SlideShare a Scribd company logo

Aligning Your Team and Your Powers for Success

Download as PPTX, PDF
S
SeniorStoryteller

Mike Worthington from Sonatype gave a presentation on aligning teams and establishing a software supply chain for success. He discussed how most software projects have hundreds of components with frequent updates but many have known vulnerabilities and lack governance. Applying principles like component selection, quality control, and monitoring assemblies can help. Worthington also covered getting started, building bridges between teams, setting expectations, and defining meaningful success metrics like time to value and quality measures.

Technology
1 of 33
Dallas, TX April 5, 2016 Mentor’s View: Aligning your team and your powers for success Mike Worthington, Customer Success Engineer, Sonatype
Agenda 2 4/11/2016 • Software Supply Chain & Rugged DevOps • Getting Started on Your Journey • Interactive Demo – Setting Policy • Policy Results in Jenkins & Eclipse • Meaningful Success Metrics
The Software Supply Chain 3 4/11/2016 • Hundreds of thousands of projects • 3-4 updates annually • 30 billion download requests last year • 1 in 16 have known vulnerabilities • 43% have no component governance • 75% of those who do don’t enforce it • 106 components per application • 24 known vulnerabilities • 73% have no inventory
If manufacturers built cars the way we build software… 4 4/11/2016 Any part can be used even if it’s outdated or known to be unsafe. Since parts aren’t tracked, it’s challenging to issue a recall. There is no quality control or consistency from car to car. There is no inventory of parts used, or where. Choose any supplier for any part, regardless of quality.
5 4/11/2016 Apply Software Supply Chain Principles For Rugged DevOps
Supplier & component selection (3rd party or Proprietary) Component quality & governance Monitoring components & assemblies (patches, updates, vulns, age) Guidelines & policies Bill of Materials Warehouse & Staging Image: Gartner Research, March 2016: Avoid Failure by Developing a Toolchain that Enables DevOps Nexus Automates Software Supply Chain Practices Across The Devops Toolchain
Getting started on your journey 7 4/11/2016 Rugged DevOps, Software Supply Chain, Now What? • The Hero’s Journey • Align Your Heroes • Building Bridges • Setting Expectations
Building a trusted software supply chain 8 4/11/2016
Different stakeholders, different priorities 9 4/11/2016 Where’s that release? Done! On to the next sprint. Now, where are we in that process?
10 4/11/2016 Building a better bridge between Dev, Ops & Sec • Tooling needs to adopt the practice of the practitioner • A tool is not a process and a process is not a tool; learn to leverage both
Two philosophies Support & guide • Objective information across the lifecycle • Each performs the task they are good at • Faster component selection and issue resolution • Bridges the developer “compliance” gap 11 4/11/2016 Scan & scold • Reactive information late in the lifecycle • Creates rework and slows remediation • Hinders technology innovation • More expensive
12 4/11/2016 Building a good component practice Phase 3 Reducing risk & enforcing compliance Phase 2 Creating policy & rating risk Phase 1 Understanding your environment
13 4/11/2016 Communicate expectations Determine lifecycle enforcement strategy: Allows developers time to research & fix or to request waivers Everything is documented on an internal WIKI Development CI Build Promotion to staging or release
Fix the Red – Actionable? 14 4/11/2016
Fix the Red – Actionable? 15 4/11/2016
Interactive policy development 16 4/11/2016
17 4/11/2016 What is policy?
18 4/11/2016 Out-of-the-box policies with easy customization Architecture Component License Security
IQ Server Policy Definition 19 4/11/2016 DEMO
IQ Server policy definition 20 4/11/2016
Jenkins & IDE integration 21 4/11/2016 DEMO
Toolchain integration – IDE & CI Server 22 4/11/2016
23 4/11/2016 ZTTR (Zero Time to Remediation) EMPOWER DEVELOPERS FROM THE START1
24 4/11/2016 DESIGN A FRICTIONLESS APPROACH 2
25 4/11/2016 CREATE A SOFTWARE BILL OF MATERIALS 3
Defining Meaningful Success Metrics 26 4/11/2016 http://www.aintitcool.com/node/44547
It’s Not What You Measure… 27 4/11/2016 http://ronjeffries.com/articles/016-03/you-want/
…It’s the Behavior that Results 28 4/11/2016 Manager: “Nathan, this isn’t fair. You’re just showing the number of stories, not how big they are.” Nathan: “That’s right.” Manager: “But that’s not fair!” Nathan: [silent] Manager: “All I’d have to do would be to divide up my stories into little bits and release those every month.” Nathan: [silent, smiling] Manager: “Oh.” Soon, the manager was doing small stories, to the benefit of everyone. http://ronjeffries.com/articles/016-03/you-want/
Success Metrics 29 4/11/2016 • Short Term – Time to Value • “By the end of the workshop, we configured ~80% of our policies. Just six business days after training, we have made the test environment available in our organization” • Long Term – Quality Metrics • MTTR • WIP • New violations delivered to production
Q&A 30 4/11/2016
Wrap Up 31 4/11/2016 • Manage your Software Supply Chain • Collaborate with counterparts – BA/PM/Dev/QA/Ops/Sec. • Discuss mutual interdependence and shared objectives • Automated Real-Time Feedback is a win-win • http://bit.ly/app-check
We’re here, engaged & READY TO HELP 32 Nexus Newsletter Nexus Live – Google Hangouts Cool Things in 2 Minutes Customer Success Team Training On-Site or OnlineOnline Knowledge BaseNexus Community Pages Books Online
Dallas, TX April 5, 2016 Mike Worthington - http://bit.ly/mwsonatype Customer Success Engineer, Sonatype

Recommended

The DevOps Hero Toolkit: Nexus, Jenkins and Docker
The DevOps Hero Toolkit: Nexus, Jenkins and DockerThe DevOps Hero Toolkit: Nexus, Jenkins and Docker
The DevOps Hero Toolkit: Nexus, Jenkins and Docker
SeniorStoryteller
 
Leveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsLeveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOps
SeniorStoryteller
 
VI package manager
VI package managerVI package manager
VI package manager
DMC, Inc.
 
NI Package Manager
NI Package ManagerNI Package Manager
NI Package Manager
DMC, Inc.
 
Continuous integration / deployment with Jenkins
Continuous integration / deployment with JenkinsContinuous integration / deployment with Jenkins
Continuous integration / deployment with Jenkinscherryhillco
 
Deployer
DeployerDeployer
Deployer
Michael Trestianu
 
Hidden Treasure - TestComplete Script Extensions
Hidden Treasure - TestComplete Script ExtensionsHidden Treasure - TestComplete Script Extensions
Hidden Treasure - TestComplete Script Extensions
SmartBear
 
TYPO3 CMS Release Cycles after 6.2 LTS (Draft)
TYPO3 CMS Release Cycles after 6.2 LTS (Draft)TYPO3 CMS Release Cycles after 6.2 LTS (Draft)
TYPO3 CMS Release Cycles after 6.2 LTS (Draft)Ernesto Baschny
 

Recommended

The DevOps Hero Toolkit: Nexus, Jenkins and Docker
The DevOps Hero Toolkit: Nexus, Jenkins and DockerThe DevOps Hero Toolkit: Nexus, Jenkins and Docker
The DevOps Hero Toolkit: Nexus, Jenkins and Docker
SeniorStoryteller
 
Leveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsLeveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOps
SeniorStoryteller
 
VI package manager
VI package managerVI package manager
VI package manager
DMC, Inc.
 
NI Package Manager
NI Package ManagerNI Package Manager
NI Package Manager
DMC, Inc.
 
Continuous integration / deployment with Jenkins
Continuous integration / deployment with JenkinsContinuous integration / deployment with Jenkins
Continuous integration / deployment with Jenkinscherryhillco
 
Deployer
DeployerDeployer
Deployer
Michael Trestianu
 
Hidden Treasure - TestComplete Script Extensions
Hidden Treasure - TestComplete Script ExtensionsHidden Treasure - TestComplete Script Extensions
Hidden Treasure - TestComplete Script Extensions
SmartBear
 
TYPO3 CMS Release Cycles after 6.2 LTS (Draft)
TYPO3 CMS Release Cycles after 6.2 LTS (Draft)TYPO3 CMS Release Cycles after 6.2 LTS (Draft)
TYPO3 CMS Release Cycles after 6.2 LTS (Draft)Ernesto Baschny
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessRugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for Success
SeniorStoryteller
 
Mentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessMentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for Success
Sonatype
 
Quality and Testing in Agile
Quality and Testing in AgileQuality and Testing in Agile
Quality and Testing in Agile
Jan Verner
 
Scrum
ScrumScrum
Scrum
somyaadwan
 
Project management practitioner or software user?
Project management practitioner or software user?Project management practitioner or software user?
Project management practitioner or software user?
Denise Fotopoulou
 
Five XP Practices for Agile Development
Five XP Practices for Agile DevelopmentFive XP Practices for Agile Development
Five XP Practices for Agile Development
TechWell
 
Using DevOps to Drive the Agile ALM
Using DevOps to Drive the Agile ALMUsing DevOps to Drive the Agile ALM
Using DevOps to Drive the Agile ALM
TechWell
 
Tracking through kanban
Tracking through kanbanTracking through kanban
Tracking through kanban
Shuchi Singla AKT,SPC4,PMI-ACP,ITIL(F),CP-AAT
 
Scrum in Distributed Teams
Scrum in Distributed TeamsScrum in Distributed Teams
Scrum in Distributed Teams
Cprime
 
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Alan McSweeney
 
Alfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-Ducroire
Alfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-DucroireAlfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-Ducroire
Alfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-Ducroire
Alfresco Software
 
Agile Methods to Develop Tangible Products Quickly
Agile Methods to Develop Tangible Products QuicklyAgile Methods to Develop Tangible Products Quickly
Agile Methods to Develop Tangible Products Quickly
John Carter
 
Software development with agile methodologies
Software development with agile methodologiesSoftware development with agile methodologies
Software development with agile methodologies
Elmozamil Elamir
 
Agile Software Development and DevOps 21092019
Agile Software Development and DevOps 21092019Agile Software Development and DevOps 21092019
Agile Software Development and DevOps 21092019
Ahmed Misbah
 
Help Me, Help You: Supporting Your Data
Help Me, Help You: Supporting Your DataHelp Me, Help You: Supporting Your Data
Help Me, Help You: Supporting Your Data
Data Con LA
 
Essence of agile part 1
Essence of agile part 1Essence of agile part 1
Essence of agile part 1
Parul Jain
 
Empathy in Monitoring
Empathy in MonitoringEmpathy in Monitoring
Empathy in Monitoring
Zenoss
 
UX Australia - Service Design 2016: Designing great services for suppliers - ...
UX Australia - Service Design 2016: Designing great services for suppliers - ...UX Australia - Service Design 2016: Designing great services for suppliers - ...
UX Australia - Service Design 2016: Designing great services for suppliers - ...
Briony Williamson
 
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
One North
 
5 Keys to Your Best Automated Testing Strategy
5 Keys to Your Best Automated Testing Strategy5 Keys to Your Best Automated Testing Strategy
5 Keys to Your Best Automated Testing Strategy
SOASTA
 
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
 
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua CormanWhere Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
SeniorStoryteller
 

More Related Content

Similar to Aligning Your Team and Your Powers for Success

Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessRugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for Success
SeniorStoryteller
 
Mentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessMentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for Success
Sonatype
 
Quality and Testing in Agile
Quality and Testing in AgileQuality and Testing in Agile
Quality and Testing in Agile
Jan Verner
 
Scrum
ScrumScrum
Scrum
somyaadwan
 
Project management practitioner or software user?
Project management practitioner or software user?Project management practitioner or software user?
Project management practitioner or software user?
Denise Fotopoulou
 
Five XP Practices for Agile Development
Five XP Practices for Agile DevelopmentFive XP Practices for Agile Development
Five XP Practices for Agile Development
TechWell
 
Using DevOps to Drive the Agile ALM
Using DevOps to Drive the Agile ALMUsing DevOps to Drive the Agile ALM
Using DevOps to Drive the Agile ALM
TechWell
 
Tracking through kanban
Tracking through kanbanTracking through kanban
Tracking through kanban
Shuchi Singla AKT,SPC4,PMI-ACP,ITIL(F),CP-AAT
 
Scrum in Distributed Teams
Scrum in Distributed TeamsScrum in Distributed Teams
Scrum in Distributed Teams
Cprime
 
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Alan McSweeney
 
Alfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-Ducroire
Alfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-DucroireAlfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-Ducroire
Alfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-Ducroire
Alfresco Software
 
Agile Methods to Develop Tangible Products Quickly
Agile Methods to Develop Tangible Products QuicklyAgile Methods to Develop Tangible Products Quickly
Agile Methods to Develop Tangible Products Quickly
John Carter
 
Software development with agile methodologies
Software development with agile methodologiesSoftware development with agile methodologies
Software development with agile methodologies
Elmozamil Elamir
 
Agile Software Development and DevOps 21092019
Agile Software Development and DevOps 21092019Agile Software Development and DevOps 21092019
Agile Software Development and DevOps 21092019
Ahmed Misbah
 
Help Me, Help You: Supporting Your Data
Help Me, Help You: Supporting Your DataHelp Me, Help You: Supporting Your Data
Help Me, Help You: Supporting Your Data
Data Con LA
 
Essence of agile part 1
Essence of agile part 1Essence of agile part 1
Essence of agile part 1
Parul Jain
 
Empathy in Monitoring
Empathy in MonitoringEmpathy in Monitoring
Empathy in Monitoring
Zenoss
 
UX Australia - Service Design 2016: Designing great services for suppliers - ...
UX Australia - Service Design 2016: Designing great services for suppliers - ...UX Australia - Service Design 2016: Designing great services for suppliers - ...
UX Australia - Service Design 2016: Designing great services for suppliers - ...
Briony Williamson
 
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
One North
 
5 Keys to Your Best Automated Testing Strategy
5 Keys to Your Best Automated Testing Strategy5 Keys to Your Best Automated Testing Strategy
5 Keys to Your Best Automated Testing Strategy
SOASTA
 

Similar to Aligning Your Team and Your Powers for Success (20)

Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessRugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for Success
 
Mentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessMentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for Success
 
Quality and Testing in Agile
Quality and Testing in AgileQuality and Testing in Agile
Quality and Testing in Agile
 
Scrum
ScrumScrum
Scrum
 
Project management practitioner or software user?
Project management practitioner or software user?Project management practitioner or software user?
Project management practitioner or software user?
 
Five XP Practices for Agile Development
Five XP Practices for Agile DevelopmentFive XP Practices for Agile Development
Five XP Practices for Agile Development
 
Using DevOps to Drive the Agile ALM
Using DevOps to Drive the Agile ALMUsing DevOps to Drive the Agile ALM
Using DevOps to Drive the Agile ALM
 
Tracking through kanban
Tracking through kanbanTracking through kanban
Tracking through kanban
 
Scrum in Distributed Teams
Scrum in Distributed TeamsScrum in Distributed Teams
Scrum in Distributed Teams
 
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
 
Alfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-Ducroire
Alfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-DucroireAlfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-Ducroire
Alfresco Day Brussels 2016 - Alfresco customer use case: Delcredere-Ducroire
 
Agile Methods to Develop Tangible Products Quickly
Agile Methods to Develop Tangible Products QuicklyAgile Methods to Develop Tangible Products Quickly
Agile Methods to Develop Tangible Products Quickly
 
Software development with agile methodologies
Software development with agile methodologiesSoftware development with agile methodologies
Software development with agile methodologies
 
Agile Software Development and DevOps 21092019
Agile Software Development and DevOps 21092019Agile Software Development and DevOps 21092019
Agile Software Development and DevOps 21092019
 
Help Me, Help You: Supporting Your Data
Help Me, Help You: Supporting Your DataHelp Me, Help You: Supporting Your Data
Help Me, Help You: Supporting Your Data
 
Essence of agile part 1
Essence of agile part 1Essence of agile part 1
Essence of agile part 1
 
Empathy in Monitoring
Empathy in MonitoringEmpathy in Monitoring
Empathy in Monitoring
 
UX Australia - Service Design 2016: Designing great services for suppliers - ...
UX Australia - Service Design 2016: Designing great services for suppliers - ...UX Australia - Service Design 2016: Designing great services for suppliers - ...
UX Australia - Service Design 2016: Designing great services for suppliers - ...
 
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
 
5 Keys to Your Best Automated Testing Strategy
5 Keys to Your Best Automated Testing Strategy5 Keys to Your Best Automated Testing Strategy
5 Keys to Your Best Automated Testing Strategy
 

More from SeniorStoryteller

Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
 
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua CormanWhere Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
SeniorStoryteller
 
Implementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ SchleenImplementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ Schleen
SeniorStoryteller
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionScaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
SeniorStoryteller
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
SeniorStoryteller
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul ReedRelease Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
SeniorStoryteller
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsOps Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon Edwards
SeniorStoryteller
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh RaghavanBuilding Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh Raghavan
SeniorStoryteller
 
Breaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John WillisBreaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John Willis
SeniorStoryteller
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged Software
SeniorStoryteller
 
NuGet Package Management Done Right
NuGet Package Management Done RightNuGet Package Management Done Right
NuGet Package Management Done Right
SeniorStoryteller
 
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and DockerHero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
SeniorStoryteller
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
SeniorStoryteller
 
Heroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps TransformationsHeroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps Transformations
SeniorStoryteller
 
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainCreate Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply Chain
SeniorStoryteller
 
Guns, Germs and Microservices w/ John Willis and Josh Corman
Guns, Germs and Microservices w/ John Willis and Josh CormanGuns, Germs and Microservices w/ John Willis and Josh Corman
Guns, Germs and Microservices w/ John Willis and Josh Corman
SeniorStoryteller
 

More from SeniorStoryteller (20)

Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
 
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua CormanWhere Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
 
Implementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ SchleenImplementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ Schleen
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionScaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
 
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul ReedRelease Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsOps Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon Edwards
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh RaghavanBuilding Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh Raghavan
 
Breaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John WillisBreaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John Willis
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged Software
 
NuGet Package Management Done Right
NuGet Package Management Done RightNuGet Package Management Done Right
NuGet Package Management Done Right
 
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and DockerHero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
 
Heroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps TransformationsHeroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps Transformations
 
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainCreate Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply Chain
 
Guns, Germs and Microservices w/ John Willis and Josh Corman
Guns, Germs and Microservices w/ John Willis and Josh CormanGuns, Germs and Microservices w/ John Willis and Josh Corman
Guns, Germs and Microservices w/ John Willis and Josh Corman
 

Recently uploaded

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 

Recently uploaded (20)

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 

Aligning Your Team and Your Powers for Success

  • 1. Dallas, TX April 5, 2016 Mentor’s View: Aligning your team and your powers for success Mike Worthington, Customer Success Engineer, Sonatype
  • 2. Agenda 2 4/11/2016 • Software Supply Chain & Rugged DevOps • Getting Started on Your Journey • Interactive Demo – Setting Policy • Policy Results in Jenkins & Eclipse • Meaningful Success Metrics
  • 3. The Software Supply Chain 3 4/11/2016 • Hundreds of thousands of projects • 3-4 updates annually • 30 billion download requests last year • 1 in 16 have known vulnerabilities • 43% have no component governance • 75% of those who do don’t enforce it • 106 components per application • 24 known vulnerabilities • 73% have no inventory
  • 4. If manufacturers built cars the way we build software… 4 4/11/2016 Any part can be used even if it’s outdated or known to be unsafe. Since parts aren’t tracked, it’s challenging to issue a recall. There is no quality control or consistency from car to car. There is no inventory of parts used, or where. Choose any supplier for any part, regardless of quality.
  • 5. 5 4/11/2016 Apply Software Supply Chain Principles For Rugged DevOps
  • 6. Supplier & component selection (3rd party or Proprietary) Component quality & governance Monitoring components & assemblies (patches, updates, vulns, age) Guidelines & policies Bill of Materials Warehouse & Staging Image: Gartner Research, March 2016: Avoid Failure by Developing a Toolchain that Enables DevOps Nexus Automates Software Supply Chain Practices Across The Devops Toolchain
  • 7. Getting started on your journey 7 4/11/2016 Rugged DevOps, Software Supply Chain, Now What? • The Hero’s Journey • Align Your Heroes • Building Bridges • Setting Expectations
  • 8. Building a trusted software supply chain 8 4/11/2016
  • 9. Different stakeholders, different priorities 9 4/11/2016 Where’s that release? Done! On to the next sprint. Now, where are we in that process?
  • 10. 10 4/11/2016 Building a better bridge between Dev, Ops & Sec • Tooling needs to adopt the practice of the practitioner • A tool is not a process and a process is not a tool; learn to leverage both
  • 11. Two philosophies Support & guide • Objective information across the lifecycle • Each performs the task they are good at • Faster component selection and issue resolution • Bridges the developer “compliance” gap 11 4/11/2016 Scan & scold • Reactive information late in the lifecycle • Creates rework and slows remediation • Hinders technology innovation • More expensive
  • 12. 12 4/11/2016 Building a good component practice Phase 3 Reducing risk & enforcing compliance Phase 2 Creating policy & rating risk Phase 1 Understanding your environment
  • 13. 13 4/11/2016 Communicate expectations Determine lifecycle enforcement strategy: Allows developers time to research & fix or to request waivers Everything is documented on an internal WIKI Development CI Build Promotion to staging or release
  • 14. Fix the Red – Actionable? 14 4/11/2016
  • 15. Fix the Red – Actionable? 15 4/11/2016
  • 18. 18 4/11/2016 Out-of-the-box policies with easy customization Architecture Component License Security
  • 19. IQ Server Policy Definition 19 4/11/2016 DEMO
  • 20. IQ Server policy definition 20 4/11/2016
  • 21. Jenkins & IDE integration 21 4/11/2016 DEMO
  • 22. Toolchain integration – IDE & CI Server 22 4/11/2016
  • 23. 23 4/11/2016 ZTTR (Zero Time to Remediation) EMPOWER DEVELOPERS FROM THE START1
  • 24. 24 4/11/2016 DESIGN A FRICTIONLESS APPROACH 2
  • 25. 25 4/11/2016 CREATE A SOFTWARE BILL OF MATERIALS 3
  • 26. Defining Meaningful Success Metrics 26 4/11/2016 http://www.aintitcool.com/node/44547
  • 27. It’s Not What You Measure… 27 4/11/2016 http://ronjeffries.com/articles/016-03/you-want/
  • 28. …It’s the Behavior that Results 28 4/11/2016 Manager: “Nathan, this isn’t fair. You’re just showing the number of stories, not how big they are.” Nathan: “That’s right.” Manager: “But that’s not fair!” Nathan: [silent] Manager: “All I’d have to do would be to divide up my stories into little bits and release those every month.” Nathan: [silent, smiling] Manager: “Oh.” Soon, the manager was doing small stories, to the benefit of everyone. http://ronjeffries.com/articles/016-03/you-want/
  • 29. Success Metrics 29 4/11/2016 • Short Term – Time to Value • “By the end of the workshop, we configured ~80% of our policies. Just six business days after training, we have made the test environment available in our organization” • Long Term – Quality Metrics • MTTR • WIP • New violations delivered to production
  • 31. Wrap Up 31 4/11/2016 • Manage your Software Supply Chain • Collaborate with counterparts – BA/PM/Dev/QA/Ops/Sec. • Discuss mutual interdependence and shared objectives • Automated Real-Time Feedback is a win-win • http://bit.ly/app-check
  • 32. We’re here, engaged & READY TO HELP 32 Nexus Newsletter Nexus Live – Google Hangouts Cool Things in 2 Minutes Customer Success Team Training On-Site or OnlineOnline Knowledge BaseNexus Community Pages Books Online
  • 33. Dallas, TX April 5, 2016 Mike Worthington - http://bit.ly/mwsonatype Customer Success Engineer, Sonatype