Agile + DevOps East 2019 - DevOps Practices

As an agile coach, ScrumMaster, or product owner, you interact with technical teams every day, even though you may not have a technical background yourself. You hear and read about DevOps all the time, but the truth is that you’re not really sure what DevOps is or exactly how it can help your company. You also have a feeling the executives in your company may be questioning whether their massive investment in agile is paying off. Lee Eason will help nontechnical agile practitioners understand exactly what DevOps is and why it’s valuable. You will leave understanding the background, key...

State Farm adopted an innovative approach to a common problem many organizations face with agile transformation: How do you influence, nurture, and support a whole scale culture of agility? How do you move from doing agile to being agile? The solution was to institute a continuous delivery dojo. State Farm is going on its third year of supporting delivery teams at scale in enhancing agile maturity and establishing a continuous delivery culture. The dojo represents a dedicated place to work with teams to change mindsets, skill sets, and toolsets. It also represents an opportunity to...

You're thinking about modernizing your database development process ... someday. You have directories full of SQL files you use to build your application. You know unit tests should be included as part of your build process, and you are going to start adding them ... maybe next week. Does this sound like you? If you think modernizing your dev process will be difficult, time-consuming, and expensive, you may be surprised at how easy and cost-effective it is to get started. Blaine Carter will explore how to manage your database application in a continuous development pipeline. He will talk...

Testing is shifting left. Developers want instant feedback on the quality of their code, and testers want to incorporate tests earlier in the pipeline without slowing down development efforts. Testing in full browsers is great when you’re near the end of the pipeline and need to confirm cross-browser compatibility, but for the scale and speed required for these early pipeline tests, there is a need for a more effective solution. Enter headless browsers, an emerging trend that allows you to run your early pipeline tests at scale. Headless offers a lightweight option that gives developers...

The dojo is an experiment-rich environment for the team that encourages adding pieces and tools as needed, pushing experimentation, and learning first. What makes this dojo special is how adaptive it can be, considering teams no longer are all collocated. By using simple tools like a good camera, open call, and a free tool to display work, teams can collaborate across the world. The goal of the dojo is fourfold: Improve individuals and interactions, deliver working software, collaborate with customers, and respond to changes quickly. We'll talk about how agility can be applied to various...

The days of writing software and throwing it over the proverbial wall to operations and production support teams are over. It’s time we, as software development teams, become more accountable and take pride and ownership in what we do. The results will be better transparency, more autonomy, and reduced risk (among other things). Join Sean and Suresh as they walk through how Capital One tackled one particular project by leveraging DevOps and forming their "you build it, you own it" principles. You'll gain a better understanding of how to improve quality within your agile teams and how to...

Liberating structures offer a revolutionary solution to collaboration in groups by using a handful of simple rules to unleash and involve everyone, enabling groups of any size to work at the top of their intelligence. Discuss them with peers and experts in this fishbowl discussion, where the audience members sit in a circle of chairs in the middle of the room. Several brave souls will fill all but one of the chairs in the "fishbowl." When you want to join as a speaker, you enter the fishbowl and sit in the empty chair, and one of the other speakers will voluntarily leave so that one chair...

Do you know teams that are merely doing "cargo cult DevOps"? Near the end of WWII, the Allies had airstrips on many islands in the south Pacific. The natives on these islands noticed that when the Allies put the "coconuts" on their ears and spoke into the "banana," the gods would send down a magical flying creature with food and supplies. When the war ended and the Allies left, the natives put the coconuts on their ears and spoke into the banana, and they wondered why the gods failed to bless them, too. They didn't understand headphones or radio transmissions or that someone must be...

When starting up a greenfield project, it’s easy to take advantage of the most modern development practices. But what about the rest of us, who are working on codebases greater than five minutes old? How do you take code that’s four years and hundreds of thousands of SLOC, and turn that into a lean, mean, continuous-deploying machine? In this talk, Melissa Benua will walk through what continuous integration and deployment means for teams working on mature code bases, and what the roadmap looks like to get from a release cycle that may take weeks or months to one that deploys on-demand....

The ultimate objective of a DevOps approach is to deliver quality products to your customers as efficiently as possible. DevOps shops that achieved this state point to continuous testing as a key contributor to their success. However, QA and testing have become forgotten along the DevOps journey of many organizations. For groups that have incorporated testing, many have a release cadence that resembles something more like waterfall. The culprit is often the inability to incorporate stable automation into their testing practices. Lee Barnes will discuss how organizations can address...

Many organizations ignore culture and overfocus on picking and implementing the right tools. However, these tools have underlying cultural assumptions. If the current culture does not support these assumptions, then automation will only have limited success, or even fail altogether. So how do you address this problem? By recognizing that overfocusing on tools is a problem in the first place. Start by understanding the cultural assumptions supporting the optimum use of the tools, as well as how your organization measures up in relation to high-performing organizations. Finally,...

It seems that everyone is aflutter with DevOps, the shiny new panacea for all of our software ailments. What technical goodness can DevOps bestow upon us? What riddles does it unlock for us as technologists? How do business goals align in order to wring the true value from DevOps? Delivering value faster is a desire of many business and IT leaders, and it often looks like a win-lose proposition to achieve it. Metrics and edicts seem to have competing interests, like the car racer being told to both "go faster" and "save fuel." Barry Forrest and Allison Pollard will share their experiences...

DevOps and agile are designed to help you be adaptable and move quickly. But meeting your compliance obligations tends to slow you down and make processes rigid. However, by using key components of agile and DevOps and approaching compliance obligations from a different angle, you can meet your obligations while being adaptable. Guy Herbert will show examples of how his company structures their CI/CD processes to include compliance and how they have changed their compliance approach to be able to better meet the needs of the DevOps teams. Guy will also discuss the cultural implications of...

Agile and DevOps metrics and dashboards enable agile teams and their leaders to measure time to market, quality, productivity, predictability, employee engagement, and customer satisfaction. But the key focus of these metrics should be on the value delivered to customers. Instead of measuring what or how much we are doing, we have to look beyond vanity metrics and measure actionable metrics. Jagdish Karira will provide a practical approach for collecting metrics that enable transparency and help product teams transform their processes. He'll describe twelve metrics in detail, with...

Are you moving faster than fast? Congrats! Chances are you already use feature flags to decouple code deployments from feature rollouts. Whether you use a roll-your-own feature-flagging solution (with a few quirks) or a feature-flags-as-a-service solution, hopefully you post feature flag rollout changes to something like Datadog so that when a flag rollout lines up with an obvious spike, you know whom to have a talk with. It's a solid start, but that’s just the basics. What do data-driven CD ninjas do? They build in observability to every feature release, so when they push a...

While leadership styles may change when moving from a startup to a Fortune 500 company, leadership practices do not! Join Andrew Glover as he discusses his DevOps leadership journey, starting with his own company and ending at Netflix. Learn what works and what doesn’t from someone with hands-on, practical experience leading Agile and DevOps initiatives and teams. Hear Andrew’s lessons learned and how to overcome leadership obstacles during change. Take home valuable tips for leading Agile and DevOps change within your organization.

DevSecOps empowers engineering teams to take ownership of how their product behaves in production, including security aspects. The primary goal of a DevSecOps initiative is to get development teams to shift their mindset and adopt security practices in their daily activities. However, this can only happen with healthy collaboration and mutual trust between development and security teams. Larry Maccherone can show you how. Larry will discuss how to effectively build trust between developers and security personnel to facilitate a successful DevSecOps program. He will present a proven "Trust...

DevSecOps is so much more than forcing developers to use legacy scanning tools. In this talk, we will discuss a continuous, effective, and scalable DevSecOps pipeline using free cutting-edge tools. We'll discuss and show IAST (Interactive Application Security Testing) to accurately pinpoint vulnerabilities in both custom code and libraries in real time without scanning. We'll discuss and show RASP (Runtime Application Self-Protection) in production to gain visbility into application attaches and to prevent vulnerabilities from being exploited. And we'll discuss how to integrate the results...

DevSecOps can be a beacon of hope. Rather than engaging in seemingly futile battles, there are paths to achieving unified wins for devs, ops, compliance—and security. But different situations call for different tools—both technical and social. Join Julie Tsai as she provides realistic examples of things that may have (or not) worked. Mileage may vary.