This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-06-23
Channels
- # ask-the-speaker-track-1 (171)
- # ask-the-speaker-track-2 (401)
- # ask-the-speaker-track-3 (250)
- # ask-the-speaker-track-4 (194)
- # bof-arch-engineering-ops (3)
- # bof-covid-19-lessons (9)
- # bof-cust-biz-tech-divide (8)
- # bof-leadership-culture-learning (19)
- # bof-next-gen-ops (46)
- # bof-overcoming-old-wow (8)
- # bof-project-to-product (10)
- # bof-sec-audit-compliance-grc (9)
- # bof-transformation-journeys (52)
- # bof-working-with-data (33)
- # discussion-main (885)
- # games (335)
- # happy-hour (129)
- # help (411)
- # hiring (43)
- # lean-coffee (17)
- # networking (8)
- # project-to-product (1)
- # snack-club (44)
- # sponsors (77)
- # summit-info (437)
- # xpo-datadog (2)
- # xpo-digitalai-accelerates-software-delivery (28)
- # xpo-github-for-enterprises (25)
- # xpo-gitlab-the-one-devops-platform (25)
- # xpo-itrevolution (3)
- # xpo-launchdarkly (3)
- # xpo-pagerduty-always-on (1)
- # xpo-planview-tasktop (6)
- # xpo-slack-does-devops (13)
- # xpo-snyk (5)
- # xpo-sonatype (12)
- # z-do-not-post-here-old-ask-the-speaker (176)
@pnuwayser no need to keep this one. its purpose is to navigate folks to the other channels.
nice to see GuyPo on the Committee - haven't seen him since the Velocity days!
@fernando.cornago442 Can you share how you created the SRE teams and from your point of view what kind of team they are in terms of Teams Topologies? Finally how many SRE teams you have and how do you map them towards the stream aligned teams.
https://devopsenterprise.slack.com/archives/CB0JGND0C/p1592859821067200
So often the way to solve complex challenges is by bringing together leaders with different, but complimentary skill sets. Another good example being shared by iptiQ with the technical-compliance alliance!
So often the way to solve complex challenges is by bringing together leaders with different, but complimentary skill sets. Another good example being shared by iptiQ with the technical-compliance alliance!
btw, most comments are in #ask-the-speaker-keynote
Former Royal Navy Weapon Engineer Officer here if anybody's curious about how the stuff @steve773 is talking about worked out later on. It used to be my job to advise the Commanding Officer / Principal Warfare Officer in the Operations Room (UK term for Combat Information Center)
Former Royal Navy Weapon Engineer Officer here if anybody's curious about how the stuff @steve773 is talking about worked out later on. It used to be my job to advise the Commanding Officer / Principal Warfare Officer in the Operations Room (UK term for Combat Information Center)
Hi Liz - good to see you here. I stepped away for a while for some work stuff I couldn't dodge :man-frowning:
@steve773: what objections to hear to “distributed experimentation”? I hear a lot of concerns from people about efficiency, so I’d expect that would be one… but maybe no, maybe others are more common.
@steve773 really enjoyed your Key Note Session Are you familiar with Kessel Run and some of the on going efforts we are doing to help change the way Command & Control is conducting in the USAF
@steve773 really enjoyed your Key Note Session Are you familiar with Kessel Run and some of the on going efforts we are doing to help change the way Command & Control is conducting in the USAF
I'm also deeply fascinated by the thinking behind this: https://software.af.mil/
hey guys @jtf that is my organization and @matthew.cobby Platform One came after KR but they are leading the way in other efforts. We are trying to build out DevSecOps in an acquisition community that is old and still implements waterfall process
@dvallera @matthew.cobby @jtf Happy to pick up the discussion by e mail, zoom, separate channel in the conference, etc. Cheers.
@jtf Great question. Takes HUUUGE confidence in one’s self and one’s colleagues to distribute experimentation like that. The thing is, what’s the alternative? You’re in a situation which is unfamiliar and about which you don’t know much. So, you can either figure out how to parse issues and distribute experimentation OR you can chose to stay stupid. And smart typically beats stupid….
@jtf Great question. Takes HUUUGE confidence in one’s self and one’s colleagues to distribute experimentation like that. The thing is, what’s the alternative? You’re in a situation which is unfamiliar and about which you don’t know much. So, you can either figure out how to parse issues and distribute experimentation OR you can chose to stay stupid. And smart typically beats stupid….
I guess this is similar to the aviation industry - if 'the fear of being wrong / need to be right' is more powerful than 'speaking up / OK to being wrong' then pilots make bad decisions and planes crash. There was a strong incentive for the Navy proactively tackle these new problems ahead of time - 'if we don't try to solve these problems now - lots of people will die' . Glad the Navy culture was in a good place to make these problem solving learning exercises happen!
@dvallera Thanks Dan. Note something I know about. Most familiarity is with Navy from the last several years of working together and little Army from time with the Rapid Equipping Force 2012-2014. Air Force, not much at all.
Where will lighting talk speakers be during their talks for feedback?
Smart beats stupid… eventually. The problem is that learning hurts now! Need leadership who can see past the short-term discomfort.
Excellent talk @steve773. Earlier this year I watched a talk on the same topic by Trent Hone, the author of the Learning War book: https://www.youtube.com/watch?v=DdRZtmRhECg. (targeted for a different audience, yours is much more sharable!)
Excellent talk @steve773. Earlier this year I watched a talk on the same topic by Trent Hone, the author of the Learning War book: https://www.youtube.com/watch?v=DdRZtmRhECg. (targeted for a different audience, yours is much more sharable!)
@genek101 @jeff.gallimore one day I was trying to learn more about Gary Klein's Shadowbox Training method. Turns out a person who co-authored MDCP1 Warfighting - the USMC doctrine document works with him (John F. Schmitt) https://www.shadowboxtraining.com/the-shadowbox-team
@michellecmoss @nic.whittaker Appreciated the mention of value stream mapping. Has been a HUGE help with knowleege work where you don’t have the physicality of material to tell you what happens where when. I think this connects with the no blame culture becuase once the process is visuualized, hen you can talk about hte process as a source of trouble, not the people in it.
@michellecmoss @nic.whittaker Appreciated the mention of value stream mapping. Has been a HUGE help with knowleege work where you don’t have the physicality of material to tell you what happens where when. I think this connects with the no blame culture becuase once the process is visuualized, hen you can talk about hte process as a source of trouble, not the people in it.
Hope you don't mind I screenshotted this - a lot of times I have people say they struggle to sell Value Stream Mapping internally and look for recommendations
Thanks. Here’s a very short note we wrote for students on how to map a process. We’ve done this in pharma NPD in IT etc. HUGE help in creating shared visualization of what we think is happening to which we can append our discoveries about what is actually happening + what we think should be changed.
Ooh - thanks for sharing - I have a version of Karen Martin/Mike Orzen's approaches that I use - always the tech delivery stream though - it's always really interesting to see other disciplines mapped. Sometimes I get a team to map 'getting a coffee' as warm up exercise
Not sure if booth-speakers are valid here for questions, but if anyone has any questions about GitHub Actions for automation of your workflows or anything, please feel free to ask me here or DM or anything!
@kevin.foley Thanks for the presentation. What was the thought process around building your own SDLC versus making use of an end to end tool?
@kevin.foley Thanks for the presentation. What was the thought process around building your own SDLC versus making use of an end to end tool?
Do you need a tool, there will of course be tools to help you achieve your goals. You will always need to put a process in place so the tribes understand the guardrails they are working in.
Really enjoyed the talk @jtf - Agile Conversations just made it to the top of my reading Backlog
Really enjoyed the talk @jtf - Agile Conversations just made it to the top of my reading Backlog
Nice presentation @nic.whittaker and @michellecmoss from Virgin Atlantic
Hi Trevor, We have a full lifecycle check on code, so from a runtime immutability enforcement we have a lot pipelines covered and some that are in progress, so not fully covered yet but will be soon.
@tal Hi, Tom I am just watching you great video 🙂 "Experienced employees do not feel the pain anymore".. So true. Btw, Are you feel the "pain" @ stackoverflow? 🙂
what was the name of that post it white board for the dojo? @nisha.parkash @michael_winslow
what was the name of that post it white board for the dojo? @nisha.parkash @michael_winslow
@nisha.parkash Thank you. We’re talking about creating something that would have the post it like touch and feel to do process mapping, so you can see tasks, their relationships, etc. When people can be in the same place at the same time, post it notes and yarn are actually pretty good. Working remotely…
@nisha.parkash Thank you. We’re talking about creating something that would have the post it like touch and feel to do process mapping, so you can see tasks, their relationships, etc. When people can be in the same place at the same time, post it notes and yarn are actually pretty good. Working remotely…
I recommend Mural - we spent some time focussing on this with a timer function so we equally didn't dwell on what to put on the board, that timer created that urgency to think and think out of the box a bit quicker 🙂
I've tried to use a shared screen and iPad with GoodNotes. That was great for me but worked much less well for everyone else (even when the diagram communication was all unidirectional). Mural is what we used after with good success.
Hi everyone, Q&A for the VendorDome session “The Dirty Truth of DevSecOps” will taken in #ask-the-speaker-track-4
@nisha.parkash - I loved the rules for dojo. As simple as keeping camera on. something we are struggling with a bit with our bootcamps and the lack of feedback from people.
@nisha.parkash - I loved the rules for dojo. As simple as keeping camera on. something we are struggling with a bit with our bootcamps and the lack of feedback from people.
As someone that has never been involved in a Dojo this was really fun and engaging - as you say just having the camera on added to that experience 🙂
👋 Taking additional questions here if anyone has them
👋 Taking additional questions here if anyone has them
I was thinking related to the talk, but I suppose I could try fielding others… 🙂
what was going on behind you? Looked like a couple of sock puppets from here! 🙂 - and thanks for the food for thought.
I think it was my daughter laying on the couch in the background… or so I thought!
Are yall meaning to be live right now? We can hear right now
Hi all! 👋 We’ve already got some discussion going in #ask-the-speaker-track-4; if you’re watching my talk and have any questions or comments, don’t be shy—I’m around and happy to chat. 😄
<!here> @steve773 will be doing a follow-up Q&A to his morning keynote at 330pm BST (in 90 min). Join here: https://us02web.zoom.us/j/8908483265
<!here> @steve773 will be doing a follow-up Q&A to his morning keynote at 330pm BST (in 90 min). Join here: https://us02web.zoom.us/j/8908483265
Happening now! @steve773 will be doing a follow-up Q&A to his morning keynote at 330pm BST (in 90 min). Join here: https://us02web.zoom.us/j/8908483265
@martinwoodward - how do you handle the question of personal or work identities when contributing back to open source outside the firewall? Is it all under http://microsoft.com users? Any issues with risk if you use personal users?
@martinwoodward - how do you handle the question of personal or work identities when contributing back to open source outside the firewall? Is it all under http://microsoft.com users? Any issues with risk if you use personal users?
@matthew.cobby - Martin is also in the https://github.zoom.us/j/93929282358?pwd=Z3pkSHJPTHAvZSs1M2VvTVhPUlZOQT09 if you want to ask those questions 🙂 (password: GitHub)
Answered in #ask-the-speaker-track-3 - basically we encourage them to use their personal ID’s but we associate the GitHub ID with the Microsoft org so that we can check they have 2fa etc enabled when contributing to the Microsoft org
You can also configure SAML so that they are authenticated against AAD when they contribute to the Microsoft org
@matthew.cobby we use that quite heavily. If you want you can have users add in their corporate email to the GitHub profile .. and you can ask them to set that as their secondary email; and then you can verify that. There are some neat approaches to managing Identity as part of Github
@martinwoodward - is there an open (inner) source culture distinct to open source @ Microsoft or is it a spectrum of maturity from inner to open?
I think the organisers are going to put them in a dropbox and a github repo for everyone. #summit-help is probably the place to ask 🙂
awesome thank you again I really enjoyed the presentation which had valuable information for all team members!
Great presentation @mail832 - a lot of key takeaways and lessons for sure. Thank you 🙏
@divineops and @martinwoodward, that was a great talk. Really, got an insider view of Microsoft's take on open-source.
Are we also able to get the slide decks for each of the presentations or is that at the end of the day? I'd really like to see the one from the adidas team.
Will this be the hottest ever London DOES? 34 deg for London tomorrow.... #suncream whilst appreciating all the great talks from the garden...
Will this be the hottest ever London DOES? 34 deg for London tomorrow.... #suncream whilst appreciating all the great talks from the garden...
@erica.morrison Where does the culture of Witch Hunting start in the aftermath of an incident, and why? How can you stop it? This is bringing back many painful memories...
@erica.morrison Where does the culture of Witch Hunting start in the aftermath of an incident, and why? How can you stop it? This is bringing back many painful memories...
It can unfortunately start at any level of the organization and takes continual vigilance to keep it at bay and out of the culture. Psychological safety is a key component here and there are many aspects to this. It needs to be openly discussed and defended by everyone. Leaders need to model behavior by accepting feedback. Post-incident reviews need to be blameless
Yes!!! I've been on (far too many) war rooms where senior managers have sworn at techies, and have wanted them fired after incident resolution!
I ran the BlackBerry Global NOC during the 54 hour outage in 2011. I'm breaking into a cold sweat.
Very easy actually. It's honestly so easy to see this framework is better. For someone like a SME, it gives them more time to actually do troubleshooting without being constantly peppered questions and allows them to pursue multiple things. Reducing chaos and MTTR will sell most people 🙂
Unfortunately that hasn't been my experience. Having technical folks answer questions from an IC usually results in some version of, 'I am troubleshooting my service, leave me alone'.
How did you deal with the fairly common senior management is taking over the call bridge? Do you just hand it over and let them run it or how is that resolved during an outage? :thinking_face:
How did you deal with the fairly common senior management is taking over the call bridge? Do you just hand it over and let them run it or how is that resolved during an outage? :thinking_face:
The first IC on the bridge is the IC until they give up control. They are the boss and have final authority to make any change in IC decisions. That can happen for a couple of reasons 1) The issue moved more towards a domain they don't know, 2) The issue got too big and they need to transition to a SME. If a senior leader is misbehaving on a call, you use "Would you like to take over as IC?" - that's the queue they've overstepped. If everyone is trained in this, it works pretty well
I guess the key aspect is that the senior leaders also require the training 🙂 That makes sense
@philipp.boeschen650 that's a really good observation and question: I was in similar situations and we got to a point (at Expedia) where we started educating our leaders about the critical importance of safety and trust 🙂. It didn't happen overnight, but they progressively got it and tried hard not to walk the floor and engage in telling people what to do, how fast etc. 🙂. Educating is key because they may know realize the negative impact of their behaviors.
Ah travel industry ! 🙂 I work at TUI currently. That's well put - guess it's a long road ahead of coaching our leaders as well as ourselves, thanks for that input!
Well you're right: we worked w transformation coaches and leadership consultants 🙂 . Influencing execs often takes external coaches/consultants, seen that many times
Yeah bottom up tends to be hard since it takes someone very secure in themselves to deal with that properly I guess since it's questioning some fundamentals :thinking_face:
@erica.morrison great talk. “do you want to take over as IC ?” is a very common queue. Also featured in tv shows: :https://youtu.be/Qypoco4BL_c?t=228
Seems to me Adaptive Capacity Labs and Black Rock 3 stuff are conflict. How do both work?
Seems to me Adaptive Capacity Labs and Black Rock 3 stuff are conflict. How do both work?
They actually don't conflict at all. ACL recommend Blackrock 3 to us. One of their findings was that we needed to run our outage bridges better and I couldn't agree more that this was such a pivotal finding they provided to us. They compliment each other really well and go hand in hand
@jwillis look closely! They work on IMS, not incident analysis. Related, not the same.
PS: might I recommend we take this discussion to #ask-the-speaker-keynote ? Thanks!! And so good to see you, @allspaw!!!!
@jwillis @allspaw would like to dialog with you on this in his current Q&A session...
Great presentation @erica.morrison and so needed! Your description of the outage impact on people and org was right on! And it's awesome that you all made the concerted effort to organize the learning in a framework that can be operationalized, packaged and leverageable by other companies. Thank you for sharing your vulnerability so that others can benefit.
Are technology leaders other people? Or are they everyone here? Leaders at all levels? :-)
@jonathansmart1 I believe we refer (at least I am) Execs. And what we'd welcome ifs that they make space for all the other Leaders who are able to think, lead and fix.
It also causes more work instead of fixing the problem... because you have to teach them why and what etc..
That's why: 1. We don't wait for incidents to happen to coach Leaders/ exces
2. Incidents mgt needs to be fully integrated into the transformation stagery and roadmap, and generally it isn't 🙂
4. Educating them on safety must be holistic not siloed like we usually do, team safety vs incident, vs performance reviews etc. it needs to be integrated and holistic. And foccussed on safety and growth mindset as an organizational capability
I agree with everything you said about technology leaders @allspaw... (including that they do not apply to me!) 🙂
I agree with everything you said about technology leaders @allspaw... (including that they do not apply to me!) 🙂
Oh geez, @allspaw, I'm the guy that says "we only have 10 minutes left". 😞
@allspaw Quick question - what is the efficient way to track the other team read the post incident? BTW - it was an excellent session.
@allspaw Quick question - what is the efficient way to track the other team read the post incident? BTW - it was an excellent session.
There are various ways to count accesses on web pages! 🙂 depends on where/how the documents are stored and made available.
Google Docs have Tools->Activity Dashboard where you can see all viewers, for example. Confluence has Page View Statistics.
So we have discussions about keynotes happening here and in -keynotes...kind of fractures the discussion space and community
That's dangerous .. a crispy cream and an In and Out next to each other. I'm glad I don't live in CA.
@allspaw - I like the idea of splitting the discussion/learning meeting from the potential actions one. the only problem there, is having to have a second meeting, which can annoy some people. What’s you experience in running these, and in which formats?
@allspaw - I like the idea of splitting the discussion/learning meeting from the potential actions one. the only problem there, is having to have a second meeting, which can annoy some people. What’s you experience in running these, and in which formats?
it can happen in an async fashion and doesn’t have to be long. the most important part of separating them is to focus the group review meeting on a richer understanding of the event first. We never find that people forget what action items might be worth exploring later. But we do find people generating them too quickly before understanding the incident in a deeper way, resulting in tickets that get “won’t fix” later because frankly: it was a bad idea, based on a faulty understanding.
I'll join the fun.. Here's a zoom link where I'll be hanging out to talk about the Handbook or Beyond the Phoenix Project. https://us02web.zoom.us/j/87567853321?pwd=RVY2MjFQaUwxSmpQSWY0azRmTFNZZz09
I'll join the fun.. Here's a zoom link where I'll be hanging out to talk about the Handbook or Beyond the Phoenix Project. https://us02web.zoom.us/j/87567853321?pwd=RVY2MjFQaUwxSmpQSWY0azRmTFNZZz09
The definition of safety in this context is compliance (Governance, Risk and Compliance), i.e. InfoSec, Data Privacy, Fraud, Compliance, etc. The control environment, both regulatory controls and company controls (psychological safety is covered via 'Happier' in Better Value Sooner Safer Happier). It's agile not fragile. Covered in "Risk and Control is Dead, Long Live Risk and Control" talk from DOES 19 Las Vegas. To answer your question, what we've done in the past is two key measures: (1) Left to Right measure. i.e. via the tooling we can see that you have a change with a number of mandatory risk stories. We can see if any changes were promoted without those mandatory risk stories having been automatically or manually attested as done and tested (e.g. MFA should've been implemented, but the controls have been bypassed maliciously or via breakglass) (2) Right to Left. A check of binary changes in prod. to ensure that it can be correlated back to the firm's control environment (i.e. the mandatory risk stories). If not, someone's bypassing all the controls. These two indicators would show up as red flags, and were part of the formal control environment, as reviewed and agreed by regulators. They were reviewed at exec level, aggregated by top level value streams.
If I may offer a different view: https://devopsenterprise.slack.com/archives/C015DQFEGMT/p1592927981483800?thread_ts=1592927596.471000
(just an acknowledgement that to equate safety with compliance can be problematic)
Safety = zero bad things gone wrong. Inspiration for this point of view is Alcoa which established zero injuries as the goal and responding to every indication of risk as trigger. Here’s a link to an appreciation I wrote on Paul O’Neill’s passing which talks to that. https://conta.cc/2x7fD3q
A modern perspective is also that safety is the presence of activities and capabilities that enable people to anticipate, respond, monitor, and learn in situations that make for vulnerable outcomes - in this case it’s not the absence of adverse events, which tends to stretch interpretations of ‘zero’ and ‘bad’ and ‘thing’ and ‘wrong’
Advocates for taking this view (sometimes referred to as a “Safety II” perspective or a “safety differently” perspective) would say that defining safety in the way @steve773 mentioned (and what’s historically been the definition) has some issues: how it’s measured and how it’s studied…Erik Hollnagel being a proponent of taking this new view: “The measurement problem is simply that an increase in safety is represented by a decrease in what is measured. Thus, a lower number of reported accidents (or other unwanted outcomes) is seen as representing a higher level of safety. The purpose of safety management is continuously to reduce or eliminate adverse outcomes and thereby achieve the enviable state of ‘freedom from harm’. But it is only possible to know how well an SMS works if there is something to measure. Therefore, the better the job an SMS does the less information there is about how to make improvements. This corresponds to the well-known regulator paradox, where the absence of feedback ultimately leads to a loss of control (Weinberg and Weinberg, 1979). The essence of the paradox is that the task of a regulator is to eliminate variation but this variation is the ultimate source of information about how well the regulator works. Therefore, the better the job a regulator does the less information it gets about how to improve. Thus, if an investment in safety does not lead to measurable results, such as a reduction in the number of accidents, then there is no way of knowing whether the investment had the desired effect. Furthermore, if the number of accidents is low to begin with, it is unreasonable to expect that the effect of improvements made can ever be measured.”
Sidney Dekker’s talk on this at DOES 18 was good. ‘It’s the presence of positives rather than the absence of negatives’ Airlines with the highest reported incidents have the lowest mortality rate