Fork me on GitHub
#ask-the-speaker-track-2
<
2021-05-18
>
Ann Perry - IT Revolution11:05:39

A warm welcome to @espen.johansen, coming up in two minutes!

Espen Johansen11:05:52

I`m already up. I promise!

Espen Johansen11:05:02

Did not oversleep today ๐Ÿ™‚

๐ŸŽ‰ 3
๐Ÿ™ 2
Espen Johansen11:05:27

( I do not make any money on the book and I`m sorry for the price, not my choice )

Alex Broderick-Forster, IT Revolution, Event Staff11:05:47

I see 37 watching live! Post comments and questions here for @espen.johansen.

Espen Johansen12:05:16

Happy to share ๐Ÿ™‚

Espen Johansen12:05:11

Short background on Visma. 13.000 employees, 6000 devs. 40 aquisitions a year, we make software and buy companies that make software.

Tim Tondar12:05:19

Great talk, thanks Espen!

๐ŸŽ‰ 1
Troy12:05:28

Interesting talk. ..I need to get the slides and review..this again.. agree so much on empowering and sharing the same intelligence!

Espen Johansen12:05:27

Thx @troy.grandison. !

Ryan Dobson12:05:38

Great talk @espen.johansen I'm interested to hear (I might have missed it) how you align all of Visma and subsidiaries on a Security mandate? Do you centralise or is it departmentalised/region

Espen Johansen12:05:24

We empower the Local Legal Units in the strategy. ( The companies, but have chosen to group a small team of experts in the middle ( Hub and Spoke structure )

Benjamin Kellogg12:05:14

@espen.johansen so you talked about sharing information that you have. Our team struggles with organizing that information and often leads to duplicate info. Do you have any suggestions on how to centralize shared information?

Espen Johansen12:05:30

Yes! We have a Security Engineer Guild structure for that purpose ๐Ÿ™‚ We orcestrated the startup and now it is mostly "self managed" but with some contrib from the central team

Ann Perry - IT Revolution12:05:21

Thank you, @espen.johansen! Coming up in a few minutes: @shilpama and @krishnakanth_bn

Manash Hazarika12:05:19

@annp Track2 Topic is not what is there in the schedule. Please check

Ann Perry - IT Revolution12:05:22

So sorry, we have the wrong talk playing โ€“ย stay tuned while we fix things backstage.

๐Ÿ™ 1
โœ… 2
๐Ÿ™Œ 1
Vale Vergari12:05:02

Anyone else experiencing problems with the connection?

Gianluca Manzi12:05:29

it seems wrong video was playing..they are fixing

๐Ÿ‘ 1
Gianluca Manzi12:05:00

prego ๐Ÿ™‚

Vale Vergari12:05:26

ok thanks @vnadiminti

Imogen Summers12:05:44

yes, presentation stream has stopped

๐Ÿ‘ 1
Thanos Diacakis12:05:00

That said, I was seeing the correct talk on Track 2. The schedule is not ordered by Track number

1
Ann Perry - IT Revolution12:05:09

The correct talk, Mission Live Enterprise : Distributed Agile and DevSecOps Automation at Scale Through Platform Approach, will start momentarily. Apologies for the delay!!

๐Ÿ‘ 4
thankyou 1
Tim B12:05:27

I guess I'll be watching this later from the library ๐Ÿ™‚

Ann Perry - IT Revolution12:05:38

I'm so sorry for the inconvenience, everyone. We will be showing the session with @shilpama and @krishnakanth_bn at a later time, we will make an announcement very soon. Thank you all for your patience!

Gus Paul - Morgan Stanley12:05:42

Nicely recreated the live conference epxerience where you end up in the wrong room than you expected :rolling_on_the_floor_laughing:

๐Ÿ˜ 6
๐Ÿ˜ฌ 1
Ann Perry - IT Revolution13:05:45

We will be showingย Mission Live Enterprise : Distributed Agile and DevSecOps Automation at Scale Through Platform Approachย withย @shilpamaย andย @krishnakanth_bnย at 3:50p BST today here in Track 2 during the break. Our apologies for the shuffle!

Ann Perry - IT Revolution13:05:52

A warm welcome to @ikrnic from CROZ!

Ivan Krnic (Director of Engineering at CROZ)13:05:08

Hi all, thank you @annp!!

๐Ÿ™Œ 1
Alex Broderick-Forster, IT Revolution, Event Staff14:05:22

Hello to the 45 people watching track 2! The speaker is available here to comments and questions.

Markus Lauttia14:05:00

How big an software engineering organization you have, and how big share of the engineers are in the platform team?

Erik Sackman14:05:10

does the platform team only build scripts or do they also operate the platform?

Ivan Krnic (Director of Engineering at CROZ)14:05:02

Hi @markus.lauttia , we are ccs 300 people strong with most of the people being engineers... And our platform team counts around 8 people

Ivan Krnic (Director of Engineering at CROZ)14:05:14

Hey @erik.sackman,they also operate the platform...in fact, when operating the platform, the team identifies things that should be automated and that goes directly to their backlog.

๐Ÿ‘ 2
Markus Lauttia14:05:31

so you have tens of stream-aligned teams?

Ivan Krnic (Director of Engineering at CROZ)14:05:57

yep, in fact we have 12 of them... with 2 more in onboarding process currently

Ivan Krnic (Director of Engineering at CROZ)14:05:48

with not everybody in the company working as a part of the team

๐Ÿ‘ 1
David Read14:05:11

GCP, AWS etc offer something like this already - Kubernetes clusters, logging, monitoring, security capability, with self-service portal. What does your platform team do differently?

Ivan Krnic (Director of Engineering at CROZ)14:05:19

there are cases when it makes more sense to do the job outside the team

Markus Lauttia14:05:30

but roughly put you would say that you have one team of 8 engineers supporting 100 or so engineers in the stream-aligned teams?

Ivan Krnic (Director of Engineering at CROZ)14:05:56

Hi @david.read, the thing is that we still work with clients that are relying on internal on-premise cloud installations. With our runtime infrastructure as similar as theirs, it's easier to manage risks coming from differences in infrastructure.

๐Ÿ‘ 1
Ivan Krnic (Director of Engineering at CROZ)14:05:53

@markus.lauttia yes, we currently have such setup ๐Ÿ™‚

Erik Sackman14:05:00

how do you overcome bottlenecks when introducing platform teams (i.e. you introduce more dependencies)

Chris14:05:24

Not yet sold the idea and got approval for it, so for now it's only conceptual for me. But for me the platform team should not be in the way of the dev team. It brings tools to reduce cognitive load by simplifying things, it can bring knowledge and momentarily integrate someone in the dev team to tackle specific questions and get a better sense of the team^s need, but the dev team shouldn t rely on the platform team to complete some of their actions

Chris14:05:12

outside of the concept of platform by itself, for what we have done to date, like a jenkins sharedlib easing the integration of the various tools and reducing greatly the work to build a pipeline, is available as inner source, so any team using it can submit PRs to enrich, modify it... To avoid us becoming a bottleneck for some requested functionalities which anyway dev team needing it knows probably better than us

Erik Sackman14:05:53

for example, stream aligned team cannot access the k8s platform directly but must go through the platform team

Ivan Krnic (Director of Engineering at CROZ)14:05:32

Hi @erik.sackman, you're right, we try to design all changes so they are as frictionless as possible.... self-service is crucial here, we want to eliminate such situations and have stream-aligned teams to be as autonomous as possible...

๐Ÿ‘ 1
David Read14:05:55

@erik.sackman can you give them direct kubectl / kube API access?

Erik Sackman14:05:32

and do you supply your clients with an exit strategy when they have "lock-in" on your platform?

Ivan Krnic (Director of Engineering at CROZ)14:05:43

Right now, I think that we have automated much of stuff that needs to happen for initial setup... we have a selfservice platform that can provision namespaces and project resources on its own

Ivan Krnic (Director of Engineering at CROZ)14:05:55

:)) It's not a lock-in on our platform. This is a platform that we use internally. And when we help them build their platform, they are engaged from the beginning and we reach decisions together.

Dubro - Conti Tires14:05:43

Very interesting talk. Hvala...

Erik Sackman14:05:14

ok, so it's either included in the services your provide, or it's knowledge you take with you on consultancy efforts when building a platform for your client

Erik Sackman14:05:47

interesting stuff, i'm kind of on a similar journey ๐Ÿ™‚

๐ŸŽ‰ 1
David Read14:05:52

๐Ÿ‘ thanks @ikrnic I really liked the talk

Erik Sackman14:05:03

thanks for sharing your experiences!

Ann Perry - IT Revolution14:05:04

Thank you, Ivan! And now we welcome @akoran!

Keara Vu (IT Revolution)14:05:08

๐Ÿ‘:skin-tone-4:๐Ÿ‘:skin-tone-4: @ikrnic!

โค๏ธ 1
Manash Hazarika14:05:22

@ikrnic How do you sync with the complete ecosystem of tools/technologies which are integrated and the platform that you have built

Ivan Krnic (Director of Engineering at CROZ)14:05:52

Yes, many times part of our job is not only to deliver software components but also to consult and help our clients build their own platform... this usually includes client education, knowledge sharing and helping them with specific tasks... so we share more than we lock-in ๐Ÿ˜„

โค๏ธ 1
Ivan Krnic (Director of Engineering at CROZ)14:05:22

Hi @manash_hazarika we invest efforts to look out what's happening out there and we decide on the direction via Community of Practice. We need all POVs for this

๐Ÿ‘ 1
Ivan Krnic (Director of Engineering at CROZ)14:05:17

Thanks all for being here, welcome @akoran!

๐Ÿ‘‹ 1
David Read14:05:23

What's this narrow path that we're pushing security candidates down?

David Read14:05:25

I really missed this bernoulli analogy point...

Tino Dietel, Tradebyte, Engineering Lead14:05:30

its fast paced and full of analogies ...

David Read14:05:08

too fast for me

David Read14:05:26

She's saying we need more security folks to secure all the things that the software devs are making. Can anyone summarize the other points?

rupert field - InfoQ, DevOps14:05:26

@akoran kudos for the Aliens reference

Amรฉlie Koran14:05:27

Basically, we need to be judicious in how we spread responsibility in order to not overload others (DevOps folx) but be cognizant that some things require specialists. It's a fine line... but we need to move fast because the security skills aren't growing as fast as the de talent and demand (that 1:17 ratio)

David Read14:05:08

Got it, makes sense. So devs need security skills (what you call 'devsecops' roles?), and we also need security specialists who sit in security teams. And the ratio you quote is the number of developers to security specialists?

Amรฉlie Koran14:05:50

@rupert - that was supposed to be a GIF, but it didn't render in my tool

Kevin Littlejohn14:05:40

I'd be really curious to hear what team structures you've seen working - most places I've worked have had separate security and they've struggled to keep up, as a devops-centric person boosting security into the discussion and automation is critical to what I do, but... bundling them together as a single team doesn't feel quite right either

Daniel Cahill - Engineer - Ontario Systems14:05:37

How are some ways that you have seen developers effectively improve in their security skills? I have trouble growing and learning for things actually useful for development based on what my security team tells or doesn't tell me.

David Read14:05:13

Now there's talk of Dev, Ops and Security teams. Previously there was talk about DevOpsSec roles too. I'd love a diagram to see what is good and bad in team structure.

Olivier Jacques, DXC14:05:31

Really like the last slide with the multiple streams and columns

๐Ÿ‘ 1
๐Ÿ™ 1
Kevin Littlejohn14:05:10

My takeaway from the last two slides is that it's highly contextual and probably will change. Yeah, I like that slide, might steal that for some team structure discussions myself

Olivier Jacques, DXC14:05:06

Thanks for the informative session @akoran - loved the energy and the content.

Ann Perry - IT Revolution14:05:54

Thank you, Amelie! And NOW, we welcome @shilpama and @krishnakanth_bn!!

๐Ÿ‘ 1
Gene Kim, ITREV, Program Chair14:05:35

Thank you so much @shilpama @krishnakanth_bn for allowing us to air your talk now โ€”ย weโ€™ll push a change so that it shows up in the schedule in just a couple of moments. cc @alex

๐Ÿ‘ 1
Amรฉlie Koran14:05:41

I'll be on more later... have a Lean Coffee session to moderate!

Amรฉlie Koran14:05:29

I have some slides with the venn diagrams with better explanations as well - i will post them

๐Ÿ‘ 2
Amรฉlie Koran14:05:35

Yeah, I have a separate deck specifically on the DevSecOps diagrams as to team strengths and structures and where they come from and where they go to - I think my single slide was a tiny amalgamation

Amรฉlie Koran15:05:12

it's a "pattern" diagram of where orgs find themselves now versus their desired state and it's more 'self-recognition'

๐Ÿ‘ 1
Amรฉlie Koran16:05:53

Here are my DevSecOps patterns, which are larger and expanded versions of the Venn Diagrams on organizational moves.

๐Ÿ‘ 1
Amรฉlie Koran19:05:07

here's the raw deck... sorry for the size...

Gene Kim, ITREV, Program Chair14:05:02

@shilpama @krishnakanth_bn Youโ€™re now in the schedule โ€”ย thanks for accommodating this!

๐Ÿ‘ 2
1
krishnakanthbn15:05:29

@annp @genek101 Thank you Ann and Gene.

Gene Kim, ITREV, Program Chair15:05:59

@shilpama @krishnakanth_bn Your submission generated so much interest among the programming committee โ€”ย can you share some details on how youโ€™re funded? Itโ€™s so impressive you did this for non-revenue generating applications! How did you justify modernizing certain categories of apps where justification for funding might be difficult? And thank you so much for sharing your story!

๐Ÿ‘ 3
Shilpa Aphale15:05:40

Thank you Ann and Gene

Shilpa Aphale15:05:16

Live enterprise is our Organization level initiative, there are 6 weekly SPRINT plan review with CXO. The organization was aligned for the digitization as part of Live enterprise.

๐Ÿ‘ 4
Shalini Nair15:05:13

@genek To expand on that, Infosys' Live enterprise vision encompasses transforming our internal processes, employee experience, apps that support and more to enable agility, sentience. This is an ongoing org wide initiative, sponsored by the leadership.

๐Ÿ‘ 5