sure that all the wonderful tools that we are using are properly managed. One examiner quickly realized that an administrator of Jenkins would have tremendous power in our environment
AGILE TEAMS NEED TO POST THEIR DEFINITIONS OF DONE IN CONFLUENCE (WIKI)
REGULARLY AUDIT USER LISTS - ACTIVE DIRECTORY -
In a recent exam, I was very impressed how quickly the examiner recognized the power of some of the tools like GIT, Stash, Jenkins and Puppet. He immediately wanted to know how we ensure that the appropriate permissions are in place.
Also, think through how you will manage the environment of CD tools. Typically, one doesn’t have a migration path for making changes to Jenkins, Sonar, etc.