Fork me on GitHub
#ask-the-speaker-track-3
<
2021-10-06
>
Slackbot13:10:05

Reminder: Day 2 is starting now – opening remarks and then plenary talks! Join the conversation in #ask-the-speaker-plenary.

Ann Perry - IT Revolution16:10:25

Please say 'hello' to @m_meenakshee from SAP, presenting DevOps SRE or ITIL – Know Before You Leap!

1
👏 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce16:10:50

@m_meenakshee I’m just getting up to speed, but I gather that you’re talking about how the SAP team thinks about delivering new capabilities to SAP. As opposed to the vendor who’s presenting here, Basis, which is focused on helping users of SAP ease their updates and customizations. Is that true?

Meenal Meenaakshi16:10:49

I am covering an overview to provide a conceptual understanding of DevOps SRE ITIL implementation, from a generic stand point

1
👏 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce16:10:12

I really appreciate the summary. I’m not up to speed on ITIL, so helpful to see the comparison

👍 2
Meenal Meenaakshi16:10:46

Thanks a lot!! its really helpful to have a comparative overview to be able to make correct decisions

1
Meenal Meenaakshi16:10:30

esp with ITIL which is the most widely used ITSM framework so far

1
Frotz Faatuai (Cisco IT - he/him)16:10:41

Very good comparison of the different focal points. Especially for organizations which use all three (because those are the buzz words to chase this year…)

👍 2
1
Frotz Faatuai (Cisco IT - he/him)16:10:57

Good to evaluate how to smooth the focal differences in a heterogeneous environment and how expectations from ITIL Problem Management on SRE or DevOps might cause conflict.

Meenal Meenaakshi16:10:00

Absolutely as most organizations would mostly need to adopt one or more of these methodologies

Frotz Faatuai (Cisco IT - he/him)16:10:39

IT-wide, we use ITIL4. Within my team (monitoring platform), we are decidedly DevOps doing SAFe and/or just Scrum while other peer teams are SRE. In my sub-team, we are the Support and Operations team for my space and we’re decidedly ITIL Incident Management, Problem Management and Kanban focused.

👍 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce16:10:56

@ffaatuai when you say “decidedly” do you mean that you’re “deciding between” those different possible approaches? Or are you saying that’s what you’ve already settled on?

Jon Smart [Sooner Safer Happier]16:10:03

"Start small", "Nail it before you scale it", "Means to an end, not the end itself": sounds good!

👍 1
John Willis16:10:07

For those of you attending m session today I wanted to make you aware of some projects I have been involved with that a related to the topic at hand. My new Deming podcast... https://www.buzzsprout.com/1758599

👏 2
👋 2
1
❤️ 1
John Willis16:10:36

also my new related blog site..

Dave Mangot - DevOps transformation professional16:10:56

Can confirm, @jwillis’s Deming podcast is 💯 !!!!

💯 2
Ann Perry - IT Revolution16:10:00

And now, we welcome back @abd3721 presenting DevOps for Salesforce

John Willis16:10:04

As Ben Rockwood once told me... It all goes back to Deming.

❤️ 1
Dave Mangot - DevOps transformation professional16:10:37

I’m here to make you nervous @abd3721 😉

Andrew Davis - AutoRABIT - DevSecOps for Salesforce16:10:08

Fortunately I pre-recorded the talk and baked the nervousness in at the source

Andrew Davis - AutoRABIT - DevSecOps for Salesforce16:10:48

“DevOps for Salesforce Why the business has been bypassing IT for decades but is now in way over their heads and how you can help without going insane.”

John Willis16:10:53

my bad I thought my session was at 2pm..

Andrew Davis - AutoRABIT - DevSecOps for Salesforce16:10:18

Now you’re trapped here and have to listen to my session @jwillis

Dave Mangot - DevOps transformation professional16:10:01

@jwillis is just trying to reduce the variance in the number of speaker slots

Andrew Davis - AutoRABIT - DevSecOps for Salesforce16:10:01

“You can bypass IT who is the root of all delays”

Jon Smart [Sooner Safer Happier]16:10:58

Output, if you're lucky. But not what you asked for. And about 3 years later.

😄 1
😆 2
Dave Mangot - DevOps transformation professional17:10:08

> The problem with customers is they complain

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:47

And also I’m here in the chat laughing at my own jokes and quoting myself. #classy

😍 1
Dave Mangot - DevOps transformation professional17:10:52

Salesforce sounds like a bunch of DevOps hipsters

😂 1
😆 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:32

Excel is still Salesforce’s #1 competitor

Jon Smart [Sooner Safer Happier]17:10:47

Doesn't surprise me at all.

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:18

SAP and Oracle are utterly deficient in mascots

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:49

And I challenge you to show me someone with an SAP or Oracle tattoo (other than Larry Ellison)

Dave Mangot - DevOps transformation professional17:10:35

True story: I used to cover up the Salesforce logo on my jacket when walking through the Dreamforce hotel because I was afraid the attendees would mob me for working there!

1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:20

You need to understand the depth of Passion in the Salesforce community

Jon Smart [Sooner Safer Happier]17:10:31

I think I'm starting to 🙂

Jon Smart [Sooner Safer Happier]17:10:44

Kudos for that level of passion being built up

Jon Smart [Sooner Safer Happier]17:10:02

[SSH tattoos are available]

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:45

You’ll know you’ve forged a movement when you start getting SSH tattoos

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:02

I’d show you my Gene Kim tattoo but it’s NSFW

1
Jon Smart [Sooner Safer Happier]17:10:37

Key Result: MTT. Mean Time to Tattoo

1
Andy Nelson17:10:24

Anybody in the BVSSH community go that far yet?

Jon Smart [Sooner Safer Happier]17:10:08

[just off to the local tattoo parlour]

1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:16

You can write code on the Salesforce platform these days. THey’re providing more mainstream options for tech

👍 1
Dave Mangot - DevOps transformation professional17:10:41

@abd3721 is about to announce on-prem Salesforce 🤯

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:13

Just requires a Petabyte SSD on your laptop

😂 1
Dominica DeGrandis, Author - Making Work Visible, Principal Flow Advisor17:10:12

Curious @abd3721 How does SF make dependencies visible?

💡 1
👀 2
Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:57

There’s a lot of work yet to be done in that area. I really feel it will be gamechanging when there are better solutions for that. There is an early-stage dependency API to show (some) of the internal metadata dependencies. The work I’ve done on that has been to export metadata, process it a bit and show it in Gephi. But this deserves a more robust solution

👏 1
Brandon Linton (CarMax)17:10:34

This is the most lucid / dead-on talk about Salesforce I’ve ever seen. Well done @abd3721! Must-watch for anyone working in Salesforce

👏 2
Brandon Linton (CarMax)17:10:39

Thank you for preparing this!

1
Dave Mangot - DevOps transformation professional17:10:48

puts his DevOps mind tricks back in the drawer

😆 1
Stephan Stapel17:10:56

"Those are not the DevOps tools you are looking for" ?

Stephan Stapel17:10:21

There is no lightsabre emoji, but: 🔦

Andrew Davis - AutoRABIT - DevSecOps for Salesforce18:10:54

@stephan.stapel please don’t take offense, but that’s a pretty sad substitute for a lightsaber. 😉

Dave Mangot - DevOps transformation professional17:10:15

You’re doing God’s work @abd3721

😆 1
❤️ 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:59

“One of their brilliant ideas was that we need more funding”

Dave Mangot - DevOps transformation professional17:10:17

You’re working on all the things that people used to complain to me about when I worked at SFDC

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:21

Very cool. It’s interesting … I didn’t know much about how much communication there is from the dev teams building ON Salesforce with the dev teams that are actually building Salesforce itself

Dominica DeGrandis, Author - Making Work Visible, Principal Flow Advisor17:10:38

@abd3721 speaking of funding - What is SF funding model? By Project or Product? or?

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:23

I’ll assume you mean about how do teams fund buying and configuring Salesforce. I’d say it’s historically been led by sales or marketing teams, and they’ve totally thought about it as a one-time project. As Salesforce has become more critical to the enterprise, IT and CIOs have gotten more involved. But there’s still an extremely strong tendency to just hire an SI and wash your hands of it

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:43

Needless to say that doesn’t serve teams so well in the long term

Rob Grant17:10:07

What about scanning for vulnerabilities? Does SAST make sense in a Salesforce world since it is no/low code?

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:35

You can write code on Salesforce, so there’s a market for SAST. PMD, Sonarqube

Rob Grant17:10:25

Thank you. Didn't see it mentioned in your limited periodic table.

Andrew Davis - AutoRABIT - DevSecOps for Salesforce18:10:06

@rob.grant I took a closer look at that periodic table and it doesn’t include any SAST tools, so my slide was accurate, but you make a good point. And you apparently have very fast eyes and brain to have noticed that gap. 🙂

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:56

This is an actual merge of Salesforce XML

3
Andy Nelson17:10:15

I have never worked on Salesforce but spent many years w/ SAP ERP - so this song definitely rhymes with some of my past experience

❤️ 1
Stephan Stapel17:10:38

At least SAP is aware that customization needs to be transported from dev to test to prod and offers tools for that.

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:16

That’s a learning goal for me - to get familiar with the SAP dev lifecycle

Andy Nelson17:10:36

Very good point... unless you z-code your customization layer configs and allow manual configs by environment (at least thats what my friend told me...)

Andy Nelson17:10:19

@abd3721 it may be worth connecting with #xpo-basis-technologies. In my previous life we were using their commercial software to bring DevOps principles into our manual SAP deployment processes... Alot has changed Im sure since the early 2019 days when I was looking at it though...

1
Stephan Stapel17:10:48

@abd3721 Are you in contact with Salesforce? Are they interested in following a 'Software Engineering' (imho, this very basic term would be a good start) approach for their user base?

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:17

Salesforce themselves is working on improving in this area. They neglected it for a long time, so that allowed commercial companies like Copado a market opportunity. Salesforce teams always have to vie for funding against big strategic initiatives, so dev tooling tends to get underfunded because it doesn’t expand their market

Stephan Stapel17:10:30

cool, thanks. Did they show something on that at Dreamforce (just skipped that conference)?

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:09

THey are now openly talking about DevOps, DORA metrics, etc for the first time

Dominica DeGrandis, Author - Making Work Visible, Principal Flow Advisor17:10:36

"As teams scale up, Lead Time tanks." more dependencies, more conflicting priorities, more neglected & unplanned WIP

1
Stephan Stapel17:10:51

Not only scaling the team yields dependencies at Salesforce. It's also style of working. Hacking stuff quickly to generate new forms etc. is the primary problem.

1
Dave Mangot - DevOps transformation professional17:10:06

But it’s a nice looking treacherous spiderweb of doom which makes it “less bad”

😆 1
Bryce Miller17:10:21

Sounds like I never want to work with salesforce

1
Stephan Stapel17:10:50

The users love it!

Dave Mangot - DevOps transformation professional17:10:14

But then you’ll never get a Salesforce tattoo!

🙂 1
Bryce Miller17:10:23

Do they still love it when time to value grows exponentially?

Stephan Stapel17:10:30

In our company, there is almost a war for getting a user account.

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:30

I shouldn’t be too hard on the platform. The tools for building apps are very easy and cool.

Stephan Stapel17:10:35

@bryce: it's not really growing expontially. It's more the regular re-engineering that needs to be conducted to get rid of old customizing and to refactor dependencies and persistence. So far (5 years since starting) they are still accepting it...

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:39

But the dev lifecycle is pretty rough

👍 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:20

The Salesforce world is maturing in terms of their appreciation of the importance of real software engineering approaches.

👍 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:39

But the number of devs is growing very fast so the average skill level is modest

Bryce Miller17:10:31

How do you hire people to work on salesforce when the experience is so rough?

Bryce Miller17:10:45

When they could go work on a more sane platform?

Bryce Miller17:10:06

:thinking_face:

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:15

Yeah, Salesforce saves a ton of time on the actual app building process

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:32

Even though the in-between parts can be hard and the tooling is less developed than other languages

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:52

My company, Copado, is filling in a lot of the gaps in the developer experience

Bryce Miller17:10:48

What I'm taking away from this is that ease of app creation comes at a cost.

Bryce Miller17:10:36

low code is inexpensive at first, more expensive down the line

Andrew Davis - AutoRABIT - DevSecOps for Salesforce18:10:05

@bryce there’s a saying that any system can survive one order of magnitude of growth before needing to be redesigned. Too many low code apps with no thoughtful architecture will require redesign when you grow. Same with code, same with microservices.

Andrew Davis - AutoRABIT - DevSecOps for Salesforce18:10:56

But low code allows you to move very fast to create things and roll them out to business. Which means that you then have lots of dependent customers who don’t want you breaking the apps they use as you struggle to refactor.

Andrew Davis - AutoRABIT - DevSecOps for Salesforce18:10:05

So all software systems can fall into nightmare complexity traps. I happened to focus on some of the roughest parts of the Salesforce dev experience.

Bryce Miller18:10:26

Hmm yes my small amount of code on Lambda does make me worry that I am setting myself up for pain in the future.

Bryce Miller18:10:35

@abd3721 your point is well taken. I suppose the lesson here is that long-term agility depends on intentional effort to avoid these pitfalls, regardless of tech stack.

💯 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce18:10:06

I feel like this DOES community holds a massive collection of scars and war stories about limited or regrettable decisions, or just how they tackled the next generation of challenges.

Bryce Miller18:10:07

If good architecture were easy, it wouldn't be notable. And we wouldn't need this conference.

👏 1
1
Charlie Betz17:10:26

@abd3721 very interesting stuff. How broadly do you think this is applicable to the low/no-code platform market generally, including ERP platforms?

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:18

I think there are very similar challenges for other low code platforms. Those tools require a higher level of abstraction for managing the dev lifecycle, so on all of those platforms there’s an opening for tools that go beyond just scripting

Stephan Stapel17:10:01

@abd3721 very cool!

Stephan Stapel17:10:56

Thanks a lot for your talk!

Krista McCredie17:10:03

We did something similar and it took 1.5 years to complete. Complete code refactoring, extraction of modules, build pipelines. The biggest cost not quantified at the start was the amount of work required to create the new build pipelines, as well as the automated test pipelines needed to be extracted from the monolith. One other note - one team did this refactoring, but the goal was to move ownership of that module back to the team who developed it. Ownership was a bit of an issue as each team had to learn how to use the new piplelines and test framework

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:45

Well done. I’d be really interested to learn more about your team’s journey. DM me if you all want to set up time to share what you did

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:16

If you all want to keep in touch, sign up for my newsletter https://inside-out.work/

👏 1
Dave Mangot - DevOps transformation professional17:10:51

Already connected. Maybe we should follow each other on Insta. (I don’t have an Insta)

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:24

I’m still setting up my TikTok and OnlyFans accounts

😍 1
Brandon Linton (CarMax)17:10:28

@abd3721 / others - when refactoring a large complex org, how have people found success in choosing the seams for DX packages? What about introducing other software engineering practices like information hiding (i.e., finding ways to limit direct data / SOQL access)?

Andrew Davis - AutoRABIT - DevSecOps for Salesforce17:10:11

This is chapter 5 of my book which is still to the best of my knowledge up to date on techniques for decoupling. https://drive.google.com/file/d/1lIrBYv8sDPQ7MdZp6EVCjeCv1QOxOAF0/view?usp=sharing

❤️ 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce18:10:10

But it requires some sophisticated software engineering\

Brandon Linton (CarMax)20:10:46

This is so helpful! I’m trying to help build some groundswell to take on this challenge - start aligning teams to business capabilities we realize on-platform and use that to help DX package scoping, etc. Going to spend time absorbing this, but I really appreciate the follow up and sharing the chapter!

Andy Nelson17:10:39

great stuff @abd3721 - Im not a salesforce guy but it was a great talk. Come for the salesforce, stay for the salesforce tattoos!

😂 1
Andrew Davis - AutoRABIT - DevSecOps for Salesforce18:10:54

DM me if you want a discount at TattooForce

John Willis19:10:00

For those of you attending m session today I wanted to make you aware of some projects I have been involved with that a related to the topic at hand.  My new Deming podcast... https://www.buzzsprout.com/1758599

Ann Perry - IT Revolution19:10:00

📣 Please welcome our dear friend, @jwillis, here to share DevSecOps - The Broken or Blurred Lines of Defense 📣

Mike Waite19:10:38

loving the podcast John!

John Willis19:10:44

Thanks, @annp

Courtney Kissler19:10:28

Whoo hoo @jwillis

John Willis19:10:38

sameless plug...

John Willis19:10:32

Hey Courtney.. miss you...

❤️ 1
Courtney Kissler19:10:01

Miss you too! ❤️

Glenn Wilson, Author of DevSecOps19:10:48

Looking forward to this John 👏

Dave Mangot - DevOps transformation professional19:10:30

The Profound episode with @ckissler was 💥

❤️ 1
Courtney Kissler19:10:04

awww...thank you! 🙂

John Willis19:10:56

@chawklady Is always "Prfound"

Courtney Kissler19:10:58

Wow - you are way too kind! 😊

Virginia Laurenzano NSA19:10:06

silo'd by design. Always love @jwillis's insights

Dave Mangot - DevOps transformation professional19:10:45

“because it sounds cool” <- Anything John says

👍 3
😀 1
John Willis19:10:55

One thing I forgot to mention about Conway's law but might be obvious... the 3LOD might give you the org design/security implementation you don't really want.

Dave Mangot - DevOps transformation professional19:10:24

John’s Chrome notifications on the top of the screen ❤️

google 1
😄 2
Daniel Cahill - Engineer - Ontario Systems19:10:53

Do you think all 3 feel that they aren't getting what they want? Or might it be that only 1 of the 3 feel the pain?

Scott Jaffa (Principal Engineer, ValidaTek)19:10:47

That’s what I’m wondering as well - is the pain / challenge focused on one group over others?

Meghan Glass - PrdMgr Best Buy19:10:13

I won't punch you in the nose @jwillis

👍 1
1
John Willis19:10:49

I would say that that structure of silo'd org design for risk gives us low efficacy communication when it comes to risk. So I would answer all.

John Willis19:10:26

The next slide is my favorite slide...

🪄 1
Andy Nelson19:10:59

you may have paid for the full seat but when listening to John you only use the edge... love the suspense building

👍 2
1
😆 3
John Willis19:10:28

Shameless plug for my friends at Verica... Continious Verification

Daniel Cahill - Engineer - Ontario Systems19:10:31

I haven't been hearing the other parts of the org cry out from the pain and its viewed as so noble its immovable. Trying to think back if I have been ignoring or hidden from the pain.

Daniel Cahill - Engineer - Ontario Systems19:10:48

Semi related, that VOID tool looks neat.

John Willis19:10:59

VOID is really cool...

👍 2
John Willis19:10:40

I miss you all. Hopefully next year we can do this in person.

3
😞 1
Scott Jaffa (Principal Engineer, ValidaTek)19:10:22

Will there be peanut butter and chocolate?

Dave Mangot - DevOps transformation professional19:10:03

@jwillis, CIA -> DIE (confidentiality, integrity, availability -> distributed, immutable, ephemeral). Are you going to cover that? Or if not, thoughts?

John Willis19:10:02

@dave This presentation is more meta.. like how do we do the big things differently. (Risk, Defense, and Trust).

1
John Willis19:10:27

@dave we can talk about this in the Sec Bof

❤️ 2
Daniel Cahill - Engineer - Ontario Systems19:10:20

Is there a screenshot of that last slide?

John Willis19:10:58

@dacahill7 remind me via an email and I'll send you the long version of this presentation (slides).

👍 2
Nick Eggleston (free radical)19:10:07

@jwillis which email is best for you?

Dave Mangot - DevOps transformation professional19:10:47

I was an author on that paper! 🎉

🔖 1
Meghan Glass - PrdMgr Best Buy19:10:53

Quote of the presentation: Think blockchain, don't use blockchain

😀 1
1
Dave Mangot - DevOps transformation professional19:10:58

Love the Chef story, we always said that cfgmgmt was a compliance engine

👍 1
John Willis19:10:25

We have been playing with Merkle Tree implications based on Google's Trillion for attestation data store as opposed to blockchain. YOu get most of the benefits of Blockchain without the overhead.

John Willis19:10:05

You heard it here first... It's going to be put out next year as a book.

John Willis19:10:46

We have a bill and erik.

John Willis19:10:32

I'm gonna run out of time for Defense.. Here's something we are cooking up next week based on the work I have been doing with ONUG... If you are interested in the follow on work related to the Defense primitive. We are having a media day next week about the open-source project we are introducing. Here's the invite verb.. ONUG Fall 2021, the premier cloud event of the year, is quickly approaching. But first, an exclusive preview of the groundbreaking https://vimeo.com/544834251, spearheaded by ONUG Collaborative members, will be held virtually on Thursday, October 14, 2021, from 2-3:30 pm EST.   Spending on cloud computing infrastructures increased by 32% worldwide last year, and is expected to reach $106.8 billion in 2022, according to Gartner Inc. With this growth in spending comes talks of open-source technology that allows customers more control over their cloud usage. But cloud consumers and providers have yet to come together to demonstrate a solution––until now.    I’d like to invite you to attend this exclusive preview event that I will be moderating along with Nick Lippis, co-founder of ONUG, and presented by ONUG Automated Cloud Governance Working Group members from Microsoft, IBM, Google, Oracle, FedEx, Cigna, Intuit, Adobe, Fidelity and Raytheon Technologies. This will be a demonstration of a new open source project for multi-cloud security notifications for the first time that is extendable to many other areas of hybrid/multi-cloud infrastructure. .    RSVP to the virtual ONUG Fall 2021 Briefing Day https://hopin.com/events/onug-fall-2021?code=RgyLtE9UmBxLofhT83hv677jc. Please let us know if you have any questions. We look forward to seeing you there!

2
John Willis19:10:25

Sigstore is based on Google's Trillion.

Dave Mangot - DevOps transformation professional19:10:27

I feel like the Josh Corman SBOM episode stuff is relevant here

John Willis19:10:03

Yeah I have some thoughts about sBOM as being defined by the industry versus Automated Governance.

Dave Mangot - DevOps transformation professional19:10:26

I think the DOES sponsor Anchore does some of that

John Willis19:10:15

The only company that I know that is doing exactly what I am talking about in this presentation is PNC.

John Willis19:10:47

They are the authors of the Investments Unlimited book.

John Willis19:10:46

In case I didn't make the point .. doing this after it gets into the data lake the correlation and efficacy will be lower. The ONUG Decorator concept is to decorate at the source. Where a decorator is an array construct on the normalized event. I also didn't mention that not only can a decorator be a content and meta entity. We also have plans for adding NIST and MITRE decorators. Imagine a security event that is normalized with all of this from the start.

❤️ 3
John Willis19:10:36

Potentual technologies for east-west trust could be Sigstore and SPIFFE

John Willis19:10:39

<mailto:botchagalupe@gmail.com|botchagalupe@gmail.com> for non redhat stuff. jwillis@redhat stuff.

Dave Mangot - DevOps transformation professional19:10:13

I think we know what John’s been working on at RedHat!

Courtney Kissler19:10:39

Thanks @jwillis - always amazing!!

❤️ 2
Sanket Naik19:10:42

Great talk @jwillis. You gave me lots of stuff to research.

Daniel Cahill - Engineer - Ontario Systems19:10:49

Thinking about what you said with if we are still talking about GitOps in 2025, we missed the point. My current org Im not sure if they will even be ready for gitops by then. Wonder what that means about them getting left behind or if it will be significantly easier to catch up as better tools come along.

Glenn Wilson, Author of DevSecOps19:10:52

Wow - that was a lot to take in. Great stuff @jwillis It looks like I have some reading ahead of me…

💯 6
Istvan Bathazi19:10:13

@jwillis 👏great presentation. Thank you

Daniel Cahill - Engineer - Ontario Systems19:10:56

Was there an estimate of when next year that book might come out?

👍 1
Andy Nelson19:10:57

@jwillis good stuff !

Slackbot21:10:19

Reminder: The plenary sessions are starting again in 5 minutes. Start making your way back to your browser and join us in #ask-the-speaker-plenary to interact live with the speakers and other attendees. https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png