Painless DevSecOps: Building Security Into Your DevOps Pipeline

•

2 likes•647 views

This document discusses building security into DevOps pipelines using Tasktop Integration Hub to connect security vulnerabilities and defects across tools. It introduces the speaker and describes how Tasktop enables bidirectional artifact flow and reporting across lifecycle tools while maintaining relationships. A demo then shows synchronization between a security scanning and test management tool.

Software

© Tasktop 2017
Building Security Into Your DevOps Pipeline
Painless DevSecOps

© Tasktop 2017
GoToWebinar Housekeeping
Check your email tomorrow for recording
and slides.
If you are having technical problems,
please contact GoToWebinar:
Toll-Free: (855) 202-7959
Long Distance: (805) 617.7049
*United States Numbers

© Tasktop 2017
Meet the Speaker
Over 15 years in technical roles in software industry
Helps customers maximize value of integrations
Helped 20+ organizations undertake large-scale Agile and
DevOps transformations
Adam Jones
Sr. Solutions Engineer

© Tasktop 2017
Connecting Security Vulnerabilities and Defects
Fix security vulnerabilities as soon as they’re discovered to minimize impact
Everyone can use their tool of choice to view and resolve a security vulnerability
Improve compliance by providing traceability between vulnerabilities and fixes
Enable real-time reporting on status of security vulnerabilities

© Tasktop 2017
Tasktop Integration Hub
End-to-end platforms are over.
Create a modular toolchain, using best-of-breed tools.
Value Stream Automation Value Stream Visibility
Flow information across teams,
organizations and tools
Eliminate wasted time, bottlenecks,
errors and rework
Automatically compile lifecycle
activity data
Enable the creation of consolidated
dashboards and traceability reports

© Tasktop 2017
DAST VulnerabilityDAST Vulnerability DefectSecurity
Analyst
WhiteHat Sentinel
Tester
HPE Quality Center

© Tasktop 2017
Synchronization
Bi-directional artifact flow between lifecycle connectors
Gateway
Event-triggered artifact creation or modification
Enterprise Data Stream
Flow artifact activity data to a database for reporting
The Tasktop Way
Model-Based Integration
Map artifacts to a central model instead of creating
endless tool pairs
Artifact Relationship Management
Maintain critical context by mirroring relationships like
parent-child, validated by or blocked across systems
Artifact Routing
Control artifact flow based on its attributes
Integration Styles
Making Hard Things Easy

IT Automation
Chef
Puppet
Jenkins
Hudson
Ansible
Salt
Atlassian Bamboo
UrbanCode Deploy
(uDeploy)
Travis-CI
ThoughtWorks Go
OpenMake
CA Release Automation
XebiaLabs DeployIT
JetBrains TeamCity
Vagrant
Windows Powershell
Test Management
IBM RQM
HPE QC/ALM
Microsoft Test Manager
Tricentis Tosca
Zephyr for JIRA
SmartBear QAComplete
QA Symphony
Project & Portfolio Mgmt.
CA (Clarity) PPM
HPE PPM
Microsoft Project Server
Planview Enterprise
ServiceNow PPM
Change / Workflow Mgmt.
Borland StarTeam
CA Harvest
IBM Rational ClearQuest
Serena Business Manager
Issue Tracker
GitHub Issues
Mozilla Bugzilla
GitLab Issues
ITSM
BMC Remedy
JIRA Service Desk
ServiceNow
ServiceNow Express
Zendesk
Salesforce Service
Cloud
Enterprise Modelling
Sparx EA
Content Mgmt.
Microsoft SharePoint
Security
WhiteHat Sentinel
SCM
Git
GitHub
BitBucket
Subversion (SVN)
CVS
Perforce
Code Analysis
SonarQube
Coverity
AppScan
Veracode
HPE Fortify
Build Mgmt.
uBuild
Ant
Maven
Snap
Grunt
Test Automation
Selenium
HP UFT
Conformiq
Cucumber
APM
New Relic
AppDynamics
Dynatrace
Compuware APM
BMC APM
CA APM (Wily)
IBM APM
Supports 350+ tool
Versions. Built and tested
in our “Integration Factory”
• 3300 API tests in spec
• 500k API tests per day
Project ManagersBusiness Analysts OperationsTester Developers
Requirements Mgmt.
Blueprint
IBM Rational DOORS NG
IBM Rational DOORS
IBM Requisite Pro
iRise
Jama
Modern Requirements4TFS
Serena Dimensions RM
Agile Planning
CA Agile Central (Rally)
CA Agile Planning
IBM Bluemix
JIRA
LeanKit
Mingle
Pivotal Tracker
ServiceNow Agile
Targetprocess
VersionOne
ALM
IBM RTC
HPE ALM Octane
Microsoft TFS
MS VS Team Services (VSO)
Polarion

© Tasktop 2017
Our Customers are Changing the World of Software Delivery
of the
Fortune
10043
of the top 25
world banks11
of the top 10
US insurers4
of the top 6
health plans6

Over the past few years, more and more companies are turning to containerized environments to scale their applications. However, keeping containers secure throughout the development life cycle presents many challenges to security and development teams. In order to address them, organizations need to adopt a new set of security processes and tools. This session will focus on the three most vulnerable areas of container security and the best practices to help teams develop and deploy securely. Join Jeffrey Martin, Senior Director of Product at WhiteSource, as he discusses: The top challenges to security in containerized environments How DevSecOps addresses security in containerized environments Tips and tricks for successfully incorporating security into the container lifecycle

Dev secops security and compliance at the speed of continuous delivery - owasp

Dag Rowe

Abstract: See how an Ottawa company has built a SOC2 Type 2 audited software delivery system with less pain, and more value. Build security, and compliance into the way software is delivered and operated to * Make secure development easier * Provide real customer value * Avoid security theatre * Reduce security and audit bottlenecks Bio: Dag Rowe is a BA in security and compliance. Passionate about improving systems of work, he is actively involved in the local software community. Dag helps to organize the Agile Ottawa Meetup group, and the Gatineau-Ottawa Agile Tour conference.

Benefits of DevSecOps

Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS

DevSecOps Singapore 2017 - Security in the Delivery Pipeline

James Wickett

With all the focus on DevSecOps and integrating security into Continuous Integration/Continuous Delivery (CI/CD) pipelines, some teams may be lured into thinking that the entirety of a Software Security Assurance (SSA) program can be baked into these pipelines. While integrating security into CI/CD offers many benefits, it is critical to understand that a full SSA program encompasses a variety of activities – many of which are incompatible with run time restrictions and other constraints imposed by these pipelines. This webinar looks at the breadth of activities involved in a mature SSA program and steps through the aspects of a program that can be realistically included in a pipeline, as well as those that cannot. It also reviews how these activities and related tooling have evolved over time as the application security discipline has matured and as development teams started to focus on cloud-native development techniques and technologies.

DevSecOps for the DoD

JamesHarmison

#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale

Agile Testing Alliance

DevSecOps

Cheah Eng Soon

Scale DevSecOps with your Continuous Integration Pipeline

DevOps.com

Hear from AppSec and Development leaders on how they apply the principles of DevOps to deliver secure products and services to customers. Learn how you can scale your DevSecOps initiatives to reduce time-to-deployment and lower costs as you deliver secure software. During this webinar, you will learn about the latest tools and techniques that will enable your development teams to embed security scanning into your IDE as you are coding, returning most scans in seconds – all while integrating into your CI pipeline. Our speaker will provide: An overview of Veracode Greenlight and its integrations with developer tools; A summary of recent Greenlight use cases and successes; Examples of how Greenlight integrates into your CI pipeline

DevSecOps What Why and How

NotSoSecure Global Services

DevSecOps - The big picture

DevSecOpsSg

DevOps or DevSecOps

Michelangelo van Dam

In 2009 Patrick Dubois coined the term "DevOps" when he organised the first "DevOpsDays" In Ghent, Belgium. Since then the term has become a term to explain the collaboration between all organisational stakeholders in IT projects (developers, operations, QA, marketing, security, legal, …) to deliver high quality, reliable solutions where issues are tackled early on in the value stream. But reality shows that many businesses that implement "DevOps" are actually talking about a collaboration between development, QA and operations (DQO). Solutions are being provided but lack the security and/or legal regulations causing hard-to-fix problems in production environments. In this talk I will explain how the original idea of Patrick to include all stakeholders got reduced to development, QA and operations and why it's so difficult to apply security or compliance improvements in this model. I will also talk about ways to make the DQO model welcoming for security experts and legal teams and why "DevSecOps" is now the term to be used to ensure security is no longer omitted from the value process. Finally we'll have a vote if we keep the term "DevOps" as an all-inclusive representation for all stakeholders or if we need to start using "DevSecOps" to ensure the business understands can no longer ignore the importance of security.

Defining DevSecOps

Uchit Vyas ☁

Today everybody wants to deploy the app and infrastructure faster without any disputes. An Even, Agile framework can help to deploy faster in real-time. But Continuous Innovation may conflict with stability and security. Without security at every stage, DevOps merely introduces vulnerabilities into application quickly. To resolve such conflict, the gap in recursive feedback loops need to be eliminated. Mostly, teams are not effectively working in a collaboration and interacting with each other smoothly. This results in gaps and produce problems with code development and quality, meaning slower delivery plans and serious vulnerabilities that create security risk at most. Fortunately, these shortcomings can be addressed very well, as developers/testers are set to launch off into the DevSecOps world or via adopting rugged DevOps model.

DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft

Amazon Web Services

DevSecOps, An Organizational Primer - AWS Security Week at the San Francisco Loft We examine building DevSecOps culture for you or your customers, which includes foundational practices and scaling functions to instantiate and resiliently operate a DevSecOps model. To achieve this shift, we analyze common success patterns, such as how to use a secure CI/CD pipeline. You’ll learn key points such as building security owners, integrating continuous compliance and security, and removing people from the data to vastly improve your security posture over traditional operating models. Takeaways include a blueprint for building a DevSecOps operating model in your organization; an understanding the security practitioners' point of view and embracing it to drive innovation; and ways to identify operating characteristics in your organization and use them to drive a strategy for DevSecOps. Level: 100 Speaker: Tim Anderson - Tech Industry Specialist, AWS Security

Disconnected Pipelines: The Missing Link

Eficode

Andreas Prins Vice President Product Development – XebiaLabs Andreas Prins is Vice President of Product Development for XebiaLabs. Andreas brings real-world experience building and scaling teams to deliver mission-critical software applications. He has extensive experience as an Agile Transformation coach and as a former manager of DevOps team. At XebiaLabs he is responsible for product development and product management to build Enterprise DevOps solutions that enable the digital transformation of the customers.

The State of DevSecOps

DevOps Indonesia

DevSecOps at the GSA

Chris Downey

We will delve into the creation of the GSA's DevSecOps guide, progression towards componentized and lego-pieced ATO's (leveraging reusable Infrastructure and Configuration as-Code modules), Cloud.gov "Heroku for government", "how to" be Cloud agnostic, and more. Our DevSecOps meetup: https://www.meetup.com/DevSecOps-NoVA The Handbook: https://tech.gsa.gov/guides/dev_sec_ops_guide/ Our speakers group: https://handbook.tts.gsa.gov/tech-portfolio/ His team's areas of responsibility: https://digital.gov/services/

DevSecOps - Building Rugged Software

SeniorStoryteller

Integrating DevOps and ALM tools to speed delivery

Tasktop

Test and build automation are important pieces of your DevOps toolchain, but these tools need to be integrated with your issue trackers and test management tools in order to optimize your software delivery. Learn how to: * Create defects in HPE Quality Center automatically when a Selenium test fails * Update JIRA issues with build fail/pass information from Jenkins * Create visibility and traceability across your value stream with data from all of your tools

NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)

Hui (Henry) Chen

Implementing DevOps in a Regulated Environment - DJ Schleen

SeniorStoryteller

DevSecCon London 2018: Open DevSecOps

DevSecCon

PETKO D. PETKOV Thanks to the DevSecOps philosophy a growing number of organisations around the world are ensuring their businesses are set up with the security in mind from the get-go. DevSecOps is taking the world by storm. This talk is about how to introduce DevSecOps in your organisation with ready-made, zero-cost, open source templates accessible to everyone. The talk will introduce the OpenDevSecOps project and show many practical examples of how to easily deploy security testing infrastructure on top of existing and well-established development tools.

DevSecOps and the CI/CD Pipeline

James Wickett

All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table. Presented at OWASP NoVA, Sept 25th, 2018

Mainframe Automation: A Panel Discussion

DevOps.com

Transform software delivery with tasktop integration hub

Tasktop

We won’t build your software for you, but we will transform *how* you build it, making your software delivery process better and faster. Join us to learn how Tasktop allows your disconnected tools to act harmoniously by automating collaboration, traceability, and visibility from ideation to production, enabling your organization to accelerate its business value delivery. Product Managers Cynthia Mancha and Trevor Bruner do a live demo to show you how Tasktop lets you: * connect your Lifecycle, DevOps and Database tools into a unified software delivery toolchain * scale to hundreds of projects in a matter of minutes * collaborate in context with attachment and comment synchronization

What's hot

Practical DevSecOps Course - Part 1

Mohammed A. Imran

AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program

Denim Group

DevSecOps for the DoD

JamesHarmison

#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale

Agile Testing Alliance

DevSecOps

Cheah Eng Soon

Scale DevSecOps with your Continuous Integration Pipeline

DevOps.com

DevSecOps What Why and How

NotSoSecure Global Services

DevSecOps - The big picture

DevSecOpsSg

DevOps or DevSecOps

Michelangelo van Dam

Defining DevSecOps

Uchit Vyas ☁

DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft

Amazon Web Services

Disconnected Pipelines: The Missing Link

Eficode

The State of DevSecOps

DevOps Indonesia

DevSecOps at the GSA

Chris Downey

DevSecOps - Building Rugged Software

SeniorStoryteller

Integrating DevOps and ALM tools to speed delivery

Tasktop

NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)

Hui (Henry) Chen

Implementing DevOps in a Regulated Environment - DJ Schleen

SeniorStoryteller

DevSecCon London 2018: Open DevSecOps

DevSecCon

DevSecOps and the CI/CD Pipeline

James Wickett

What's hot (20)

Practical DevSecOps Course - Part 1

AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program

DevSecOps for the DoD

#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale

DevSecOps

Scale DevSecOps with your Continuous Integration Pipeline

DevSecOps What Why and How

DevSecOps - The big picture

DevOps or DevSecOps

Defining DevSecOps

DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft

Disconnected Pipelines: The Missing Link

The State of DevSecOps

DevSecOps at the GSA

DevSecOps - Building Rugged Software

Integrating DevOps and ALM tools to speed delivery

NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)

Implementing DevOps in a Regulated Environment - DJ Schleen

DevSecCon London 2018: Open DevSecOps

DevSecOps and the CI/CD Pipeline

Similar to Painless DevSecOps: Building Security Into Your DevOps Pipeline

Mainframe Automation: A Panel Discussion

DevOps.com

Transform software delivery with tasktop integration hub

Tasktop

Pete Marshall - casmadrid2015 - Continuous Delivery in Legacy Environments

Peter Marshall

Business model driven cloud adoption - what NI is doing in the cloud

Ernest Mueller

Har du en DevOps i ditt team?

Solidify

Why Cloud Management Makes Sense

RightScale

RightScale Webinar: Cloud is the most nebulous and abused term in information technology today. It describes multiple, disparate service models and has been retroactively applied to countless legacy technologies in attempts to keep them current. In this webinar, we'll discuss the cloud technology landscape and where RightScale fits in to drive agility, cost, and time savings above cloud infrastructure. RightScale has been investing heavily for the past four years to make cloud infrastructure easy to leverage. This webinar will clarify elements that are straightforward, what continues to be difficult, and the impact on your schedule and budget.

Alm Specialist Toolkit Team System 2008 Deep DiveChristian Thilmany

Service Lifecycle Management with Fuse Service WorksKenneth Peeples

A Multi-Company Perspective: Enterprise Cloud and PaaS

Thoughtworks

Tech communities are always abuzz with the potential of Platform as a Service (PaaS). The promised ability to slash delivery times, allowing teams to iterate and release new features faster, has a growing number of organisations looking to implement PaaS in 2016. In this presentation, industry leaders provide insights from the trenches by letting us enter the world of Cloud applications automation and PaaS. We also get a glimpse into why and how PaaS is widely adopted, as well as appreciate its constructs and challenges. Further more, you can learn how build your delivery platform around AWS services, CloudFoundry or OpenShift and reflect on how best to create internal cloud and PaaS capabilities to change the way your organisation delivers software.

DevSecOps | DevOps Sec

Rubal Jain

Fast, Secure Deployments with Docker on AWS

Amazon Web Services

Today, it is critical that IT teams are able to easily, consistently deploy to production. Running Docker containers on Amazon Web Services makes it possible to engineer a compliant and DevOps-friendly environment from the ground up. Spring Venture Group successfully migrated to AWS with Docker containers and leveraged Logicworks to migrate to AWS and automate infrastructure build-out and deployment. Join our webinar to learn how Spring Venture Group, an innovative insurance brokerage, reduced risk and improved deployment velocity with Logicworks, AWS, and Docker.

The Magic Of Application Lifecycle Management In Vs Public

David Solivan

Ibm innovate ci for system zRosalind Radcliffe

Software Project Management - NESDEVKrit Kamtuo

Path to continuous delivery

Anirudh Bhatnagar

Har du en DevOps i ditt team?

Solidify

En DevOps är en roll i teamet som överbryggar utveckling och drift och som hjälper till att säkerställa leverenspresision och kvalitet, bland annat genom att se till att bra lösningar för applikationsövervakning, felrapportering, paketering och deployment finns på plats. Med lösningar för dessa funktioner kan vi exempelvis rejält korta tiden det tar från att ett fel identifierats till att det finns en fix ute i produktion.

Techdays 2011 - Things I will remember

Alexander Vanwynsberghe

John N. Lewis - Resume - Public John N. Lewis

Bayapa_Tibco_Mule_ResumeCsb Reddy

HPE Agile Manager and ALM Overview

Jeffrey Nunn

Agile Manager Agile project management solution to plan, execute and track Agile projects. Available on-premise and in the cloud, Agile Manager helps remove latencies, bolster Agile practices, and foster continuous improvement. Agile software development requires a shift in the way an organization thinks. It impacts all stages of the software development lifecycle (SDLC). It also affects all stakeholders within that lifecycle, from business analysts to developers to testers. Challenges include smooth iteration and release planning, collaboration among cross-functional teams, and reliable quality assurance for multi-layered and composite applications. You also must address how to effectively manage dynamic requirements and tests. We help customers who are transitioning, or have transitioned, from traditional waterfall approaches to iterative Agile methodologies. Our integrated application lifecycle management software and best practices help to manage Agile development and Agile testing processes successfully. These solutions provide better visibility, control and responsiveness across the lifecycle, from requirements management to delivery. They provide peace of mind to ensure that applications perform and remain secure.

Similar to Painless DevSecOps: Building Security Into Your DevOps Pipeline (20)

Mainframe Automation: A Panel Discussion

Transform software delivery with tasktop integration hub

Pete Marshall - casmadrid2015 - Continuous Delivery in Legacy Environments

Business model driven cloud adoption - what NI is doing in the cloud

Har du en DevOps i ditt team?

Why Cloud Management Makes Sense

Alm Specialist Toolkit Team System 2008 Deep Dive

Service Lifecycle Management with Fuse Service Works

A Multi-Company Perspective: Enterprise Cloud and PaaS

DevSecOps | DevOps Sec

Fast, Secure Deployments with Docker on AWS

The Magic Of Application Lifecycle Management In Vs Public

Ibm innovate ci for system z

Software Project Management - NESDEV

Path to continuous delivery

Har du en DevOps i ditt team?

Techdays 2011 - Things I will remember

John N. Lewis - Resume - Public

Bayapa_Tibco_Mule_Resume

HPE Agile Manager and ALM Overview

More from Tasktop

The Inextricable Link Between Value Streams and Resource Capacity Planning

Tasktop

Align, Inform, Inspire: Measuring Business Agility and SAFe® with Flow Metrics

Tasktop

During this on-demand webinar, Scaled Agile Principal Consultant and Framework team member, Andrew Sales, and Tasktop Sr. Value Stream Architect, Lee Reid, discuss how the three measurement domains of SAFe—Outcomes, Flow, and Competency—provide a comprehensive, yet simple, model for measuring business agility at every level of the enterprise and view data from an actual product value stream to demonstrate how Flow Metrics can enable productive conversations with the business about prioritizing work, while still maintaining the taxonomy of SAFe for teams to implement and improve.

Webinar featuring Forrester TEI study: Driving 496% ROI with Tasktop Viz

Tasktop

Business and IT leaders are under constant pressure to deliver outstanding customer experiences, fueled by technology and innovation, at the speed of the market and at a competitive cost. To better understand how Tasktop Viz™ can connect enterprise transformation initiatives with financial benefits, Tasktop commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential ROI enterprises may benefit from by deploying the Tasktop Viz value stream management solution. What the study found was significant, with Tasktop Viz users experiencing up to 496% ROI over three years. In this on-demand webinar, Tasktop CPO, Nicole Bryan, and guest speaker, Forrester Senior Consultant, Sam Conway, discuss the findings of the TEI study and what implementing Tasktop Viz could mean for your business.

Prove Your Transformation ROI with Value Stream Management

Tasktop

2020 elevated IT into the spotlight, opening up a window of unprecedented support for accelerating digital innovation and emerging technologies. But even with increased buy-in for investment and adoption, will anything be different this year? Without the ability to measure and place value on specific transformation initiatives, many organizations are still shooting in the dark, either working on new features without aligning to business strategy, or putting them on the back-burner to concentrate on things that are easier to cross off a list. In this on-demand webinar, Tasktop Sr. Flow Advisor, Paninya Masrangsan, provides actionable insights on how to prove your transformation ROI with value stream management.

Let It Flow: Using Flow Metrics to Combat Cognitive Overload

Tasktop

Do conflicting priorities and interruptions disrupt your week? Is your calendar crammed with back-to-back meetings? If you are already overloaded and continue to take on more work, it’s likely you’re stressed. Stress impacts cognitive functioning - making it onerous to focus on and complete important work. While cognitive overload is difficult to measure, the impact is huge. How can the impacts of stress be measured--and communicated? In this on-demand webinar, Tasktop Principal Flow Advisor, Dominica DeGrandis, presents actionable takeaways to address cognitive overload including: - How to enable discussion for improvements using Flow Distribution and Flow Load - How to allocate capacity for debt work by initiating “Flow Protection Time” - How to put conditions in place for data-driven experimentation

Leveraging Validation Lifecycle Data to Drive Actionable Business Insights

Tasktop

In this on-demand webinar, Tasktop Sr. Value Stream Architect, Dan Feminella, Tx3 Services Co-founder and CRO, Eric Toburen, and Merck & Co. Test Tool Specialist, Petr Srajb, present n how organizations can start making data-driven decisions while maintaining compliance and traceability by: - Automating the flow of Computer Systems Validation (CSV) Lifecycle data to eliminate duplicate entry and boost productivity. - Providing real-time visibility into the health of your product value streams to see how business value is flowing—not just work - Generating Flow Metrics to spot bottlenecks and identify opportunities where investment is needed to maximize business results.

Driving Digital Transformation Insights with Value Stream Management

Tasktop

Many organizations have been on the road to AD&D transformation, making significant investments in CI/CD and release automation, yet they still have nagging issues such as siloed teams and lack of actionable data--and the new reality of working from home has made gaining the insights needed to master software at scale even more difficult. Value Stream Management (VSM) is helping enterprises to align and make better decisions, but there is still work to be done. In this webinar, guest speaker Forrester Principal Analyst, Chris Condo and Tasktop CEO, Dr. Mik Kersten deliver an overview of Value Stream Management—a technology and methodology for gaining insight into software delivery processes that enables dev leaders to capture data that represents the actual state of processes—and discuss how Flow Metrics provide the analytics to help organizations better balance workloads, visualize bottlenecks and provide leaders with the data they need to make continuous improvements.

7 Must-Have Value Stream Management Capabilities to Maximize ROI

Tasktop

The transition from project to product in Enterprise IT has the potential to drastically improve market response. Product line leaders can shift resources and funds up to 90% faster than in a project model.1 But that agility and authority is wasted if inadequate data and analytics on end-to-end flow are impeding IT from accelerating business growth. Join Tasktop Sr. Director of Product, Naomi Lurie, and Principal Value Stream Architect, Mara Puisite for a webinar demonstrating how your organization can maximize business ROI with Value Stream Management and Flow Metrics by: Measuring the rate of value delivery across software products and services Capturing actionable insights into the bottlenecks impeding business value delivery Providing a unified executive view of software delivery productivity and its correlation to business results like growth Making informed data-driven decisions about future investments in a product line

From Factories To Flow: Streamlining Software Delivery at Cubic Corporation

Tasktop

Cubic Corporation is a technology-driven, market-leading solutions provider that has been innovating in the public transportation and defense industry for nearly seven decades – having revolutionized elevators, global positioning, public transit fare payments and military training. With a strong foundation of software delivery through solutions such as the “Top Gun” air combat training system as well as the fare payment systems for public transportation platforms in many US and European cities, Cubic set out on a journey to double down on software innovation. A key to that transformation was shifting to a product mindset to accelerate delivery through its highly complex value streams. During this webinar, Tasktop CEO and founder, Dr. Mik Kersten interviews Jim Colson, CTO of Cubic Corporation on how their transformation is unfolding and lessons learned along the way. We cover Cubic’s use of the Flow Framework®, SAFe® and other industry standards and view some of the flow diagnostics identified by Tasktop Viz, where Cubic was able to accelerate the pace and velocity of delivery.

Power to the People! Shifting from Project to Product with Tasktop Viz

Tasktop

If your executive leadership has begun planning a shift from project to product, it’s time to talk about how it impacts and benefits you. Product Managers, Engineering Managers, Scrum Masters, and Agile Coaches are invited to join this webinar to learn about: * Measuring what matters: What to measure when you shift to product. * Getting to product metrics fast: How to measure product value streams in a traditionally project-oriented organization. * Aligning with the business: How to focus teams on generating new business value while negotiating priorities like tech debt. * Empowering teams: How to motivate teams in new product structures to identify and overcome their constraints and dependencies. Your Tasktop co-hosts—Nicole Bryan, VP Product Development, and Naomi Lurie, Sr Director of Product Marketing—will share real-life stories from enterprises using Tasktop Viz to make the shift to product. They’ll also share best practices on how to get started and literally get insights within days.

How to Drive Maximum Business Value from IT Investments with the Flow Framework

Tasktop

When organizations connect and measure the impact of their IT investments on the business’ strategy, business and technology leaders are able to partner more effectively and accelerate the delivery of real business value. But to do so, these teams must be seamlessly aligned throughout the delivery pipeline, able to quickly identify and resolve bottlenecks, and work together to optimize their processes end-to-end. Flow Metrics enable organizations to measure what matters in software delivery, optimizing the flow of business value from ideation to operation and turning IT from a project-oriented cost center to a profit-generating product operating model. Key Takeaways: Discover how to align business and IT leaders to optimize value delivery using the Flow Framework™ Learn how to use Flow Metrics to expose bottlenecks and reveal opportunities to improve time-to-market, responsiveness to customers, and quality Understand how to create a seamless end-to-end flow of business value in large-scale application delivery using Blueprint Storyteller and Tasktop Hub

Enable High-performance and Strategic Capabilities with Flow Metrics

Tasktop

To remain relevant amid increasing market disruption, organizations have no choice but to compress their software delivery timelines to deliver features customers want, faster. Frequently, tactical decisions are made to add people, invest in more tools, and increase the amount of work in teams’ backlogs without achieving the desired results. Agile transformations introduce methodologies and frameworks without the appropriate support mechanisms for success. To enable high performance and inform strategic decisions, organizations need a new foundation. During this on-demand webinar, Tasktop Flow Framework Engagement Manager, Kristen Biddulph, presents how Flow Metrics provide that foundation, irrespective of methodology or framework, by surfacing end-to-end data on an organization’s flow of work, providing insights that will help them meet their goals.

Flow Metrics: An MRI of your Product Value Streams

Tasktop

IT within large enterprises can span vast and complex business portfolios, with numerous external and internal-facing products and their domains. The delivery and maintenance of these products is supported by a network of tools, teams, technologies and processes, all with their own unique variants. The primary goal of the shift to a product-oriented model is to increase business agility and to satisfy the diverse and ever-changing needs of the customer. Organizations must react quickly to customer needs to accelerate the flow of business value from ideation to operation. However, the way the work is traced and measured is slowing down the time to value. This lack of visibility makes it impossible to know if value is accelerating, time-to-value is getting shorter, waste is decreasing, value work is prioritized and whether demand is outweighing capacity. By automating and visualizing the flow of work and abstracting the end-to-end data across the toolchain underpinning your product value streams, you can get an MRI of your product’s health to help answer those questions and take informed action before it’s too late. During this on-demand webinar, Tasktop Senior Flow Advisor, Laksh Ranganathan, presents how the Flow Framework™ and Flow Metrics can help organizations make work within product value streams visible and create a data-driven blueprint for scaled success across a portfolio of products.

Project To Product: How we transitioned to product-aligned value streams

Tasktop

The project to product movement is quickly gathering speed - a recent Gartner report found that 85% of respondents are shifting to a product-centric mentality. However, the complexity and uncertainty of software delivery at scale, coupled with the sheer number of people involved in the process, is too much for traditional project management techniques. Motivation is not enough to achieve a successful transformation—the product-centric model requires new skill sets, different investments and a change in culture. What does the shift away from project-thinking really look like? During this webinar, Tasktop VP of Product Development, Nicole Bryan, combines our own journey with the experience of working with our enterprise customers, to paint a clear picture of the cross-organizational challenges in store - and how you can address them by: - Adopting a “customer-first” mindset - Appointing a Product Value Stream Lead and a Product Manager - Implementing the Flow Framework™ to align the language of IT with the language of the business

Value Stream Architecture: What it is and how it can help

Tasktop

Modern enterprises increasingly rely on software to keep the lights on and lay the foundations for long-term sustainable growth. Among many things, IT leaders are tasked with accelerating the time to value of their software delivery value streams. But when asked, “Do you know what is slowing your software delivery teams down?”, why do IT leaders typically not know the answer? Methodologies such as Agile and DevOps have been adopted to accelerate the time between build to deploy, yet the benefits are often only felt at a localized level (more sprints completed, higher number of deployments etc.) without a tangible link to business outcomes. Enter Value Stream Architecture. During this webinar, Senior Value Stream Architect, Dan Feminella, presents: - The business case for Value Stream Architecture - Why your organization needs it in order to scale Agile and DevOps - How to architect for end-to-end flow of business value from customer request to delivery and back through the customer feedback loop

Why Digital Transformations are Failing at Scale

Tasktop

How to Integrate Multiple Jira Instances to Improve Collaboration, Visibility...

Tasktop

There is no denying that Jira has taken over the developer space. Most developers only want to use Jira, and many organizations are taking advantage of the flexibility of Jira by making it their single source of truth for all software delivery teams. If Jira is your single source of truth, it’s easy to believe you don’t need to connect to the rest of your value stream. But what about when you have multiple Jira instances across Jira, Jira Cloud and Data Center? The truth is, in order to ensure cross-team visibility, traceability and overarching reporting, you don’t need to look past Jira for the need to integrate. This on-demand webinar discusses and demonstrates why you need to integrate your Jira instances to: - Increase collaboration and reduce informal handovers - Automate information flow to enable traceability across multiple Jira system - Seamlessly accommodate organization change (mergers, acquisitions, reorgs), minimizing team disruptions - Centralize fragmented data in a reporting database to identify bottlenecks

Future proof your jira integrations and avoid api change panic

Tasktop

Does the Jira API change leave you vulnerable to disruption? If you’re connecting Jira to the rest of your software delivery toolchain, Atlassian’s new approach to user identification could mean a major headache. What happens to all of the integrations you’ve set up when the API change goes into effect on April 29th? Join Tasktop to learn more about what’s changing and see how you can keep product-critical data flowing between teams with Value Stream Integration.

Making Connections Visible: How to Defrag your Value Stream | Tasktop Connect...

Tasktop

How many different siloes is your organization at the mercy of? How much time theft occurs from chasing down data in separate systems? Measuring performance is a challenge when work is disconnected. Connecting missing links in the flow of work reveals the elusive big picture. This talk addresses the challenges of a fragmented value stream and provides guidance on how to improve your organizations performance with connectivity. Dominica DeGrandis Director, Digital Transformation - Tasktop Dominica DeGrandis is Director of Digital Transformation at Tasktop, where she helps customers improve the flow of work across value streams. Responsible for introducing customers to flow-based aspects of digital transformation, she guides IT teams and business teams to understand and adopt new ways of working to improve performance. Dominica is the author of “Making Work Visible: Exposing Time Theft to Optimize Work & Flow.” She is a huge fan of using visual cues to inspire change and spur alignment across organizations. She lives in Seattle with her husband and extended family. She blogs at tasktop.com and ddegrandis.com. Follow her on twitter @dominicad Tasktop Connect 2018 connect.tasktop.com www.tasktop.com

First Line Of Defense: How contractors can become software factories to suppo...

Tasktop

2018 was a big year for the Department of Defense. The DoD Science Board put out a report with recommendations that represented a pivot in how the government wants to do business in the future. The goal is to get products and services out faster to the war fighter without sacrificing quality or increasing cost. Based on government research into successful programs they recommended the following: Software Factory Continuous Iterative Development Risk Reduction and Metrics for new programs Task PM’s with programs in dev, prod, and sustainment to transition Build workforce competency Software is Immortal specify software frameworks Independent Verification & Validation for Machine Learning Robin Yeman and Suzette Johnson will discuss how government contractors are getting ready to support the DoD in their mission. The development of the Software Factory will be key to success. Robin Yeman, Lockheed Martin Fellow - Lockheed Martin Suzette Johnson, NG Fellow - Northrop Grumman

More from Tasktop (20)