Fork me on GitHub
Alfred Soare06:05:40

+++ Incident +++ Unfortunately the power strips on the desks are not working in the main room ——————

Jeff Gallimore (CTIO - Excella, he/him)06:05:05

Ticket filed. 😉 Thanks for letting us know. We’ll fix that over the break. 🙏 for your battery life.

❤️ 1
Mike Long - CEO at Kosli07:05:02

Will the slides for the talks be uploaded?

Alex Broderick-Forster, IT Revolution, Event Staff07:05:39

Yes! We’ll post the GitHub link, and also add them to the video library alongside the videos when they’re up.

🙏 2
💪 1
🔥 1
Remko de Jong14:05:57

Not sure if this the right channel, if not apologies and directions appreciated. Is there a good audit/compliance 101 (preferably with examples of how to apply traditional controls from frameworks like NIST, COBIT, SOX, etc) in a way compatible with a modern devops minded SDLC? In the BOF session we had on this topic we weren’t really able to identify a lot of these, if any.

🆘 2
Jon Smart [Sooner Safer Happier]14:05:19

@aggenebbisj one source of shared learning is chapter 6 of Sooner Safer Happier. This is what we did where I was working (I was the owner of change controls in a highly regulated organization). Doesn’t specifically mention NIST or COBIT. Happy to chat.

❤️ 3
👆 2
Remko de Jong15:05:02

I suddenly remembered a document that is a great example of what I’m looking for, but not complete: The DevOps Audit Defense Toolkit ( @genek did this document ever evolve as hinted at in the conclusion?

Gene Kim, ITREV, Program Chair15:05:54

Ah, yes! @jeff.gallimore and I worked on that! Gosh, Jeff, I think so much came out of it, but that document was never updated. Anything you'd like to see or help with? (We should update the doc to include all the work we've all done around security and compliance!)

👍 2
👀 1
Remko de Jong16:05:23

That’s a good question. Will definitely get back on that one. And would be happy to help wherever it makes sense. What’s the best communication channel to use for this? Will this channel still be read after the conference for example?

Pablo Jejcic08:05:08

Would love to see a 2023 version of that document - even with some recommendations on approaches, and even perhaps tools?