This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
Reminder: Get yourself in front of your browser and into #discussion-plenary for the opening remarks. We’re kicking off Day 2 in 15 minutes at 8:30am CST! https://devopsenterprise.slack.com/files/UATE4LJ94/F04DG604H1C/image.png
Reminder: Day 2 is starting now – opening remarks and then plenary talks! Join the conversation in #discussion-plenary.
Reminder: The breakout sessions are starting in 5 minutes. Get in front of your browser and start navigating your way to whichever session you’re attending. https://devopsenterprise.slack.com/files/UATE4LJ94/F04DG604H1C/image.png
Welcome @bobbiwenzler and @nicoleschultz for their talk: "Moving Mountains: Security & Compliance Guardrails in Pipelines"
Compliance as a product, not a roadblock. 👏👏
Was just having a conversation about exceptions for hotfix this week. Are the exception auto-granted and tracked or require approval?
When there’s a hot fix exception reason code selected it auto-approves but locks the expiration date to two days from the current day. So we ensure it’s a very short exception window. All exceptions are tracked with reason codes etc.
I was noodling on this problem on Monday with a colleague in the Army. We thought this sort of process would be viable. Great to see it work IRL.
@nicoleschultz @bobbiwenzler MS talking to the pipeline for governance , Amazing !!
@nicoleschultz @bobbiwenzler MS talking to the pipeline for governance , Amazing !!
We determine all the warnings in our custom pipeline enforcer product. The original pipeline status is not impacted by warnings we just add an external job and comment ourselves.
This is what I wanted at Walmart. The lack of a system like this is a major risk to CD.
Hey unfortunately we can’t comment on this now. We will take this one offline as we’d need to involve our legal department on this topic.

our effort at developing a code standards document was a 68 page document that ensured that no one ever read it
@nicoleschultz @bobbiwenzler how do you ensure all the pipelines actually do call the Enforcer Microservice?
They can configure their pipelines, but can’t override the base configuration.
We have a global webhook configured on our Source Code Management tool that calls our enforcement micro service on every pipeline and commit event
Thanks @bobbiwenzler and @nicoleschultz, this is definitely one of my favorite talk so far! Great job and very well shared! Congratulations! ⛰️
You mentioned that there was a dashboard of what projects were compliant and who owned them - did you write that also?
Yes, the team wrote a custom dashboard that shows who has warnings, failures, and exceptions.
We have a similar project (we're like corporate twins, here) but I have some notes in all caps for me to take home to it. Like having the self-serve exceptions process, very well designed
A few months ago I was hearing rumors that our security team was going to start hard stopping deployments that failed the security scan. 😱 No warning period... manual override process that relied on interaction with the security team... fortunately these rumors turned out to be false!!
My answer to that is to give them the prod pager.
If an engineer at SpaceX designs a new part, they are required to install it personally on a Falcon to verify it doesn’t require some strange process to get it done before the design is approved.
Do you have a way for repos that aren't "real" applications to bypass? I'm thinking of dummy projects people are using for training, test repos, POCs... stuff that will never see the light of day never mind production.
They use that same exception process with a reason not deploying to production. :)
Are you using Jenkins Pipelines, Github Actions, Azure Pipelines, etc.?
Let's welcome @charles.lafferty here to present: "How to Turn the Software Team Around"
Thank you so much for presenting today, @charles.lafferty!!!
This is so good. Like @dana.finster’s talk yesterday, we're talking not just about "you need autonomy, you need trust" but also how do you get there.
AAA method to reassure your boss that you're on it: Awareness, assessment, action
Wording is so important - "how could we have avoided this?" hits so much differently
@charles.lafferty what application are you recording this talk with?
(Silly but serious question: how did you do that text reveal effect, that looks like a horizontal train station sign thing, @charles.lafferty)
Kung Fu fighting animation effect isn't available in Google Slides 😢
Let’s work on a JavaScript Tamperscript plugin to replicate it in Google Slides. 😆
Ego gets in the way too often. Helping to separate "you" from the "idea" will help
Another thing that helps me is my definition of “agile mindset”. Everything I’m doing is probably wrong in some way. I’d rather be emotionally tied to a better outcome than to my faulty solution.
(searching for developer guide in the Code of Hamurabi)
These guides (if accurate) are also brilliant for new employees to come up to speed fast on how the team works
I always use new teammates to test our team docs. 🙂
"Cannot use You or name". How about "the way I do it" or "the way I think about it"? Does that work?
Agile Conversations is a wonderful book for this subject since it improves transparency and encourages iterative questions for discovery (vs an essay that's meant to win). I keep a copy on my desk as a reminder to practice. I also liked the idea of "healthy challenge" from The Value Flywheel Effect.
50 things to measure... so we need a monitoring system to gather and trend it all..
I do not manage a software development team, but much of this can be applied to any professional IT team. Thank you so much for this engaging talk @charles.lafferty
The measurement slide alone is worth the price of admission. Very great talk. Thanks!
"Sight". We have lots of metrics. Most devs I work with don't care to look at them. How do we motivate people to care about them?
Find improvement that will significantly help with work and visible in Metrics.
I’m trying an experiment where team metrics are displayed on the same screen as info about pipeline health. Can’t see one without the other.
I think perhaps the problem is back on slide #1 or 2: making sure the team cares about doing better. If they do, then we can talk about how to get there.
Thanks for this @charles.lafferty... it will take a few more listening sessions to digest it all...
Thank you all for the feedback! Feel free to reach out if you have other thoughts or questions. I'd be happy to connect
Ditto on the screenshot. Part of the key takeaways for me over the last couple of days is to be data-driven we need to measure. Not surprise there. Conversely, don't waste time trying to measure something that can't be measured. What this list represents to me is hidden light switches that if found and turned on will illuminate the dark corners of the enterprise. That is, this list helps avoid wasting time searching for switches that may not turn on anything.
Reminder: The breakout sessions are starting again in 5 minutes. Get in front of your browser and start navigating your way to whichever session you’re attending. https://devopsenterprise.slack.com/files/UATE4LJ94/F04DG604H1C/image.png
Next up, please welcome @leslie_chapman, here to present "Mentoring and Being Mentored"
Thank you so much for presenting on this, @leslie_chapman !!!!!!
Hmm... I haven't ever assigned or been assigned homework in a mentorship relationship - great idea
My boss suggested I set up office hours. Me? Office hours? I would have objected but I was too busy answering ad hoc questions from colleagues. :thinking_face: Hmmmm....
Self-objections: “I’m too junior to be a mentor” “imposter syndrome: I have nothing to offer, not enough experience”
Internship and co-op programs! Sorry, gotta ask, while I’m thinking of it — how have internships been during the pandemic!
I love that, that anyone at any stage can be a mentor. Especially I feel that being a mentor helps a person grow in their own career, great to start early. Loving the talk @leslie_chapman!
Having new juniors mentor interns (high school and new college grads)!!!!
context of question: was talking with a leader at an insurance company, and he was bemoaning how the internship experience was, because no one was in the office. Which I could commiserate with — I owe so much to my internships as a high school student at Sun Microsystems in 1987 — the office experience was so much a part of it!
(being surrounded by so many great engineers, and seeing what they do all day)
I agree, a senior intern can mentor a junior one or for the matter an experienced person for fresh ideas from College!
1 hour with @leslie_chapman was so impactful over the next several years for this junior Comcast engineer.
There is so much power in the idea that "you are not alone." ❤️
A mentor who is a great listener with few encouraging words will be more than enough for a mentee most of the time!
Mentorship: behind closed doors; vs Sponsorship: advocacy in public (everyone can be a sponsor, support people)
My goodness that is powerful, especially for some folks that may find it hard to advocate for themselves.
PS: @leslie_chapman, I’ve been haranguing @michael_winslow for not pointing out in his DOES talk a couple of weeks ago that the award that you were holding in that picture is AN EMMY AWARD!!!!!!! 🤯
You realize you're telling a bunch of introverted, nerdy engineers to talk about feelings, right? 😉
WOOOOO!!!!! It’s all so beautiful!!!! 🎉🎉🎉🎉. Congratulations for such an amazing recognition from the industry!!!!
I can't begin to explain how much more "achievable" it seemed for me to succeed as a technologist just by seeing what @leslie_chapman was accomplishing! And by having access to her.
Please welcome @rob.cummings, here to present, "How the Three Ways Impact the Race Track and Your Organization"
Thank you, excited to be here and see both familiar and new faces! Hopefully this is a bit of a fun talk for folks.
Hi, @rob.cummings — I’ve meant to tell you for nearly a decade that one of your talks (ChefConf? 2014?) that mentioned the book “The Other Side of Innovation” blew my mind, and I’ve studied that book for years. THANK YOU!
complex systems and situations require extra slack time and need for “flow time” / “maker time” (vs. “manager time”)
After putting together this talk, I realized this smooth is fast concept could be it's own talk or paper. I don't have all the answers, but i think there is a lot of benefit to thinking about how we can smoothly change direction by looking ahead at whats coming.
BTW, these themes resonate so much with me, as it is so much supporting the work I’ve been doing with Dr. Steven Spear — the need to have slowness at the center, fastness at the edge.
Yeah...that concept is super interesting to me...especially how to be smooth connecting those points between center and edge. Seems like theory of constraints also comes into play when you are pivoting or changing directions, suddenly that context change potentially becomes the biggest constraint in the system.
We’ll be airing an amended version of this talk tomorrow from Spear and me — this has been the most intellectually challenging thing I’ve ever worked on, but without doubt, one of the most rewarding! https://videos.itrevolution.com/watch/763825118/
A thing about those innovation sprints... 100% of the time our teams complain about how much "work" it is to be diverted away from their standard work at the beginning. By the end of the week, we always get rave reviews and they've forgotten all of the earlier complaints.
and they are usually about a week of focus time...no other sprint commitments other than maintaining the systems/responding to incidents.
practicing in safer, slower, more forgiving environments — super important!
re: that prime directive around assuming folks were doing their best during an incident... In my experience, gov't tends to be very hierarchal and many of the problems related to that. It took some doing, but they definitely came around and started to embrace our view of post incident reviews.
Reminder: The plenary sessions are starting again in 5 minutes. Start making your way back to your browser and join us in #discussion-plenary to interact live with the speakers and other attendees. https://devopsenterprise.slack.com/files/UATE4LJ94/F04DG604H1C/image.png
Reminder: Please submit your feedback for the talks you attended. It’s so valuable for us and the speakers. And after all, feedback is a gift and sharing is caring! Enter your feedback for those talks here: https://doesus2022.sched.com/ https://devopsenterprise.slack.com/files/UATE4LJ94/F04DG7DQMSS/image.png