Agile + DevOps East 2019 - DevOps Automation
Wednesday, November 6
Wabi-Sabi Your DevSecOps
The ability of DevSecOps to produce secure code requires the merging of two very different cultures: AppSec and DevOps. While AppSec lives in a black-and-white world of secure or not secure that would cause “Hello World” to take six months to release, DevOps knows that the reality of software development is actually shades of gray, especially as demands are increasingly placed on development teams to produce more, faster. Brittany Greenfield will teach you how to apply the Japanese concept of wabi-sabi, which accepts imperfections in the things that we create, to DevSecOps, allowing you to...
DevOps Tools for Database Developers
You're thinking about modernizing your database development process ... someday. You have directories full of SQL files you use to build your application. You know unit tests should be included as part of your build process, and you are going to start adding them ... maybe next week. Does this sound like you? If you think modernizing your dev process will be difficult, time-consuming, and expensive, you may be surprised at how easy and cost-effective it is to get started. Blaine Carter will explore how to manage your database application in a continuous development pipeline. He will talk...
Shifting Security Left: The Innovation of DevSecOps
DevSecOps uses application security practices that have existed for a while. The innovation of DevSecOps is incorporating security into the daily workflow of the team rather than leaving it to the end, shifting security left by automating aspects of security testing. DevSecOps leverages DevOps practices to make application security a first-class citizen in the practices of modern software development. But that requires a culture change: DevSecOps starts before the code is even written, using techniques like threat modeling and risk analysis to figure out who will attack you and how. Come...
Thursday, November 7
The Psychology of Chaos Engineering
Chaos engineering, failure injection, and similar practices have verified benefits to the resilience of systems and infrastructure. But can they provide similar resilience to teams and people? What are the effects and impacts on the humans involved in the systems? This talk will delve into both positive and negative outcomes for all the groups of people involved, including users, engineers, product owners, and business owners. Using case studies from organizations where chaos engineering has been implemented, Matty Stratton will explore the changes in attitude that these practices create,...
Effective Test Automation in DevOps
PreviewThe ultimate objective of a DevOps approach is to deliver quality products to your customers as efficiently as possible. DevOps shops that achieved this state point to continuous testing as a key contributor to their success. However, QA and testing have become forgotten along the DevOps journey of many organizations. For groups that have incorporated testing, many have a release cadence that resembles something more like waterfall. The culprit is often the inability to incorporate stable automation into their testing practices. Lee Barnes will discuss how organizations can address...
So You’re Using Docker. Now What?
These days everyone wants to containerize their application, but not everyone understands the best way to go about it. You need a tool to manage your containers, you need tools for image security scanning, you need to completely rethink how your application fits into its deployment environment, and most importantly you need to make sure you’re following good DevSecOps practices. Join Ryan Kenney as he discusses how he has addressed these concerns, among others, for various clients. Ryan will discuss options for container orchestration tools like Kubernetes and its competitors. Then, he...
AWS Lambda: Best Practices and Common Mistakes
AWS Lambda is a serverless architecture that relieves you of hardware and scaling setup concerns. AWS Lambda functions are used by many organizations for serverless application development and automating DevOps tasks. But many teams start using AWS Lambdas and uncover problems such as running into resource limits, debugging nested lambda defects, managing code change across dozens of AWS accounts, and many more. Derek Ashmore will provide tips and tricks to make your AWS Lambda functions usable in different contexts and easier to develop and support. He will show you how to mitigate common...