Yes a big challenge.... includes upskilling and reskilling too 🙂

I will be taking lots of notes during this

Thanks Moira, I was writing the same 😉

What is meant by 'insourcing'? Taking currently outsourced work in house with full-time employees?

I would be interested in how this large-scale hiring program is executed.

I think it is virtually impossible to hire 2, 5, 7000 skilled engineers but it is possible to hire 7000 passionate people and train them. Very smart.

@rshoup yes on insourcing - bringing dev work in that we used to get done by 3rd parties - back in house with FTEs.

@vladyslav.ukis unfortunately I don't have that level of information. But up-skilling and reskilling is a big part of it.

Yes Gus - you're on the top of my list to speak to and network with later 🙂

Look forward to it 🙂

@gus.paul - Agreed! Check out the plenary talk on Agile Auditing this afternoon, where Audit and Technology leaders co-present on collaboration 🙂 Loving the high-collaboration talks!

interestingly we have this same problem but it’s reversed - it’s the dev teams we need to encourage to be more collaborative, not the ops team

(well, not just the dev but things like product and delivery on a product team)

When I saw your presentation, I thought of the same level because I was comparing both companies :)

Great presentation @moira.cheng! Happy to share Morgan Stanley’s Wealth Management Tech Operations and SRE journey! Over the past 6-7 years, we significantly reduced incidents by 70%, operating costs and toil.

Oh yes...Moria you definitely want to talk to Al as well as me!

@aramosnj & @gus.paul for sure 100% looking forward to catching up.

calling all people who want to be part of the Rebellion

intrinsic motivation is key in changing the mindset of 'the mass'

I was really fortunate Gus. My senior management team empowered me to do it how I want, in any way I want. I haven't disappointed them so far 😂. Still have their support 💯

Brill

Thank you @rwiankowski that's a real complement for me ❤️

a great way to connect to the “what’s in it for me” (WIIFM)

I’m off to a good start then. 😆 When I took over leadership of an internal services team, surveys became my tool to understand better what the current situation is (aside from actual conversations of course), what are individual aspirations, etc.

Our experience was engineers were not bothered about agile, but we had massive engagnement on devops concepts. Meet the people where they are...

Keen to explore in more detail what kind of Engineering conversations you mean @robert.ruzitschka. Genuinely intrigued. Lets connect

Happy to! Will talk tomorrow about our experiences.

I see a huge overlap in approach and experiences. Seems good 😀.

@anshul.kumarbansal which types of challenges was i talking about? Local Market Challenges or DevOps Adoption (survey results) challenges? Local Markets were more about lack of involvement in agile projects, knowledge, resourcing, process perceptions (well we had about 63 pain points overall). Survey results for IT Operations indicated they didn't have the opportunity, knowledge or training.

i believe @ben.grinnell will be sharing about this tomorrow

It’s probably a problem everywhere. I see that so often both internally and at customers. People are so swamped with work that they don’t have the headspace to learn, not even mentioning the time…

@ikrnic Spoke about this yesterday!!

thanks, will catch up!

Yes, really a problem - one way we tackled this was reducing the amount of non-strategic work in the funnel to open up capacity for experimentation... basically, lean portfolio management principles applied.

We talked about this in our Birds of a Feather session on Culture and Leadership yesterday. Some suggestions were booking fixed capacity in Agile projects for learning. 70/20/10 rule mentioned By @ferrix I know as a rule, this is hard to enforce in individual virtual agile projects and overall professional development (outside of projects) needs to be catered for too.

The 70:20:10 (customer needs / improvement of daily work / personal growth) is hard to push through. If the top management agrees that this should be the way, there might be some middle-management friction which requires assertiveness from teams to actually do it.

I experience a different challenge. The team members have such a strong sense of responsibility that they do it to themselves. With the 10/15/20 % of time promised to engineers for learning and experimentation, people don’t use it because they care so much to get the work done and provide the quality. I see more and more the importance of the middle management in this - they need to fully embrace it, to the point that they actively encourage engineers to learn and develop.

It’s a startling and astonishing initiative — kudos!!! 🎉

thanks Kim, that´s what it is indeed:slightly_smiling_face:

We created a team based around engineer training, certification and developer productivity and unleashed a wave of enthusiasm. 7000 people trained later, 1500 certified... all by giving permission. No-one was forced, nothing was mandated. All by free choice.

Invite vs inflict (which I learned from @jonathansmart1 )

She could be now!

Lovely!

One of my favorite days at work was when we cancelled CAB!!

@matthew @me1208 feel proud

Thank you, @gus.paul!

Right now - dedicated to the programme full time 1 FTE (me) and 2 x 0.5 FTE. The rest of the volunteers (circa 40) are part time - roughly spending 4-8 hours a week. And NO CONTRACTORS 😂

Thanks

Yes we have a view of them (MVP KPI list and Non MVP KPI list), but they're not all implemented yet. We're working on trying to make them real - getting source data from various pipeline and reporting systems - and doing a PoC to pull them all together this Increment.

cool thanks, did you use the DORA metrics for this or other custom ones?

Hi @marco.delgado ok so we're attempting to start our Unified DevOps KPIs with this list - Selected for MVP: MVP: Predictability: JIRA/ADO MVP: Incidents/MTTx: ITSM (=>Central Tool =>Andrea Martin's dashboard) MVP: %Success Deployment PRD: ITSM (how to connect incidents post change) MPV: Mean Cycle Time: JIRA/ADO MVP: Deployment Time: Pipeline (Azure/Jenkins/Gitxx) MVP: SEMM Maturiy: SEMM App MVP: ITOM Maturity: Excel MVP: Throughput: JIRA/ADO MVP: Code Quality: SonarQube Enterprise

wow - thanks for all that info

the pressurised middle management come up again… That’s an amazing idea I’m going to steal from Moira :)

Agreed, it’s a transformation playbook.

Which playbook? (For those catching up)

@nickeggleston - check out the opening talk from Moira from Vodafone.

Oh my word. Thank you @lucas.rettig and @ann.marie.99 That is such a high complement. Thank you. Never did I expect a year ago, that we'd come this far so soon. There's so much more to do though.❤️

A lot of us muddle through similar efforts, and your summary and explanation of the process is excellent, @moira.cheng. 👍 Looking forward to hearing how it’s going again in a year or two. 🙂

It's exciting to see how much you can accomplish so quickly

Not Vodafone, but we have very strictly stuck to the DORA metrics when showing progress. We resisted a lot of push to use other KPIs at the start but we've shown the value of sticking ot those 4 simple metrics now

Having a whole squad dedicated to meaurement has been key though. the PO of our metrics squad is a genius

@gus.paul a squad dedicated to measurement?! 🤯 Genius is an understatement!

Does this help ensure quality in metrics, i.e. the same metrics consistently get measured in the same way, having the same meaning, and thus can be usefully compared?

Yes exactly. It's the foundation of all we do. It's also resulted in a data lake where all our jiras/build stats/changes/incidents etc are all in one place

That's exactly what we're trying to get to @gus.paul - Wish i had a whole squad and a dedicated PO on this though!

@lucasc5 - yes i'm trying to see how we can share the maturity assessments - one is digital! On KPIs we have a list of Metrics (the MVP ones and non-MVP ones) i can share. The aim in this PI is to try and collate the MVP metrics from our source systems (whether it's pipeline tools or ITSM tools) or to see how much effort it would take to pull them all into a visible datalake and dashboard.

Sharing that list would be great 👍

@lucasc5 @werner.vaarwerk This is what we're attempting first as MVP MVP: Predictability: JIRA/ADO MVP: Incidents/MTTx: ITSM (=>Central Tool MVP: %Success Deployment PRD: ITSM (how to connect incidents post change) MPV: Mean Cycle Time: JIRA/ADO MVP: Deployment Time: Pipeline (Azure/Jenkins/Gitxx) MVP: SEMM Maturiy: SEMM App MVP: ITOM Maturity: Excel MVP: Throughput: JIRA/ADO MVP: Code Quality: SonarQube Enterprise

It would be interesting to understand what capabilities help combat the frozen middle problem

Hmm... simply put i think getting the 'frozen- middle' bought into what we're trying to do. Acknowledging that their teams need to learn and evolve, and even better, getting them to nominate individuals who can co-create with us, so they're part of that evolution journey.

Well everyone has their odd moments, but I have to say I am naturally inclined to be optimistic. And when working with volunteers - I want them to be happy working on the programme. Optimism and motivation spreads naturally through others 🙂

Hi @rshoup I have to say, because we are running with volunteers - i've hardly had any skeptics. The Vodafone Tech 2025 strategy, and our OneTechTeam Digital & IT vision also helps. It was a coalition of the willing - yes - from the beginning. I'm a firm believer that skeptics will learn from the success of others given time 🙂

👍:skin-tone-5:

in a big compamy socialising the work is a full time job ...it takes a while but it pays dividends in the end. We have 1500+ at our quarterly internal devops days now

@gus.paul wow! Think i can learn some lessons from you on this. Would be great to find out more about your journey (other than Automating Change Management)

“what could go wrong?”

Agree 💯

Why would 1-1 be required?

The SREs are usually much better at parsing through cryptic logs to generate the metrics that the business wants. And the developers know enough about their application behavior and logs to help the SREs find the right information, or to add logging if needed. You need the domain knowledge of the application and the log aggregation / searching / alerting. Sometimes you get lucky and they’re the same person, but not often.

Yes, sure but why would "1 SRE talking to 1 Team" not work instead of "1 SRE talking to 1 Dev"?

I think you only need one of each? It’s usually very application specific. What were you thinking of, Vlad?

Perhaps I misunderstood you. My impression was that e.g. if you have a 200 devs org, you would have SREs talk to the 200 devs.

Ah, gotcha. Not like that. But say my 200 devs are divided across 30 smaller teams who work together, and they have 10 SREs who work on the service. I would want to have some general training for an hour or two (like a presentation) for everyone. But I would also want each of those 10 SREs to spend a day or two sitting with about 3 developers - training 1 developer per smaller team - over the course of a few weeks. That’s pair programming to hand-hold the developers through learning how to instrument their own application logs and how they (or SRE) will define the metrics and monitor them. And then those developers can teach the rest of their team how to work with SRE. I think we need that.

Yes, understood! That make sense 🙂

I don't think so. I know those that say SRE is the new DevOps and I think that is based on a misunderstanding of DevOps (automation vs value delivery via software). DevOps, for me, was very much about shift left, removing silos, removing waste, reduced time to value. SRE is a specialisation in that story taking the lessons learnt from DevOps and Software Delivery to every day operations. SRE does appear to have a much easier path as it fits into the mindset of ITIL and Service Management. The aspects of SRE around control, quality of service fid an easy home in a traditional enterprise. The question of error budgets less so.

Hi @slack1599 I don't think SRE is taking away focus per say from DevOps, but i do believe that SRE practices are easily applied and can be a first step to improving traditional IT solutions. The fact that SRE practices also promote a DevOps culture and feedback loops with Dev is the start to a blossoming collaboration and opens more doors for full DevOps application/adoption

@slack1599 @matthew.cobby @moira.cheng SRE helps with the 'how' to do Ops in DevOps, very much a collection of principles and techniques like SLO and Toil management to focus on customer-based reliability and continuous automation in the Ops space. DevOps itself doesn't get that prescriptive. I think the DevOps vs SRE debate started because (at Google at least) SREs are dedicated roles aligned to but outside their product teams (for their critical systems at least, for others it's you build it you run it). Thing is, the SRE techniques can be used with or without SRE 'roles'. You don't even need to call it SRE to avoid confusion if that's the case. We're using that approach as we embed Ops into product teams i.e. we're merely asking/teaching our DevOps product teams to use key SRE techniques as we 'expose' them to production more directly and ask them to run it. The same principles of collaboration, automation, etc are there. SRE implements DevOps.

I am discussing these topics in depth in the upcoming https://www.amazon.com/Establishing-Foundations-Step-Step-Organizations/dp/0137424604

Will look out for this @vladyslav.ukis Thanks for sharing

me, too. Thanks @vladyslav.ukis 🙂

perhaps we need more talks covering this theme here in future DOES events.

@marcelo.pazzinatto this is exactly what we're trying to achieve here. We're looking at ensuring SRE techniques can be used by all, and are not perceived to just something a specific Team / Role (e.g. Software Engineers) can do. I think the Google definition has actually caused some misinterpretations that only specific roles or teams can apply SRE practices and techniques.

I agree on both counts. As a collection of techniques helps balance velocity vs reliability and control toil levels, perfectly suitable for product teams in full DevOps mode. I think for large enterprises still transforming, it also helps with the journey to 'embed' Ops into their product teams. It's a different, arguably easier story for greenfield, cloud-native and new teams....

I don't remember a DevOps conference (including Google's own Next) where this DevOps vs SRE theme didn't come up 🙂

@genek this often is followed by ‘how do we measure it? Let’s measure it!’ Have you seen this done well? Should it be measured quantitatively at all? Is it more about confidence?

Similar. we have an internal change agent network of wnthsiasts to spread the word

*enthusiasts

I like Velocity Champions.... it speaks to the delivery of value at PACE. Too often a DevOps Champion was usually the person who ran Jenkins. :rolling_on_the_floor_laughing:. I might use this way of describing it.

Our initiative is the "Velocity Initiative", so ...

yes! - because they are required features! Product peeps need some upskilling too

Absolutely agree - we need to change the tide here. That's why getting Ops involve early in the Agile project team set up / structure is key. Another thing is Product owner vs. Service Owner concept. Product owners need to have accountability for service and ongoing in-life operational and CX improvements too. This unfortunately does not often get fair prioritization in the overall backlog. Education of Product Owners, Product Managers and Project Managers needed. Ops is nowhere in SAFe

Yes @gus.paul we've had to reassess how we structure our Ops teams and are providing guidance to Ops Team managers on how to scale. This is to enable participation in Agile project ceremonies, have new skills in planning - a bit more upfront. Happy to really get into the details 121.

It would be great if you had that discussion in Gather or somewhere interested folks can listen and learn 🥐

@sandeep.dabas get in touch, we'd be glad to welcome you into our programme or as a DevOps Ambassador:slightly_smiling_face:

Sure will do 🙂 Thanks.

Of course, it would be my pleasure if anyone took anything from my session and re-used it elsewhere. Happy to connect too if you'd like more details 🙂

I will surely connect! I am already in Confluence trying to articulate how to get some of your learnings into our own DevOps journey 😊

Coincidently Confluence is where we're putting our Playbook:smile: 🎯

Thank you so much. I'm really glad you enjoyed it ❤️

Well done, Kudos to you and your team

:thinking_face: - @matthew.cobby I am thinking where you were and where I am 🙂

😂. I know I now need budget but with the right team and the right motivation, you can shift a company.

at my company, Target - large US retailer, we call our customers our “guests.” Because, how do you treat your guests when they come to your house?

That makes the company as - company with purpose

This is a nuance of a mutual. We are a membership organisation, and owned by our members - not share holders.

TIL https://en.wikipedia.org/wiki/Meeting_of_Waters

DevSecFinDataQualityOps 😄

Thank you @andrew.henderson2

the origin story of data analysis!

agree - It is already too late, but we need to bring our Data friends to this DevOps party and bring them to this mainstream. Without Data we cannot move forward.

its quite the conundrum. I use this quote in my products on why our teams need to ruthlessly investigate every “export to Excel” that happens in our system. Data is an integral part of how to drive your business and needs to be highly aligned with your strategy (unified Business/Tech)

The power of data - some enterprises are so so behind; Most of the compliance, privacy is about "DATA"

Agree, recently I was listening to one of the org presentation (nothing to do with DevOps) they were saying Data Driven Decisions and Data Insights in their strategy for Years 2022; For me this sounds like they are 5 years behind thinking like this.

where have we seen this before? :rolling_on_the_floor_laughing: :rolling_on_the_floor_laughing:

LAzy developers are the best developers. "Why am i always doing this 5 minute thing...let me automate it"

Makes me think how often I use Excel to assemble/explore data, or do one computation.

like an “insights value stream”…

Unfortunately this is all too common. Part of the education here is for the C-suite!

My instinct is that we focus on improving what is under our span of control (am I a tech professional or a data professional?) I.e. changing practices I can control is easier than creating common (cross-departmental) practices.

I think what is so fascinating about this talk is that we don’t have a (widely used) name for the concept of what @simone.steel is talking about. Seems to include reframing what the actual inputs/outputs of applications/orgs should be. Thoughts, @scott.prugh @rshoup (my fave architecture)

Agreed. As always, start with clear problem statement(s), identify impediments and bottlenecks, start knocking them down.

In my opinion, its a take on Conway’s law, but instead of your architecture being a representative of your org structure, its how you influence, drive change, name things, etc, being a representative of where you sit in your org and what your title is. Once again - we have to align on our common problems, and tear down those silos.

I think this classification is helpful because we can explain and replicate software behaviour (deterministic), but we cannot do it in the same way with predictive analytics (non-deterministic, learning all the time).

Even more worrying if we think about environmental and sustainability views: #dataisnotfree #dataisnotgreen

i heard 80%

8% I heard :thinking_face:

…and “we want to get it up to 75%”

the organisers have been very open about the conference working this way - it allows us to talk to the speakers during their talk, which I appreciate

Absolutely brilliant way of doing it 🙌

never to be seen again (from the doc store)

Add HDD this into process to encourage its adoption and provided training to help with its use.

Just reviewing this again. Got this wrong. We have not changed the way finance works. A very interesting topic though, on how to roll out new techniques.

Yup, this is a key point.

its been a "continuous" work in progress - educating, coaching etc. :)

Correct, the aim is teams release when ready and not wait till the end of the season

In some enterprise even after few iterations the result is same as first LOL

very frequent theme in every talk and a great reminder for everyone. Just start, get it wrong, pivot, but most importantly START

Start and persist, iterate, which means somewhere there’s an understanding that failure-learning will be part of the process so the failures don’t empower the skeptics to torpedo the initiative.

actually we found higher the alignment higher the autonomy. It does require a clear vision to be set and understood by the entire product team.

You can do an industry benchmark. I have one open in front of me and you can select which industry to benchmark to. It is based on the State of DevOps survey data

The Google DORA Assessments do give comparisons with others in the industry.

and they underline that was a practical need seems that a consistent measure the left chunk of a delivery process has too many variations and challenges

And if you work somehwere that change lead time can be measured in days, you cna break it down into further stages 🙂

LinearB measures DORA from accessing your Git repos so you can do this exact breakdown into various phases @gus.paul. From there we can identify the bottlenecks in your dev process and help your devs merge and deploy faster with a workflow optimization chatbot called WorkerB. Come to our booth if you want to learn more! #xpo-linearb-automate-dev-team-improvement

IMHO we should keep delivery lead time as defined in Accelerate and use specific terms for any metrics that extends the measurement span

Delivery lead time as in first commit to prod? @gvian

correct

Yup. That's what we measure in Cycle Time. Coding-Pickup-Review-Deploy. 👍

no not based on basecamp but similar. Our devops practices are aligned with ITIL4 but ITIL4 is more adopted on the services side than the software development lifecycle...

exactly

is

Wow.

Your talk caught my eye, and I will be watching it with interest.

I look forward to your feedback

same, will come back to you!

Great!

so they moved to next track 😉

could you maybe share a link to the paper? or the story? :)

might be my fault: I squeezed him into a 15m slot. 🙂

The link will be posted after the session. Or feel free to reach out to us any time.

but OTOH, I’m not sure he speaks any slower in conversation. 🙂

or podcasts :))))

In his defense, I absolutely need more coffee AND always enjoy learning from him

@vmshook video library can run in both slower and faster speeds 🙂

Then you can choose extra deep voice Mik or high pitched Mik.

Now you’re just showing off @alex

hahaha

One day I will learn to slow down… I keep telling myself. All these DevOps Enterprise topics are just too exciting to me for the time being 😄

and another reference to Team Topologies

This is great!

https://ericnormand.me/podcast/the-christopher-alexander-effect

I feel like there is a Shu Ha Ri point in here.

But also, adding manual testers ==> worse quality, per Elisabeth Hendrickson 😉

hahahaha. thinking about things like this lead to madness. 🙂

I would like to delve into this to understand the point at which this happens

The upside of virtual!

I often do that - 3-10 times in small micro learning space; All this DOES are highly packed with great content, quality, experience & ideas. You cannot afford to miss that

so as in the previous years Equifax; It is better that we make sure we are not on the headline for wrong reasons 🙂

Absolutely.

Yes, we submitted a couple of responses to that (on SCA and static analysis).

yes, quite good — especially considering it dropped on a Friday

but then again the weekend is the time for open source contributions, right? 🙂

Do it until it stops hurting!

Like going to the gym. Patch every week. It's going to hurt but eventually you'll be ripped and secure !

it is really interesting that there are still folks who get “stuck”, even among that early updating cohort. worth more investigation.

good lead-in! “transitive dependencies” are coming up next 🙂

So given the trend I just described, I’m curious how long you had to wait for those transitive dependencies to be updated. Do you have a sense for that?

@stephen is there a link to this graph with live data by any chance?

this is really behind the scenes data! Love it

definitely! the more automation the better.

At least ‘npm audit fix’ exists and helps a lot.

Can you imagine if it didn’t? 💀

It definitely is helpful, but having so many dependencies change we also need to ensure things don't break right? I feel there isn't enough community focus on keeping libraries "backword compatible"

Love this graph!

yep 😕

It would be interesting to research what this would be predictive of!

Thinking about it, I guess it is already covered in the existing metrics. 😀

@vladyslav.ukis It would definitely show that you know about your inventory, can deploy quickly, have an effective process and situational awareness. If you can fix by just deploying a new version of the dependency, it most likely also shows that you have not been neglecting the topic and that you are fairly up to date, so the change to the system is small.

I have seen systems that were so old that moving to a secure version of the library means first finding a developer who still knows the code, then upgrading your Java version then upgrading your build system, then upgrading your framework and only then you can upgrade the dependency. Now we are talking about months to fix a zero day vulnerability. Ahh, accumulating technical debt may have pretty ugly results!

one good practice is to focus first on applications that are in production and open to the internet. work based on security risk.

It is critical to understand the impact of each dependency. Not just as a isolated patch but how it fits in the entire system or better system of systems.

Thank you, sounds like it is maybe part of the prioritization process

pulling vulnerable dependencies would break all those builds that are using those versions. there’s been discussion of this, but it’s generally considered too disruptive.

Thanks!

https://devopsenterprise.slack.com/archives/C015DQFEGMT/p1652267737702789

^follow up Q on that thread 🙂

this is an important point! which dependencies you choose matters a lot. Choosing deps with an active community and large contributor base helps a lot.

yeah - my lesson was learnt with that one!

also dependencies that upgrade their dependencies quickly, so you inherit transitive fixes quickly. (MTTU, which we discuss in the Software Supply Chain Report measures this)

Thanks! So orgs are in a bind: • Do a migration you might not have resources for • Persist a vulnerability How do they avoid getting into this trap in the first place? Assuming that vulnerabilities are when not if.

It needs the understanding that keeping Technical Debt in check is a regular part of engineering work - not a side note. There is no way around it.

Fwiw I've found tooling around automating dependency updates is pretty good, at least in the JS/TS eco-system (e.g. Renovate - https://www.whitesourcesoftware.com/free-developer-tools/renovate/). It spins up PRs with version bumps, and can even automatically merge those if you want, taking it out to prod (if you're practicing CD) automatically. If you keep on top of it it shouldn't be too much effort, excluding major version bumps. It's when it's neglected for a few years that it becomes really painful in my experience

@robert.ruzitschka I guess not just understand Tech Debt, but your org has to fund it too So you whatever you build, you take on a financial liability that if your org doesn't commit to in perpetuity, you end up in this trap and then the data in your own care, your own product, and the supply chain downstream of it is all jeopardised What happens if your ownership changes to something less diligent? Iirc Cory Doctorow has written on this (he's written so much I can't find it), when private equity takeovers happen they are incentivised to slash costs such as IT spending, creating shareholder value (for themselves) in the short term but externalising costs such as security risk (and other problems) for many stakeholders further ahead

Thanks @matt.tennison!

@philipday you touch on many important points that are far beyond the realm of engineering.

If an organization takes ownership and has a software product that is important for it's business success, it must be aware that continuously changing this product is a necessary fact. Even if you don't add any features, the world around your system will change - and thus make your system obsolete over time (it will become legacy - oh no!). So we must make sure to keep our systems in a changeable state. Not doing this will incur high costs and efforts later in time as change is unavoidable. Think about a system that uses an old log4j version. There is no way how you can keep it - it would be a business risk.

@philipday If the sole purpose of the owner is to extract as much money as possible and externalize risk, I don't think we are talking about a sound and sustainable product strategy 😀. So there is a more fundamental issue to solve. I am not denying that this approach is common but the possibility to apply good practices requires good will and understanding on all sides. I have done a lot of talks to explain TechDebt in our company and it helps to explain context and business impact.

Sorry for being so verbose 🥲.

Depends on how it’s implemented. You can make approval processes very quick with pre-vetted components and automated analysis of new components. But it absolutely can slow things down if it’s manual and under-resourced.

Agreed with @stephen here. Teams choosing their own tools doesn't mean "all the tools". You should have a preferred/vetted list and create a decentralized process to proposes changes like ADRs in wikis or github. Beyond safety, you also get shared knowledge/common understanding and consisteincy.

There is nothing in the Sonatype product line to support this, right? It would be something more upfront in the process?

So much lovely data…

Gene requires no breaks.

…and has the advantage of previewing all the talks before the event, right? 😉

It’s always tough to pick plenary content among such good choices — the default is to just jam another talk in, to the significant dismay of the team. 🙂

This is true!!!

Noticed quite a few folks saying they need to watch the videos 3+ times to try and focus and extract value from them. I have a hypothesis that the virtual model allows for deliver of the content and speaker/community interaction in a more "exploded" way, where the video is broken in to small "bites" as each slide or point is made and discussion swarms or circles around the before moving on to the next "bite"

Another related idea is doing the conference as a capstone for content that is released earlier and more continuously, allowing for a subscription model as presentations happen more-or-less continously over time and then a big get together to blast through the "best of" and a few new items in person or a virtual multi-day to celebrate and summarize. This also lets Gene do his very much appreciated value-add to the talks (kind of like he does with the Idealcast or the video-topic-lists). The model feels more agile/devops aligned with small batch released into "production", and is similar in a way to what AWS and Microsoft do with their big conferences (in that most of the features and products have already quietly been released or are in beta but there's a focus and spotlight on them for the conference).

What do you think @genek? Any value here or is this just crazy talk?

@nickeggleston love the idea of “bites”. As for the continuous release, the idea has struck me before as well. I think it’d be amazing to have weekly/bi-weekly/monthly “watch parties” where we showcase 1-2 new talks, but do it all year. Basically becomes a DevOps Enterprise Summit Membership Lecture Series. For AWS, I’ve noticed they do it over a longer period. Does it feel like attention fades, or does it help with engagement?

Interested as well

They are just misunderstood!

I love auditors - I will say that I am one of the few. But I like the second set of eyes to ensure things are working as intended. P.S. I am in the minority 😞

As an Assessor (RMR & CMMC) - I get a mixed bag some love the insights others treat me like Medusa

That’s so interesting!! Who is that? cc @lucasc5

Pat Shanahan is my leader. He is an incredible leader and empowers his team to experiment with new ways of working 🙂

We love having IT associates rotate through audit. We learn a lot from each other!

@culpe2 how long did you spend in Audit? Did you go back to IT afterwards?

Completely understandable!

@culpe2 Agreed!!!

This!!! Yes! 👏

(leans back, takes long drag from cigarette, and says, “perfect.” 😆