KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, boldstart VC

•Download as PPTX, PDF•

0 likes•101 views

Fifteen years ago, we'd barely started to use S3, and ten years ago DevOps was the new thing. Today, we can add a new tool, technology, or trick every week, and more and more work is shifted into the application developer's workflow. If security, resiliency, and incident response become part of product teams, where will we be ten years from now, and what should we do today to get ready?

Technology

THE NEXT TEN YEARS OF
Ellen Chisa - @ellenchisa - 11/25/2021

Self Provisioning Infra
(hello world gif)

iPads were new
Google+ just launched
Quikster
Nokia
Angular was new
No NPM
AWS Console was Manageable
SysAdmin vs. DevOps was a
thing

1. Business requires (fast) change
2. Change causes outages
3.Lowering the risk of change through
tools and culture
John Allspaw (Flickr/Yahoo!) and Paul Hammond (Flickr)
"10+ Deploys Per Day: Dev and Ops Cooperation at Flickr"
Dev and Ops

Everyone has a computer in
their pocket
Metaverse, web3, crypto, NFTs
Jamstack Apps
1.3 Million Packages in NPM
150 services in AWS Console
Deploying 26,280x more often

“Their evidence refutes the
bimodal IT notion that you
have to choose between
speed and stability—instead,
speed depends on stability,
so good IT practices give you
both.”

4 ways we’ll keep doing that,
and what that means ten
years from now.

Realtime feedback loops in
all tools will increase speed
and reduce risk.

Incident Occurs
Self healing infrastructure &
playbooks become automated
resolution of knowns.

Pager Goes Off
“In the future systems will be
much smarter about escalating
to the best possible people
considering a bunch of factors
like time zone, area of
expertise, and recency of
contact with the system being
reported on (the last N
committers to a project, or the
last N to update some config)”
- Paul Nakata

Incident infrastructure will
reduce risk and increase
speed.

1. Take into account learning style
2. Not too hard
3. Not too easy
4. Progressive disclosure
5. Docs & error messages to enable
users to solve their own issues
6. Customization is expert mode

1. Take into account learning style
2. Not too hard

1. Take into account learning style
2. Not too hard
3. Not too easy
4. Progressive disclosure

Customizations
Sarah Drasner and Jake Downs thread

Tools with good DevEx will
increase speed and reduce
risk.

Today’s Big Four Metrics (Accelerate)
Speed:
1. Deployment Frequency (the frequency at which new releases go to production)
2. Lead Time For Changes (the time until a commit goes to production)
Risk:
1. Change Failure Rate (the ratio of deployments to production that leads to errors
and successful deployments).
2. Mean Time to Restore (the time it takes to resolve a service impairment in
production)

Executives (and investors) care about...

Communicating in
business metrics will get
buy in for future
investments.

If we get:
- Full organizational buy-in for the importance of ops
- Tools designed for flow and developer experience
- Real time feedback when something goes wrong
- Incidents managed as well as deploys

Smoother cross team collaboration and
more infra resources
Work is more fun
Speed goes towards ∞
Risk goes towards 0
Self-provisioning runtimes
Everyone writes software
We’re going to need a bigger room for
this
conference

Tools Appendix by Section & References
Realtime Feedback:
- scratch.mit.edu (kids)
- replay.io (debug)
- snaplet.dev (database snapshots)
- zuplo.com (api gateway)
Incidents:
- ab.bot (chatbot infra)
- fiberplane.dev (incident notebook)
- kumospace.com (comms platform)
- honeycomb.io (observability)
- allma.io (incident slack infra)
- jeli.io (incident analysis)
- blameless.com (incident analysis)
Developer Experience:
- darklang.com (backend)
- codesee.io (architecture maps)
- tryfabric.com (slack <> github)
- useoptic.com (API changes)
- railway.app (infra setup)
Books, articles, talks:
- Accelerate (Forsgren, Humble, Kim)
- 10+ Deploys per day (Allspaw, Hammond)
- Incident Review Best Practices Survey
(Pragmatic Engineer)
- Great Documentation Examples
(WorkOS)
- Preparing a Board Deck (Sequoia)
- Self Provisioning Runtime (Swyx)

‫תודה‬
Ellen Chisa - @ellenchisa - 11/25/2021

Today, organizations of all shapes and sizes depend on feature-packed application releases to keep end users productive and happy. In their new book, The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations, Gene Kim and his co-authors shared ways that high-performing organizations use DevOps principles to enable reliable deployments - and boring releases! Gene Kim, CTO, DevOps researcher and co-author of the DevOps Handbook and The Phoenix Project, and Anders Wallgren, CTO of Electric Cloud shared their tips for overcoming the challenges of DevOps and Continuous Delivery at scale. During the webinar, they discussed: - The business value of DevOps - How to eliminate “deployment anxiety” and increase business agility - Lessons learned from large scale DevOps transformations - The advantages and disadvantages of practicing DevOps in large organizations

The Devops Handbook

Harish Kamugakudi Marimuthu

DevOps 101 - an Introduction to DevOps

Red Gate Software

DevOps is an increasingly useful tool for achieving business objectives, enabling your teams to work together to improve the efficiency and quality of software delivery. However, despite its growing popularity, there is still a lack of clarity over what DevOps actually means, how organizations should do it and what's the best way to get started. DevOps 101 takes a brief look at the history of DevOps, why it started, what problems it is intended to solve and how you can start implementing it. The slides were delivered by James Betteley, Head of Education at the DevOpsGuys in a one-hour webinar. The full recording is available here - https://youtu.be/4gC3WpbetKs?t=2s James has spent the last few years neck-deep in the world of DevOps transformation, helping a wide range of organizations optimize the way they collaborate to deliver better software, faster. James was joined by Elizabeth Ayer, Portfolio Manager, from Redgate Software. Elizabeth looks after a range of Redgate products that help teams extend their DevOps practices to SQL Server databases. For more information visit www.devopsguys.com and www.red-gate.com

2017 DevSecOps Survey

Sonatype

Leverage DevOps & Agile Development to Transform Your Application Testing Pro...

Deborah Schalm

Discover how Sona Srinivasan, Senior Architect of Cisco IT’s Global Architecture and Technology Services group, helps transform an IT DevOps strategy to a Security DevOps strategy, with IBM Security's assistance. Cisco is presently implementing continuous security and agile methods throughout the software development lifecycle (SDLC), and specific examples of current initiatives will be reviewed in this session.

How to Build a DevOps Toolchain

IBM UrbanCode Products

cdSummit Austin - Jez Humble: CD Architecture

Miles Blatstein

DevOps: A Culture Transformation, More than Technology

CA Technologies

DevOps is not a new technology or a product. It's an approach or culture of SW development that seeks stability and performance at the same time that it speeds software deliveries to the business. We will discuss this cultural shift where development teams have to accept the feedback of operations teams and the operations team should be ready to accept frequent updates to the SW that it's running. To learn more about DevOps solutions from CA Technologies, please visit: http://bit.ly/1wbjjqX

DevOps is a methodology capturing the practices adopted from the very start by the web giants who had a unique opportunity as well as a strong requirement to invent new ways of working due to the very nature of their business: the need to evolve their systems at an unprecedented pace as well as extend them and their business sometimes on a daily basis. While DevOps makes obviously a critical sense for startups, I believe that the big corporations with large and old-fashioned IT departments are actually the ones that can benefit the most from adopting these principles and practices.

DevOps by examples - Continuous Lifecycle London 2017

Giulio Vian

New DevOps for the DBA

Kellyn Pot'Vin-Gorman

DevOps Explained

Richard Seroter

DevOps-Redefining your IT Strategy-28thJan15

Edureka!

The Human Side of DevSecOps

Jules Pierre-Louis

Much attention is focused to the technology aspects of DevOps, including how to automate security testing. But DevOps is as much a cultural movement as anything else, with a strong focus on feedback loops and continuous improvement. How can organizations implement these aspects of DevOps culture when integrating security, given the massive shortfall in skilled information security personnel? This talk discusses organizational and cultural aspects of DevOps with an emphasis on the role of “security champions”—developers cross-trained in information security basics—in executing a successful DevSecOps transformation.

How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...

WalmartLabs

The Coming Earthquake in IIS and SQL Configuration Management

Jules Pierre-Louis

Top Lessons Learned From The DevOps Handbook

XebiaLabs

DevOps Transformations

Ernest Mueller

Next Level DevOps Implementation with GitOps

Ramadoni Ashudi

Enterprise DevOps Adoption LinkedInGary Stafford

What Is DevOps?

Soumya De

DevOps 2016 summit

Chihyang Li

devops

Somkiat Puisungnoen

Devops: A History

Nell Shamrell-Harrington

Devops skills you got what it takes ?

Initcron Systems Private Limited

Whether you are a Developer, QA or a IT Operations personnel, with organizations adapting devops practices you need to skill up with the latest and the greatest of the devops tools, relevant to you. And its not the same basket of tools that dev and ops both opt for. This talk is about the essential devops skills required to transform yourself to be a next gen devops professional. And this is based on real data, a devops skills report 2016 (to be published soon) by Initcron Systems.

CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack

DevOpsDays Tel Aviv

Configuration Management is at the core of Ops. It’s the biggest enabler of any compute operation, small and big. In the past decade, we have switched from thinking about the machines we are configuring, to think about the software and services we are controlling. With that change of mindset, so did the tools we are using. Traditional tools like Puppet, chef, salt and Ansible are slowly declining while new tools such as Terraform, Pulumi, Helm and Kustomize are on the rise. In this talk I will try to describe the pain-points and the opportunities of this transformation as well as suggesting a future direction based on tools developed at the big-tech companies (Mainly facebook and google).

DevOps 101 for Government

Sanjeev Sharma

Continuous Deployment

Brian Henerey

Software development process for outsourcing team

Mykhail Galushko

What's hot

DevOps Introduction

Robert Sell

DevOps explained

Jérôme Kehrli

DevOps by examples - Continuous Lifecycle London 2017

Giulio Vian

New DevOps for the DBA

Kellyn Pot'Vin-Gorman

DevOps Explained

Richard Seroter

DevOps-Redefining your IT Strategy-28thJan15

Edureka!

The Human Side of DevSecOps

Jules Pierre-Louis

How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...

WalmartLabs

The Coming Earthquake in IIS and SQL Configuration Management

Jules Pierre-Louis

Top Lessons Learned From The DevOps Handbook

XebiaLabs

DevOps Transformations

Ernest Mueller

Next Level DevOps Implementation with GitOps

Ramadoni Ashudi

Enterprise DevOps Adoption LinkedInGary Stafford

What Is DevOps?

Soumya De

DevOps 2016 summit

Chihyang Li

devops

Somkiat Puisungnoen

Devops: A History

Nell Shamrell-Harrington

Devops skills you got what it takes ?

Initcron Systems Private Limited

CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack

DevOpsDays Tel Aviv

DevOps 101 for Government

Sanjeev Sharma

What's hot (20)

DevOps Introduction

DevOps explained

DevOps by examples - Continuous Lifecycle London 2017

New DevOps for the DBA

DevOps Explained

DevOps-Redefining your IT Strategy-28thJan15

The Human Side of DevSecOps

How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...

The Coming Earthquake in IIS and SQL Configuration Management

Top Lessons Learned From The DevOps Handbook

DevOps Transformations

Next Level DevOps Implementation with GitOps

Enterprise DevOps Adoption LinkedIn

What Is DevOps?

DevOps 2016 summit

devops

Devops: A History

Devops skills you got what it takes ?

CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack

DevOps 101 for Government

Similar to KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, boldstart VC

Continuous Deployment

Brian Henerey

Software development process for outsourcing team

Mykhail Galushko

Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...

DevOps Indonesia

JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"

Daniel Bryant

Last year we talked about DevOps, what it was, why it was important and how to get started. Boy, was it scary. Now we’re wiser. More battle-scarred. The scale of the challenge for application writers exploiting cloud and DevOps is clearer, but so is the path forward. Understanding the DevOps approach is important but equally you must understand specific deployment technologies. How to exploit them and how they effect the design of applications. Whether creating simple applications or sophisticated microservice architectures many of the challenges are the same. Presented at JAXLondon 2015 with Steve Poole

DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole

JAXLondon_Conference

2021-10-14 The Critical Role of Security in DevOps.pdf

Savinder Puri

«Організація процесу розробки мобільного застосунку для аутсорсингової команд...

IT Weekend

Andy singleton continuous delivery-fcb - nov 2014

Brad Power

Software is an important tool for improving the speed, reliability, and quality of existing processes in every corner of a modern enterprise. Now revolutionary software development practices adopted by online leaders like Amazon, Facebook, and Google have achieved new levels of speed and flexibility. New software is broken into smaller pieces: big 'waterfall' releases are replaced by smaller 'agile sprints', and then into a continuous flow of smaller components - each optimized with specific points of measurement and feedback.

Agile & DevOps - It's all about project success

Adam Stephensen

Combining Speed of Delivery and Quality in Complex Systems

Manuel Pais

Technologies for startup

Dzung Nguyen

Dev ops

Eslam El Husseiny

RTI Data-Distribution Service (DDS) Master Class 2011

Gerardo Pardo-Castellote

The Unicorn Project and The Five Ideals (Updated Dec 2019)

Gene Kim

It is impossible to overstate how much I’ve learned since co-authoring The Phoenix Project, DevOps Handbook, and Accelerate. I’m so excited that after years of work, The Unicorn Project will be published later this year. This book is my attempt to frame what I’ve learned studying technology leaders adopting DevOps principles and patterns in large, complex organizations, often having to fight deeply entrenched orthodoxies. And yet, despite huge obstacles, they create incredibly effective and innovative teams that create beacons of greatness that inspire us all. In this book, we follow a senior lead developer and architect as she is exiled to the Phoenix Project, to the horror of her friends and colleagues, as punishment for contributing to a payroll outage. She tries to survive in what feels like a heartless and uncaring bureaucracy, forced to work within a system where no one can get anything done without endless committees, paperwork, change requests, and approvals. Decades of technical debt make even small changes difficult or impossible, often causing catastrophic outcomes and fear of punishment. I get tremendous delight and gratification that this book is not about the bridge crew of the Starship Enterprise -- instead, it is about redshirt engineers, which as it turns out, whose heroic work matters most to the long-term survival of almost every organization. In my previous books, I’ve focused on principles and practices (e.g., Three Ways, Four Types of Work). However, I’ve always wanted to describe the spectrum of cultural, experiential and value decisions we make that either enable greatness, or create chronic suffering and underperformance. They are currently as follows: • The First Ideal — Locality and Simplicity • The Second Ideal — Focus, Flow and Joy • The Third Ideal — Improvement of Daily Work • The Fourth Ideal — Psychological Safety • The Fifth Ideal — Customer Focus In this talk, I’ll share with you my goals and aspirations for The Unicorn Project, describe in detail the Five Ideals, along with my favorite case studies of both ideal and non-ideal, and why I believe more than ever that DevOps will be one of the most potent economic forces for decades to come.

HLayer / Cloud Native Best Practices

Aymen EL Amri

Introduction to DevOps slides.pdf

BoreVishnusai

DOES15 - Ernest Mueller - DevOps Transformations At National Instruments and...

Gene Kim

Ernest Mueller, Lean Systems Manager, AlienVault DevOps Transformations At National Instruments and Bazaarvoice (And Infosec!) In this presentation, I’ll share the thrills and chills of the real-world successes and setbacks in culture and collaboration, speeding up software releases, embedding DevOps engineers into product teams, implementing agile processes with operations teams, integrating testing and information security into daily work, automation and its pitfalls, metrics and their weaponization, and more. I’ll also discuss how we integrated security objectives into all these initiatives.

Virtual Data : Eliminating the data constraint in Application Development

Kyle Hailey

DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...

Daniel Bryant

Two years ago at Devoxx UK we talked about DevOps, what it was, why it was important and how to get started. Boy, was it scary. Now we’re wiser. More battle-scarred. The large scale of the challenge for application writers exploiting cloud and DevOps is clearer, but so is the path forward. Understanding the DevOps approach is important, but equally you must understand specific deployment technologies, security issues, operational reliability, and how to drive organisational transformation. Whether creating simple applications or sophisticated microservice architectures many of the challenges are the same. Join us to learn how you can apply this within your team and company.

Securing a great DX - DevSecOps Days Singapore 2018

Stefan Streichsbier

In the software engineering world, change is the only constant. And in the course of the last decades, the frequency of that change has exploded. What Agile has brought to software teams, DevOps is now bringing to the entire organization. And the results speak for themselves. The DevOps high-performers are killing it. Insane deploy frequencies of features, high reliability of applications, and high productivity of cross-functional teams have amplified the speed at which ideas become a reality. In parallel, Application Security was doing its own thing and to a large part remained oblivious to all the impressive improvements that were happening in software engineering. Because breaking an application doesn’t need any knowledge of how it was created in the first place. This talk will cover anti-patterns that are preventing application security from being adopted by development teams, such as: * Signals versus Noise * Lost in Translation * Make it easy

Similar to KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, boldstart VC (20)

Continuous Deployment

Software development process for outsourcing team

Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...

JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"

DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole

2021-10-14 The Critical Role of Security in DevOps.pdf

«Організація процесу розробки мобільного застосунку для аутсорсингової команд...

Andy singleton continuous delivery-fcb - nov 2014

Agile & DevOps - It's all about project success

Combining Speed of Delivery and Quality in Complex Systems

Technologies for startup

Dev ops

RTI Data-Distribution Service (DDS) Master Class 2011

The Unicorn Project and The Five Ideals (Updated Dec 2019)

HLayer / Cloud Native Best Practices

Introduction to DevOps slides.pdf

DOES15 - Ernest Mueller - DevOps Transformations At National Instruments and...

Virtual Data : Eliminating the data constraint in Application Development

DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...

Securing a great DX - DevSecOps Days Singapore 2018

More from DevOpsDays Tel Aviv

YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...

DevOpsDays Tel Aviv

From idea to execution, the challenges of publishing an open source project are very similar to initializing a startup when it comes to creating a successful product that people will love and use. Most open source projects are not “taking-off”, although they are really good! This is because developers (which are usually the creators of open source projects) think that writing the code is the hard part and “neglect” the other parts of publishing a good open source project. In this talk, I will use my experience as a contributor to open source and product head of a startup, to go beyond writing the code itself and cover the other central aspects of creating an open source project, like MVP, product/market fit, marketing and more.

GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto

DevOpsDays Tel Aviv

If you have never used GraphQL before, you probably think that it is just another buzzword that will be forgotten in a few years. You might think: “Why do I need to learn a new way to write APIs when REST already answers all my needs?”. Or, you are excited to learn something new but don’t believe GraphQL is mature enough for production. In this talk, I will remind you of some of the pain points you have probably experienced when using REST. I will then explain what GraphQL is and demonstrate how it solves these pain points. Next, I will discuss the disadvantages of GraphQL. Finally, I will provide some guidelines for choosing between REST and GraphQL. By the end of this talk, you will understand what GraphQL is and when to use it.

MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...

DevOpsDays Tel Aviv

“The International Space Station has been orbiting the Earth for over 20 years. It was not launched fully formed, as a monolith in space. Instead, it is built out of dozens of individual modules, each with a dedicated role - life support, engineering, science, commercial applications and more. Each module (or container) functions as a microservice, adding additional capabilities to the whole. Not only do the modules need to function together, delivering both functional and non-functional capabilities, they were designed, developed and built by different countries on Earth and once launched into space (deployed in multiple different ways), had to work together - perfectly. Despite the many (minor) reliability issues which have occurred over the decades, the ISS remains a highly reliable platform for cutting edge scientific and engineering research. In this session I will describe the way the space station was developed and the lessons Site Reliability and DevOps Engineers can learn from it.

THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...

DevOpsDays Tel Aviv

Have you ever felt you took every wrong turn possible in the process of mitigating a production incident? Did you go through a 3-hour hell during incident response and felt the incident wasn’t complex enough to justify the horrors you’ve experienced? Did it cause you to question your engineering or problem-solving skills? Well, it’s only partially you. Our brain is wired to make decision-making simpler. In doing so, it exposes itself to biases, heuristics, and other quirks that may seem like “bad decisions” in hindsight. In this talk, through real-life outages, we’ll project those psychological principles onto the world of production monitor, and incident management. As a responder, you’ll learn why those behavioral patterns emerge during production incidents and what can be done to limit their effect, and as a manager, you’ll learn how to enable and encourage a healthy environment to better support those patterns.

PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog

DevOpsDays Tel Aviv

The word observable entered the English language roughly 400 years ago, but the concepts of what it means to see, comprehend, and understand something have been debated since time immemorial. Starting in the 19th century, a series of postulates and criteria coalesced into control theory, and it is from this body of knowledge that we gained the word “observability”. Today, with the advent of complex, interconnected computer systems, that word has taken on new meanings and connotations—some useful, some detrimental, and some just plain confusing. In this talk, we’ll mix a little history, a touch of philosophy, and a healthy dose of reality, to demystify what observability means to us as professional computer people. We’ll tear through the marketing material and unearth foundational principles that will help us to build better infrastructure, write better software, and promote healthier business practices. Finally, we’ll explore some potential new avenues for discussion and understanding.

NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...

DevOpsDays Tel Aviv

Security people say users are the weakest link. But are they? When complying with security becomes too burdensome, users take shortcuts, find workarounds, and end up jeopardizing security. Blaming users is lazy and easy. Making security usable is time consuming and challenging. How does design research help us understand our customers? What patterns and principles drive secure behavior? How can we build empathy with customers and make the right thing to do the easiest thing to do? This session explores these questions, and provides examples of how design thinking and research can help us be more secure. We will walk through our creation of core user personas, design principles, and how these inform and direct our design choices and intent. Don’t blame your users anymore. Come learn how to be part of a future where usability leads security.

(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG

DevOpsDays Tel Aviv

This is for you, you rockstar, ninja coffee drinking workaholic who doesn’t know what a vacation day looks like. Even though you love your job and are dedicated and are super important, you need a break too. We tend to think that working all the time is an effective practice while the truth is that finding the time for self care and recharging your batteries is beneficial for both you and your company. Additionally, if you’re a leader, you’re responsible for the wellbeing of your team. In this talk I’ll discuss the importance of taking time off of work and creating a positive culture surrounding vacation time.

BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...

DevOpsDays Tel Aviv

This is a story about taking the cloud infrastructure of a successful company, that is still managed as infrastructure of a startup company, and rebuilding it to support the growing business requirements, especially around disaster recovery and business continuity. In the session I will share Next Insurance’s journey - where we started, where we are now and what we learned on the way so far. I will talk about how we managed to build our proven DR plans, and actually execute them in our DR drills. I will also talk about why we decided that the only way to prove your DR plan works is to continue running your business in the DR account and make it your production account, and go on to build your next DR account. If you are a part of a company that is about to embark on a similar journey, this session might equip you with some very useful insights on how to think about such a challenge, and some very useful and practical tips on how to execute it.

THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security

DevOpsDays Tel Aviv

CI/CD pipelines are quickly becoming the path of least resistance for would-be attackers into sensitive internal systems, gaining access to critical data, with minimal effort. In the InfoSec world when we talk about CI/CD security often times this focuses on specific aspects of securing your pipeline - scanning the code, protecting secrets, securely managing code deployments, or even authentication and authorization mechanisms, but we rarely talk about all of these together. After years of being in the trenches and realizing that the attack surface is growing and the threat landscape becoming more and more complex, it has become increasingly apparent that security teams need to adapt and modify strategies to keep up with the new reality of CI/CD protection, without compromising developer velocity. In this talk I would like to propose a new way of thinking about CI/CD security - that encompasses the three disciplines that comprise CI/CD security - security in the pipeline, of the pipeline, and around the pipeline. Partial coverage of any or all of these disciplines simply will not cut it with the continuously evolving risk landscape. Security engineers need to address each of these aspects in their entirety to provide the full scope of coverage that modern organizations need, and I will take a deep dive on the challenges each introduce, and the approaches and techniques for mitigating them based on adversarial sec research.

THE PLEASURES OF ON-PREM, TOMER GABEL

DevOpsDays Tel Aviv

The last two decades have been all about SaaS, with advantages that cannot be overstated. Except SaaS isn’t always an option, nor is it always the right choice: businesses in tightly regulated industries, or where information security is paramount, for example, will not - often can not - consider any software that isn’t under their control. For many software enterprises, this leads to the dreaded inevitability of on-premise deployment. Fortunately, the situation today is dramatically different to a scant few years ago, let alone a decade or two: the same technologies that enable SaaS have also radically transformed on-prem deployment. Modern tools like Docker, Consul, ELK and Kubernetes - to name a few - can be leveraged to completely transform the experience for both customers and vendors. In this talk we’ll contrast the challenges and advantages of SaaS and on-prem, see how things have evolved in recent history, and see how modern on-prem deployment can be, if not pleasurable, at least relatively painless.

SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap

DevOpsDays Tel Aviv

We all know how hard it is to find DevOps engineers, and creating a diverse team despite gender and ethnicity bias? Nearly impossible. At this talk we will show our tools and methods implemented in the Develeap hiring process that overcome this inherited bias. About 2 years ago we faced a crisis in our DevOps consulting company - the market demand was higher than we could supply. The traditional recruiting process depending on CV and artificial credentials was not working. So we came up with an alternative solution, and since then - we are growing exponentially and diversely. In this talk we will show the practical tools we deployed in order to increase our capacity, and we will show how these tools overcome the inherited bias in the process.

OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...

DevOpsDays Tel Aviv

Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent and collectors. With the increasing complexity of modern applications, continuous profiling methods and tools are gaining popularity among the Developer and Engineering communities. In this session, we cover what continuous profiling entails and why you should implement a profiler into your tech stack (if you haven’t done so already). We’ll then bring theory to practice and demonstrate a real-life scenario using gProfiler, a free open-source continuous profiling tool, covering Linux servers on multiple architectures (such as Graviton).

HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH

DevOpsDays Tel Aviv

“Being oncall sucks. But it doesn’t have to!” We all heard this one before. Why is it though, that oncall still remains the biggest scar for many? What can a modern Engineering org do to rein the oncall dragons, and actually help people grow as professionals as they go oncall? In this talk, I will present the main reasons why oncall is difficult in modern orgs, and describe ways to mitigate these hardships. The idea is that oncall is often the ‘backroom’ of an org, where all the technical and organizational debt take their toll. Be it unwieldy systems or broken processes between teams, oncall checks all the ‘weak boxes’. Therefore, the only way to win at oncall is to sort out your debts, starting with the organizational ones. I will dive into the detail of the oncall rotation at Snyk as the org scaled from 1 to 220 people, what worked well about it, and what was less than perfect. I will discuss the decisions made to turn oncall into a building block of the org, and show a path to rein oncall in your organization as well.

HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB

DevOpsDays Tel Aviv

Github Copilot and tools that help us code better are cool. But I’m lucky if I spend 90 minutes a day writing code. We really need to optimize the hours we spend reviewing code, updating tickets and tracing where our code is deployed. Learn how I save an hour a day streamlining non-coding tasks. This talk is unique because 99% of developer productivity tools and hacks are about coding faster, better, smarter. And yet the vast majority of our time is spent doing all of this other stuff. After I started focusing on optimizing the 10 hours I spend every day on non-coding tasks, I found I my productivity went up and my frustration at annoying stuff went way down. I cover how to save time by reducing cognitive load and by cutting menial, non-coding tasks that we have to perform 10-50 times every day. For example: Bug or hotfix comes through and you want to start working on it right away so you create a branch and start fixing. What you don’t do is create a Jira ticket but then later your boss/PM/CSM yells at your due to lack of visibility. I share how I automated ticket creation in Slack by correlating Github to Jira. You have 20 minutes until your next meeting and you open a pull request and start a review. But you get pulled away half way through and when you come back the next day you forgot everything and have to start over. Huge waste of time. I share an ML job I wrote that tells me how long the review will take so I can pick PRs that fit the amount of time I have. You build. You ship it. You own it. Great. But after I merge my code I never know where it actually is. Did the CI job fail? Is it release under feature flag? Did it just go GA to everyone? I share a bot I wrote that personally tells me where my code is in the pipeline after it leaves my hands so I can actually take full ownership without spending tons of time figuring out what code is in what release.

FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga

DevOpsDays Tel Aviv

Do you know what it feels like to navigate as someone who can’t distinguish between green and red - looking at those badges that tell you whether something is broken or a-okay? I’ll give you a quick look into what it feels like with some examples from the monitoring tool Icinga Web 2. We all tend to forget, that not everyone sees the world like we do. In this talk I’ll be walking you through different views in Icinga Web 2 with side-by-side comparisons for the default views and how different kinds of vision impairments affect those. The talks also features a few suggestions on how to improve colour schemes and making websites and webapps better to navigate with screen readers!

(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY

DevOpsDays Tel Aviv

Recent years have exposed startups to a major plague - cloud overspend. No vaccine appears to exist, plethora of tools and consultants fail to stop the bleeding. And yet, some companies manage to stay safe. What makes them different? Is it the tools? Is it the mindset? Is it developer training? In this session we will examine the cultural factors involved in sound and responsible financial management in the cloud. We will also look at relevant system design elements and product design elements which enable us to spend wisely while our business runs smoothly. Following this session, you should be better versed in cost-aware system design and some of the cultural and structural requirements to keeping your cloud bill low.

SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io

DevOpsDays Tel Aviv

In every development process there is the question, do we invest enough on quality? Do we need to invest more? Every team knows about the dilemma of how many tests is the right amount of tests we should write. Is 80% test coverage is good enough? Maybe 90%? 100%? Should we invest more time in unit testing? Are we wasting too much time on unit-testing? Should we invest time on a faster rollback mechanism? WIIFM “Without data, you’re just another person with an opinion” - W. Edwards Deming SLO Driven Development is a framework that helps the developers focus on impact and balance of every aspect of the dev process. When working currently with SLI, SLA, SLO and error budget you can learn where to invest in the development process. Let’s talk about the importance of good SLOs and how they can help us improve our day2day

ONBOARDING IN LOCKDOWN, HILA FOX, Augury

DevOpsDays Tel Aviv

In this talk, I will share do's and don'ts on how to onboard successfully in a remote or hybrid setup including moving to a leadership role, speaking from my own journey onboarding remotely in the midst of a global pandemic. I will share the tips that worked for me for successful onboarding, how I was able to be productive, impactful, and make a good impression on others. The key issues as an “onbordee” that I will talk about are how to create relationships, make yourself visible in the company, time management, and more. Since I started working in Augury over 100 new employees have joined the company. Each month I give a session that is part of their general onboarding process. This became a crucial step due to the fact that we are now a hybrid company and a lot of people are onboarding remotely or in a hybrid setup for the first time in their lives. I joined the company as a backend developer and a few months into my role, the squad leader position in my squad was up for grabs and I was fortunate enough to grab it :) This is my first official leadership role, which I also needed to onboard into in a hybrid setup. I will share the process that I built for myself on “How to lead”. Also, a word or two on the process we built as a squad on how we work in a hybrid setup, what are we optimizing for when we do meet and how to include new members of the team.

DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

DevOpsDays Tel Aviv

In your ever-changing Infrastructure, some changes are intentional while others are not. Drift is what happens whenever the real-world state of your infrastructure differs from the state defined in your configuration. This can happen for many reasons, sometimes it happens when adding or removing resources, other times when changing resource definitions upon resource termination or failure, and even when changes have been made manually or via other automation tools. While Terraform itself can detect drifts, in most cases, you will be informed about it too late: just before you are about to deploy new changes to your infrastructure. What’s interesting about Terraform though, is that you can apply changes in two separate and distinct steps of “Planning” and “Applying”. This means that you have full visibility of what Terraform is planning on doing beforehand, and if you are satisfied with the changes, you can choose to apply them. So how does this work? When something is changed intentionally, it will appear in the source code, and the Terraform plan will not do anything. However, if any part of the infrastructure has been changed manually, Terraform’s plan will identify this, and alert you to the change. In other words, if your IaC drifted from its expected state, then Terraform’s plan will, in fact, detect it. Applying this simple solution can empower DevOps and developer velocity, with the reassurance and context for unexpected changes in your IaC, in near real-time. This talk will showcase real-world examples, and practical ways to apply this in your production environments while doing so safely and at the pace of your engineering cycles.

(Ignite) OPEN SOURCE - OPEN CHOICE: HOW TO CHOOSE AN OPEN-SOURCE PROJECT, HIL...

DevOpsDays Tel Aviv

More from DevOpsDays Tel Aviv (20)

YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...

GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto

MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...

THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...

PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog

NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...

(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG

BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...

THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security

THE PLEASURES OF ON-PREM, TOMER GABEL

SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap

OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...

HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH

HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB

FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga

(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY

SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io

ONBOARDING IN LOCKDOWN, HILA FOX, Augury

DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

(Ignite) OPEN SOURCE - OPEN CHOICE: HOW TO CHOOSE AN OPEN-SOURCE PROJECT, HIL...

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

The Future of Platform Engineering

Jemma Hussein Allen

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

Free Complete Python - A step towards Data Science

RinaMondal9

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

A tale of scale & speed: How the US Navy is enabling software delivery from l...

Introduction to CHERI technology - Cybersecurity

Climate Impact of Software Testing at Nordic Testing Days

Epistemic Interaction - tuning interfaces to provide information for AI support

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

20240605 QFM017 Machine Intelligence Reading List May 2024

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

The Future of Platform Engineering

Pushing the limits of ePRTC: 100ns holdover for 100 days

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Free Complete Python - A step towards Data Science

PCI PIN Basics Webinar from the Controlcase Team

UiPath Test Automation using UiPath Test Suite series, part 5

KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, boldstart VC

1. THE NEXT TEN YEARS OF Ellen Chisa - @ellenchisa - 11/25/2021

2. 🙋 ♀️🙋 🙋 ♂️

4. Self Provisioning Infra (hello world gif)

6. DevOpsDays 2009 Ten years from now

7. iPads were new Google+ just launched Quikster Nokia Angular was new No NPM AWS Console was Manageable SysAdmin vs. DevOps was a thing

9. 1. Business requires (fast) change 2. Change causes outages 3.Lowering the risk of change through tools and culture John Allspaw (Flickr/Yahoo!) and Paul Hammond (Flickr) "10+ Deploys Per Day: Dev and Ops Cooperation at Flickr" Dev and Ops

10.

11. Everyone has a computer in their pocket Metaverse, web3, crypto, NFTs Jamstack Apps 1.3 Million Packages in NPM 150 services in AWS Console Deploying 26,280x more often

12.

13. What’s most annoying today?

14.

15.

16. It’s still the same thing, but...

17. “Their evidence refutes the bimodal IT notion that you have to choose between speed and stability—instead, speed depends on stability, so good IT practices give you both.”

18. Increase Speed Reduce Risk

19. 4 ways we’ll keep doing that, and what that means ten years from now.

20. 1.Real time feedback loops

21. Scratch

22. Replay.io

23. Snaplet

24. Zuplo

25. Realtime feedback loops in all tools will increase speed and reduce risk.

26. 2. Incident infra

27. Incident Occurs Self healing infrastructure & playbooks become automated resolution of knowns.

28. Pager Goes Off “In the future systems will be much smarter about escalating to the best possible people considering a bunch of factors like time zone, area of expertise, and recency of contact with the system being reported on (the last N committers to a project, or the last N to update some config)” - Paul Nakata

29. Incident Opens

30. Fiberplane.dev

31. Incident Resolves

32. Incident infrastructure will reduce risk and increase speed.

33. 3. DevEx Focus

34. Live Values

35.

36. 1. Take into account learning style 2. Not too hard 3. Not too easy 4. Progressive disclosure 5. Docs & error messages to enable users to solve their own issues 6. Customization is expert mode

37. 1. Take into account learning style

38. Codesee

39. 1. Take into account learning style 2. Not too hard

40. Optic

41.

42.

43. 1. Take into account learning style 2. Not too hard 3. Not too easy 4. Progressive disclosure

44.

45. 1. Take into account learning style 2. Not too hard 3. Not too easy 4. Progressive disclosure 5. Docs & error messages to enable users to solve their own issues

46. Great Errors & Documentation

47. 1. Take into account learning style 2. Not too hard 3. Not too easy 4. Progressive disclosure 5. Docs & error messages to enable users to solve their own issues 6. Customization is expert mode

48. Customizations Sarah Drasner and Jake Downs thread

49. Tools with good DevEx will increase speed and reduce risk.

50. 4. Business Metrics

51. Today’s Big Four Metrics (Accelerate) Speed: 1. Deployment Frequency (the frequency at which new releases go to production) 2. Lead Time For Changes (the time until a commit goes to production) Risk: 1. Change Failure Rate (the ratio of deployments to production that leads to errors and successful deployments). 2. Mean Time to Restore (the time it takes to resolve a service impairment in production)

52.

53. Today’s Big Four Metrics (Accelerate) Speed: 1. Deployment Frequency (the frequency at which new releases go to production) 2. Lead Time For Changes (the time until a commit goes to production) Risk: 1. Change Failure Rate (the ratio of deployments to production that leads to errors and successful deployments). 2. Mean Time to Restore (the time it takes to resolve a service impairment in production)

54.

55. Executives (and investors) care about...

56. Existing Metrics

57.

58. Communicating in business metrics will get buy in for future investments.

59. If we get: - Full organizational buy-in for the importance of ops - Tools designed for flow and developer experience - Real time feedback when something goes wrong - Incidents managed as well as deploys

60. What happens next?

61. Smoother cross team collaboration and more infra resources Work is more fun Speed goes towards ∞ Risk goes towards 0 Self-provisioning runtimes Everyone writes software We’re going to need a bigger room for this conference

62. Tools Appendix by Section & References Realtime Feedback: - scratch.mit.edu (kids) - replay.io (debug) - snaplet.dev (database snapshots) - zuplo.com (api gateway) Incidents: - ab.bot (chatbot infra) - fiberplane.dev (incident notebook) - kumospace.com (comms platform) - honeycomb.io (observability) - allma.io (incident slack infra) - jeli.io (incident analysis) - blameless.com (incident analysis) Developer Experience: - darklang.com (backend) - codesee.io (architecture maps) - tryfabric.com (slack <> github) - useoptic.com (API changes) - railway.app (infra setup) Books, articles, talks: - Accelerate (Forsgren, Humble, Kim) - 10+ Deploys per day (Allspaw, Hammond) - Incident Review Best Practices Survey (Pragmatic Engineer) - Great Documentation Examples (WorkOS) - Preparing a Board Deck (Sequoia) - Self Provisioning Runtime (Swyx)

63. ‫תודה‬ Ellen Chisa - @ellenchisa - 11/25/2021

Editor's Notes

Ops (like the system part) Developers (like the code part)
Started a company Programming language, batteries included Still exists For very tool I mention in here I’ll link you at the end
Boldstart.vc Some companies in the room Share lessons from lots of people!
Anchors us squarely in the middle of this journey
Remind you or tell you because I know lots of us in the room may not have been around for this
Web Accessibility Companions Office for Mobile
Self service APIs Automation Cloud provisioning Matters more than ever as we have more businesses that rely heavily on software Who does it matter to? Internal customer, not a business/product center Engineers are looking, Hashicorp or Snyk examples - DevOps2.0 Developers will physically take over in our inner loop and is being distributed Everything is the product - Beth Long Doing things that matter to the business
26280x better again would be 7.3 deploys/second
Balsa did a survey recently saying basically this
Productivity with faster, better, more secure operations Implicit benefit to productivity Builds on observability - builds on monitoring/observability before it happens ServiceNow and Lightstep Replay Snaplet Dark, Lambdragon, Natto
Kids - seem familiar, Logo Turtle, Mindstorms, etc. MIT Mathematician - learning from feedback - Norbert Wiener https://en.wikipedia.org/wiki/Norbert_Wiener
Fullstory + Chrome DevTools
Individuals write code faster - debug faster, etc. Individuals check their work in atomic steps - Zuplo example with people finding other routes
Deployments babysat, now happens automatically Manual process vs. automated process Document https://newsletter.pragmaticengineer.com/p/incident-review-best-practices
I don’t know about you, haven’t seen many places with automatic resolutions If it has a manual playbook someone could read, that could definitely be automated Personal Ownership Certain types of problems always go to some group of people; right now most systems rely on an explicit definition of who is on call, but in the future systems will be much smarter about escalating to the best possible people considering a bunch of factors like time zone, area of expertise, and recency of contact with the system being reported on (the last N committers to a project, or the last N to update some config) Automated recovery policies Playbooks Monitoring: knowns -- automated -- Pagerduty, Runbook Observability: unknowns -- get the right person who knows the most
After a pager needs to go, pages will change Personal Ownership Certain types of problems always go to some group of people; right now most systems rely on an explicit definition of who is on call, but in the future systems will be much smarter about escalating to the best possible people considering a bunch of factors like time zone, area of expertise, and recency of contact with the system being reported on (the last N committers to a project, or the last N to update some config) Automated recovery policies Playbooks Monitoring: knowns -- automated -- Pagerduty, Runbook Observability: unknowns -- get the right person who knows the most
Doesn’t have to be in Slack necessarily, but can be - Allma, blameless People automatically get directed to the right place Pulls in related information Easy “status” section
Firehydrant, Blameless
Less bad when something goes wrong Continue to learn for next time to be able to go faster
Framework for what is good We know tools go better when people adopt, what makes them adopt Solve a real problem, have a good experience This is for those of you who are building tools for devs or choosing them
Right information at the right time, not a good DevEx
muh·hay·lee Chik·sent·mee·hai·ee
Not too hard - what people have, be it chat or OpenAPI
Feels like github Works on to of the API you have Has an OSS version and a hosted version
If you’ve gotten here, you’re winning!
Individuals write code faster - debug faster, etc. Individuals check their work in atomic steps - Zuplo example with people finding other routes
Productivity with faster, better, more secure operations Implicit benefit to productivity Builds on observability - builds on monitoring/observability before it happens ServiceNow and Lightstep Replay Snaplet Dark, Lambdragon, Natto
Goes to infinity - once every three years to once a minute we’ve already improved this by 12,000,000x Goes to 0 Goes to 0 Doesn’t matter if the previous has gone to 0
Goes to infinity - once every three years to once a minute we’ve already improved this by 12,000,000x Goes to 0 Goes to 0 Doesn’t matter if the previous has gone to 0
Spoiler alert: MBA people don’t care about your normal metrics
Time to ticket resolution (lead time for changes) Ratio of successful to poor experiences (change failure rate)
HIring Velocity Dev NPS Dev Testing
Less bad when something goes wrong Continue to learn for next time to be able to go faster
Productivity with faster, better, more secure operations Implicit benefit to productivity Builds on observability - builds on monitoring/observability before it happens ServiceNow and Lightstep Replay Snaplet Dark, Lambdragon, Natto
26280x better again would be 7.3 deploys/second

KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, boldstart VC

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, boldstart VC

Similar to KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, boldstart VC (20)

More from DevOpsDays Tel Aviv

More from DevOpsDays Tel Aviv (20)

Recently uploaded

Recently uploaded (20)

KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, boldstart VC

Editor's Notes