Agile + DevOps Virtual 2020 - DevOps Practices
Before You Go!
Don't Miss Special Offers and Program Updates Straight to Your Inbox (Opt-Out at Any Time)!
Wednesday, November 11
Getting Application Developers Onboard the DevOps Train
Exceptional businesses understand that frequent delivery cycles can be leveraged as a competitive advantage. This has been a primary driver in the evolution and importance of DevOps culture and processes. A group that often suffers from a lack of urgency in delivering more value more frequently is the people writing the code. It seems ironic as software developers often state that they are most satisfied when their code is being used. A healthy DevOps culture requires willing participants from all constituents. While one would think that development teams having a seat at the table...
Automation Justification
To many people, DevOps is solely about automation. Automation is a huge part of the DevOps process, but there are many other aspects to consider. I’ll be talking about how and why DevOps is important to me, and how automation is a part of each of our DevOps steps. We’ll discuss how automation becomes important to each workday by streamlining tasks and leaving time for the more important (and fun) work. We’ll go over why we automate, what we automate, and how we automate. We will have examples of some of the many tools and processes to simplify automation while noting how important choice...
DevSecOps for Managers, Executives, and Mere Mortals
DevSecOps isn’t meant for just Gods and Unicorns, it is for mere mortals as well. One of the challenges we have in using Application Security practices is where to start, how to get value, i.e., be successful with initial efforts, and how to build on that success. The world is being driven more and more by network-connected applications and services that are constantly under attack from the curious and malicious. By simply adding steps to your pipeline, you can iteratively add AppSec practices to your process and dramatically increase the security of your software. Join Tom as he lays out...
DevOps Culture – A Transformational Component for Rapid Value Delivery in the Government
PreviewFor government agencies, value generally flows through layers from the agency itself to various contractors and vendors, and eventually into the hands of the users. For meeting agency missions in a timely manner, it is imperative we build a culture of shared responsibility based on the foundations of DevOps and Lean Agile Leadership to transform how we’ve traditionally delivered products, solutions and services. This cultural transformation fosters a “badge-less society” where value driven collaboration becomes the core for delivering faster and with higher quality. This culture...
Thursday, November 12
Before Disaster Strikes: Training DevOps Engineers for the Worst
PreviewPicture this: you are startled awake in the middle of the night by a phone call from your supervisor. An emergency has occurred in production, and the only description is that a heavily trafficked site is down. You rush to a conference call with five of your colleagues to find that everyone has a different assessment about what the problem is and how to fix it. There’s no plan in place for this, and as the DevOps engineer, the decision and responsibility for fixing the problem is yours. There’s only time to try one of these methods; you have minutes, not hours, to find the issue and...
DevOps Your Amazon Skills
Since 2011 voice assistants have been entering our lives little by little. It wasn't until 2014 that Amazon created the Echo devices with its built-in assistant, Alexa. In 2018 they give us the opportunity for anyone to add functionality through skills, it means to be able to create voice based applications for the first time. Developing an Alexa skill can be a lot of fun, but nobody likes to find negative comments and reviews in order to begin to identify and correct bugs. Skills developers use tests and automation to minimize these risks. In this talk, I will talk about how to test your...
Things We May Never Get Right
When there's no clear right way to solve a difficult problem, how do you avoid getting frozen in indecision? How do you know if you made the right decision? How do you know when a decision that used to be the best one isn't any more, and it's time to try something else?
We're part of a global marketplace developed and operated by multiple squads. We consider ourselves a mature DevOps organization, but there are several things we've really struggled with over the years, and we've even reversed direction at times. For example: Should designers be assigned to one squad for months...
Wednesday, November 18
Blameless Retrospectives in DevSecOps at Global Healthcare Giants
Implementing a scalable DevOps program can seem like an impossible task at times. Add security into the mix and the challenge can appear insurmountable. Organizations around the world have come to realize the potential business impacts of adopting DevSecOps and how it can enable engineers to deliver more value to the market faster. While the prospect of transformation seems alluring, a great number of organizations are still unsure of where to start, what’s involved, how much it will cost and how to achieve success. Discussing our triumphs and tragedies not only bring clarity, but champion...
The Science of Compliance - Early Code to Secure Your Node
We all know that the earlier in the software development process, you start testing, the more money and time you save in the long run. This is the case not only with the coding process, but also with securing your systems. In this talk, we’ll talk about the difference between compliance and security, and how adding compliance is a measurable and repeatable way to make code more secure. We will discuss tools and methodologies for integrating compliance and inserting compliance checking at various places in the development process, starting with a compliant infrastructure, and continuing...
Usability vs. Security: Having Your Cake and Eating It Too
In today’s rapidly changing marketplace, the usability of software is paramount to its adoption and success. However, we also recognize the need for solutions to have resiliency and security. How do you successfully navigate the tradeoffs between usability and security? Simple… you don’t! Instead of choosing one or the other, reject the false tradeoff and instead find ways to embrace both security and usability in your DevSecOps processes. Join Peter Hesse as he discusses strategies for getting security and user experience teams to work closely together, enabling the creation of better...
A Modern Approach to Managing and Securing Your Open Source Dependencies
Ninety-two percent of applications contain open source components. Without careful maintenance, organizations open themselves up to exploits from malicious actors. Known vulnerabilities in an open source library can increase risk of compromise despite a development team’s best efforts and intentions. Relying on scanning tools to point out potential issues is not enough if you don’t also have a strategy in place to ensure those issues can be resolved. In this talk we’ll share a modern approach DevSecOps teams can use to better manage and secure their open source dependencies, ensuring...
Thursday, November 19
So Happy Together: Making the Promise of DevSecOps a Reality
It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application...
DevSecOps: Essential Pipeline Tooling To Enable Continuous Security
As we embrace DevOps to optimize our Agility, we need to move away from slow, manually intensive processes into more of a continuous flow of software into production. Whether we are doing true "Continuous Deployment" straight to production or not, we no longer have time for slow, manual, late-lifecycle security assessments to determine if our code is going to put us on the front page of the newspaper (for the wrong reasons). What we need is the visibility to know that our code is secure enough to pass muster every day. What we need is continuous security.
The DevSecOps movement is...
DevSecOps Culture: Laughing Through the Failures
Rolling out DevOps + Security has its series of pitfalls. In this talk, we’ll explore real-world challenges, sprinkling in a bit of humor on behalf of the Internet, and work out the solutions to how to avoid these pain points using security culture. Examples include individuals with a non-collaborative mindset (not playing nice), security tools that provide zero value in the pipeline, old school thinking concerning requirements, the inability to perform threat modeling at DevOps speed, and many more. You’ll experience what can go wrong, to expose how to do things right.
Go Beyond DevSecOps to Continuous Security
Continuous. If you have been around DevOps for any length of time then you have heard this term. As in Continuous Integration, Continuous Build, Continuous Deployment, Continuous Delivery, Continuous Testing, Continuous Planning among others. Now we are living in a time when personal and data privacy matters more than ever, and so one "Continuous" is rising to the forefront: Continuous Security.
But what really IS Continuous Security? Is it simply a notion of running scans and tests as part of a pipeline and reporting vulnerabilities? We think it is much more then that. For years...