Fork me on GitHub
#ask-the-speaker-track-2
<
2021-05-19
>
Kimberley Wilson10:05:34

@markosrendell @leanne.bridges Love the analogy that risk and control functions are similar to guardians of teenagers. How do we keep safe while allowing freedom and accountability? Brilliant.

❀️ 1
Patrick Debois11:05:01

Hello beautiful people - for some reason the talk description didn't come through - here is already the slides to get a feel for it - https://docs.google.com/presentation/d/1KSikHfZzt2di0l0V_3w9YakfyMFbwIxw966J_BEck6A/edit#slide=id.g6c44896cdf_1_3

1
πŸ‘ 1
πŸ’œ 2
Patrick Debois11:05:18

Happy to answer any questions you have

Patrick Debois11:05:00

I'm describing how we are all evolving into a team centric view and try to explain how this doesn't come over night and is rooted in past and future collaboration styles

Patrick Debois11:05:56

Now that DevOps has been adopted widely, and much of the friction between development and operations has been reduced, organizations and their technical leadership want to learn how to address the next layer of friction, security. Or as it's now being called, DevSecOps.

Much like the Agile development models that preceded DevOps, integrating security into the development process is necessary for the faster creation of innovative and safe applications. Establishing a DevSecOps culture amounts to overcoming the friction between the silos within your organization, and the rest is engineering.

Creating a DevSecOps culture requires the right technology, delivery processes, governance models, and cultural empowerment. By continuously assessing each of these pillars, your organization can establish a proactive DevSecOps culture.

Ann Perry - IT Revolution11:05:54

Looking forward to hearing from @patrick.debois256, coming up next!

Patrick Debois11:05:17

> Dev(Sec)Ops - everything you do to overcome the silos - all the rest is engineering do you agree ^^ ?

πŸ˜„ 1
πŸ‘€ 1
πŸ‘ 1
Nick Eggleston11:05:50

"Eliminating friction" - like this way of putting it

Nick Eggleston11:05:20

I recently listened to one of you DoD talks that focused on building trust

Patrick Debois11:05:21

nice - trust building is the long running process

Nick Eggleston11:05:44

hard to gain and easily damaged

Nick Eggleston11:05:02

Command & Control - is that linked to the war metaphors in business?

Patrick Debois11:05:56

I do think some our narrative is stil based on this

James Simon11:05:52

I always tie it to Taylorism

βž• 1
Nick Eggleston11:05:59

I've learned that associated too, though I know little about who Taylor was. <knowledge gap>

Philip Day11:05:19

https://www.slideshare.net/npflaeging/special-edition-paper-organize-for-complexity-part-iii is the best concise intro to Taylorism I've seen

πŸ‘€ 1
πŸ”– 1
βž• 1
Patrick Debois11:05:01

yet Taylorism is just a manifestation of that current Zeitgeist

Sophie Weston12:05:26

I found the discussion of Taylorism (and the potted bio of FWT himself) in 'Team of Teams' really interesting - how such reductionist methods just don't apply in today's VUCA world.

James Simon11:05:59

Not sure about anyone else

Duena Blomstrom, Psychological Safety Dashboard CEO, Author PeopleBeforeTech11:05:09

Glad you're using Laloux @patrick.debois256 - it featured in the Scrum Squads documentary and I mentioned it in the book too, he's crystal clear in the model

Patrick Debois11:05:10

I love that book (he's also a fellow Belgian) - I know many don't like it as it feels like one model is better then other. I just see it as different thinking evolutiuon

Jeffrey Fredrick, Author-Agile Conversations11:05:52

one claim might be they are fit for different environments

Duena Blomstrom, Psychological Safety Dashboard CEO, Author PeopleBeforeTech11:05:23

Everyone needs to stop being proprietary! ain't nobody got time for that! Well ok everything but the HumanDebt TM term πŸ™‚

Patrick Debois11:05:54

@jtf and different problem spaces - It's important to judge your company culture to understand how new ideas land

Jeffrey Fredrick, Author-Agile Conversations12:05:50

I think it is useful to consider the information flow ala Westrum in the different organization types.

Jeffrey Fredrick, Author-Agile Conversations12:05:00

the different models have different natural flows. the power centric red model matches and tends to give rise to pathological. the strongly hierarchical orange tends towards bureaucratic.

Arne Brasseur (CEO - Gaiwan, he/him)11:05:13

Reinventing Organizations: A Guide to Creating Organizations Inspired by the Next Stage of Human Consciousness https://www.goodreads.com/book/show/20787425-reinventing-organizations πŸ”–

πŸ”– 1
Katharine Chajka (Tasktop)11:05:18

reduce the friction ❀️

Katharine Chajka (Tasktop)11:05:01

love the discussion on evolution rather than one better than naother

Philipp BΓΆschen, TUI, DevOps Coach, (he/him)11:05:07

I've always been super confused with the "Container-Driven Collaboration" since that is somehow using technology, very different from all the other examples :thinking_face:

Philipp BΓΆschen, TUI, DevOps Coach, (he/him)11:05:42

But I am fairly ignorant on the topic, have not spend a large amount of time to think about this in depth

Nick Eggleston12:05:59

It's not container in the k*s sense, is it?

Philipp BΓΆschen, TUI, DevOps Coach, (he/him)12:05:41

Then I'm even more confused, maybe I'll need to dive into the book πŸ˜„ @patrick.debois256 do you have some enlightenment on this one maybe?

Patrick Debois12:05:36

Container driven collaboration hints at a few things: β€’ we believe in a tangible thing to be discussed β€’ it is a clearly defined thing The danger of it , is that you focus on what you are delivering not how and with who It stems from a belief we can write down all specs and we're good

Patrick Debois12:05:23

People usually stop at Container-driver and ignore the collabaration point

Philipp BΓΆschen, TUI, DevOps Coach, (he/him)12:05:06

So it's using a tangible clearly known thing (like a container spec file) to then collaborate on that boundary?

Daniel Cahill - Engineer - Ontario Systems11:05:22

"Hmm which am I? Devops with expiry date! Oh no!!"

πŸ’« 1
Jeffrey Fredrick, Author-Agile Conversations11:05:40

Which one of these have all the DevOps engineers?

Nick Eggleston12:05:22

Yes, it's important to get them all on the same team under one manager :rolling_on_the_floor_laughing:

πŸ˜„ 1
Jennifer Velasquez11:05:53

Evolution of pattern....πŸ‘

Jennifer Velasquez11:05:46

ABSOLUTELY - Trust is bidirectional!

1
πŸ‘ 2
Ffion Jones (Partner, PeopleNotTech)12:05:08

It always boils down to trust - and at the group level, psychological safety!

❀️ 4
πŸ‘ 3
1
Jeffrey Fredrick, Author-Agile Conversations12:05:30

β€œthe first thing to build is trust” < early agile quote

πŸ’― 4
Chris Gallivan, Stellantis, Value Stream Architect12:05:15

decisions on outsourcing work impact the trust a team has with the organization

πŸ’― 1
Patrick Debois12:05:45

if your outsourcer cares they will succeed

Nick Eggleston12:05:08

It's always about the people and work put in to develop the trust relationship and overcome the friction

Chris Gallivan, Stellantis, Value Stream Architect12:05:27

what I meant was that people are watching build vs buy/outsource decisions a company makes, and they become skeptical if they dont feel the org has confidence in them to build it

Daniel Cahill - Engineer - Ontario Systems12:05:10

Lately through Covid, I've noticed its harder for me to trust people I haven't met in person and I tend to rely on those I've spent time with. It's encouraging to hear that a good way to build trust is to answer calls. I hadn't thought about that.

❀️ 3
🎯 2
Bernard Voos (FedEx)12:05:45

I started a new job in April 2020 - still haven’t ever met 80%+ of my colleagues…

βœ‹ 1
Nick Eggleston12:05:22

I think developing trust and other similar things while fully remote is an area needing experimentation and development.

Ffion Jones (Partner, PeopleNotTech)12:05:52

Looking at the pre covid all remote companies, they still advocate coming together several times a year to 'rehumanise' too

Bernard Voos (FedEx)12:05:57

@patrick.debois256 - one of the tricky parts for my teams has been how to add DAST to our pipelines. It’s powerful security but extremely slow to run. Any thoughts or ideas?

Patrick Debois12:05:13

So what is the objection ?

Patrick Debois12:05:33

Both fast and slow feedback can be useful

Patrick Debois12:05:43

It's definitely better then no feedback

Bernard Voos (FedEx)12:05:52

Not necessarily an objection, but any best practices on how often to run DAST and any ways to speed it up

Patrick Debois12:05:30

sorry - don't have specific advice on that

Nick Eggleston12:05:54

Can you decouple it from the deployment pipeline and run it asynchronously?

Bernard Voos (FedEx)12:05:14

OK, no worries! Thanks for a great talk today - really enjoy how you weave all these great books together.

Philipp BΓΆschen, TUI, DevOps Coach, (he/him)12:05:29

I think that is very specific to your own risk profile for what you're scanning in the end. Some things you can cope with not scanning every release, other systems are so critical you definitely take a hit in speed to be more sure :thinking_face:

πŸ‘ 1
Patrick Debois12:05:32

yes - that is indeed what longer feedback does - much like unit test and integration test can have a different cycle

Bernard Voos (FedEx)12:05:34

Thanks @nickeggleston and @philipp.boeschen650! Appreciate your thoughts - will go back and muddle over it

Grant Robertson - Synopsys12:05:11

@bernard.voos I don't want to hijack this thread but have you looked into IAST? Let me know if you want to talk

Grant Robertson - Synopsys12:05:58

Think of it as AST for DevOps and continuous testing/deployments

Bernard Voos (FedEx)13:05:35

Hi @robertso! Yes we are already using IAST and it’s super valuable, but I think we need a balance of IAST and DAST to layer our security.

Grant Robertson - Synopsys13:05:49

Ok great to hear, if your looking at way to intelligently decide when to run what AST tools then you might be interested in Intelligent Orchestration. This is a new product we launched this year and is designed to solve the problem your referring to. When should I run DAST, IAST, SCA and what do I do with the results?

Grant Robertson - Synopsys13:05:42

It works with our own tools but its an open platform so can work with any vendors tools which have APIs or other integration points

Nick Eggleston12:05:01

@patrick.debois256 are you listening to the talk as you respond to questions? How easy/difficult do you find this medium for getting all the questions queued for response?

Patrick Debois12:05:06

Listening to the talk works great to understand how people's question progress. It's torture at the same time listening to myself - euhs - struggling with words etc.. πŸ™€

2
Duena Blomstrom, Psychological Safety Dashboard CEO, Author PeopleBeforeTech12:05:02

Nobody likes it, Patrick πŸ™‚ but you sound great

πŸ’― 3
Nick Eggleston12:05:33

I totally agree... Hearing myself is a huge distraction and the inner critic starts commenting...

Philipp BΓΆschen, TUI, DevOps Coach, (he/him)12:05:08

I'm definitely not looking forward to hear myself in 5 minutes 😬

πŸ˜† 1
Nick Eggleston12:05:21

It's an opportunity to practice radical acceptance hehe

Nick Eggleston12:05:33

super hard though

Ffion Jones (Partner, PeopleNotTech)12:05:24

It's good for business is a rarely a personal motivation - absolutely!

πŸ’― 2
🍻 4
Philip Day12:05:14

Command and control is like sand - the harder you squeeze the more it slips out of your grip :thumbsup:

πŸ™Œ 1
Jeffrey Fredrick, Author-Agile Conversations12:05:52

I need a Star Wars emoji for an appropriate response

πŸ˜‚ 1
Patrick Debois12:05:34

I'd love to hear your feedback to make this talk better - was it what you expected or did you miss something?

Nick Eggleston12:05:19

Personally, I like to hear stories from your experience that underscore each point - both the positive and negative... but something about the detailed real life story is captivating

Patrick Debois12:05:11

fair point - stories can be indeed powerfull - they also tend to expand in time πŸ™‚

Ffion Jones (Partner, PeopleNotTech)12:05:12

Would love to hear more on your view of psychological safety and it's importance here

Patrick Debois12:05:36

I'm still learning on that part @ffion - definitely intersting

Moira Cheng12:05:53

@patrick.debois256 I would love to know about experiences where organisations have all combinations of the DevOps team patterns, and how we can recognise it and understand if there is a natural evolution & devsecops maturity path in transitioning from one state to another. Is there an optimal devsecops team pattern/model to aspire to?

Daniel Cahill - Engineer - Ontario Systems12:05:48

Something I've been thinking about lately: How do I as an engineer grow in my knowledge of security areas? I'm not getting much training from my security team and I haven't got my head around how I should be continually growing. I can scan code or put WAFs in place, but it feels so narrow that I don't feel like I'm actually fully using my skills.

Patrick Debois12:05:08

separate training (the education part) suffers from the silos - you'd have to escape your siloed education program

Akash (Co-Founder Kloudle) (He/Him)12:05:21

One way a lot of security engineers learn is by hacking deliberately vulnerable apps. As a developer you can understand the underlying causes in code and it is fun to hack around.

Nick Eggleston12:05:54

There's a security company that does that and has various "ranges" or scenarios to attack, and I think they open it up for "free" occasionally. Now, if I could just remember the name...

Akash (Co-Founder Kloudle) (He/Him)12:05:04

there are many deliberately vuln environments and apps you can find on GitHub. Bunch of them have docker images so you can pull, run and start attacking. πŸ™‚

Varun Manoj12:05:11

@nickeggleston think you mean Secure Code Warriors? @dacahill7 Snyk also produces a lot of material around developer education. Check out this e-book for example that looks at Serverless Security: https://go.snyk.io/oreilly-serverless-security.html Happy to DM you some more if you want πŸ™‚

πŸ‘ 1
Bernard Voos (FedEx)12:05:54

Love the line about the paradox of command & control culture! Trying to grasp sand and it flows through your fingers. Very zen!

🎯 2
Chris Gallivan, Stellantis, Value Stream Architect12:05:26

That pendulum swing at the end of autonomy is interesting to me - back towards controlling

Ffion Jones (Partner, PeopleNotTech)12:05:57

Me too! Do we need to dip back into control in order to maintain the balance?

Chris Gallivan, Stellantis, Value Stream Architect12:05:18

If so, we will have no trouble doing this !

πŸ’― 1
Duena Blomstrom, Psychological Safety Dashboard CEO, Author PeopleBeforeTech12:05:42

I think Aristotle has it right - we need Structure and Clarity which is easy to conflate

❀️ 1
Craig Cook - IBM12:05:50

Autonomy, requires Psychological Safety. And requires leaders to keep it in place.

πŸ™Œ 2
Jeffrey Fredrick, Author-Agile Conversations12:05:00

Reminds me of @esh’s β€œbetter testing, worse quality”

1
Patrick Debois12:05:26

Just Enough Debois Information - JEDI πŸ™‚

1
Varun Manoj12:05:37

πŸ‘πŸ‘πŸ‘

Moira Cheng12:05:40

Excellent talk @patrick.debois256 - I found it really insightful, especially how you brought every aspect together

πŸ™ 1
Nick Eggleston12:05:42

Thanks @patrick.debois256. I wish the talk could be longer πŸ™‚

βž• 1
🍻 1
Chris12:05:44

Thank you @patrick.debois256 πŸ‘

thankyou 1
Daniel Cahill - Engineer - Ontario Systems12:05:44

Thanks Patrick! I'm going to be rewatching this later.

βž• 3
Lloyd P12:05:29

I’d like to pivot off of Daniels question as well, as someone passionate about security how do I help others better understand that security involves everyone at every level. Getting your tech team thinking about security is the easy half of this problem as they are deeply involved in this world already; but β€œtraditionally” less tech-savvy teams like say marketing, sales, support often have a harder time understanding the real nitty gritty of why certain protocols exist. Why is my dogs name and DoB a bad password? Why should I care about the hashing algorithm we use? Attackers know that these are the weaker points and just a surface level protection against phishing is starting to not be enough

πŸ‘€ 1
Patrick Debois12:05:42

My take is that you hit it with the word care - there might be different motivations to care of security part of being an employee is having obligations to keep things secure - but you should translate it into their daily life about what they care Like sales, we don't want to leak information to competitors , loose subscribers when people feel their privacy is violated

Daniel Cahill - Engineer - Ontario Systems12:05:52

When building up that care, is there a way you avoid using "Security" as a blugeon? One example is in the Pheonix Project where the security director can halt any process by talking about how important security is. How are some ways you have effectively seen security implemented gently while still keeping the importance?

Patrick Debois12:05:49

The problem is not that security says no - if we trust them we want them to say no - what we are hinting is that if we externalize the basic knowledge & judgement we can distribute the situation assessment allowing not to be blocked all the time. Much like Ops still has a place as the experts or the UX or the project manager - they all have deep expertise I agree that is when people get better they often feel less need to ask for advice. And that reflex of asking advice needs to be enforced by the rules of engagement - everyone that will have impact needs to be solicited in case of doubt (by exception) That is the aim of the trust building

Ann Perry - IT Revolution12:05:54

Thank you so much, Patrick! Next up, we welcome @praz, @akash676 and @ramesh.karra!

Praz12:05:09

Hello everyone!

Akash (Co-Founder Kloudle) (He/Him)12:05:27

Awesome session @patrick.debois256 πŸ™‚ tough act to follow.

πŸ’― 2
Daniel Cahill - Engineer - Ontario Systems12:05:01

Books mentioned by Patrick: Tyranny of Metrics Threat Modeling Secure By Design Trust: Building Trust at Work Reinventing organizations Turn the Ship Around! IT Revolution books πŸ”–

πŸ”– 5
❀️ 3
Daniel Cahill - Engineer - Ontario Systems12:05:01

Were you able to have the same app work for children and college students and teachers? Or were there different applications? It sounds like the user experiences for the students of all ages would be important and maybe have different problems to solve.

Praz12:05:46

We have multiple apps for students: 1 . Early learn app K3 in collab with Disney 2. K5-K12 app For parents we have a partner app. But no apps for schools/colleges. We however are working with Google classroom to give content to schools and colleges via Google classroom platform

Saurabh Singh12:05:09

Hello @praz -- How do guys manage this big data?

Praz12:05:16

We use MongoDb as our DB For analytics we use Redshift and BQ depending on different use cases. However, we have realized over time that certain transaction data had to be moved to Relational DB. So parts of it are now being moved to PostgresSQL

Daniel Cahill - Engineer - Ontario Systems12:05:33

In this pipeline design, did you start with this model at the beginning of 2020 or did you have to cut out inefficient steps as you went?

Akash (Co-Founder Kloudle) (He/Him)12:05:56

We kept the design as is. Reduced the threshold for alarms for disk space, CPU for the Jenkins.

Akash (Co-Founder Kloudle) (He/Him)12:05:37

We tried to stay as close to what engineers expected from before the lockdown, since now all support and interactions were going to be remote.

Daniel Cahill - Engineer - Ontario Systems12:05:45

By having build status go to Slack, do you feel like you avoided alert fatigue?

Akash (Co-Founder Kloudle) (He/Him)12:05:23

Slack channel for build status updates acted more of a shared workspace for the DevOps team working from different parts of the country.

Akash (Co-Founder Kloudle) (He/Him)12:05:39

Having each status there allowed for further discussion if required.

Praz12:05:40

We did not have to switch been apps to know if something went wrong. Also, because we had alerts come on a certain channel where multiple people were there, we never missed something that was critical. Threaded discussions meant we had the context

Daniel Cahill - Engineer - Ontario Systems12:05:46

Interesting. We have tried both having alerts in the channel and outside the channel and both cases have resulted in them being ignored. Now, new managers are wanting to move alerts again and I'm trying to think about how best to help.

Akash (Co-Founder Kloudle) (He/Him)12:05:24

This is a great question for a BoF session. Even I would like to hear from the other experts on what they say.

Manash Hazarika12:05:40

@ramesh.karra @praz - what underlying tool that you use for your pipeline creation

Praz12:05:28

so we are using github->jenkins->s3

Akash (Co-Founder Kloudle) (He/Him)12:05:34

Folks we are hanging out here and in slack till later, in case any questions come up. Cheers.

βœ”οΈ 2
Patrick Debois12:05:16

signing off here - feel free to reach out to me on the twitters or via email - https://twitter.com/patrickdebois - have a great rest of the conference

1
πŸ‘ 1
Ann Perry - IT Revolution13:05:26

In a few minutes, we'll have @dubravko joining us from Continental Tires!

Dubro - Conti Tires13:05:29

Hi everyone...happy to be here...

Christoph Hagedorn14:05:24

What charting software are you using?

Dubro - Conti Tires14:05:19

@hagedorn for that chart do you mean or in the context of the Platform?

Christoph Hagedorn14:05:50

I mean visualisation like grafana

Dubro - Conti Tires14:05:37

Ah...yes, we use Grafana. The Data Scientists are free to use anything else and are focussing on R, Dash, Streamlit and simliar

πŸ‘ 1
Dmitry Luchnik /// adidas Data Analytics architect14:05:29

Hi @dubravko, is this Lab - something custom-built or something like databricks ui?

Dubro - Conti Tires14:05:51

Completely custom build. Virtually from the scratch

Dubro - Conti Tires14:05:17

Only: after some experimenting we choosed to use the EKS service Kubernetes

Dmitry Luchnik /// adidas Data Analytics architect14:05:12

the frontend some slides ago looked quite cool :)

Dubro - Conti Tires14:05:04

@dmitry.luchnik, thanks. It is, I really like it either. It is an interface which is used by tires, ContiTech and Automotive likewise and helps us a lot.

πŸ‘ 1
Dmitry Luchnik /// adidas Data Analytics architect14:05:44

that would be my next question - thank you for this comparison πŸ™‚ btw, have you looked into databricks offering?

Dubro - Conti Tires14:05:16

We did the databrick comparison in 2018. Maybe we can redo this...good point.

Dubro - Conti Tires14:05:37

Currently many Data Scientists come up with new requests. MLFlow, KubeFlow, Sagemaker, you name it...

Christoph Hagedorn14:05:27

can we follow up the discussion in gather when the presentation is finished?

Dubro - Conti Tires14:05:28

I still have some troubles accessing Gather but I will give it another try...our security is...outdated...in handling PC configurations πŸ™‚

Dubro - Conti Tires14:05:38

Ok, worked...I'm in Gather now

Christoph Hagedorn14:05:26

great, under which name

Christoph Hagedorn14:05:11

I'm right to the bar

Dmitry Luchnik /// adidas Data Analytics architect14:05:35

would like to join you, are you planning to be there in 30 mins?

Christoph Hagedorn14:05:09

actually i have no idea, but I can be there

Ann Perry - IT Revolution14:05:03

Thank you so much, Dubro! We now warmly welcome, @thomas.jachmann from Siemens Healthineers!

Tom Jachmann14:05:56

hello everybody. Welcome to my talk. Looking forward to answer your questions and hear your thoughts

πŸ‘ 1
πŸ‘‹ 2
James Simon14:05:03

Are you able to avoid V&V finding real bugs this way?

Philip Day14:05:56

"Release is a non-event" - profound

πŸ‘ 2
Frances Paulisch14:05:01

DevOps thinking can also be applied to cyberphysical systems not only software only.

πŸ‘ 1
Tom Jachmann14:05:02

@philipday but difficult to reach in such a complex environment. has it's worth as a north-star but dangerous as a KPI (you will see later in the talk)

Philip Day14:05:03

Intriguing! KPIs are dangerous generally, if used as targets. IMHO they're great for teams to use internally, but dangerous for any form of upward or outward reporting.

Katharine Chajka (Tasktop)14:05:38

+1 exposing the issues - then we need to fix the issues!

Tom Jachmann14:05:25

or IT infrastructure changes we were looking for a long time until we found them

Frances Paulisch14:05:35

Cynefin - Probe, Sense, Respond to handle complexity

Ffion Jones (Partner, PeopleNotTech)14:05:22

We use this in some work I do on service design, great to see it here!

James Simon14:05:34

I captured the screen with this one it, to show my management I am not the only one who talks about it

πŸ™Œ 2
πŸ‘ 1
Patrick Anderson - Tasktop - he/him14:05:02

The brilliant John Willis talks about the cynefin framework in his podcast with Dr. Mik Kersten https://projecttoproduct.org/podcast/john-willis/

Tom Jachmann14:05:21

it is not only a matter of scaling speed but also costs which become signifcant now

AlignedDev (Omnitech Engineer)14:05:52

Embrace the change, important to uncover all of the bad things that are hidden

AlignedDev (Omnitech Engineer)14:05:50

"Not something you can predefine, it is more about the journey"

πŸ‘ 2
πŸ˜€ 1
AlignedDev (Omnitech Engineer)14:05:29

this summary slide is great

AlignedDev (Omnitech Engineer)14:05:31

@thomas.jachmann would you say that KPIs on this slide could be interchanged with OKRs?

Tom Jachmann14:05:59

@logankd: absolutely. Read KPIs as "measurable" steps.

Tom Jachmann14:05:32

you only can improve what you measure, otherwise you will not see in a complex environment if it improves or creates side effects that are not desired

βœ… 2
Tom Jachmann14:05:29

thanks for joining my talk. I will stick around until the next talk starts in case there are any questions. Feedback is as well appreciated

thankyou 1
Tom Jachmann14:05:01

my pleasure. I cannot say that prerecording this was a great experience (i love the interaction on a conference as a speaker with the audience). But the possibility to discuss in parallel is really awesome

πŸ‘ 3
Ron Westrum15:05:30

A very thoughtful presentation

Ron Westrum15:05:37

I particularly liked the incorporation of potential new people into the process to speed it along.

Tom Jachmann15:05:30

@james.simon1165: we find a lot of topics much earlier now through these measures. We still find too many in V&V, but that is our next step of Shift left to get subsystem validation into the daily feedback cycle

Tom Jachmann15:05:39

@james.simon1165: especially hitting the system in system integrations is now much smoother an we still uncover topics there that require an analysis and further auto tests, but we were able to reduce also system integration times already (and took out quite of the drama)#

Tom Jachmann15:05:43

@philipday: I agree with you. I should have used the term "measurement" instead of KPI, because that is what I mean. for me KPI has become a synonym, because it neither has tha religious touch nor the academic touch in our organization. But I see where you are coming from - KPI has in a lot of minds a very specific meaning and also a bad reputation, because it is often misused

πŸ‘ 1