Fork me on GitHub
Mark Peters12:10:41

Excited to speaking later today- 150 CDT for Flying an Air Force Cyber Weapon System to DevSecOps

๐Ÿ‘ 6
โค๏ธ 1
Mike Snyder - Speaker (Oteemo)14:10:51

Will be checking this one out! @bissingd and I will be presenting on Thursday about our cloud-to-jet efforts at SkiCAMP! It will be great to connect after!

Mark Peters14:10:37

For sure, I'll add that one to the schedule

Peter Fassbinder16:10:11

Welcome to our presentation! We will show you how our Continuous Quality Assurance approach has enabled us to open up new cloud-based business opportunities for Siemens Digital Building. @klaus.baumgartner and I look forward to your questions.

Ann Perry - IT Revolution16:10:18

๐ŸŽ‰We now welcomeย @klaus.baumgartnerย andย @peter.fassbinderย presenting:ย Unlocking New Cloud-based Business Opportunities in an Industrial Company With a Novel Continuous Quality Assurance Approach:tada:

๐ŸŽ‰ 1
Nitin Kulkarni16:10:47

What the metrics used to decide the quality of artifacts? Software and non software

Peter Fassbinder16:10:49

Software quality is driven mainly by tests and PO feedback, the quality of the non-software artifacts is mainly the question whether it requris an update and whether this has been completed BEFORE the fast deployments.

Nitin Kulkarni16:10:59

I guess how is your approach different than conventional model where reqs are finalised and then developed and then tested using CI/CD approach. In other words what was done differently....Sorry for a long question

๐Ÿ‘ 1
Peter Fassbinder16:10:45

In the convential approach typically the focus is only on the CI/CD pipeline and the software. We integrated a second stream taking care of the non-software artifacts (regulatory required documents, patent clearing, risk assessments, export control documents, etc.) and ensuring, that those are always awailable in an upo-to-date state when a deployement is made.

๐Ÿ‘ 1
Nitin Kulkarni16:10:18

๐Ÿ‘...So all the non soft artifacts were updated before development of the software began, right? So in other words you guys treated documentation etc as 1st class citizens

Peter Fassbinder16:10:13

Not all, depending on the type (for type 1-2 yes, for type 3 and 4 no - those can only be upadte in parallel to the development sprint)

๐Ÿ‘ 1
Peter Fassbinder16:10:00

But your conclusion is correct: we elevated "documentation" (of all sorts) to the same level as functional user stories

๐Ÿ‘ 2
Jason Lutz16:10:16

Did you ever find situations where you did the development and realized you missed non-software artifacts? How did you handle that?

Klaus Baumgartner16:10:20

In addition to what Peter wrote: the difference is also that we broke those non-sw-artefacts down and evaluate and attched them - only if applicable - to the individual features. With that we were able to shift-left also those elements...

Peter Fassbinder16:10:53

@jlutz777 this was the case earlier: the software was ready, but we could no deploy because of ...

Dipesh Bhatia16:10:08

Good talk .. Thanks @peter.fassbinder

๐Ÿ˜€ 1
๐Ÿ‘ 3
Klaus Baumgartner16:10:47

In the past many (most) of these non-sw-artefacts were done and chacked only after the sw-development, so the deployment had to wait for those

Jason Trent16:10:19

Thanks @peter.fassbinder and @klaus.baumgartner, good talk!

๐Ÿ˜€ 1
Ann Perry - IT Revolution16:10:41

๐Ÿ“ฃย Let's welcomeย @cheburgeย presenting:ย Embedding Security: How We Use Automation to Reduce Time and Effort for Cisco Developers to Secure their Productsย ๐Ÿ“ฃ

๐ŸŽ‰ 1
Chet Burgess16:10:51

Hello, looking forward to everyones questions.

Topo Pal - Programming Committee Member16:10:38

Love the way you start with - Developer Experience

Chet Burgess16:10:00

It is the actual name of our team.

๐Ÿ‘ 1
Topo Pal - Programming Committee Member16:10:45

Is it serving the whole enterprise?

Graham McGregor16:10:29

curious how big your Developer Experience team is vs the size of your org?

Brian Marshall - CarMax16:10:43

For your DevEx team, are each of the specialists full-time on the team, or just have a part-time responsibility?

๐Ÿ‘ 1
Chet Burgess16:10:45

@topo.pal Cisco is defined into many orgs and business units and then product teams. We service a number of the products with-in our โ€œCloud & Computeโ€ BU. We supports about 1000 developers.

๐Ÿ‘ 3
Chet Burgess16:10:07

@graham_mcgregor & @brian_t_marshall As mentioned we support a range of services and products. So we have 13 FTEs supporting those teams.

๐Ÿ‘ 2
Chet Burgess16:10:36

That 13 includes network engineers, data center, etc.

Chet Burgess16:10:44

So its a very small team when considering the range of things we support.

Mikayla Rettig16:10:01

Do you use a tool to generate the SBOM? (maybe you're still getting to that)

Chet Burgess16:10:12

I used to use that analogy when I was working on networking overlays and underlays. I felt it was apt in this case as well.

Chet Burgess16:10:33

@mikayla.m.rettig Getting thereโ€ฆ ๐Ÿ˜›

Mikayla Rettig16:10:40

I'll be patient!

๐Ÿ˜€ 1
Chet Burgess17:10:09

TL;DW - Tools from a company called Anchore, but details are coming.

๐Ÿ‘ 2

@cheburge - does this tool work only on your container registries or does it also work on reports for non-container based applications?

Chet Burgess17:10:50

@david.okun - Great question. There a few different products that Anchore offers that we use. Some of them are strictly container registry based but syft & grype (details coming) can work on containers as well as on folders on disk.

๐Ÿ‘ 4
Chet Burgess17:10:06

Thanks for those massive images slackbot.

David - BBY17:10:31

@cheburge, were there a wide variety of different container registries that you guys had to wrangle as a first step? Apologies if I missed that part of your preso.

Chet Burgess17:10:17

@david.sanda - We do support and use a number of different sources. We havenโ€™t really had any issues with referencing or using multiple but we do have contents thats available in Docker Hub, private Docker registry, artifactory, and harbor. As mentioned none of the Anchore tools has had problems with any of those. We have had issues with availability of registries that were supported by other internal teams.

David - BBY17:10:56

ok, very good - thanks Chet

Craig Cook - IBM17:10:33

Roughly how many containers are being scanned? i.e what sort of scale is this running at?

Jon Sturdevant - Tech Advisor - BlueCross BlueShield of SC17:10:53

I assume you aren't remediating all vulnerabilities, what criteria are you using to prioritize remediations? CWE? CVSS?

๐Ÿ‘€ 1
โค๏ธ 1
Chet Burgess17:10:22

@cncook001 - We have about 2300 images that presently being continually evaluated (released artifacts). As for transit development artifacts its a few 1000 over the course of a day. We have some jobs that can generate 100+ unique images and scan requests per build.

thankyou 1
Chet Burgess17:10:25

@jonathon.sturdevant - Cisco has an internal team that determines severity based upon a number of factors. Minerva pulls data from one of their internal tools for that information.

๐Ÿ‘ 1
Chet Burgess17:10:28

@cncook001 - Further our anchore deployment today is deployed on relatively small internal k8s cluster we use for developer services. We can, and have in the past, easily scaled our Anchore Enterprise deployment by just scaling up our pods at different levels. I suspect we could easily support a lot more than current without much effort at all.

๐Ÿ‘ 1
David - BBY17:10:53

good talk @cheburge - lots of practical examples!

๐Ÿ‘ 2
Mikayla Rettig17:10:54

Thanks @cheburge!

๐Ÿ‘ 2
Sujay Solomon17:10:00

are folks using any tools for gathering and centralizing policy metadata to help with automation of policy governance?

๐Ÿ‘ 1
Istvan Bathazi17:10:05

@cheburge great presentation! thank you

๐Ÿ‘ 1
Kim Weins (Anchore)17:10:06

@cheburge What types of ares will you look at for Risk Assessment?

Glenn Wilson, Author of DevSecOps17:10:18

Another great talk today @cheburge. Minerva looks like a useful tool. Would Cisco make it available to the community or is it too proprietary?

Chet Burgess17:10:32

@kim.weins Cisco recently acquired Kenna Security ( and we want to enable it as a source of data for Minerva.

๐Ÿ‘ 1
Chet Burgess17:10:02

@glenn.wilson - Iโ€™m afraid its too proprietary in that a lot of what it does is pull data from various Cisco internal feeds to help perform risk analysis and present data to our engineers. Its mostly just a series of ingest scripts that load data into elastic search. We then have various dashboards as well other automation that runs regularly to create the tickets etc based upon all the data thats been loaded.

๐Ÿ‘ 2
Chet Burgess17:10:41

Our team depends on it heavily but it was never really designed around the idea of being something that would function/work for others outside of Cisco Iโ€™m afraid.

Ann Perry - IT Revolution18:10:45

๐ŸŒŸย Let's say 'hello' toย @bcannonย andย @halfmoondadย who will be presentingย Aflac DevOps Journey of Journeysย ๐ŸŒŸ

๐Ÿ‘ 5
John Ediger18:10:07

Hi all. Welcome. Looking forward to answering any questions you have.

๐Ÿ‘‹ 3
Brett Cannon18:10:34

Great to be here!

๐Ÿ‘‹ 2
Joe Arrowood18:10:09

Good afternoon Brett, I wanted to be sure to catch your talk

Brett Cannon18:10:37

@jarrowood great to have you listen in Joe!

Nitin Kulkarni18:10:44

Most companies bring in Devops with the intention of reducing time to mkt or implement MVPs there alway seems to be some business goals, Can you give an exmaple of where u have seen Devops for the sake of Devops.

John Ediger18:10:13

The DevOps for DevOps sake antipattern rears its head when teams have maturity goals and/or use checklists to track who has adopted what practice or tool. This misses the point, as you say of adopting DevOps ways of working to achieve measurable goals and business objectives.

๐Ÿ‘ 2
Bryan Kemp18:10:59

I saw OKRs earlier results slides... were you able to align outcomes dojo's with OKRs?

John Ediger18:10:18

To some degree, yes. The outcome goals were measurable and enablers of broader OKR's of fast flow of delivery of capabilities toward bigger business OKRs

๐Ÿ‘ 1
Ike Chafkin18:10:41

I am a former Aflac agent and down times were no joke when working with the systems which were a headache for all involved. Good to see things have gotten significantly better!

Brett Cannon18:10:28

Our goal is for each team to understand their metrics and work to continuously improve those metrics, making it part of their culture and team DNA. Weโ€™ve worked hard to stay away from DevOps for DevOps sake. Each team is on their own journey

โค๏ธ 1
Steve Farley - VP Infrastructure Operations, Nationwide Insurance18:10:02

We have made the maturity model mistake but have found a way to measure progress of adoption vs judge with Maturity scoring. It's the score that drives the competitive anti-pattern and perceived negative as no team wants judged.

๐Ÿ‘ 1
John Awesome Rowe - Best Buy18:10:18

What level are the senior leaders on the enablement council at? Is it VPs? Directors? Managers? Senior Devs?

Brett Cannon18:10:38

We have found that it is better to have leaders ask their teams, do they know their metrics, do they have a backlog of continuous improvement items, what is their biggest impediment, how can I as a leader help, etc. This has a direct impact on metrics of business value improve across each team. Not perfect in any case, but as the title says, this is a journey!

๐Ÿ‘ 1
Brett Cannon18:10:17

The enablement council is CIO staff, nearly all VPs.

Steve Farley - VP Infrastructure Operations, Nationwide Insurance18:10:43

If we can only get leaders to believe that Metrics are for teams not for Leaders to push. Only teams can improve metrics

๐Ÿ‘ 7
John Ediger18:10:36

That is difficult Steve. It requires some unlearning of what has been done for decades. But it is critical

Brett Cannon18:10:29

Steve, not only the metrics that leaders push, but also changing the mindset of leaders to think differently, even outside of just the metrics. We have spent a lot of time working with leaders to think differently to enable their teams.

๐Ÿ‘ 4
Steve Farley - VP Infrastructure Operations, Nationwide Insurance18:10:30

Thanks John....if leaders believe metrics are for teams but teams then embrace transparency in all we do then both parties would be happy and live in harmony. Teams share and bring transparency for leaders then leaders trust thru that transparency.

Joe Waid - Manager, Delivery Engineering - Columbia Sportswear18:10:47

I really enjoyed the talk. Thank you for sharing your journey!

John Ediger18:10:59

Thanks all for listening

Roger Spotts18:10:04

Well done guys

Joe Arrowood18:10:05

Thank you Gentlemen

Brett Cannon18:10:19

And thanks to all that listened in

Steve Farley - VP Infrastructure Operations, Nationwide Insurance18:10:49

Nice job AFLAC........even though the duck kills me from the "Nationwide is on your side" team

Ann Perry - IT Revolution18:10:16

โœจ Introducing @tiny.mpetersii, here to present: Employing DevSecOps for Air Force Cyberweapons โœจ

๐Ÿ‘ 1
Brett Cannon18:10:20

Thanks, Steve.

Mark Peters18:10:33

Afternoon all, here to chat, I brought other experts with me @bbutler and @jsorrell

Chrystina Nguyen, Rhythmic Technologies18:10:41

LETS GOOOOO @tiny.mpetersii!

๐Ÿ‘ 1
Brian Smith18:10:42

There it is!!!

Chrystina Nguyen, Rhythmic Technologies18:10:58

hhaahhaha โ€œsimplifiedโ€

Mark Peters18:10:02

Have to love the acquisition chart....

Brian Smith18:10:22

I love it when people show the DoD LCMS on a slide

๐Ÿ‘ 2
๐ŸŽ‰ 1
Brian Smith18:10:42

Paperwork over working product.

Brian Smith18:10:55

I am totally geeking out of over this presentation. @tiny.mpetersii

Mark Peters18:10:17

Unfortunately the CDRL aspect still focuses on the same aspect. Gov rep: Tell me about your installation plan, by the way, the Defense Instruction Document was written in 1984. Me: But it's a container-based system. Gov: Need the full doc, all 30 pages, every time Me: every 24 secs?

Hayden Smith (Anchore)19:10:25

This is great @tiny.mpetersii ๐Ÿ‘

Mark Peters19:10:43

Thanks Hayden, good hearing from you again

Mark Peters19:10:27

I've been bouncing around with government programs down in San antonio

Hayden Smith (Anchore)19:10:20

that is always fun! I was just up in Boerne not too long ago!

Brian Smith18:10:56

AFDCGS CM Lead "Give me you Software installation Document". Here "Type Run "XXX". Oh, "That's not acceptable".

๐Ÿ‘ 1
Mark Peters18:10:50

Been there too, I just want to move a monitor, ---sorry, that's part of the baseline configuration, do you have change board approval? Perhaps submit a 1067...

Brian Smith19:10:01

arrgh. Or my favorite - 56 slide CCB package to for CCB approval to deploy to prod. Plus an RFC, with a TCTO required.

Mark Peters19:10:32

ugh, no, PTSD kicking in as my head hits the keyboard....

Mark Peters19:10:12

Our approval team meets on monday, but you patch window is friday, why can't you meet our CD standards? At least with CVA/H we got to deploy to hardware

Chrystina Nguyen, Rhythmic Technologies19:10:41

gosh the olden days of dragging someone in to meet in-person

๐Ÿ˜† 2
Aaron Brock19:10:17

What tool did you use to create your documentation?

Brian Butler19:10:30

All of our documentation is online on Confluence

๐Ÿ‘ 2
Aaron Brock19:10:04

Thank you

๐Ÿ‘ 1
Brian Smith19:10:41

Wow - 90% of ATO issues closed.

Mark Peters19:10:49

It was a huge lift but a big win

Brian Smith19:10:51

Imaging that.

Chrystina Nguyen, Rhythmic Technologies19:10:29

I think that is such a value add, checking out other teams and seeing what they do . what a good and bad looks like

๐Ÿ‘ 1
Brian Smith19:10:34

AFDCGS Horror stories - I have this one line code fix that closes a CAT 1 security issue. It is in a containerized package. Reply: "What's a container. Give us your CCB package 56 slides, TCTO, and required documentation" BTW. your late for your CCB submission, see you in two weeks."

๐Ÿ‘ 1
Guillaume Bladier (He/Him)19:10:26

Bureaucracy โค๏ธ ๐Ÿ˜„

Brian Smith19:10:13

Reminds me of a quote from the Nick Challain missive. You wouldn't put people in a cockpit without flight training, but you put them in charge of a technical team without training.

๐Ÿ‘ 3
Steve Pereira - Visible Value Stream Consulting19:10:02

Make sure you stick around for Flow Engineering and the โ€˜howโ€™ of DevOps!

๐Ÿ‘ 3
Chrystina Nguyen, Rhythmic Technologies19:10:04

I am glad to not hear anything about CMMC

Brian Smith19:10:10

Oh, that is great you went to the We Work environment. Would love to know more about that.

Guillaume Bladier (He/Him)19:10:58

Very nice @tiny.mpetersii, that was great

๐Ÿ‘ 3
Brian Smith19:10:11

I got my money's worth right there .

๐ŸŽ‰ 3
Khan, Humayoun at TELUS19:10:27

Thanks @tiny.mpetersii, you're one of the few speakers who have touched upon AI/ML in DevOps.

Mark Peters19:10:19

Thank you, It's an important topic but I'm afraid all I did hear was touch on it

Dave Hogg (Leonardo)19:10:34

๐Ÿ‘ great presentation

โž• 3
Steve Pereira - Visible Value Stream Consulting19:10:50

Hi folks! @abd3721 and I are here and excited to hear any questions, shared personal experiences, or feedback about our presentation coming up! ๐Ÿ™Œ

๐Ÿ‘‹ 2
๐Ÿ‘ 2
๐Ÿ‘ 1
Ann Perry - IT Revolution19:10:06

๐Ÿ”† Introducing our next speakers, and future IT Revolution authors, @steveelsewhere and @abd3721 here to present: Flow Engineering โ€“ Learning to Lead from the Inside Out ๐Ÿ”†

๐ŸŽ‰ 7
thankyou 1
๐Ÿ‘ 2
Guillaume Bladier (He/Him)19:10:58

Which tool are you using for thie collaborative mapping, Miro ?

Guillaume Bladier (He/Him)19:10:58

Which tool are you using for thie collaborative mapping, Miro ?

Steve Pereira - Visible Value Stream Consulting19:10:17

The fancy post-its in the presentation are courtesy of Andrewโ€™s google slides expertise :]

๐Ÿ™‚ 4
Mark Esser19:10:20

Started with Mural, but we have since moved to Miro.

โœ”๏ธ 1
Denver Martin, Dir DevSecOps, he/him19:10:39

Mural, Stormboard, and MindNode

Martin Chesbrough - Everest Engineering01:10:55

Dumb question: what is collaborative mapping? I'm asking because this is the first time I hear the term, the Wikipedia definition goes towards geographic mapping whereas I am sure your question is oriented towards workshops. So isn't any workshop a form of collaborative mapping?

Andrew Davis - Copado - DevOps for Salesforce05:10:29

This is in reference to the talk we gave The talk expands the idea of building value stream maps to include other maps to clarify outcomes and dependencies. The idea of mapping is to use a visual space to represent things that are otherwise hidden. It's collaborative in the sense of bringing multiple people/perspectives together and co-creating the map in parallel. And we increasingly use digital whiteboards, hence all the references to software tools here

๐Ÿ™Œ 1
Chris Gallivan (Tasktop)11:10:59

Do you guys have any mural templates to share?

Martin Chesbrough - Everest Engineering12:10:59

Hi @abd3721 the outcomes side of your talk reminds me a little of Gojko Adzic's Impact Mapping technique ( Overall I still classify collaborative mapping as another workshop technique - I must be missing something. Let me rewatch it.

Chris Gallivan (Tasktop)13:10:35

I rewatched this video this morning. Man, really thoughtful and helpful! We used Mobbing extensively and it seems to contribute to collective and personal flow

thankyou 2
Steve Pereira - Visible Value Stream Consulting14:10:40

Glad to hear youโ€™re interested @chris.gallivan421! Templates will definitely be included with the book, but possibly via the newsletter at much sooner

โค๏ธ 1
Andrew Davis - Copado - DevOps for Salesforce16:10:13

@mchesbro there are a number of different ways of clarifying outcomes, and @steveelsewhere is also a fan of Impact Mapping. The point is to actually get clear on outcomes before trying to nail VSM We would agree that collaborative mapping is a workshop technique, but also important to make it simple and easy enough that it can be used by non-professional facilitators, in relatively brief sessions. And of course it can scale up and be used by pros in longer workshops.

Steve Pereira - Visible Value Stream Consulting16:10:33

@mchesbro good eye! Outcome mapping is inspired by a lot of influences and Gojko is one, also V2MOM, Mike Burrows IdOO, Ishikawa diagrams, 5 whys, and Iโ€™m sure many others. Workshops are certainly the primary method for mapping, but itโ€™s the structure and flow of the maps thatโ€™s effective here beyond unstructured or ad-hoc workshops. The outcomes of each map inform and shape the next. With impact mapping we start with actors, which is possible for mapping outcomes but doesnโ€™t feel like a natural starting point for me (beyond participants in the initial mapping workshop), the ordering of why>outcome>obstacles>investigations>measures>methods>actors seems more natural. Iโ€™d love to hear your thoughts on the difference!

๐Ÿ˜ 2
Martin Chesbrough - Everest Engineering04:10:09

Thanks @steveelsewhere and @abd3721 for the answers. I have just re-watched your video to learn more (ADD is a challenge I face). I like what you are doing and I see great value in it. Specifically I like Steve's explanation of the structure why>outcome>obstacles>investigations>measures>methods>actors Effectively what I see you doing is combining a set of techniques into an effective workshop, thus my thoughts go: โ€ข one technique I am currently exploring in my workplace is the two-column conversation recording that Jeffrey Fredrick and Douglas Squirrel advocate in their book "Agile Conversations" (you may have seen them at this conference) - I find this a useful tool to foster understanding - related to your talk and the Sharon-Kim dynamic I might be tempted to try educate the org in this technique โ€ข another technique that might be relevant is Alberto Brandolini's Event Storming - not strictly about value streams but the technique is about facilitating groups to gain a common understanding - I think the strength of Brandolini's approach is that it puts the minimum structure in place, whereas VSM tends to have a little more structure โ€ข don't know V2MOM but found it is a Salesforce technique that Marc Benioff pioneered - vaguely know the AgendaShift IdOO ... I guess my summary would be to adapt whatever works for the customer situation ... as humans we always seem to come up with new versions of similar approaches that are adapted to different situations. An example of this is the evolution/adaption of PDCA/PDSA, DMAIC, Kata in different circumstances.

๐Ÿ‘ 1
Andrew Davis - Copado - DevOps for Salesforce04:10:09

Thanks for your thoughtful response @mchesbro. Steve can respond in more detail to some of these points since heโ€™s more familiar with the facilitation techniques. Heโ€™s also mentioned Event Storming in the past. I agree that thereโ€™s a profusion of similar approaches. Itโ€™s not our intention to contribute additional frameworks. But as we discussed, thought, and shared experiences we gravitated into some of these patterns and ended up recreating some patterns that had been created by others. It was a good learning journey for us.

โž• 1
Steve Pereira - Visible Value Stream Consulting14:10:29

@mchesbro I appreciate the re-watch and your additions! Andrew and I have been collecting a lot of 'good' practices and distilling them into a structure that provides a helpful default but where specific techniques that accomplish the same goal can be swapped in depending on the environment. We want to meet people where they are and go from there via the easiest path. Agile Conversations and Opening Doors techniques can be used along the way, and for DDD heavy environments Eventstorming could be a viable substitute for VSM (though I think there's much more learning necessary to start with ES). Ultimately, your note about the best tool being dependent on the environment and situation is one we've taken to heart with Flow Engineering.

Brian W. Spolarich - Cal Poly19:10:53

"Learn By Doing" - Cal Poly motto

๐Ÿ’ก 2
Denver Martin, Dir DevSecOps, he/him19:10:46

When I first worked at HP early in my career I was the Administrator of the "Learn after Doing" improving after the fact.

Glenn Wilson, Author of DevSecOps19:10:59

โ€œWe must not sacrifice quality for speedโ€ - absolutely ๐Ÿ’ฏ

๐Ÿ’ฏ 6
๐Ÿ™Œ 1
Guillaume Bladier (He/Him)19:10:59

Speed vs Haste ;)

๐Ÿ’ฏ 1
Michael Winslow19:10:14

Even better the 2nd time @steve773 @abd3721!

โค๏ธ 2
Steve Pereira - Visible Value Stream Consulting19:10:16

Thank you!! The feedback from your preview helped!!

Brian Smith19:10:04

Are these slides available?

๐Ÿ‘ 2
Steve Pereira - Visible Value Stream Consulting19:10:38

Yes! Theyโ€™ll be in the DOES github

Glenn Wilson, Author of DevSecOps19:10:44

This is the OODA loop ๐Ÿ™‚

โžฐ 2
๐Ÿ‘ 1
โ™ป๏ธ 1
Steve Pereira - Visible Value Stream Consulting19:10:23

10 points! Itโ€™s a pretty timeless loop (goes back to ancient Greece)

Steve Pereira - Visible Value Stream Consulting19:10:55

Some people see PDCA as well

๐Ÿ‘ 1
Glenn Wilson, Author of DevSecOps19:10:04

PDโ€Sโ€A ๐Ÿ˜‰

Glenn Wilson, Author of DevSecOps19:10:00

PDSA derives from Walter Shewhart and made famous by Edwards Deming. For them, Studying the outcome of the โ€œDoโ€ is the most important part of the cycle

๐Ÿ‘ 4

@steveelsewhere - Love the content, awesome

โค๏ธ 2
Steve Pereira - Visible Value Stream Consulting19:10:36

Thank you!! Very pleased to see you in the audience!


Anything to do with "Flow" - I cannot miss it and that too your session Steve ๐Ÿ™‚ - your bring great perspective to this "VSM" and "Flow". Thank you for your work and contribution

โค๏ธ 1
Steve Pereira - Visible Value Stream Consulting19:10:40

Thanks so much, I really appreciate that as a fan of yours!

๐Ÿ™ 1
Chris Gallivan (Tasktop)19:10:15

it is an experience ... i've seen it first hand

โ˜๏ธ 1
Brian Smith19:10:19

By increasing flow you increase engagement and happiness. Awesome!

โค๏ธ 5
Glenn Wilson, Author of DevSecOps19:10:49

The 2nd ideal of DevOps (Focus, Flow and Joy)

Denver Martin, Dir DevSecOps, he/him19:10:49

hmm, sounds like Kim works at my company ๐Ÿ™‚

๐Ÿ™‚ 3
Dominica DeGrandis, Author - Making Work Visible, Tasktop19:10:11

@steveelsewhere Nice how you bring visibility to 1st class VS's (Platform VS's including Infrastructure)

๐Ÿ˜ƒ 1
๐Ÿ‘ 2
Andrew Davis - Copado - DevOps for Salesforce19:10:58

Thanks for breaking so much ground on the topic of visibility @dominica

๐Ÿ’ฏ 1
๐Ÿ™‚ 1
๐Ÿ‘ 1
Andrew Davis - Copado - DevOps for Salesforce19:10:13

@steveelsewhere and I talk about that challenge incessantly

Christina Tan, Strategy at Blameless, Speaker DOES2119:10:45

Wow, this is very exciting! Do either of you help organizations go through this process, @steveelsewhere & @abd3721?

๐Ÿ˜ƒ 1
Steve Pereira - Visible Value Stream Consulting19:10:43

^ I would love to chat with anyone interested in Flow Engineering! (Thanks Andrew!!)

Chris Gallivan (Tasktop)19:10:57

Go to the gemba - best way to gain understanding

๐Ÿ‘ 1
๐Ÿ’ฏ 2
Shane Brauner19:10:32

One difficulty that happens in this scenario is when the infra team serves not just one business unit but a dozen or more. This can lead to the situation where multiple teams' highest priority issue doesn't even make the the infra team's top 5. How would you approach this?

๐Ÿ‘† 1
๐Ÿ‘ 1
Dominica DeGrandis, Author - Making Work Visible, Tasktop19:10:22

@shane.brauner For Sure! And why it's so important to make infra VS work visible and show demand from all the other Internal PVS's

Gene Kim, ITREV, Program Chair19:10:07

Enabling flow is a team sport!

๐Ÿ’ฏ 5
Denver Martin, Dir DevSecOps, he/him19:10:21

I see this happening when managers are working make their work centers faster when they are not the constraint, it just builds WIP at the real constraint...

๐Ÿ’ก 2
Chris Gallivan (Tasktop)19:10:11

like a pallet next to the constraint

Steve Pereira - Visible Value Stream Consulting19:10:59

This is a great point, itโ€™s totally natural behaviour and usually heavily incentivized

Denver Martin, Dir DevSecOps, he/him19:10:17

yep, for us it creates more Collision in the project schedule and merge issue with branch code and master.

Chris Gallivan (Tasktop)19:10:19

if it's software, tends to result in a bunch of branches

โž• 2
Steve Pereira - Visible Value Stream Consulting19:10:05

Right! Limiting collaboration in favour of a big bang, high risk, high stress merge

Gene Kim, ITREV, Program Chair19:10:41

๐Ÿ‘ 1
๐Ÿ‘† 1
Gene Kim, ITREV, Program Chair19:10:08

โ€œOtherโ€. This is great, @abd3721!!! We fear others.

๐Ÿ’ฏ 2
Andrew Davis - Copado - DevOps for Salesforce19:10:50

And yet โ€œselfโ€ and โ€œotherโ€ are just ideas

๐Ÿ’ฏ 1
Gene Kim, ITREV, Program Chair19:10:19

> And yet โ€œselfโ€ and โ€œotherโ€ are just ideas Profound โ€”ย maybe an observation that can only come someone who was a Buddhist monk.

โ˜ธ๏ธ 6
Andrew Davis - Copado - DevOps for Salesforce19:10:17

I suppose that helps, yes. ๐Ÿ™‚

๐Ÿ’ฏ 1
Michael Winslow19:10:16

This is so much bigger than FLOW!!! Such a great blueprint for inclusivity on your way to FLOW. Awesome.

โค๏ธ 6
BJ Preece19:10:41

This is a great presentation. Thinking about perceptions, about teams collaborating, finding consensus and so on - has anyone else found during the pandemic that it has been hard to get Teams to empathise with each other? Because of the endless video calls, because of the stress and distraction of the pandemic, that sort of thing

๐Ÿ’ฏ 7
โœ”๏ธ 1
Virginia Laurenzano NSA (Speaker)19:10:33

I've been intentionally asking about people's lives outside of work and have amazed my colleagues with my ability to learn about the humans aroundus

โค๏ธ 3
Andrew Davis - Copado - DevOps for Salesforce19:10:35

Itโ€™s hard to soften the boundaries between people when weโ€™re just remote, and focused on maintaining our personas (masks)

Brian Smith19:10:48

"has anyone else found during the pandemic that it has been hard to get Teams to empathise with each other?" Absolutely.

Chris Gallivan (Tasktop)19:10:50

we used gather and it strengthened the empathy

Chris Gallivan (Tasktop)19:10:59

work the work together

Andrew Davis - Copado - DevOps for Salesforce19:10:13

The same โ€œGatherโ€ app weโ€™re using here?

Andrew Davis - Copado - DevOps for Salesforce19:10:32

Was it actively used over time? My initial bias is that feels like it would be a niche app, as opposed to physical space which youโ€™re in naturally

Chris Gallivan (Tasktop)19:10:53

we used it every day, 8 hours a day for 4 months and counting

Chris Gallivan (Tasktop)19:10:03

there were no "meetings"

Chris Gallivan (Tasktop)19:10:33

context switch drain dropped

Chris Gallivan (Tasktop)19:10:43

cause there was no switching

Chris Gallivan (Tasktop)19:10:27

I can say zoom is so much more tiring to my eyes

Javier Magaรฑa - Walmart19:10:19

How do you align the 3 time zones?

Chris Gallivan (Tasktop)19:10:49

we shoot for a 5-6 hour overlap

Chris Gallivan (Tasktop)19:10:00

we started at 6 am EST every day

Chris Gallivan (Tasktop)19:10:17

I am telling you we never felt close to those people

Chris Gallivan (Tasktop)19:10:33

people were having hallway conversations

Chris Gallivan (Tasktop)19:10:45

the proximity chat is really helpful

Chris Gallivan (Tasktop)19:10:56

some people dont like talking in groups

Javier Magaรฑa - Walmart19:10:08

I don't see it mentioned specifically in the thread, but I assume gather?

Chris Gallivan (Tasktop)19:10:49

yes, I'm afraid I highjacked the thread :(

Chris Gallivan (Tasktop)19:10:30

I noticed that gather really softened the boundaries between remote people

Chris Gallivan (Tasktop)19:10:53

in fact, none of those teams want to use anything else

Andrew Davis - Copado - DevOps for Salesforce20:10:02

Thatโ€™s amazing. I wouldnโ€™t have expected such remarkable adoption or success. Is there a way for typical users of Gather to (for example) create artifacts that people can then contribute to or discuss? Iโ€™m pondering the challenge of how to create a shared mental space for people where there can be ideas that persist and are commented on over time. @chris.gallivan421 What size group did you have using Gather?

Chris Gallivan (Tasktop)21:10:42

the free license only accomodates 25 users

Chris Gallivan (Tasktop)21:10:58

our teams were about 10 in size, we had a couple at once

Chris Gallivan (Tasktop)21:10:43

there are whiteboards on the walls, you can embed mural etc as well

Chris Gallivan (Tasktop)21:10:00

so yes, you can share and retain artifacts

Chris Gallivan (Tasktop)21:10:26

we had white boards in all the rooms to persist thoughts

Chris Gallivan (Tasktop)21:10:34

just like a real room

๐ŸŽ‰ 1
Andrew Davis - Copado - DevOps for Salesforce16:10:46

Very cool. Worth us trialing I think

Denver Martin, Dir DevSecOps, he/him19:10:48

one of the foundation items I have to cover with onboarding a new DevOps engineer to the team is to remind them that we are responsible for the whole value stream, not just a work center.

Michael Winslow19:10:25

This is literally talking about something that is happening to my org in another slack channel right now...

๐Ÿ˜ƒ 1
โค๏ธ 2
Christina Tan, Strategy at Blameless, Speaker DOES2119:10:38

@steveelsewhere, do you have books that you'd recommend for understanding flow engineering better?

Steve Pereira - Visible Value Stream Consulting19:10:09

Actually I have a free ebook at

๐Ÿ‘ 1
โค๏ธ 2
Steve Pereira - Visible Value Stream Consulting19:10:46

Andrew and I are working on something comprehensive to release next year!

๐Ÿ“– 1
Leah Brown - IT Revolution19:10:23

Yes. Stayed to IT Revolution and we'll let you know when their new book is ready for preorder!

Dominica DeGrandis, Author - Making Work Visible, Tasktop19:10:45

THIS! "Psychological alignment & shared goals" @abd3721

๐ŸŽ‰ 2
โค๏ธ 4
Virginia Laurenzano NSA (Speaker)19:10:32

this talk is so great. thank you @abd3721 and @steveelsewhere

โค๏ธ 3
Christina Tan, Strategy at Blameless, Speaker DOES2119:10:44

Look forward to this book!!

โค๏ธ 2
Vaidik Kapoor (Speaker) - VP Eng (DevOps, Security) - Grofers19:10:55

Nice! Looking forward to the book!

โค๏ธ 3
Leah Brown - IT Revolution19:10:59

Books books books!

โค๏ธ 2
Courtney Kissler19:10:00

Super excited for this book!!

๐ŸŽ‰ 7
โค๏ธ 2
Trac Bannon (Speaker)19:10:12

Excellent talk!!

โค๏ธ 2
Steve Pereira - Visible Value Stream Consulting19:10:21 is the site, please do check it out and join us on the journey!

Denver Martin, Dir DevSecOps, he/him19:10:23

maybe new IT Rev BookClub item?

๐Ÿ™ 1
Brian W. Spolarich - Cal Poly19:10:23

great talk. My brain is full! ๐Ÿ™‚

โค๏ธ 2
Brian Smith19:10:24

Thank you!

โค๏ธ 2
BJ Preece19:10:25

Well, that was the best talk of the day so far, thanks guys. Got a lot from that. Looking forward to the book!

โค๏ธ 2
Andrew Davis - Copado - DevOps for Salesforce19:10:16

Thatโ€™s exceedingly high praise @ben040 thank you so much.

Glenn Wilson, Author of DevSecOps19:10:30

Wonderful talk @steveelsewhere and @abd3721 . I enjoyed this one immensely

๐Ÿ‘ 2
โค๏ธ 2
Trac Bannon (Speaker)19:10:31

I'm so happy to not be the only book-junkie!

โค๏ธ 3
Mark Peters19:10:42

I thought it was a requirement?

Jon Smart [Sooner Safer Happier]19:10:33

Thanks @steveelsewhere & @abd3721 great talk

โค๏ธ 4
Dipesh Bhatia19:10:34

The story was beautiful and the talk !!

โค๏ธ 2
Michael Winslow19:10:35

That was great!

โค๏ธ 2
Chris Gallivan (Tasktop)19:10:40

nice job!

โค๏ธ 2
Josรฉ Chanto19:10:48

Thank you! very well done

โค๏ธ 2
Denver Martin, Dir DevSecOps, he/him19:10:51

Great talk---

โค๏ธ 2
Gene Kim, ITREV, Program Chair19:10:53

@abd3721 It occurs to me that we heard very similar themes in talk from Target, Team of Teams, etc. Great talk!!! cc @steveelsewhere

๐Ÿ‘ 3
Steve Pereira - Visible Value Stream Consulting19:10:54

Thank you so much everyone for being here, itโ€™s an absolute dream!

๐Ÿ‘ 1
๐ŸŽ‰ 1
Andrew Davis - Copado - DevOps for Salesforce19:10:09

Indeed. Super grateful to have a chance to participate in this thoughtful and impactful community

Bryn Sharpe19:10:56

Great stuff! Thanks for the talk on flow engineering.

โค๏ธ 4

Reminder: The plenary sessions are starting again in 5 minutes. Start making your way back to your browser and join us in #ask-the-speaker-plenary to interact live with the speakers and other attendees.