👋Good morning folks! Excited to get started here at DOES '21!

My session, "DevOps for Pandemics" kicks off at 12:20 EDT. Hope to see you all there.

Im excited to me here

🙂

Great themes for sure. please share more on breaking down the silos. how did you organize your product teams and not let the matrix structure come in the way.

I like that you speak of guests rather than customers. Has this always been this way or did it involve a cultural shift lately or some time ago?

Love the “Demos over memos” 👍

For Vanguard - does monolith=mainframe?

For Vanguard - does monolith=mainframe?

Vanguard Team - Great Presentation! That really resonated!

Great Presentation!! Many Thanks for sharing!!

That was great!! Thank you for sharing.

Does Vanguard have regularly scheduled Chaos testing that impacts the full enterprise or are they more configured for a smaller targeted group? For example do you stress just a subset of applications or shared services?

Vanguard Team: Thanks for sharing! This was really great. I will definitely watch it again.

What specifically do the SRE Leads provide to the Product teams? For example do they just explain policy to provide clarity? Do they review monthly metrics with the teams or recommend best practices?

How does Vanguard approach the organic process of tuning alerts? Is there a strategy you recommend? Do you use the number of false positives to drive improvement? Curious if your approach is different other than just having teams add the work to their backlog and address it as time and capacity permits?

@rdaitzman and I followed along in the #ask-the-speaker-plenary channel during the talk. I'm going through this channel now to catch up on any questions we may have missed that were directed here!

How long has Vanguard been using OpenTelemetry and how many applications are using it?

I don’t know the exact numbers, but it’s at least a hundred so far! We started using it about a year ago, evaluating it a year and a half ago. In combination with Honeycomb for visualization of traces, it has been a total game changer!

🎉 Let's get ready to welcome @smack from Wiley, presenting DevOps for Pandemics 🎉

Thanks @annp! Excited to be here.

It sounded like you were scaling to meet demand as the pandemic started. With Wiley being used in online learning, were there already major lessons in scaling from summer to school year that helped you be prepared for the need to scale?

Yes. Most definitely. We have cyclical patterns which we prepare for all year round Most notably the back-to-school period in fall.

Of course, we had that + a pandemic this past year which was something we had never seen before 🙂

Another great story of vast mobilizations due to COVID. Thank you @smack!

Hah! "Socially distance your applications." Really like that way of describing it

I love these stories of saves like this.

Not only responding but accelerating additional improvement!

Graph showing fantastic drops in response times —

Can you share sample of transparency and observability dashboards?

Sure @alshah1 The Business Continuity Dashboard was a prime example of this. We shared metrics about system performance and business performance across the business.

It's easiest to see this in contrast to siloed tooling where teams only have access to their data. Network teams have access to network data, database teams have access to db data, etc. Our approach was to fundamentally change this and get out of these information silos

Loved it! Thank you!

Thank you, @smack. Enjoyed your talk and really appreciated the emphasis that you placed on training and the importance of a learning culture.

📣 We now welcome the team from ING – @aurel-george.proorocu @mihai.roman2 @misupriest1 presenting How's Your Bank Working From Homehttps://devopsenterprisesummitus2021.sched.com/editor/schedule?id=7b3f2357d56855b48a80220d6ea684f8#edit 📣

Thanks for joining for "DevOps for Pandemics"!

We are here :)

@smack sounds exactly what we are trying to do in my team, what kind of tools you have used for building Business cont. dashboard, aggregation from other monitoring tools, my guess, like Grafana

@alshah1 For this we used Power BI but we also use Grafana for more of day-to-day operational information.

Thank you for sharing @smack , great session!!

Thanks for joining!

Im so intrigued by these trends and what other orgs experienced

days where we have no meetings! Ive heard others did this.

Walking one on ones are a great tool, I love that.

Good point about paying attention to "micro actions" with the camera on! As long as we can avoid Zoom fatigue!

How did ING deal with all the time zones in 6 countries when working a normal work day?

Will the "new normal" at ING result in returns to physical offices? To what degree?

Thank you for sharing your story @misupriest1 and team

Good one and not an easy one. We make sure to plan the meetings so that most of us can align.

Thank you all for joining our talk! Please let us know if you have any questions and we will reply asap.

@tom.wojtusik not so much. 2 days a week in the office and the rest at home. The teams are asked to align so that in those 2 days everyone is in the office

🌟 Coming back from the break, let's welcome @bryan.finster486 on How to Misuse and Abuse DORA Metrics 🌟

Glad to be here

Hey, @bryan.finster486 — looking forward to hearing about weaponizing DORA metrics!!! 😆

Hehe

Hoping to NOT

defense unicorns ❤️ might have to rename my desk partner

To be read in a Brady bunch voice: "Dora, dora, dora"!

Hey Brian, how you doing? Weaponizing depends on from how far away I can launch my metric...

Although, the details for weaponization are there, repeatable set, with clear results, that deliver a static response

I don't understand that last comment. Product teams and pipelines over scaling frameworks. Why not both?

people were happier.. what a concept. 🙂

@bryan.finster486 I expected more critique there for scalable frameworks 😉

You started with deliverying one app: Jigsaw. That is not the same thing as delivering large integrated value at scale. What happens when you need the teams alligned to deliver value.

I have so much respect for the efforts inside USAF to drive DevSecOps — so I couldn’t help but read this: https://www.theregister.com/2021/09/03/usaf_chief_software_officer_quits_angry_post/ Hope that the mission goes on, @bryan.finster486!

His open departure letter: https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan/

Coverage correlation with quality/effectiveness seems to rear its head time and time again. https://neverworkintheory.org/2021/09/24/coverage-is-not-strongly-correlated-with-test-suite-effectiveness.html Relatively recent article around this topic… not peer reviewed, but purely observational.

My takeaway is that the expectation needs to be a sentence. As a ... I want ... so that... Instead of just a couple of words that are easier to interpret however I want.

I was working on making some better metrics yesterday. How do you improve the quality and quantity of metrics about how much time is spent on helping in different areas without logging minute by minute? Is there an interval that has worked well? I'm wanting to enable other teams to get better outcomes but trying to show both that it is where I'm spending time and actually proving improvements.

Dojos. wicked fast learnings.

Watching @bryan.finster486’s talk

PS: @vmshook I’ve been meaning to email you about this: I’ve been dazzled by the MARFORCYBER people, who spent an entire episode discussing the article above. https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy8xZDQ5YWIyMC9wb2RjYXN0L3Jzcw/episode/OWEzZWYzMTYtY2E1OS00MTA2LTg1NzMtZDZlOTQxMTdhZDAz?hl=en&ved=2ahUKEwjx5PKd87PzAhU8IjQIHVhEAEwQieUEegQIGBAI&ep=6

“handed out six cases of books, handing it out to people, saying, ‘please read!’” 😆

Accelerate is a great book

I love this book.

Yes, if…

“…it all started out well…“. hahaha

Yep

Best intentions.

uh oh

So meta

LOVE the Princess Bride reference

Oh God yes!

inconceivable 🙂

DORA OKRs! Hahaha!

Productivity went through the roof yesterday!

This is an incredibly frustrating problem, "People don't read books" I read this book and could not get others to read it in the AF.

All my sponsors use this to prove what teams are "good" or not

Like the, Don't focus on metrics, metrics are a measurement, not a goal

Is anyone else covering their eyes? Haha

these make my head hurt, @bryan.finster486

I'm having some nightmarish flashes for sure

Can't lie.. i've become a @bryan.finster486 fan! 😄 always speaking great truths..

I know whose dashboard it is

How many red flags can you find?

Can' ask for context with metrics? What kind of heresy is that? Apples to apples not oranges to elephants

And for the love of all that’s holy, READ PAST PAGE 19!!

@bryan.finster486 So for those fictitious dashboards (ahem), what was the (fictitious) context? In what way were they misrepresenting the situation?

happier teams. what a concept. 🙂

Some of the numbers were for 10 applications and some are 200 @genek

OMG. Hahahah, @topo.pal @tapabrata.pal

"Culture? I don't care about culture! Just give me a pipeline!"

yaaas WIP load!

Here's what I've been thinking. How many of the Five Ideals do the four metrics cover. Not a lot.

“some of them were actually finishing things”

Is there a place to watch for when this is open sourced?

Page 19- Table 2.2 and 2.3?

there it is, Bryan! you've got Deming in there for me.

This is a great talk! My organization has absolutely had a similar experience. We've learned that DORA metrics are great indicators but two "next level" measures are Value Stream Flow and Business Outcomes!

How do you get hose WIP radiator?

Love this - I've been screaming from the rooftops that no organization should ever be going faster for the sake of going faster. What is the downstream benefit to actual business outcomes!!

This reminds me of the quote: > I made up the term ‘object-oriented’, and I can tell you I didn’t have C++ in mind > -- Alan Kay, OOPSLA ’97 “This is not what we had in mind when we wrote Accelerate.” 😆

Yep, best intentions

There are "DORA Metrics Ready" tools these days. I am not kidding

Yes, it’s terrifing.

I’ve talked to some of them.

This slide right here, about metric relationships, is everything.

For posterity:

What have you found effective to implement OKRs so they don't devolve into just a new form of arbitrary deadlines?

This is pure gold:

"flow metrics from teams moving cards" Ive had this conversation, our pipeline is based on when the install happened, time on keyboard, not when someone moved the JIRA ticket the following monday

CULTURE CULTURE CULTURE

Where is the 5th metric ?

why is it everything you are saying resonates?

hobbyists - preach

Education is essential

Yes, provide education like Coaching and Dojo's

I might have missed it, but did @bryan.finster486 mention that the throughput metrics are about size of change vs. speed of change?

What would your official training instead of hobbyists look like? For now, I'm at a job where hobbyists is the main way I am teaching myself 🙂

Aw man, I got to read it again?

Go to the gimba!

Good thing I have it on Kindle and Audible.

This talk is so profound! I feel like I will need to listen to it a few times. There are so many nuggets in each sentence

DONT Measure people. invest in them.

This is so timely for us. We're trying to figure out what we could/should measure to show our dojo adds value to the organisation . I'm happy to see I'm not the only one looking at typical DevOps metrics and wondering if focusing on them could become problematic.

A good portion of SSH in the IT rev library. There is a link in the reading room.

ace resources 😄 thanks @bryan.finster486 amazing talk!

What's that? SSH into the IT Rev library?

Id love to see those suggestions too, Bryan.

Does anyone have any recommendations for how to measure your Value Stream Flow.? Pipelines often have many tools which make measuring end to end flow challenging. Any recommended dashboarding or measurement tools and or techniques?

Thank you!!! Keep collecting stories, @bryan.finster486 — let’s figure out what to do with this next year!!! And keep up the great work at USAF!!!

Great talk @bryan.finster486

@bryan.finster486 Thanks. Some slides are going to be stolen 😄

defense unicorns!!! :unicorn_face:

👏 thanks @bryan.finster486 that was a dense meal right after lunch

Thanks Brian.

superb session @bryan.finster486 - thank you so much!

Bryan'

Great talk Bryan!

mic drop.

great talk @bryan.finster486

This was a great sessions! Thanks @bryan.finster486!

@bryan.finster486 phenomenal talk!!

Great session @bryan.finster486!

Thanks @bryan.finster486, great talk!

@bryan.finster486 - That was cool!

Great stuff @bryan.finster486!

Thanks so much everyone. I’ll be at the bar later. 🙂

Bryan, great talk, but it is just a starting point. The devil is in the details! Is there a BOF for talking details?

Can I have that bitly link for continuous Delivery again?

✨And now, we're honored to have @dff here to present: Thinking Upstream About White House Cybersecurity Executive Order 14028 ✨

Thanks @annp, great to be here!

Looking forward to this talk, @dff!

Great to see you here @tbannon 👋

anyone here participate in any of the NIST solicitations?

full transparency: I did. just curious about others

We (Tidelift) contributed comments for the NTIA requested comments, alongside a bunch of others https://www.ntia.doc.gov/other-publication/2021/comments-software-bill-materials-elements-and-considerations

I also appreciated Google’s comments in the NTIA process, which included this

Here’s a link to the 2021 Tidelift open source maintainer survey referenced in the talk: https://tidelift.com/subscription/the-tidelift-maintainer-survey

If you’re interested in following up on anything in the talk or finding out more about Tidelift, my contact info: <mailto:dff@tidelift.com|dff@tidelift.com>

Love this talk, @dff! One of my concerns with paying the maintainer is that would maintainers intentionally add bugs (there was a great article on this regarding the U of M and open source software). I think we can trust the maintainers because there should be a number of them with checks and balances. Do you have any thoughts around this?

What kind of project coverage does Tidelift have?

How scalable is managed open source? There are some orgs that use a very high number of open source dependencies

Does a donor specify which projects they want to support, or is it a "general pool"?

brilliant talk thanks @dff

Yep, thanks @dff!

What does Tidelift do to enforce that critical vulnerabilities are addressed?

🔆 Excited to now introduce @tbannon, here to talk about DevOps’ Missing Link: Data 🔆

What’s so difficult about reproducing errors?! This is so good, @tbannon 😆 😆

State management. 😆 This hurts. cc @stephen

I know a myriad of teams who have this problem but are not spending time on it in a way that they'd regard it as a priority... So hard.

“I frown on using production data because… we’re not masking it. Less than 50% mask their production data” 😱

Build. borrow, and buy!

The other option seems to be gatekeeping teams from any test data at all.

At a minimum, it can't be an afterthought.

"We can't test because we ran out of fake social security numbers."... I am so near to shellshock right now.

😱 This is so great, @tbannon

Nice talk !

Thank you Tracy, great talk.

This made explicit an area that is often not talked about - thanks! @tbannon

"We have full test automation" - "How do you manage test data" - "Hmmm. We always have problem with that"

awesome talk @tbannon test data security is an interesting area for sure!

Thanks @tbannon. A great collection of ground rules. A lot of people need this revelation.

Thank you

Excellent presentation... thanks @tbannon!

Reminder: The plenary sessions are starting again in 5 minutes. Start making your way back to your browser and join us in #ask-the-speaker-plenary to interact live with the speakers and other attendees. https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png

Drat, not writing fast enough that was: 1. Competance 2. ? 3. Accountability 4. Delegated Authority.

@andy744 all the action is happening in #ask-the-speaker-plenary now 🙂