Making software products can be fraught with conflicts, where people in different roles may feel sabotaged by others. In this talk I present a model for thinking about the problems we solve and how we solve them, and using that I hope to convince you that team excellence comes from our differences, rather than in spite of them. Hopefully you'll walk away with a deeper understanding of that colleague that never writes tests, or the one that constantly complains that all you do is "make bugs".

1. TurtleSec
Turtle
Sec
@pati_gallardo

2. TurtleSec
Good
Morning!

3. TurtleSec
Welcome to
Bugs As A Service

4. TurtleSec
Our Problem
We’re not too sure about it yet...
Is it serious?
Do we have to fix it now?
Is it easy to fix?
How long will it take?
Let me introduce...

5. TurtleSec
TurtleSec
Imagine if we could place
it in some sort of system

6. TurtleSec
Maybe how to solve the
problem says something
about the problem
Crisis
Management
Experimentation
Debugging
Automation
Routine
Engineering
Good practice

7. TurtleSec
TurtleSec
Chaos
Clear
Complicated
Complex
Cynefin framework
by
Dave Snowden

8. TurtleSec
The people who work there
Ellis
Designer
Parker
Incident R.
Alec
Dev
Bailey
SRE

9. TurtleSec
The people that don’t really know where they belong
Finley
Tech Lead
Oakley
Sr Dev
Kian
QA

10. TurtleSec
Our Team
So, let's take a look at...
Parker
Incident R.
Kian
QA
Bailey
SRE
Oakley
Sr Dev
Alec
Dev
Finley
Tech Lead
Ellis
Designer

11. TurtleSec
BAAS, Bugs As
A Service
Finley
Tech Lead
Oakley
Senior Dev
Alec
Dev
Parker
Incident Resp.
Kian
QA
Bailey
SRE
Ellis
Designer

12. TurtleSec
Oh, yeah, sorry…
I almost forgot...
Jeff
Sales Guy

13. TurtleSec
And ehh...
Brad
The Customer

14. TurtleSec
It’s Saturday,
and today
they will all have
A Really Bad Day

15. - I can’t work like this
KDE Akademy 2021 Turtle
Sec

16. Patricia Aas - Trainer & Consultant
C++ Programmer, Application Security
Currently : TurtleSec
Previously : Vivaldi, Cisco, Knowit, Opera Software
Master in Computer Science
Pronouns: she/her
@pati_gallardo
Turtle
Sec

17. TurtleSec
So back to our
Heroes

18. TurtleSec
There was an alert in production
Kian started looking at the logs
They look weird
Kian pings the team on slack
Kian
QA

19. TurtleSec
We might
have a
problem

20. TurtleSec
Oakley was home on the couch
She takes a look at the logs
Yeah, they do look odd
She logs into the server
Has a look at what is running
Things look off
She pings Bailey
Oakley
Senior Dev

21. TurtleSec
Bailey was busy building IKEA shelves,
but has notification sound on on her
phone just in case
She catches up and says:
“Nothing has happened. It’s Saturday.
Everything was fine yesterday.”
Bailey
Site Reliability Eng.

22. TurtleSec
But something is off
Performance is down
Massive amounts of data is
being pulled off the server

23. TurtleSec
Ok, we have a problem
And it is unfolding as we speak

24. TurtleSec
TurtleSec
Chaos
But we still don’t know
anything

25. TurtleSec
Parker pops in,
takes one look
and tells Bailey to take the site and the
server offline immediately.
She hops on a slack thread with Kian and
Bailey.
Something is Seriously Wrong.
Parker
Incident Responder

26. TurtleSec
Parker
Incident Responder
Kian
QA
Bailey
SRE

27. TurtleSec
TurtleSec
Server is offline
We’re not bleeding data anymore
But we still don’t know anything
Complex

28. TurtleSec
Chaos
Our Heroes
moved our problem out of Chaotic domain
and into the Complex domain.

29. TurtleSec
Ellis & Finley show
up on Slack because
of another matter.
There were some
strange tweets.
Cryptic Tweets
Ellis
Designer
Finley
Tech Lead

30. TurtleSec

31. TurtleSec
Finley joins Oakley
in trying to debug
the system on an
Zoom call.
They ping Alec to
join them.
Finley
Tech Lead
Oakley
Senior Dev

32. TurtleSec
Alec
Dev
Alec was gaming,
but sees the ping
and begrudgingly takes the Zoom call.
- Come on! It’s Saturday!

33. TurtleSec
Finley
Tech Lead
Oakley
Senior Dev
Alec
Dev
Zoom:
Mob
Debugging

34. TurtleSec
Ellis is deep in the Twittersphere trying to
figure out what is going on…
Ellis
Designer

35. TurtleSec
Brad
Customer
Jeff
Sales Guy
What is
going on???
The server is
offline????
I’m sure it’s nothing!
Let me check with
the team!!!

36. TurtleSec
Finley
Tech Lead
Oakley
Senior Dev
Alec
Dev
Jeff
Sales Guy
What is going on???
I’ve got the client on
the phone he says the
server is offline????
I need info ASAP!!

37. TurtleSec
Alec
Dev
Listen!
We’re trying to
work here!

38. TurtleSec
Jeff
Sales Guy
I have a paying
customer on the
line!!!
I need answers
NOW!!!!

39. TurtleSec
Alec
Dev
I can’t work
like this!

40. TurtleSec
Finley has to break off
the debugging session
to manage Jeff and the
Customer.
Finley
Tech Lead
Jeff
Sales Guy
!!!

41. TurtleSec
Ellis has been digging and the tweets
seem to have been fake.
They author doesn’t have any data,
it was just accidental that it came at the
same time as the alert.
Ellis
Designer

42. TurtleSec
Kian
QA
Meanwhile Kian has also made some
discoveries…
“Someone” had committed the server
credentials to the open GitHub repo.
Luckily only non-sensitive public data
was on that server.
The data being pulled was just public
stuff that was on their website anyway.

43. TurtleSec
Kian
QA
Ellis
Designer

44. TurtleSec
TurtleSec
Complicated
The data that was leaked was not sensitive
But the intruder had access to the server
Complex

45. TurtleSec
Our Heroes
Complex
Complicated

46. TurtleSec
Finley
Tech Lead
Oakley
Senior Dev
Alec
Dev
Zoom:
Discussion
on Fix Plan:
- Remove the creds from git
history
- A new server instance with new
creds should be started

47. TurtleSec
Finley
Tech Lead
Oakley
Senior Dev
Alec
Dev

48. TurtleSec
Complicated
Our Heroes
Clear

49. TurtleSec
Kian
QA
Bailey
SRE
Oakley
Senior Dev
Oakley and Bailey get up a new server instance,
point all traffic towards it
and bring both the site and the server online again.
Kian does initial testing of the live website.
Bugs As A Service is back!

50. TurtleSec
Clear
We had managed to move the problem
All the way to the clear domain
And there we managed to fix it
Complicated
Complex
Chaos

51. TurtleSec
Clear
Our Heroes

52. TurtleSec
Our problems start off
as unknowns…
Then they move
Crisis
Management
Experimentation
Debugging
Engineering
Good practice
Chaos
Clear
Complicated
Complex
Automation
Routine

53. TurtleSec
Complex Complicated
Clear
Chaotic
Solving Problems
Cynefin
Framework
by
Dave Snowden

54. TurtleSec
So, Finley, what’s the
lesson here?
Don’t push creds to
GitHub?
Lol, no I mean really!
What should we
learn from this?
That folks are
different is a feature
not a bug?
Finley
Tech Lead
Alec
Dev
Then they think
differently?

55. TurtleSec
TurtleSec
Chaos
Clear
Complicated
Complex
Cynefin framework
by
Dave Snowden

56. TurtleSec
Never underestimate QA,
they know where all the
bodies are buried!
Kian
QA
The REAL
lesson is...

57. TurtleSec
BAAS, Bugs As
A Service
Finley
Tech Lead
Oakley
Senior Dev
Alec
Dev
Parker
Incident Resp.
Kian
QA
Bailey
SRE
Ellis
Designer

58. TurtleSec
The End

59. TurtleSec
TurtleSec
Turtle
Sec
@pati_gallardo