Agile + DevOps East 2019 - Developer
Customize your Agile + DevOps East 2019 experience with sessions for software developers.
Monday, November 4
Continuous Delivery in Practice: A Hands-On DevOps Workshop
For many organizations, delivering software into production has become increasingly more complex with long testing cycles and a division between development and operations teams. DevOps is a cultural movement that is breaking down those barriers. Focusing on automation, collaboration, tools, and knowledge sharing, DevOps is showing that developers and system engineers have much to learn from each other. Through a series of hands-on exercises, Danilo Sato will use a sample web application to demonstrate how to automate its build and deployment pipeline, using infrastructure and pipeline as...
Test Design for CI/CD Delivery
PreviewImagine this … As soon as any developed functionality is submitted into the code repository, it is automatically subjected to the appropriate battery of tests and then released straight into production. Setting up the pipeline capable of doing just that is becoming more and more common and something you need to know about. But most organizations hit the same stumbling block—just what IS the appropriate battery of tests? Automated build architectures don't always lend themselves well to the traditional stages of testing. In this hands-on tutorial, Melissa Benua introduces you to key...
Coaching Workshop: Taking Your Scrum to the Next Level
Are you struggling to achieve results from your agile and Scrum teams? Are you having trouble with user story writing or with effective estimation and forecasting? Are your sprint reviews and retrospectives low focus and low energy? What about gaining traction on the organization-side of things? Do your leaders actually understand the underlying principles? Are they measuring things properly? And what about Scrum at Scale—how’s that going? If you have questions, any questions, about how to improve specific practices or generally how to improve your agile journey, then this tutorial is for...
Learning How to Lead High-Performing Agile Teams
Currently much of agile adoption—coaching, advice, techniques, training, and even the empathy—revolves around the agile teams. Leaders are typically ignored, marginalized at best, and in the worst cases even vilified. But Bob Galen and Mary Thorn contend that there is a central and important role for managers and leaders within agile environments. Join Bob and Mary as they explore the patterns of mature agile managers and leaders. Examine why those who understand servant leadership know how to effectively support, grow, coach, and empower their agile teams in ways that increase the team's...
Tuesday, November 5
Introducing Docker and Kubernetes to Your DevOps Toolchain
As organizations look to improve the speed with which they deliver software, they increasingly turn to microservices and infrastructure-as-code for software architecture and delivery techniques to help leverage value from their DevOps adoptions. Docker, an industry standard containerization tool, facilitates moving processes into isolated environments that can be frozen into images, with an ecosystem that helps developers across organizations build and share these containers. Kubernetes builds on these capabilities and allows a software team to break down their application into small,...
Tools for DevSecOps
DevOps is about creating alignment across the value stream for an application, service, or product. DevSecOps integrates security into this process, making the entire team responsible for delivering secure code that works and can be deployed and used securely. But how do you actually do that? What tools do you add to your DevOps pipeline to help make your software secure and provide your stakeholders with a high level of confidence that the software meets all security requirements & standards? In this tutorial Tom Stiehm will explore what security tools you can add to your DevOps...
Introduction to DevOps with Chocolate and LEGOs
PreviewOrganizations today can no longer afford to deliver new features to their respective markets once a year or even once a quarter. In the attempt to catch up with the competition, they jump onto DevOps journey starting with the "How" and losing the sight of "Why" and "What". Join this gamified simulation tutorial to gain a solid understanding of foundational principles of the DevOps culture. Experience the benefits of DevOps transformation even before initiating one in your enterprise! This tutorial is ideally designed for organizations that are evaluating their approach to DevOps...
Wednesday, November 6
Wabi-Sabi Your DevSecOps
The ability of DevSecOps to produce secure code requires the merging of two very different cultures: AppSec and DevOps. While AppSec lives in a black-and-white world of secure or not secure that would cause “Hello World” to take six months to release, DevOps knows that the reality of software development is actually shades of gray, especially as demands are increasingly placed on development teams to produce more, faster. Brittany Greenfield will teach you how to apply the Japanese concept of wabi-sabi, which accepts imperfections in the things that we create, to DevSecOps, allowing you to...
Continuous Delivery Dojo: From Doing Agile to Being Agile
PreviewState Farm adopted an innovative approach to a common problem many organizations face with agile transformation: How do you influence, nurture, and support a whole scale culture of agility? How do you move from doing agile to being agile? The solution was to institute a continuous delivery dojo. State Farm is going on its third year of supporting delivery teams at scale in enhancing agile maturity and establishing a continuous delivery culture. The dojo represents a dedicated place to work with teams to change mindsets, skill sets, and toolsets. It also represents an opportunity to...
Open Mic: Coaching Up in Your Organization
The term “coaching up” traditionally refers to communication with a supervisor or person above you in the organizational chart. Coaching up strategies can be effective for all levels: Have you ever had a conversation with a boss, product owner, ScrumMaster, or leader that did not go well? Is one of your teammates dropping the ball? Often our instincts tell us to go on the defensive, which may result in the blame game. Instead, when difficult situations happen—or, better yet, when you anticipate them—let superiors know in a polite and helpful manner. They will appreciate your initiative....
An Agile Fireside Chat with Linda Rising
Come get your questions answered by an agile expert! We won't have an actual fireside, but Linda Rising will be on hand to answer your questions and discuss the topics that are most important to you. Linda is an internationally known presenter on topics related to agile development, patterns, retrospectives, the change process, and the connection between the latest neuroscience and software development. And she wants to discuss whatever interests you. Bring your questions and be ready for a lively, interactive discussion.
DevOps Tools for Database Developers
You're thinking about modernizing your database development process ... someday. You have directories full of SQL files you use to build your application. You know unit tests should be included as part of your build process, and you are going to start adding them ... maybe next week. Does this sound like you? If you think modernizing your dev process will be difficult, time-consuming, and expensive, you may be surprised at how easy and cost-effective it is to get started. Blaine Carter will explore how to manage your database application in a continuous development pipeline. He will talk...
Testing Serverless Applications
Serverless cloud applications are rapidly moving into the mainstream. In this model, teams focus on developing and deploying code on a known technology stack and runtime, with fixed interfaces for application, database, and network. It offers the advantage of lower costs, faster development, and elastic growth. But testing serverless applications also brings significant challenges to testers. Because the stack is maintained by the cloud provider, it is updated with new versions and security patches on a regular basis. Testers have to continuously test the stack interfaces to make sure that...
You Build It, You Own It!
The days of writing software and throwing it over the proverbial wall to operations and production support teams are over. It’s time we, as software development teams, become more accountable and take pride and ownership in what we do. The results will be better transparency, more autonomy, and reduced risk (among other things). Join Sean and Suresh as they walk through how Capital One tackled one particular project by leveraging DevOps and forming their "you build it, you own it" principles. You'll gain a better understanding of how to improve quality within your agile teams and how to...
Shifting Security Left: The Innovation of DevSecOps
DevSecOps uses application security practices that have existed for a while. The innovation of DevSecOps is incorporating security into the daily workflow of the team rather than leaving it to the end, shifting security left by automating aspects of security testing. DevSecOps leverages DevOps practices to make application security a first-class citizen in the practices of modern software development. But that requires a culture change: DevSecOps starts before the code is even written, using techniques like threat modeling and risk analysis to figure out who will attack you and how. Come...
Wage Your Bets: Microservice, Monolith, or Serverless
Microservice, Monolith, and Serverless are some of the three architectural styles that have recently gained popularity. Some engineers swear one over the other, but in reality, there is no black and white: there are advantages and disadvantages, depending on each use case. For example, if the flow of your services are dependent on another and each service doesn’t need to scale independently, is it worth increasing the development power it needs to maintain infrastructure? In this talk, Michelle Hodges will provide the pros and cons of going one way versus another, providing real life...
Thursday, November 7
Legacy Code and Testing: Let's Energize It!
PreviewDo you want to apply test automation to decade-old spaghetti code but aren't sure where to start? Many teams talk about needing automated tests in order to deliver faster, better quality but don't know just how to get there. Their code was created without a lot of the tools we have today or may have automation that centers on slow, record-and-playback methods. Join Leslie Lowman for an in-depth look at examples of this situation. She'll give some prerequisites, like instituting a solid testing model that focuses on automation, and show how to apply the testing model to older code,...
A DevOps Fireside Chat with Andy Glover
You've got DevOps questions, and we've got Andy Glover to answer them for you. He won't really be sitting by the fire, but he will be on hand to talk about all things DevOps. From his experiences building the Spinnaker continuous delivery platform to writing the open-source BDD framework easyb, Andy wants to talk about the things that worry you or thrill you about DevOps. Bring your questions and be ready for a lively, interactive discussion.
A Fool with a Tool: The Dangers of Ignoring Culture by Overfocusing on Tools
PreviewMany organizations ignore culture and overfocus on picking and implementing the right tools. However, these tools have underlying cultural assumptions. If the current culture does not support these assumptions, then automation will only have limited success, or even fail altogether. So how do you address this problem? By recognizing that overfocusing on tools is a problem in the first place. Start by understanding the cultural assumptions supporting the optimum use of the tools, as well as how your organization measures up in relation to high-performing organizations. Finally,...
Agile+DevOps Feud!
Join us for a game of Agile+DevOps Feud, where two teams of thought leaders compete to name the most popular responses to survey questions to win bragging rights and to share their experiences. Questions and voting will be in the TechWell Hub leading up to the conference, where community members will name their greatest concerns, best practices, etc. Our two teams of panelists, will do their best to guess the community’s viewpoint, and the winning team will get to explain how they deal with those concerns. Our panelists are competing...
How DevOps and Agile Fit with Compliance Obligations
DevOps and agile are designed to help you be adaptable and move quickly. But meeting your compliance obligations tends to slow you down and make processes rigid. However, by using key components of agile and DevOps and approaching compliance obligations from a different angle, you can meet your obligations while being adaptable. Guy Herbert will show examples of how his company structures their CI/CD processes to include compliance and how they have changed their compliance approach to be able to better meet the needs of the DevOps teams. Guy will also discuss the cultural implications of...
Using Lean XP to Supercharge Your Agile Delivery
PreviewMost teams that do agile development start with Scrum. And why not? Scrum is a proven method for focusing your team, ensuring that work adds value, and minimizing the risk with release. Then, after awhile, Scrum becomes stagnant. There are no more speed increases, and the team focuses more on ceremonies than delivery. At this point, Extreme Programming (XP), and Lean XP in particular, is the next step in agile maturity. Lean XP means developing software at the last possible moment ("just-in-time development") using one-week sprints, test driven development, pairing at all levels,...
Maximizing Agile Benefits through Understanding Learning Styles
PreviewThe Agile Manifesto says we value people and interactions over processes and tools. Yet when we talk about the agile methods, we usually end up talking about processes. Agilists use timeboxing as a forcing function to draw out resolutions and decisions. What if we just needed a better way to describe our needs and issues? What if we could actually be more effective with our communication? Join Robin Foster as he explores the relationships between learning, memory, communication, teaching, and the agile framework. Discover the cognitive science behind the process of learning new...
AWS Lambda: Best Practices and Common Mistakes
AWS Lambda is a serverless architecture that relieves you of hardware and scaling setup concerns. AWS Lambda functions are used by many organizations for serverless application development and automating DevOps tasks. But many teams start using AWS Lambdas and uncover problems such as running into resource limits, debugging nested lambda defects, managing code change across dozens of AWS accounts, and many more. Derek Ashmore will provide tips and tricks to make your AWS Lambda functions usable in different contexts and easier to develop and support. He will show you how to mitigate common...
Feature Flagging: Proven Patterns for Control and Observability in Continuous Delivery
PreviewAre you moving faster than fast? Congrats! Chances are you already use feature flags to decouple code deployments from feature rollouts. Whether you use a roll-your-own feature-flagging solution (with a few quirks) or a feature-flags-as-a-service solution, hopefully you post feature flag rollout changes to something like Datadog so that when a flag rollout lines up with an obvious spike, you know whom to have a talk with. It's a solid start, but that’s just the basics. What do data-driven CD ninjas do? They build in observability to every feature release, so when they push a...
Contract Testing with Pact: A Different Approach
With the microservice architecture evolving and becoming a golden standard, the necessity of testing the contracts between services appears to be more and more obvious. One of the most interesting solutions here is the Pact tool, which helps with testing and verifying the API contracts in a CI/CD manner and opens up a lot of interesting possibilities. However, the devil is always in the details: the implementation. We need to configure the Pact mock servers, but similar configurations are often needed across all the different parts of testing, from the verification of the providers to end-...
Friday, November 8
Shifting Security Left: Where to Start
Equipped with this guidance you can begin to make the changes that will transform application security into a responsibility that is shared by development and security and that continues once applications are in production and operation. By shifting security left, you unburden your security team, empower your developers to write better code…
Building Trust Between Security and Development to Accomplish Culture Change
DevSecOps empowers engineering teams to take ownership of how their product behaves in production, including security aspects. The primary goal of a DevSecOps initiative is to get development teams to shift their mindset and adopt security practices in their daily activities. However, this can only happen with healthy collaboration and mutual trust between development and security teams. Larry Maccherone can show you how. Larry will discuss how to effectively build trust between developers and security personnel to facilitate a successful DevSecOps program. He will present a proven "Trust...
Taking DevSecOps To The Next Level - Cutting Edge Tools for your Pipeline
DevSecOps is so much more than forcing developers to use legacy scanning tools. In this talk, we will discuss a continuous, effective, and scalable DevSecOps pipeline using free cutting-edge tools. We'll discuss and show IAST (Interactive Application Security Testing) to accurately pinpoint vulnerabilities in both custom code and libraries in real time without scanning. We'll discuss and show RASP (Runtime Application Self-Protection) in production to gain visbility into application attaches and to prevent vulnerabilities from being exploited. And we'll discuss how to integrate the results...
A Practical Approach to Building Security In
The release date is a week away. Development is complete. The code works, and everything looks good. Marketing is ready with the media blitz. Our customers are waiting to get their hands on the new features and are sure to give us good feedback. The only step left is to get the security group to scan the application and give us the approval to release. Cross your fingers- let’s hope we get the green light! Otherwise, I don’t know what we are going to do. DevOps, and more importantly, DevSecOps, promises to do away with rolling the dice at the end and hoping we are allowed to release what...
Panel Discussion: Getting Development and Security To Work Together
DevSecOps is all about getting security teams, practices, processes, and tooling integrated into your DevOps process but often getting a cross-functional team that includes security in place is difficult. Join DevSecOps practitioners in exploring the best ways to get security groups and personnel involved in day-to-day DevOps teams. Learn what role security personnel play in Sprint activities and how to remove compliance from being an end-of-lifecycle hurdle. Hear how leading organizations successfully shift security left and tips and tricks for getting started.