Fork me on GitHub

Reminder: Get yourself in front of your browser and into #ask-the-speaker-plenary for the opening remarks. We’re kicking off the final day of the DevOps Enterprise Summit in 15 minutes at 10am BST!


Reminder: The final day is starting now – opening remarks and then plenary talks! Join the conversation in #ask-the-speaker-plenary.


Reminder: Remember all those talks you attended the first two days of the Summit? Please submit your feedback for those! It’s so valuable for us and the speakers. And after all, feedback is a gift and sharing is caring! Enter your feedback for those talks here:


Reminder: The breakout sessions are starting in 5 minutes. Get in front of your browser and start navigating your way to whichever session you’re attending.

Phil Gadzinski Bupa11:05:54

Hi all getting ready for the talk! Questions will be welcome @adarsh12in

Adarsh Mehrotra11:05:03

thanks @phillipgadzinski

Ann Perry - IT Revolution11:05:00

Let's welcome, @phillipgadzinski, Group Global Head of Enablement, BUPA and @adarsh12in, DevOps CoE Head, Infosys Quality Consulting Unit, Infosys, here to present: No Flow No Devops!

Phil Gadzinski Bupa11:05:32

Thank you! looking forward to it…long time watcher first time presenter!

Phil Gadzinski Bupa11:05:13

HI @annp should the recording be playing yet?

Andrew Tam11:05:29

@phillipgadzinski and @adarsh12in great to see you both!!!

Phil Gadzinski Bupa11:05:43

Andy Tam! hello! how are you?

Andrew Tam11:05:35

I’m doing well!!! we should catch up!

Adarsh Mehrotra11:05:17

good to see you @me1 🙂

Andrew Tam11:05:51

we should catchup!

Adarsh Mehrotra12:05:43

100% 🙂 i will be soon in AU

Ann Perry - IT Revolution11:05:41

Apologies for the delay – the video will start shortly!

👍 1
Gene Kim, ITREV, Program Chair11:05:51

(loading film into projector!!)

📽️ 1
Phil Gadzinski Bupa11:05:05

ah the good old days

Phil Gadzinski Bupa11:05:56

yes - i love deming…

❤️ 1
👍 1
Gene Kim, ITREV, Program Chair12:05:25

@phillipgadzinski @adarsh12in I was so delighted that you submitted — we have too few experience reports from the healthcare space. Such an important industry!

🎉 1
🙌 1
Phil Gadzinski Bupa12:05:32

Its a pleasure to be able to… and yes! I know Alistair quit well . we have had him at bupa actually.. also using heart of agile principles

Gene Kim, ITREV, Program Chair12:05:25

I met him when I was in Australia in 2017 — what a neat guy!

Adarsh Mehrotra12:05:04

Healthcare has moved real fast in last 2-3 years on Digital - telemedicine, patient engagement online, smart health etc

👍 1
Gene Kim, ITREV, Program Chair12:05:03

It’s been fascinating to learn how poorly information flows in hospitals, as the number of specialties has grown in the last 50 years — and how much room for improvement there is!

👏 1
Phil Gadzinski Bupa12:05:41

Indeed @adarsh12in and our global strategy is really about accelerating how we can create those compelling digital solutions

Gene Kim, ITREV, Program Chair12:05:25

Have you been measuring any improvements in patient outcomes, especially safety? (was NPS for patients? or for fellow BUPA colleagues?). thank you!

Phil Gadzinski Bupa12:05:44

some hospitals are amazing - they adopt lean principles. the key there is whats the Flow Unit - the patient or the service? if its the patient, then lean works…

Gene Kim, ITREV, Program Chair12:05:32

“the stronger the why, the easier the how” NICE!

Phil Gadzinski Bupa12:05:41

our nps is across all services - we have multiple op models in healthcare. so yes it covers things such as patient experience. more about the real customer experience.

👍 1
Phil Gadzinski Bupa12:05:04

flow metrics are on the teams…

Gene Kim, ITREV, Program Chair12:05:55

“gamification is 75% psychology; 25% technology”

Phil Gadzinski Bupa12:05:56

and a great Deming quote @adarsh12in! “IN god we trust, others need data…”

Gene Kim, ITREV, Program Chair12:05:14

@phillipgadzinski always startling when someone talks to you via a recorded video! 🙂

Phil Gadzinski Bupa12:05:42

its just hard to know what to respond with!

😆 1
Nigel Lester12:05:28

How are you getting on with determining/defining practical DORA definitions?

Phil Gadzinski Bupa12:05:32

With 5 Market units and 16 countries it’s a journey. The advantage is the metrics are relatively simple to define and adopt.

Adarsh Mehrotra12:05:52

@lester2 - metrics across Velocity like Deployment cadence & success with most teams being on ADO and metrics like MTTR from tools like ServiceNow are pretty much in place. the challenge comes in collating from 16 different countries & consistent view. as devOps CoE, we reach out to teams to gather data on our 'monitor of monitors'

Adarsh Mehrotra12:05:08

100%. the ones shown below is exactly what DORA advocates. We use Deployment cadence & success which is what ur deployment frequency & Change fail rate combined is, Lead time..which is what we get from JIRA & Azure Boards..most countries are on Azure boards..few on JIRA..time to restore service from ServiceNow. Hope that helps

Adarsh Mehrotra12:05:14

deployment frequency (DF), lead time for changes (LT), mean time to recovery (MTTR), and change failure rate (CFR).

Gene Kim, ITREV, Program Chair12:05:39

fascinating; 16 geographies, decentralized traditions; how does one more rapidly spread great practices, across federated countries. “we do things 16 different ways”

Phil Gadzinski Bupa12:05:58

whats working for us is an idea of understanding complexity. emergence of novel and good practices can come from anywhere. so we cant take a centralised command driven mode and be succesful . so instead we spread feedback loops - broad open channels of information flow and try and pick up weak signals - and where we see things that could be taken then federated globally we do that. much of our recommended patterns and practices and and enablers have bene drawn from existing things within our business. so we curate before we create…

Ann Perry - IT Revolution12:05:00

Here to present The DevOps Transformation Toolbox -10 Tools that Drive RBI's Transformation to Modern SW Engineering is @robert.ruzitschka, DevOps Guild Lead and @matthias.fleischmann Group Product Leader of Fraud Transaction Monitoring from RBI

Robert Ruzitschka - DevOps Guild Lead12:05:45

Thanks! Excited to be here and looking forward to your questions!

Phil Gadzinski Bupa12:05:07

SO @genek its the reason for the CoEs. our role is to do this…

Matthias Fleischmann12:05:11

Also from my side, hello and thanks for having us 🙂

Gene Kim, ITREV, Program Chair12:05:14

Thank you @phillipgadzinski @adarsh12in!

👏 2
Matt Cobby (Director of Engineering, Deloitte)12:05:14

Thank you @phillipgadzinski and @adarsh12in

Adarsh Mehrotra12:05:36

tx @matthew.cobby

Phil Gadzinski Bupa12:05:48

thanks for taking the time at 10pm Matt!

James Arshadi12:05:59

@phillipgadzinski and @adarsh12in thanks for sharing great talk

👍 2
Phil Gadzinski Bupa12:05:31

thank you for coming along @j.arshadi

Robert Ruzitschka - DevOps Guild Lead12:05:28

And this is the obligatory Team Topologies Reference: Enabling Team!

Matt Cobby (Director of Engineering, Deloitte)12:05:20

Time limiting is critical for the DevOps coach!

👍 1
Phil Gadzinski Bupa12:05:06

There you go @matthew.cobby Inner Source!

Matt Cobby (Director of Engineering, Deloitte)12:05:54

My other personal mission - helping people collaborate. #innersource 👍

Matt Cobby (Director of Engineering, Deloitte)12:05:59

@robert.ruzitschka - love to catch up later about this

👍 2
Ben Squires (HORIBA Test Automation)12:05:03

@robert.ruzitschka and @matthias.fleischmann How do you balance CoP and/or Guild membership with value stream related work?

Bernard Voos (FedEx)12:05:49

Hi @robert.ruzitschka and @matthias.fleischmann! I had a quick question on the Inner Sourcing. What was your experience getting teams to open up and let others work in their code? That’s been a huge roadblock for our teams. Teams regularly refuse to even let other access each other’s repos.

👀 1
Robert Ruzitschka - DevOps Guild Lead12:05:54

@ben.squires Good question. Guilds have more formal membership, guild members are nominated and should work around 10% for the community. We expect this to be an average. So sometimes more, sometimes less - depends on urgency in the value stream. No simple thing to balance, quite delicate.

Ben Squires (HORIBA Test Automation)12:05:00

@robert.ruzitschka Thank you. How do Guild members get access to their 10% - something negotiated with their own team? This is something we have struggled with - we have CoPs (as per your Guilds) but getting members time to do this work when faced with large feature backlogs is very difficult for us...

Robert Ruzitschka - DevOps Guild Lead12:05:28

Ben - no silver bullet here, we also struggle with this. It takes a lot of time and convincing on all levels to assure that teams not only optimize locally but also think about overall organizational health. I wrote an article about this a while ago.

Ben Squires (HORIBA Test Automation)14:05:15

@robert.ruzitschka Thanks! I will take a look at the article... I'm always hoping for a silver bullet :-D

👍 1
Matthias Fleischmann12:05:52

Hi @bernard.voos - my personal experience in our Tribe setup (containing multiple sister product teams) is that we are facing the challenge that some teams are to secure enough to make use of new code, new ideas (which have not been developed by themselves. Ad repos, we run here a pretty liberal strategy, repos are open in Git. (of course with respective limitations, but everyone can access)

Scott Prugh (DOES Prog Committee)12:05:09

@robert.ruzitschka Are you able to share your Agile Engineering Maturity Model??

Matthias Fleischmann12:05:22

@ben.squires if I may also add here to your point - I believe (and completely convinced as Product team member) that you need to support this as product leader, recognizing that the team members benefit from that sharing culture and make us all better

Ben Squires (HORIBA Test Automation)12:05:48

@matthias.fleischmann I complete agree - but difficult to convince a PO under pressure - we continue to try 🙂

Matthias Fleischmann13:05:04

@ben.squires what helped me as being in the PO shoes are reading literature as the DevOps Handbook, or the Phoenix Project. If you don't show legitimate interest in the team members capabilities and work I am convinced you have a hard time being a great PO. I am certainly NOT prioritizing my whole work day the backlog and upcoming focus areas, but rather spending huge amount of time with the other team members understanding their actual work better (not saying that I understand everything down to deepest code level :D)

Matthias Fleischmann13:05:27

Disclaimer: I don't have a technical background

Ben Squires (HORIBA Test Automation)13:05:25

@matthias.fleischmann That's good advice - I will try to get the POs to follow it - might be time for mass purchase of The Phoenix Project audiobook 🙂 Thanks again!

Beat Buehler - Team Lead / Agile Coach - Helsana Health Insurance12:05:28

security design seems to be an unpopular discipline 😂


@robert.ruzitschka Question to "Agile Egineering Coaches": How strongly the are coupled with the teams and how easy it is to get this coaches out of the team after the coaching work is done (I'm pretty sure the coaching work is never done)?

Robert Ruzitschka - DevOps Guild Lead12:05:55

@bernard.voos We have not experienced this problem as we have been storing code in shared repo already for quite some time. We see a bit of hesitation as teams feel that InnerSource may cause them more work with no immediate benefits. It requires a lot of talking. My personal experience: If teams are reluctant to share their code, there is a bigger underlying problem (psychological safety etc.)

👍 1
Robert Ruzitschka - DevOps Guild Lead12:05:50

@scott.prugh: We are thinking about it. it is nothing secret or fancy. We just need to put some polishing on it and find a good way how to publish.

❤️ 1
Scott Prugh (DOES Prog Committee)12:05:08

Let me know if you want help polishing. My excel skills are strong!!

Bernard Voos (FedEx)12:05:31

Thanks, @robert.ruzitschka! Indeed, there’s definitely not enough psychological safety. We are working on that.

Nigel Lester12:05:31

InnerSourcing - can be a struggle if participation is voluntary to contribute. How do you "staff" these?

Robert Ruzitschka - DevOps Guild Lead12:05:11

@enrico.walther As discussed a bit above, it is important to define a clear scope and a clear time frame. If teams don't really commit, coaches pull out. We need to prioritize our work so typically work with teams that really want us to help!


Is the definition of the scope a kind of contract which is filled out at the beginning of the engagement together with the product owner or scrum master?

Robert Ruzitschka - DevOps Guild Lead12:05:50

This is how it is done, exactly. There is a more or less formal agreement to set expectations from all sides. Usually the agreement is doe with the business stake holder (PO) but the Scrum Master is of course also involved.


Ok. We have a similare role defined in our organisation but we strugle all the time to get the coaching experts out of the project after there engagement.

Moira Cheng12:05:46

Thank you @robert.ruzitschka and Matthias. I love your toolbox concept. Wonder what the difference really is between general Agile Coaches and Agile Engineering Coaches - I guess they're dedicated to focusing on engineering practices specifically? It's interesting - we have an Engineering Maturity assessment too, but we've got separate content for Agile and separate content for DevOps

Robert Ruzitschka - DevOps Guild Lead12:05:53

@lester2 We are early in the journey here but what we assured from the beginning was top level management (Board Leve) buy in.

👍 1
Ben Squires (HORIBA Test Automation)12:05:03

Thank you @robert.ruzitschka @matthias.fleischmann - very interesting and focussed presentation - ringing many bells and some useful ideas to take forward - much appreciated

❤️ 1
Matthias Fleischmann12:05:04

@lester2 completely agree and share that this can be a struggle, on the other hand side, if we are not able to make teams see the benefit that we are not there where we wanna be - I guess that is a huge mindset thingy in general where corporations need to work

🎉 1
Nigel Lester12:05:05

One view is they are projects with no budget, so definitely need PM buy in.

Giulio Vian, Unum12:05:11

@robert.ruzitschka and @matthias.fleischmann, your toolkit is very similar to ours how the move to cloud was relevant in your progression?

👍 1
Jörg Weichelt12:05:14

@robert.ruzitschka Thanks, very inpiring!

❤️ 1
Robert Ruzitschka - DevOps Guild Lead12:05:33

@moira.cheng Thanks for the kind words. You got that exactly right. We are focusing on Engineering Practices but obviously there is a big overlapping area. Hard to seperate the two things -so we try to work as close together with the Agile coaches as possible.

👍 1
Robert Ruzitschka - DevOps Guild Lead12:05:32

@gvian Yes, you are right. We see significant correlation between cloud adoption and engineering maturity!

Matthias Fleischmann12:05:10

@gvian Robert touched on a similar related topic during the talk - removing certain topics a team needs to take care of to focus the cognitive power and resource to actual value adding outcomes ... cloud (managed) services obviously help here as well tremendously

👍 1

Reminder: The breakout sessions are starting again in 5 minutes. Get in front of your browser and start navigating your way to whichever session you’re attending.

Ann Perry - IT Revolution13:05:00

And now, @steveelsewhere and @abd3721 are here to present, Leading from the Middle

Steve Pereira - Visible Value Stream Consulting13:05:10

I’m curious what everyone is seeing as methods to foster this ‘Transformational Leadership’

Andrew Davis - AutoRABIT - DevSecOps for Salesforce13:05:47

And what obstacles / risks are you seeing as the biggest challenge to having influence in your organization?

Jeff Gallimore (CTIO - Excella)13:05:17

1. lack of explicit culture and values 2. lack of alignment in incentives/rewards

💯 1
Steve Pereira - Visible Value Stream Consulting13:05:10

This ‘explicit’ gap is massive, I think it also includes repetition and clarity

🎯 1
Steve Pereira - Visible Value Stream Consulting13:05:10

#2 is something we’ll look back on with disbelief for decades: “How did any of this work when we told everyone to do x and rewarded y?”

☝️ 2
Steve Pereira - Visible Value Stream Consulting14:05:39

@jeff.gallimore thank you for joining us for the session!!

thankyou 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce14:05:47

#2 sounds a lot like our conscious values and implied/tacit/unconscious values are different

Jeff Gallimore (CTIO - Excella)14:05:02

@abd3721 interesting. :thinking_face: yes. implicit != explicit, and one group’s != another group’s

Steve Pereira - Visible Value Stream Consulting13:05:23

It was so surprising to me to connect pull-based leadership and pull-based delivery - is pull always the best way?

Sascha Schärich (DevOps Evangelist at Deutsche Telekom IT)13:05:06

For us at Telekom IT a big challenge is “who actually is the leader?“: We have people units where we collected people based on skills, and then we work in so called hubs in our day to day life, so there is always a conflict.

👆 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce14:05:23

Does the tension between those two groups lead to balanced good decisions? Or leave people less confident?

Steve Pereira - Visible Value Stream Consulting14:05:58

That’s an advantage of stream alignment and the ‘single threaded leader’ Amazon model

Sascha Schärich (DevOps Evangelist at Deutsche Telekom IT)14:05:34

At the moment it is not balanced, no. We fuss over things like “on what time do I learn, on the people unit or hub time?” and how much time does the hub or the people unit get…

💡 1
Steve Pereira - Visible Value Stream Consulting14:05:00

Do you think there’s a way to balance the two?

Sascha Schärich (DevOps Evangelist at Deutsche Telekom IT)14:05:46

I think if the individuals understand why we really need both of those sides they can figure out their balance on their own, and I would feel that a 15% vs 85% balance sounds healthy, but at the moment the goals of both sides are not clear.

Robert Ruzitschka - DevOps Guild Lead15:05:17

@sascha.schaerich We see this also many times. Core problem for me is that the organization usually is structured in a way that local optimization is (explicitly or implicitly) encouraged. If any level of hierarchy need to decide to go for local benefit or for overall organizational benefit - local always wins. It hard to design a different structure. I have been thinking a lot about this. Don't wan to spam but have collected my thought on the matter here:

Robert Ruzitschka - DevOps Guild Lead15:05:39

As a community lead I need to manoevre the space every day and it is not simple. Creating organizational awareness about these topics is hard to achieve precisely because of incentive structure. But potential benefits are huge.

Andrew Davis - AutoRABIT - DevSecOps for Salesforce00:05:44

Great and helpful article @robert.ruzitschka thank you!

Jeff Gallimore (CTIO - Excella)14:05:53

i love the clarity of this — showing and describing the different kinds of “networks”

🕸️ 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce14:05:54

“If you want people to do what you want, you need to want what’s in their best interest”

👍 1
❤️ 1
Jeff Gallimore (CTIO - Excella)14:05:15

even better if it’s in service of a greater “we”

❤️ 1
Steve Pereira - Visible Value Stream Consulting14:05:52

“Get together, Go faster” :]

🙌 1
Glenn Wilson, Author of DevSecOps14:05:39

Is this a basis for intrinsic motivation?

Steve Pereira - Visible Value Stream Consulting14:05:19

^ this is such an interesting phenomenon! How do we define intrinsic vs systemic? Is there daylight between the two?

Andrew Davis - AutoRABIT - DevSecOps for Salesforce14:05:41

There are few classic intrinsic motivations: • Autonomy • Mastery • Purpose • Connection I think that “systemic” factors are what will largely drive behavior (for better or for worse). If the system promotes intrinsic motivators, people will be more naturally engaged.

💯 2

A lot of this, I think, maps nicely with Eric Lynn's work around cultivating healthy organizations, as described in his book "Dancing with Change". Highly recommended read.

🔖 1
📚 1
👀 1
Jeff Gallimore (CTIO - Excella)14:05:48

“flow and focus” and joy? ❤️ gene’s ideal #2

🙌 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce14:05:29

The fact that we omitted/overlooked joy probably implies that we’re under-emphasizing that in our own lives. (Note to self)

❤️ 1
Jack Lagare14:05:22

Buy-in also influences how outcomes are achieved and spending time on defining the whys will help a lot in promoting harmony for all parties.

💯 2
Steve Pereira - Visible Value Stream Consulting14:05:19

Yes! Buy-in is the booster rocket

❤️ 1
Jeff Gallimore (CTIO - Excella)14:05:50

wardley mapping FTW!

🗺️ 1
Steve Pereira - Visible Value Stream Consulting14:05:16

Shout-out to @dominica and Making Work Visible!! Huge inspiration for collaborative mapping

❤️ 2
Steve Pereira - Visible Value Stream Consulting14:05:39

Our article in the latest DevOps Enterprise Journal (free to attendees!) outlines a lot of what we’ll be detailing in the book!

👍 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce14:05:20

Book details Name: still TBD Publisher: IT Revolution!! Date: Galley copies at the Fall DOES, Published next spring

👌 1
Glenn Wilson, Author of DevSecOps14:05:18

Just had an aha moment watching that talk by Andy and Steve - thank you for a great session

💡 2
Steve Pereira - Visible Value Stream Consulting14:05:21

I’d love to connect with anyone leading from the middle!

Ann Perry - IT Revolution14:05:01

🌟 Here to talk about Creating A Secure Software Supply Chain In A Large Engineering Organization is the team from IBM — @rradclif, IBM Distinguished Engineer, DevSecOPS CTO for the CIO and @tglawles, IBM STSM, CIO Developer Experience 🌟

Thomas Lawless14:05:28

Hello everyone. I'm excited to share the work we're doing 🙂

👋 2

Great to be here again this year

🙏 1
Gene Kim, ITREV, Program Chair14:05:53

Hi, @rradclif and @tglawles !!!

Gene Kim, ITREV, Program Chair14:05:29

BTW, Congrats on the new role, @rradclif !

🎉 2
Ann Marie Fred - Red Hat14:05:11

Yes, a Fellow, like a Jedi Master. 🙂

Gene Kim, ITREV, Program Chair14:05:41

I still remember the huge difference in the IBM e-commerce site, trying to buy SPSS license. One year, I actually gave up after 20m, because I couldn't understand how to buy single user license. So much better now!


We are continuing to work this space to make it easier to get capabilities and make sure we have the right security around it.

Gene Kim, ITREV, Program Chair14:05:58

This must have been around 2014. :) It got much better.


Yes, significantly different now, but there is always space for continuous improvement.

Ann Marie Fred - Red Hat14:05:31

Gene - I know you like good stories. Around 2015 our VP got up on stage in front of 100 developers and attempted to buy a $10,000 server on his credit card. The phone sales rep was very professional but he literally couldn’t buy it without engaging with a Sales rep onsite. That was step 1. 🙂

🔥 1
Ann Marie Fred - Red Hat14:05:45

“Yes, I have my credit card here, and I know exactly what I want to buy, can I buy it please?”

Ann Marie Fred - Red Hat14:05:46

SPSS Statistics became the #1 product that we were able to sell direct-to-customers, once we got that on the new platform we built, which was probably around the end of 2015.

🔥 1
Gene Kim, ITREV, Program Chair14:05:10

You were part of that project, right, @ann.marie.99 ?

Ann Marie Fred - Red Hat14:05:41

I participated in the Design Thinking (AoT Study) and as an early case study before I went to Red Hat.

Ann Marie Fred - Red Hat14:05:00

I’m still working with them today, in a cross-company capacity.

❤️ 1
Ann Marie Fred - Red Hat14:05:27

We’re trying to make Tekton better for supply chain security. SLSA, NIST, etc.

Thomas Lawless14:05:11

Tekton is a key component in our strategy.

Ann Marie Fred - Red Hat14:05:27

Red Hat is building a Tekton CI/CD certification pipeline for its products too, so we’re sharing implementation details and also trying to herd cats around new Tekton features so it does what we need it to do.


What are others experiencing in building a secure software supply chain across your organization?

Topo pal14:05:12

We should chat - way overdue


yes, it would be great to have a chat

Topo pal14:05:46

What's the best way to share emails?

Robert Ruzitschka - DevOps Guild Lead15:05:29

We had some success in making everything as painless as possible. Pre integrate everything (SAST, DAST) in a standard CI/CD platform. Keep the entry barrier as low as possible. Creates quite a strong pull.

Thomas Lawless15:05:29

@robert.ruzitschka How did you approach shifting your engineering culture away from distributed CI / CD to centralized CI / CD?

Johnny Bäverås - Synopsys15:05:58

quite often i see organizations adopting security processes failing due to mistakenly thinking that its only picking a few tools and you are done. Not fully grasping that you are dealing with people 🙂 Training, evangelism, knowledge sharing, inhouse documentation are all things that play into successful adoption of any new process.

👏 3
Thomas Lawless15:05:32

@jbaveras We are really focused on making sure we improve the experience of our developers with this initiative, not just meeting the needs of our organization.

✔️ 1
Thomas Lawless15:05:12

One of our challenges is delivering clear and concise messaging to thousands of globally distributed developers.

Johnny Bäverås - Synopsys15:05:41

agreed, processes that are cumbersome will be circumvented. I believe there is a bit of a situation where "security needs to be invisible" (to developers) and "security needs to be visible" (to leadership).

👍 1
Johnny Bäverås - Synopsys15:05:50

feel free to DM me and we can exchange emails if you want to discuss if Synopsys might be able to assist 🙂

👍 1
Robert Ruzitschka - DevOps Guild Lead06:05:01

@tglawles Long story: We have 13 (quite independent) subsidiaries across CEE with many different cultures. First we did a survey with the teams if we find a common ground regarding CI/CD tooling. We didn't but what we found was a general unhappiness with functionality, availability and maintenance of pipeline tooling. So we did a longer vendor selection process and ended up with Github. Most developers are just familiar with it so entry barrier is low. We then started to provide tools for migration of repos and build systems to GitHub. In parallel, Security tightened requirements regarding to SAST scanning (we are a bank, so heavily regulated) - nobody was forced to move their pipeline to central GitHub any new code needed to go to the central repo (as this is also used for our InnerSource initiative). So either manage all the regulatory stuff by yourself or use top class tooling provided centrally. So a bit of pull and push. It was and is even a bit more complicated but we see good uptake. Centrally provided tool chains that are working well and reliably are good. It does not make sense that each team manages it's own tooling. It takes a LOT of effort that is often really underestimated. And there usually is not a lot of business value. Sorry that this is so long 😀. Happy to discuss!


Reminder: The final plenary sessions are starting in 5 minutes. Start making your way back to your browser and join us in #ask-the-speaker-plenary to interact live with the speakers and other attendees.


Reminder: Please submit your feedback for the talks you attended. It’s so valuable for us and the speakers. And after all, feedback is a gift and sharing is caring! Enter your feedback for those talks here: