Andrew Clay Shafer musing about the evolution of devsecops. Where are we now? Where could things go? Building a global community of practice learning and sharing.
DevOps & Security from an Enterprise Toolsmith's Perspectivedev2ops
Slides from presentation by Alex Honor and Damon Edwards at DevOps Connect at RSA 2015 in San Francisco on April 20, 2015.
Abstract:
IT organizations are feeling the squeeze from seemingly conflicting business mandates. At one moment the message is “Go Go Go. DevOps, Lean Startup, Continuous Delivery… move faster and give more people access”. The next moment the message is “Be more secure. Compliance above all. Keep us out of the press!”. Damon Edwards and Alex Honor work with many enterprises who are facing these challenges. This talk is an in the trenches view of how these companies are responding and learning to go faster and be more secure.
Application Security Epistemology in a Continuous Delivery WorldJames Wickett
CD Summit - Austin, from DevOps Connect
Desc:
Over the years, application security (appsec) has made progress, but it has also made some considerable mis-steps. Appsec focuses almost solely on developer awareness and secure development training as remediation. This isn’t sustainable and arguably does little good. There is a better way, but we have to separate ourselves from the core assumptions we have made that got us here.
http://www.devopsconnect.com/events/cd-summit-austin/
Talk given at ISC2 Secure SDLC event in Austin, TX
The release velocity for our applications is increasing, often leaving security testing behind. In some cases, the security team ends up being the bottleneck. That's bad. In an idyllic world, security testing would happen earlier in the development lifecycle, but lets do one better. Lets do security testing on every code change. Using automation tooling and DevOps practices, this talk will help you tune security testing to your release cadence and more importantly help you deliver more rugged software.
Rock Stars, Builders, and Janitors: You're Doing it WrongDocker, Inc.
You know these roles: the rock star, who is always rolling out a new demo or installing a new technology in your stack; the builder, who makes it reliable and makes it scale; the janitor, who cleans up all your messes, writes your docs, and tweaks your configs. Grow an engineering team to a certain size, and these roles reveal themselves and cement themselves into your processes.
You come to rely on these roles and the people who fill them. And that’s bad.
Yes, rock stars get the spotlight, while builders toil away in the background, and janitors are forgotten. But it’s not all about glory. Pigeonholing engineers hurts everyone and can slow down your engineering organization in the long run. If you’re only a rock star, you’ll never understand scale or user experience. If you’re only a builder, you’ll never learn to write clean configs or care about future use cases. If you’re only a janitor, you’ll never appreciate change or technical growth. You need to be all three to succeed.
DevOpsGuys - Getting Started with DevOps - Github/Azure WebinarDevOpsGroup
DevOpsGuys - Getting Started with DevOps - Github/Azure Webinar in April 2017 that talks about the 5 key ingredients you need to kick start your DevOps Transformation
Many companies have adopted agile for their software development teams. These teams are doing a great job sprinting and building a lot of potentially shippable product increments. The problem is the software is only potentially shippable. The focus on potentially shippable is leading to a “Potentially shippable product Problem” where teams aren’t actually releasing the value they created and are only focused on maintaining or improving their velocity.
This deck is from a session at Agile Camp 2018 in Dallas where we talked about how using Agile and DevOps practices together can solve the potentially shippable product problem and enable teams to not only sprint but also deliver value faster, with higher quality and in more stable environments.
DevOps & Security from an Enterprise Toolsmith's Perspectivedev2ops
Slides from presentation by Alex Honor and Damon Edwards at DevOps Connect at RSA 2015 in San Francisco on April 20, 2015.
Abstract:
IT organizations are feeling the squeeze from seemingly conflicting business mandates. At one moment the message is “Go Go Go. DevOps, Lean Startup, Continuous Delivery… move faster and give more people access”. The next moment the message is “Be more secure. Compliance above all. Keep us out of the press!”. Damon Edwards and Alex Honor work with many enterprises who are facing these challenges. This talk is an in the trenches view of how these companies are responding and learning to go faster and be more secure.
Application Security Epistemology in a Continuous Delivery WorldJames Wickett
CD Summit - Austin, from DevOps Connect
Desc:
Over the years, application security (appsec) has made progress, but it has also made some considerable mis-steps. Appsec focuses almost solely on developer awareness and secure development training as remediation. This isn’t sustainable and arguably does little good. There is a better way, but we have to separate ourselves from the core assumptions we have made that got us here.
http://www.devopsconnect.com/events/cd-summit-austin/
Talk given at ISC2 Secure SDLC event in Austin, TX
The release velocity for our applications is increasing, often leaving security testing behind. In some cases, the security team ends up being the bottleneck. That's bad. In an idyllic world, security testing would happen earlier in the development lifecycle, but lets do one better. Lets do security testing on every code change. Using automation tooling and DevOps practices, this talk will help you tune security testing to your release cadence and more importantly help you deliver more rugged software.
Rock Stars, Builders, and Janitors: You're Doing it WrongDocker, Inc.
You know these roles: the rock star, who is always rolling out a new demo or installing a new technology in your stack; the builder, who makes it reliable and makes it scale; the janitor, who cleans up all your messes, writes your docs, and tweaks your configs. Grow an engineering team to a certain size, and these roles reveal themselves and cement themselves into your processes.
You come to rely on these roles and the people who fill them. And that’s bad.
Yes, rock stars get the spotlight, while builders toil away in the background, and janitors are forgotten. But it’s not all about glory. Pigeonholing engineers hurts everyone and can slow down your engineering organization in the long run. If you’re only a rock star, you’ll never understand scale or user experience. If you’re only a builder, you’ll never learn to write clean configs or care about future use cases. If you’re only a janitor, you’ll never appreciate change or technical growth. You need to be all three to succeed.
DevOpsGuys - Getting Started with DevOps - Github/Azure WebinarDevOpsGroup
DevOpsGuys - Getting Started with DevOps - Github/Azure Webinar in April 2017 that talks about the 5 key ingredients you need to kick start your DevOps Transformation
Many companies have adopted agile for their software development teams. These teams are doing a great job sprinting and building a lot of potentially shippable product increments. The problem is the software is only potentially shippable. The focus on potentially shippable is leading to a “Potentially shippable product Problem” where teams aren’t actually releasing the value they created and are only focused on maintaining or improving their velocity.
This deck is from a session at Agile Camp 2018 in Dallas where we talked about how using Agile and DevOps practices together can solve the potentially shippable product problem and enable teams to not only sprint but also deliver value faster, with higher quality and in more stable environments.
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGroup
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly gives an overview of the strengths and weaknesses of DevOps automation, tips on developing your automation strategy, and a high level overview of automation options across the DevOps toolchain.
1 year has passed since my Devops laboratory talk in Devopsdays Melbourne and we haven't stopped experimenting. After all the buzz and great conversations at Devops days I decided to extend the talk with a few more experiments on top of the previous presentation. This talk was first presented in Last.conf Melbourne on June 2016. The objective is no matter were your company is in terms of adopting a Devops culture/mindset there is always opportunities to try something new.
The experiments covered include:
E0. At the beginning, there was devs and ops
E1. Placements
E2. The tooling team (code name Gandalf)
E3. Secondments
E4. Ops as an attribute of Business areas
E5. The era of Guilds
E6. The raise of the Delivery Engineering teams
E7. Sec + DevOps
E8. Leverage vs Autonomy
E9. Finance + DevOps
E10. ????
Deck for the Global Scrum Gathering in Austin, TX on May 22, 2019.
Summary:
Sometimes organizations that are going through an agile transformation complain that they aren’t getting the benefits that they expected, especially as it’s related to quality and sustaining their pace of delivery. One of the possible reasons could be that insufficient attention has been given to performing the technical practices that support the agile values and principles. One of the big problems that I have seen is development teams not doing the engineering practices and managers de-emphasizing or “not allowing” developers do them. We need to renew the emphasis on agile engineering practices and embrace the ideas of software craftsmanship – without this, agility will suffer. Join in the session as we talk about the relationship of Agile development and code quality and how lack of technical excellence impacts maintainability and time to market. Then we’ll review some agile engineering practices and recommendations on how to get started.
Learning Objectives:
What is clean code Description of technical practices Why lack of technical excellence can negatively impact the team's ability to sustain their delivery pace.
Hacker Games & DevSecOps presentation from Tallinnec 27.3. 2018 meetup. How to make DevSecOps more fun by playing hacker games? What can you learn from Hack The Box?
slides for VMworld presentation
Devops, Continuous Delivery, Microservices, Platforms, what does it all mean?
TL;DR
Automation is a function of what is being automated. Ad hoc automation will not solve deployment and operational problems as much as being thoughtful about the architectures being deployed. The technology and the people mirror each other's communication.
The talk from DevOps Days Silicon Valley 2015 conference which describes the signs of having or being a single point of failure expert on your system, and the ways to solve the problem
Architecture and organization (Abstractions II version)Kevin Goldsmith
Drawing on real-life examples from Avvo, Spotify, Adobe and Microsoft, Kevin Goldsmith explores why you should consider changing your organization to improve your architecture and discusses the successes and failures he’s seen around the interplay of organizational models and software architectures. Kevin often visits companies, where he hears about how they struggle to break up monolithic applications or move to a continuous deployment pipeline. Oftentimes, the organizational structure is clearly making their problems harder but is seen as something that can’t be changed. Kevin relates his own journey to a more experimental organizational style. As a developer at Microsoft, Kevin worked in a rigid hierarchy organized around functional areas. The communication flows within the organization dictated the way it structured its libraries and dependencies. This is the essence of Conway’s law. In this case, the company hierarchy and the architecture it produced was often suboptimal for the problem Kevin and his team were solving, but it was the architectural path of least resistance. When Kevin moved to Adobe and became a senior manager, he started to build his organization in the traditional way. Adobe wanted to create a more fluid and agile architecture for its products, but the company struggled to realize these goals because it was it was too hard to work across teams and reporting lines. The company finally started to make some progress as the organization became more fluid and loosely coupled. Kevin then went to Spotify, which had realized this problem early on and restructured its organization in a way that supported the architectural model that it wanted to build. As a vice president of engineering, Kevin was able to see firsthand how the organizational model simplified the architectural challenges that other companies struggled with while also introducing difficulties that other companies were easily able to overcome. When Kevin joined Avvo as its CTO, the company had the same organization and architectural challenges as many other startups, but rather than attack them only from an architectural angle, Avvo experimented with architecture and organization together to improve its legacy systems and help build new ones faster and with higher quality.
IPSE QA Freelancer Awards - We are the MakersDavid Walker
The talk I gave at the IPSE Awards on the need for Digital Innovation, the risks of Digital Disruption and how 'Thinking like a freelancer' is good for all of us.
Why #DevOps Transformation has to start with youDevOpsGroup
Why #DevOps Transformation has to start with you.
You are part of your organisation's culture, and in order to change the culture you need to change yourself, first. Learn some useful ideas of personal and DevOps Transformation from the @DevOpsGuys.
This is the talk I presented at the O'Reilly Software Architecture conference in San Francisco on November 15th, 2016. I talk about Conway's Law, my experience building organizations and evolving architectures at Avvo, Spotify and Adobe; and I talk about ways to leverage the homomorphic force of Conway's Law to improve your architecture.
What makes distributed teams especially challenging? How can we address these challenges to make our distributed organizations more effective?
In this talk, I discuss four main challenges: Conway's Law, Amdahl's Law (as applied to organizations), Empathy, and Communication. I give examples of these problems and solutions from my experience leading distributed teams over the last 25 years.
This talk was originally presented to Compare The Market in April of 2018.
Pragmatic Security and Rugged DevOps - SXSW 2015James Wickett
From SXSW Interactive 2015
Writing code that works is hard. Writing rugged code that can stand the test of time is even harder. This difficulty is often compounded by crunched timelines and fast cycles that prioritize new features. Add in evolving business needs and new technology and it becomes confusing to know what to do and how to integrate security into your application.
This workshop brings in some of the top developers and application security practitioners to help you ruggedize your end-to-end development lifecycle from code commit to running system.
Three Takeaways:
1. You will learn pragmatic approaches and tooling that will affect your development processes and delivery pipelines.
2. Armed with tools and ideas for monitoring your operational and runtime security.
3. You will walk away with code examples and tools that you can put into practice right away for security and rugged testing.
http://schedule.sxsw.com/2015/events/event_IAP35935
DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...DevOpsDays Houston
I’ll discuss how my experience of approaching DevOps not as another siloed effort but instead as a discipline by embedding engineers within cross-functional teams who are dedicated to continuously improving the quality of automation across the entire SDLC.
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGroup
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly gives an overview of the strengths and weaknesses of DevOps automation, tips on developing your automation strategy, and a high level overview of automation options across the DevOps toolchain.
1 year has passed since my Devops laboratory talk in Devopsdays Melbourne and we haven't stopped experimenting. After all the buzz and great conversations at Devops days I decided to extend the talk with a few more experiments on top of the previous presentation. This talk was first presented in Last.conf Melbourne on June 2016. The objective is no matter were your company is in terms of adopting a Devops culture/mindset there is always opportunities to try something new.
The experiments covered include:
E0. At the beginning, there was devs and ops
E1. Placements
E2. The tooling team (code name Gandalf)
E3. Secondments
E4. Ops as an attribute of Business areas
E5. The era of Guilds
E6. The raise of the Delivery Engineering teams
E7. Sec + DevOps
E8. Leverage vs Autonomy
E9. Finance + DevOps
E10. ????
Deck for the Global Scrum Gathering in Austin, TX on May 22, 2019.
Summary:
Sometimes organizations that are going through an agile transformation complain that they aren’t getting the benefits that they expected, especially as it’s related to quality and sustaining their pace of delivery. One of the possible reasons could be that insufficient attention has been given to performing the technical practices that support the agile values and principles. One of the big problems that I have seen is development teams not doing the engineering practices and managers de-emphasizing or “not allowing” developers do them. We need to renew the emphasis on agile engineering practices and embrace the ideas of software craftsmanship – without this, agility will suffer. Join in the session as we talk about the relationship of Agile development and code quality and how lack of technical excellence impacts maintainability and time to market. Then we’ll review some agile engineering practices and recommendations on how to get started.
Learning Objectives:
What is clean code Description of technical practices Why lack of technical excellence can negatively impact the team's ability to sustain their delivery pace.
Hacker Games & DevSecOps presentation from Tallinnec 27.3. 2018 meetup. How to make DevSecOps more fun by playing hacker games? What can you learn from Hack The Box?
slides for VMworld presentation
Devops, Continuous Delivery, Microservices, Platforms, what does it all mean?
TL;DR
Automation is a function of what is being automated. Ad hoc automation will not solve deployment and operational problems as much as being thoughtful about the architectures being deployed. The technology and the people mirror each other's communication.
The talk from DevOps Days Silicon Valley 2015 conference which describes the signs of having or being a single point of failure expert on your system, and the ways to solve the problem
Architecture and organization (Abstractions II version)Kevin Goldsmith
Drawing on real-life examples from Avvo, Spotify, Adobe and Microsoft, Kevin Goldsmith explores why you should consider changing your organization to improve your architecture and discusses the successes and failures he’s seen around the interplay of organizational models and software architectures. Kevin often visits companies, where he hears about how they struggle to break up monolithic applications or move to a continuous deployment pipeline. Oftentimes, the organizational structure is clearly making their problems harder but is seen as something that can’t be changed. Kevin relates his own journey to a more experimental organizational style. As a developer at Microsoft, Kevin worked in a rigid hierarchy organized around functional areas. The communication flows within the organization dictated the way it structured its libraries and dependencies. This is the essence of Conway’s law. In this case, the company hierarchy and the architecture it produced was often suboptimal for the problem Kevin and his team were solving, but it was the architectural path of least resistance. When Kevin moved to Adobe and became a senior manager, he started to build his organization in the traditional way. Adobe wanted to create a more fluid and agile architecture for its products, but the company struggled to realize these goals because it was it was too hard to work across teams and reporting lines. The company finally started to make some progress as the organization became more fluid and loosely coupled. Kevin then went to Spotify, which had realized this problem early on and restructured its organization in a way that supported the architectural model that it wanted to build. As a vice president of engineering, Kevin was able to see firsthand how the organizational model simplified the architectural challenges that other companies struggled with while also introducing difficulties that other companies were easily able to overcome. When Kevin joined Avvo as its CTO, the company had the same organization and architectural challenges as many other startups, but rather than attack them only from an architectural angle, Avvo experimented with architecture and organization together to improve its legacy systems and help build new ones faster and with higher quality.
IPSE QA Freelancer Awards - We are the MakersDavid Walker
The talk I gave at the IPSE Awards on the need for Digital Innovation, the risks of Digital Disruption and how 'Thinking like a freelancer' is good for all of us.
Why #DevOps Transformation has to start with youDevOpsGroup
Why #DevOps Transformation has to start with you.
You are part of your organisation's culture, and in order to change the culture you need to change yourself, first. Learn some useful ideas of personal and DevOps Transformation from the @DevOpsGuys.
This is the talk I presented at the O'Reilly Software Architecture conference in San Francisco on November 15th, 2016. I talk about Conway's Law, my experience building organizations and evolving architectures at Avvo, Spotify and Adobe; and I talk about ways to leverage the homomorphic force of Conway's Law to improve your architecture.
What makes distributed teams especially challenging? How can we address these challenges to make our distributed organizations more effective?
In this talk, I discuss four main challenges: Conway's Law, Amdahl's Law (as applied to organizations), Empathy, and Communication. I give examples of these problems and solutions from my experience leading distributed teams over the last 25 years.
This talk was originally presented to Compare The Market in April of 2018.
Pragmatic Security and Rugged DevOps - SXSW 2015James Wickett
From SXSW Interactive 2015
Writing code that works is hard. Writing rugged code that can stand the test of time is even harder. This difficulty is often compounded by crunched timelines and fast cycles that prioritize new features. Add in evolving business needs and new technology and it becomes confusing to know what to do and how to integrate security into your application.
This workshop brings in some of the top developers and application security practitioners to help you ruggedize your end-to-end development lifecycle from code commit to running system.
Three Takeaways:
1. You will learn pragmatic approaches and tooling that will affect your development processes and delivery pipelines.
2. Armed with tools and ideas for monitoring your operational and runtime security.
3. You will walk away with code examples and tools that you can put into practice right away for security and rugged testing.
http://schedule.sxsw.com/2015/events/event_IAP35935
DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...DevOpsDays Houston
I’ll discuss how my experience of approaching DevOps not as another siloed effort but instead as a discipline by embedding engineers within cross-functional teams who are dedicated to continuously improving the quality of automation across the entire SDLC.
DevOps is much more than tooling and technical details, it’s first and foremost a cultural and operational shift. This deck was given at www.devopscon.com, and covers some of the principles and best practices preached for by devops thought leaders such as John Allspaw, Jesse Robbins, Adrian Cockroft, Jez Humble and others.
Tools, Culture, and Aesthetics: The Art of DevOpsJ. Paul Reed
My DevOps Days Tel Aviv keynote: In this talk, we will examine why these now school-aged ideals remain so difficult to implement, explore why DevOps is often described as "the movement that refuses to identify itself," and what your team can do to confront the dichotomies they are likely to face as they transform how they, their colleagues, and their company go about their daily work.
In 2009 Patrick Dubois coined the term "DevOps" when he organised the first "DevOpsDays" In Ghent, Belgium. Since then the term has become a term to explain the collaboration between all organisational stakeholders in IT projects (developers, operations, QA, marketing, security, legal, …) to deliver high quality, reliable solutions where issues are tackled early on in the value stream.
But reality shows that many businesses that implement "DevOps" are actually talking about a collaboration between development, QA and operations (DQO). Solutions are being provided but lack the security and/or legal regulations causing hard-to-fix problems in production environments.
In this talk I will explain how the original idea of Patrick to include all stakeholders got reduced to development, QA and operations and why it's so difficult to apply security or compliance improvements in this model. I will also talk about ways to make the DQO model welcoming for security experts and legal teams and why "DevSecOps" is now the term to be used to ensure security is no longer omitted from the value process.
Finally we'll have a vote if we keep the term "DevOps" as an all-inclusive representation for all stakeholders or if we need to start using "DevSecOps" to ensure the business understands can no longer ignore the importance of security.
devops, microservices, and platforms, oh my!Andrew Shafer
A story about a boy and his quest to build great software delivered at the Cloud Foundry Summit in Santa Clara May 2015. (https://www.youtube.com/watch?v=rX4mQHPWuUY) Walk through the history of my personal career, and the evolution of the industry highlighting themes like devops, microservices and platforms.
Identify Development Pains and Resolve Them with Idea FlowTechWell
With the explosion of new frameworks, a mountain of automation, and our applications distributed across hundreds of services in the cloud, the level of complexity in software development is growing at an insane pace. With increased complexity comes increased costs and risks. When diagnosing unexpected behavior can take days, weeks, or sometimes months, all while our release is on the line, our projects plunge into chaos. In the invisible world of software development, how do we identify what's causing our pain? How do we escape the chaos? Janelle Klein presents a novel approach to measuring the chaos, identifying the causes, and systematically driving improvement with a data-driven feedback loop. Rather than measuring the problems in the code, Janelle suggests measuring the "friction in Idea Flow", the time it takes a developer to diagnose and resolve unexpected confusion, which disrupts the flow of progress during development. With visibility of the symptoms, we can identify the cause—whether it's bad architecture, collaboration problems, or technical debt. Janelle discusses how to measure Idea Flow, why it matters, and the implications for our teams, our organizations, and our industry.
OSDC 2019 | Feature Branching considered Evil by Thierry de PauwNETWAYS
With DVCSs, branch creation became very easy, but it comes at a certain cost. Long living branches break the flow of the software delivery process, impacting stability and throughput. The session explores why teams are using feature branches, what problems are introduced by using them and what techniques exist to avoid them altogether. It explores exactly what’s evil about feature branches, which is not necessarily the problems they introduce – but rather, the real reasons why teams are using them. After the session, you’ll understand a different branching strategy and how it relates to CI/CD.
DevOps Torino Meetup Group Kickoff Meeting - Why a meetup group on DevOps, wh...Rauno De Pasquale
Torino DevOps Meetup Group - Culture, Processes and Tools.
There is a lot of talking about DevOps culture and practices with different point of views and a lot of misunderstandings. This group aims to create a point of discussion to share experience, analysis and thoughts to help each us to better understand and implement DevOps approaches into our way of working in the Digital Services.
Si parla molto di DevOps ma rimane molta confusione circa il significato del termine, ci sono molti punti di vista diversi e anche diversi fraintendimenti. Questo gruppo si prefigge lo scopo di diventare un punto di aggregazione per condividere esperienze, studi e pensieri circa la cultura e le pratiche DevOps per poter giungere insieme a una migliore comprensione che ci possa aiutare a portare questo approccio nel nostro lavoro in ambito IT.
Two years ago at Devoxx UK we talked about DevOps, what it was, why it was important and how to get started. Boy, was it scary. Now we’re wiser. More battle-scarred. The large scale of the challenge for application writers exploiting cloud and DevOps is clearer, but so is the path forward. Understanding the DevOps approach is important, but equally you must understand specific deployment technologies, security issues, operational reliability, and how to drive organisational transformation. Whether creating simple applications or sophisticated microservice architectures many of the challenges are the same. Join us to learn how you can apply this within your team and company.
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"Daniel Bryant
Last year we talked about DevOps, what it was, why it was important and how to get started. Boy, was it scary. Now we’re wiser. More battle-scarred. The scale of the challenge for application writers exploiting cloud and DevOps is clearer, but so is the path forward. Understanding the DevOps approach is important but equally you must understand specific deployment technologies. How to exploit them and how they effect the design of applications. Whether creating simple applications or sophisticated microservice architectures many of the challenges are the same.
Presented at JAXLondon 2015 with Steve Poole
Everyone seems to have an intuitive understanding of ‘architecture’ as the process and product of planning, designing, and constructing. The problem is most people don’t have the same understanding which leads to disagreements about what the process and product entails. The transition from software shipped on physical media to software delivered as services further complicated the conversation as operating services introduces other factors that must be considered on an ongoing basis. These misunderstandings have only been exacerbated as greater speed and scale create new problems necessitating novel emergent solutions. This presentation will attempt to highlight the need for new language with dense semantics about the emerging architectures (because just saying ‘microservices’ is causing more problems than it solves) while also pointing out that many of the struggles people have delivering software are rooted in architecture.
DevOps Frequently Asked Questions of 2013 with Gene Kim and Jonathan Thorpe (...Serena Software
Gene Kim, award winning CTO and author of The Phoenix Project joins Jonathan Thorpe, DevOps evangelist at Serena Software to discuss the top DevOps FAQ of 2013. They discuss DevOps for both horses and unicorns and how DevOps can make a difference even in the enterprise with legacy software.
deep devops - learning to learn dotScale 2017Andrew Shafer
dotsScale talk about devops as an exercise in evolution of behavioral change based on organizational learning. Learning has only happened when behaviors have changed.
Little talk about using software to visualize software development. We are surrounded by information, but we don't always have actionable insights. Strategic visualizations can makes all the difference.
Presented at devopsdays Nashville. Tdeas to simplify conversations about systems thinking and transformation. Touches on devops history, systems thinking, double loop learning and the overwhelming opportunity to solve problems with software.
transforming how the world operates softwareAndrew Shafer
Quick run through of some ideas about continuously devopsing microservices for Velocity NY keynote. A bit about Pivotal, a bit about me, the industry, and you. Yes you...
Slides given at Agile 2015 to support talk with Josh Long
Walks through basic ideas of Cloud Foundry BOSH, Cloud Foundry Elastic Runtime and Spring Boot/Spring Cloud.
Covered these slides in ~20 minutes, then did 50 minutes of Lattice demos and Spring live coding.
High level introduction to Linux Containers. Presented at Interop Las Vegas 2015. Frames the discussion with an introduction to intermodal shipping containers, the innovation around logistics and purpose built infrastructure and the impact. Walk through features of the Linux kernel which provide isolation and limitation and packaging applications as filesystem images. Finish talking about the emerging purpose built infrastructure for managing container deployments.
Configuration Management Camp presentation on the why and what of BOSH. Highlights the 'why' of deploying Cloud Foundry Elastic Runtime and the design decisions to do that.
devops, cultivation and the cycle of creation and disruption framed with the history of the samurai adaptation to the Mongol invasion and the book of 5 rings
Organizational Learning!
Nash Equilibriums!
Pareto Inefficiencies!
Oh My!
reprising themes I want everyone to understand and apply to to building the future
there is no talent shortage - Velocity 2013Andrew Shafer
slides for talk at Velocity 2013
there is no talent shortage.
there is a shortage of courage and vision.
learning is a competitive advantage.
we get the future we deserve.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
24. hidden available ambient
can’t find searchable cultivated
strong silos publish info share personally
everything is secret secret to company global community
Sharing
25. Lean Subsumes ALL the Things
ignore what a terrible metaphor manufacturing is for software
31. lol try do
security? after the fact first principles
theatrics tools built in
hide blame own
Security
32. devops
• developers and operations can
and should work together
• system administration evolving to
look more like software
development
• evolving together as global
community sharing solutions
Legacy me - in 2010
33. devsecops
• developers AND operations AND
security can and should work
together
• security is evolving to incorporate
more software development
• evolving together as global
community sharing solutions
me - in 2019
46. what they really want
• scalability
• availability
• reliability
• operability
• usability
• observability
• all for free
• without changing anything
66. what are the infosec analogs
for ‘observability’, ‘reliability’,
‘resiliance’ & ‘chaos’?
67. It ought to be remembered that there is nothing more difficult to take
in hand, more perilous to conduct, or more uncertain in its success,
than to take the lead in the introduction of a new order of things.
Because the innovator has for enemies all those who
have done well under the old conditions, and lukewarm
defenders in those who may do well under the new.
Niccolò Machiavelli, The Prince