This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
- # ask-the-speaker-plenary (1160)
- # ask-the-speaker-track-1 (316)
- # ask-the-speaker-track-2 (312)
- # ask-the-speaker-track-3 (283)
- # ask-the-speaker-track-4 (309)
- # birds-of-a-feather (26)
- # bof-leadership-culture-learning (3)
- # bof-project-to-product (10)
- # bof-sec-audit-compliance-grc (2)
- # demos (9)
- # faq (14)
- # games (135)
- # games-self-tracker (4)
- # gather (6)
- # general (219)
- # happy-hour (50)
- # hiring (25)
- # lean-coffee (8)
- # project-to-product (3)
- # summit-help (175)
- # xpo-adaptavist (5)
- # xpo-anchore-devsecops (12)
- # xpo-aqua-security-k8s (3)
- # xpo-basis-technologies (17)
- # xpo-blameless (4)
- # xpo-bmc-ami-devops (1)
- # xpo-broadcom (2)
- # xpo-cloudbees (5)
- # xpo-codelogic-code-mapping (8)
- # xpo-dynatrace (1)
- # xpo-everbridge (6)
- # xpo-gitlab-all-in-one-devsecops (6)
- # xpo-granulate-continuous-optimization (15)
- # xpo-infosys-enterprise-agile-devops (18)
- # xpo-instana (5)
- # xpo-itrevolution (15)
- # xpo-launchdarkly (7)
- # xpo-logdna (3)
- # xpo-pagerduty (8)
- # xpo-rollbar (3)
- # xpo-servicenow (4)
- # xpo-shoreline (11)
- # xpo-snyk (6)
- # xpo-sonatype (6)
- # xpo-split (10)
- # xpo-splunk_observability (3)
- # xpo-stackhawk (1)
- # xpo-synopsys (1)
- # xpo-tasktop (12)
- # xpo-tricentis (4)
- # xpo-weaveworks-the-gitops-pioneers (4)
Excited to speaking later today- 150 CDT for Flying an Air Force Cyber Weapon System to DevSecOps
Will be checking this one out! @bissingd and I will be presenting on Thursday about our cloud-to-jet efforts at SkiCAMP! It will be great to connect after!
Welcome to our presentation! We will show you how our Continuous Quality Assurance approach has enabled us to open up new cloud-based business opportunities for Siemens Digital Building. @klaus.baumgartner and I look forward to your questions.
🎉We now welcome @klaus.baumgartner and @peter.fassbinder presenting: Unlocking New Cloud-based Business Opportunities in an Industrial Company With a Novel Continuous Quality Assurance Approach:tada:
What the metrics used to decide the quality of artifacts? Software and non software
Software quality is driven mainly by tests and PO feedback, the quality of the non-software artifacts is mainly the question whether it requris an update and whether this has been completed BEFORE the fast deployments.
I guess how is your approach different than conventional model where reqs are finalised and then developed and then tested using CI/CD approach. In other words what was done differently....Sorry for a long question
In the convential approach typically the focus is only on the CI/CD pipeline and the software. We integrated a second stream taking care of the non-software artifacts (regulatory required documents, patent clearing, risk assessments, export control documents, etc.) and ensuring, that those are always awailable in an upo-to-date state when a deployement is made.
👍...So all the non soft artifacts were updated before development of the software began, right? So in other words you guys treated documentation etc as 1st class citizens
Not all, depending on the type (for type 1-2 yes, for type 3 and 4 no - those can only be upadte in parallel to the development sprint)
But your conclusion is correct: we elevated "documentation" (of all sorts) to the same level as functional user stories
Did you ever find situations where you did the development and realized you missed non-software artifacts? How did you handle that?
In addition to what Peter wrote: the difference is also that we broke those non-sw-artefacts down and evaluate and attched them - only if applicable - to the individual features. With that we were able to shift-left also those elements...
@jlutz777 this was the case earlier: the software was ready, but we could no deploy because of ...
In the past many (most) of these non-sw-artefacts were done and chacked only after the sw-development, so the deployment had to wait for those
📣 Let's welcome @cheburge presenting: Embedding Security: How We Use Automation to Reduce Time and Effort for Cisco Developers to Secure their Products 📣
For your DevEx team, are each of the specialists full-time on the team, or just have a part-time responsibility?
@topo.pal Cisco is defined into many orgs and business units and then product teams. We service a number of the products with-in our “Cloud & Compute” BU. We supports about 1000 developers.
@graham_mcgregor & @brian_t_marshall As mentioned we support a range of services and products. So we have 13 FTEs supporting those teams.
I used to use that analogy when I was working on networking overlays and underlays. I felt it was apt in this case as well.
@cheburge - does this tool work only on your container registries or does it also work on reports for non-container based applications?
@david.okun - Great question. There a few different products that Anchore offers that we use. Some of them are strictly container registry based but syft & grype (details coming) can work on containers as well as on folders on disk.
@cheburge, were there a wide variety of different container registries that you guys had to wrangle as a first step? Apologies if I missed that part of your preso.
@david.sanda - We do support and use a number of different sources. We haven’t really had any issues with referencing or using multiple but we do have contents thats available in Docker Hub, private Docker registry, artifactory, and harbor. As mentioned none of the Anchore tools has had problems with any of those. We have had issues with availability of registries that were supported by other internal teams.
Roughly how many containers are being scanned? i.e what sort of scale is this running at?
I assume you aren't remediating all vulnerabilities, what criteria are you using to prioritize remediations? CWE? CVSS?
@cncook001 - We have about 2300 images that presently being continually evaluated (released artifacts). As for transit development artifacts its a few 1000 over the course of a day. We have some jobs that can generate 100+ unique images and scan requests per build.
@jonathon.sturdevant - Cisco has an internal team that determines severity based upon a number of factors. Minerva pulls data from one of their internal tools for that information.
@cncook001 - Further our anchore deployment today is deployed on relatively small internal k8s cluster we use for developer services. We can, and have in the past, easily scaled our Anchore Enterprise deployment by just scaling up our pods at different levels. I suspect we could easily support a lot more than current without much effort at all.
are folks using any tools for gathering and centralizing policy metadata to help with automation of policy governance?
Another great talk today @cheburge. Minerva looks like a useful tool. Would Cisco make it available to the community or is it too proprietary?
@kim.weins Cisco recently acquired Kenna Security (https://www.kennasecurity.com) and we want to enable it as a source of data for Minerva.
@glenn.wilson - I’m afraid its too proprietary in that a lot of what it does is pull data from various Cisco internal feeds to help perform risk analysis and present data to our engineers. Its mostly just a series of ingest scripts that load data into elastic search. We then have various dashboards as well other automation that runs regularly to create the tickets etc based upon all the data thats been loaded.
Our team depends on it heavily but it was never really designed around the idea of being something that would function/work for others outside of Cisco I’m afraid.
🌟 Let's say 'hello' to @bcannon and @halfmoondad who will be presenting Aflac DevOps Journey of Journeys 🌟
Most companies bring in Devops with the intention of reducing time to mkt or implement MVPs ...so there alway seems to be some business goals, Can you give an exmaple of where u have seen Devops for the sake of Devops.
The DevOps for DevOps sake antipattern rears its head when teams have maturity goals and/or use checklists to track who has adopted what practice or tool. This misses the point, as you say of adopting DevOps ways of working to achieve measurable goals and business objectives.
I saw OKRs earlier results slides... were you able to align outcomes dojo's with OKRs?
To some degree, yes. The outcome goals were measurable and enablers of broader OKR's of fast flow of delivery of capabilities toward bigger business OKRs
I am a former Aflac agent and down times were no joke when working with the systems which were a headache for all involved. Good to see things have gotten significantly better!
Our goal is for each team to understand their metrics and work to continuously improve those metrics, making it part of their culture and team DNA. We’ve worked hard to stay away from DevOps for DevOps sake. Each team is on their own journey
We have made the maturity model mistake but have found a way to measure progress of adoption vs judge with Maturity scoring. It's the score that drives the competitive anti-pattern and perceived negative as no team wants judged.
What level are the senior leaders on the enablement council at? Is it VPs? Directors? Managers? Senior Devs?
We have found that it is better to have leaders ask their teams, do they know their metrics, do they have a backlog of continuous improvement items, what is their biggest impediment, how can I as a leader help, etc. This has a direct impact on metrics of business value improve across each team. Not perfect in any case, but as the title says, this is a journey!
If we can only get leaders to believe that Metrics are for teams not for Leaders to push. Only teams can improve metrics
That is difficult Steve. It requires some unlearning of what has been done for decades. But it is critical
Steve, not only the metrics that leaders push, but also changing the mindset of leaders to think differently, even outside of just the metrics. We have spent a lot of time working with leaders to think differently to enable their teams.
Thanks John....if leaders believe metrics are for teams but teams then embrace transparency in all we do then both parties would be happy and live in harmony. Teams share and bring transparency for leaders then leaders trust thru that transparency.
I really enjoyed the talk. Thank you for sharing your journey!
Nice job AFLAC........even though the duck kills me from the "Nationwide is on your side" team
✨ Introducing @tiny.mpetersii, here to present: Employing DevSecOps for Air Force Cyberweapons ✨
Afternoon all, here to chat, I brought other experts with me @bbutler and @jsorrell
Unfortunately the CDRL aspect still focuses on the same aspect. Gov rep: Tell me about your installation plan, by the way, the Defense Instruction Document was written in 1984. Me: But it's a container-based system. Gov: Need the full doc, all 30 pages, every time Me: every 24 secs?
AFDCGS CM Lead "Give me you Software installation Document". Here "Type Run "XXX". Oh, "That's not acceptable".
Been there too, I just want to move a monitor, ---sorry, that's part of the baseline configuration, do you have change board approval? Perhaps submit a 1067...
arrgh. Or my favorite - 56 slide CCB package to for CCB approval to deploy to prod. Plus an RFC, with a TCTO required.
Our approval team meets on monday, but you patch window is friday, why can't you meet our CD standards? At least with CVA/H we got to deploy to hardware
gosh the olden days of dragging someone in to meet in-person
I think that is such a value add, checking out other teams and seeing what they do . what a good and bad looks like
AFDCGS Horror stories - I have this one line code fix that closes a CAT 1 security issue. It is in a containerized package. Reply: "What's a container. Give us your CCB package 56 slides, TCTO, and required documentation" BTW. your late for your CCB submission, see you in two weeks."
Reminds me of a quote from the Nick Challain missive. You wouldn't put people in a cockpit without flight training, but you put them in charge of a technical team without training.
Make sure you stick around for Flow Engineering and the ‘how’ of DevOps! https://sched.co/mGT9
Oh, that is great you went to the We Work environment. Would love to know more about that.
Thanks @tiny.mpetersii, you're one of the few speakers who have touched upon AI/ML in DevOps.
Hi folks! @abd3721 and I are here and excited to hear any questions, shared personal experiences, or feedback about our presentation coming up! 🙌
🔆 Introducing our next speakers, and future IT Revolution authors, @steveelsewhere and @abd3721 here to present: Flow Engineering – Learning to Lead from the Inside Out 🔆
The fancy post-its in the presentation are courtesy of Andrew’s google slides expertise :]
Dumb question: what is collaborative mapping? I'm asking because this is the first time I hear the term, the Wikipedia definition goes towards geographic mapping whereas I am sure your question is oriented towards workshops. So isn't any workshop a form of collaborative mapping?
This is in reference to the talk we gave https://videos.itrevolution.com/watch/621612876/ The talk expands the idea of building value stream maps to include other maps to clarify outcomes and dependencies. The idea of mapping is to use a visual space to represent things that are otherwise hidden. It's collaborative in the sense of bringing multiple people/perspectives together and co-creating the map in parallel. And we increasingly use digital whiteboards, hence all the references to software tools here
Hi @abd3721 the outcomes side of your talk reminds me a little of Gojko Adzic's Impact Mapping technique (https://impactmapping.org). Overall I still classify collaborative mapping as another workshop technique - I must be missing something. Let me rewatch it.
I rewatched this video this morning. Man, really thoughtful and helpful! We used Mobbing extensively and it seems to contribute to collective and personal flow
Glad to hear you’re interested @chris.gallivan421! Templates will definitely be included with the book, but possibly via the newsletter at https://inside-out.work much sooner
@mchesbro there are a number of different ways of clarifying outcomes, and @steveelsewhere is also a fan of Impact Mapping. The point is to actually get clear on outcomes before trying to nail VSM We would agree that collaborative mapping is a workshop technique, but also important to make it simple and easy enough that it can be used by non-professional facilitators, in relatively brief sessions. And of course it can scale up and be used by pros in longer workshops.
@mchesbro good eye! Outcome mapping is inspired by a lot of influences and Gojko is one, also V2MOM, Mike Burrows IdOO, Ishikawa diagrams, 5 whys, and I’m sure many others. Workshops are certainly the primary method for mapping, but it’s the structure and flow of the maps that’s effective here beyond unstructured or ad-hoc workshops. The outcomes of each map inform and shape the next. With impact mapping we start with actors, which is possible for mapping outcomes but doesn’t feel like a natural starting point for me (beyond participants in the initial mapping workshop), the ordering of why>outcome>obstacles>investigations>measures>methods>actors seems more natural. I’d love to hear your thoughts on the difference!
Thanks @steveelsewhere and @abd3721 for the answers. I have just re-watched your video to learn more (ADD is a challenge I face). I like what you are doing and I see great value in it. Specifically I like Steve's explanation of the structure
Effectively what I see you doing is combining a set of techniques into an effective workshop, thus my thoughts go:
• one technique I am currently exploring in my workplace is the two-column conversation recording that Jeffrey Fredrick and Douglas Squirrel advocate in their book "Agile Conversations" (you may have seen them at this conference) - I find this a useful tool to foster understanding - related to your talk and the Sharon-Kim dynamic I might be tempted to try educate the org in this technique
• another technique that might be relevant is Alberto Brandolini's Event Storming - not strictly about value streams but the technique is about facilitating groups to gain a common understanding - I think the strength of Brandolini's approach is that it puts the minimum structure in place, whereas VSM tends to have a little more structure
• don't know V2MOM but found it is a Salesforce technique that Marc Benioff pioneered - vaguely know the AgendaShift IdOO ... I guess my summary would be to adapt whatever works for the customer situation ... as humans we always seem to come up with new versions of similar approaches that are adapted to different situations. An example of this is the evolution/adaption of PDCA/PDSA, DMAIC, Kata in different circumstances.
Thanks for your thoughtful response @mchesbro. Steve can respond in more detail to some of these points since he’s more familiar with the facilitation techniques. He’s also mentioned Event Storming in the past. I agree that there’s a profusion of similar approaches. It’s not our intention to contribute additional frameworks. But as we discussed, thought, and shared experiences we gravitated into some of these patterns and ended up recreating some patterns that had been created by others. It was a good learning journey for us.
@mchesbro I appreciate the re-watch and your additions! Andrew and I have been collecting a lot of 'good' practices and distilling them into a structure that provides a helpful default but where specific techniques that accomplish the same goal can be swapped in depending on the environment. We want to meet people where they are and go from there via the easiest path. Agile Conversations and Opening Doors techniques can be used along the way, and for DDD heavy environments Eventstorming could be a viable substitute for VSM (though I think there's much more learning necessary to start with ES). Ultimately, your note about the best tool being dependent on the environment and situation is one we've taken to heart with Flow Engineering.
When I first worked at HP early in my career I was the Administrator of the "Learn after Doing" improving after the fact.
“We must not sacrifice quality for speed” - absolutely 💯
Thank you!! The feedback from your preview helped!!
10 points! It’s a pretty timeless loop (goes back to ancient Greece)
PDSA derives from Walter Shewhart and made famous by Edwards Deming. For them, Studying the outcome of the “Do” is the most important part of the cycle
Thank you!! Very pleased to see you in the audience!
Anything to do with "Flow" - I cannot miss it and that too your session Steve 🙂 - your bring great perspective to this "VSM" and "Flow". Thank you for your work and contribution
Thanks so much, I really appreciate that as a fan of yours!
@steveelsewhere Nice how you bring visibility to 1st class VS's (Platform VS's including Infrastructure)
Thanks for breaking so much ground on the topic of visibility @dominica
@steveelsewhere and I talk about that challenge incessantly
Wow, this is very exciting! Do either of you help organizations go through this process, @steveelsewhere & @abd3721?
^ I would love to chat with anyone interested in Flow Engineering! (Thanks Andrew!!)
One difficulty that happens in this scenario is when the infra team serves not just one business unit but a dozen or more. This can lead to the situation where multiple teams' highest priority issue doesn't even make the the infra team's top 5. How would you approach this?
@shane.brauner For Sure! And why it's so important to make infra VS work visible and show demand from all the other Internal PVS's
I see this happening when managers are working make their work centers faster when they are not the constraint, it just builds WIP at the real constraint...
This is a great point, it’s totally natural behaviour and usually heavily incentivized
yep, for us it creates more Collision in the project schedule and merge issue with branch code and master.
Right! Limiting collaboration in favour of a big bang, high risk, high stress merge
> And yet “self” and “other” are just ideas Profound — maybe an observation that can only come someone who was a Buddhist monk.
This is so much bigger than FLOW!!! Such a great blueprint for inclusivity on your way to FLOW. Awesome.
This is a great presentation. Thinking about perceptions, about teams collaborating, finding consensus and so on - has anyone else found during the pandemic that it has been hard to get Teams to empathise with each other? Because of the endless video calls, because of the stress and distraction of the pandemic, that sort of thing
I've been intentionally asking about people's lives outside of work and have amazed my colleagues with my ability to learn about the humans aroundus
It’s hard to soften the boundaries between people when we’re just remote, and focused on maintaining our personas (masks)
"has anyone else found during the pandemic that it has been hard to get Teams to empathise with each other?" Absolutely.
Was it actively used over time? My initial bias is that feels like it would be a niche app, as opposed to physical space which you’re in naturally
I don't see it mentioned specifically in the thread, but I assume gather?
I noticed that gather really softened the boundaries between remote people
That’s amazing. I wouldn’t have expected such remarkable adoption or success. Is there a way for typical users of Gather to (for example) create artifacts that people can then contribute to or discuss? I’m pondering the challenge of how to create a shared mental space for people where there can be ideas that persist and are commented on over time. @chris.gallivan421 What size group did you have using Gather?
one of the foundation items I have to cover with onboarding a new DevOps engineer to the team is to remind them that we are responsible for the whole value stream, not just a work center.
This is literally talking about something that is happening to my org in another slack channel right now...
@steveelsewhere, do you have books that you'd recommend for understanding flow engineering better?
Actually I have a free ebook at https://flow.visible.is
Andrew and I are working on something comprehensive to release next year!
Yes. Stayed to IT Revolution and we'll let you know when their new book is ready for preorder!
THIS! "Psychological alignment & shared goals" @abd3721
this talk is so great. thank you @abd3721 and @steveelsewhere
Ohhhh! New Book 🎉
Look forward to this book!!
Nice! Looking forward to the book!
https://inside-out.work is the site, please do check it out and join us on the journey!
Well, that was the best talk of the day so far, thanks guys. Got a lot from that. Looking forward to the book!
That’s exceedingly high praise @ben040 thank you so much.
Wonderful talk @steveelsewhere and @abd3721 . I enjoyed this one immensely
@abd3721 It occurs to me that we heard very similar themes in talk from Target, Team of Teams, etc. Great talk!!! cc @steveelsewhere
Thank you so much everyone for being here, it’s an absolute dream!
Indeed. Super grateful to have a chance to participate in this thoughtful and impactful community
Reminder: The plenary sessions are starting again in 5 minutes. Start making your way back to your browser and join us in #ask-the-speaker-plenary to interact live with the speakers and other attendees. https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png