Agile + DevOps West 2023 - Agile Engineering & Development
Tuesday, June 6
Threat Modeling
If it seems as though attacks are always getting better, it’s because they are. Computers, apps, networks, and connected devices are all subject to different types of threats. Systems are facing new threats from things such as voice cloning and computational propaganda. Not to mention the growing importance of threats “at the human layer.” All of this can make it hard to keep up, let alone get ahead of potential threats. So isn’t it time that the threat modeling used by security pros, developers and systems managers evolve? Join Derrick and Tom as they shares their knowledge and experience...
Wednesday, June 7
.jpg%3Fitok=owdvb9yS&sc=99410af1980838bc65014bc2b12db659)
The Art of Defensive Programming
With every commit, the threat landscape increases. One single vulnerability is all a hacker needs. Vulnerabilities have multiple sources, and you must have a plan for securing each potential risk vector and identify vulnerabilities early. In this session, we will describe defensive coding techniques you can use as a daily practice and how you can build a security champion program. We will practically cover ways of identifying security vulnerabilities in your IDE using CodeQL as a Static Code Analysis tool. This is an important step in the pre-commit stage to identify security...
Humanizing Work
Is your favorite flavor of agility resulting in process over people? Is your contribution mired in person hours that inevitably turn into mythical person months? Are human efforts in heroic zeros and ones measured in seemingly pointless (story) points instead of customer, business, and employee value (ROI)? What began as a technology revolution has devolved into frameworks and processes that focus solely on mindless over mindful measuring, tracking, and projecting. And while many organizations find initial success that generates interest and demand for scaling agile and digital...
Are You Scaling Agile or Just Failing Agile?
One of the limitations of standard agile methodologies is that they are designed to operate primarily at the team level, with product owners, developers, testers, and other disciplines working together as a single team. So when you want to adopt agile practices on large programs or within large organizations, you will need to think about how do you scale your agile processes. However, many of the “off the shelf” agile processes are not really agile at all, resulting in organizations breaking one of the cardinal rules of the agile manifesto - individuals and interactions over processes and...
Driving Innovation in Agile Organizations
Pause to innovate, and your company will cease to exist pretty quickly thereafter. In the current business climate, “innovation” should not just be a part of your company’s vision, but it also needs to be embedded in the cultural fabric of your organization and must be practiced relentlessly. As companies brace themselves for agile transformation, one key area that needs the utmost attention is—how to build a culture of innovation that can coexist with the agile delivery framework, or SAFe as we know it. In this session, we will focus on the significance of innovation and how an agile...
What Are Your Automation Strategies?
Everyone in your organization has probably discussed automation at least once. But who is responsible for automation? And what are the automation strategies for your organization? Several factors should be considered before jumping into automation. In this session, Lisette Zounon will share her personal experiences and cover case studies and successful quality transformation. Lisette will also cover what to consider for your automation strategies because it always depends on your organization and what you are trying to achieve. Attendee takeaways from this session include identifying your...
"We're in it Together" and Other Perspectives on Effective Product Development Culture (Circa 2023)
Have you watched those Spotify engineering culture videos? They were trendy and influential in the agile community but that was around nine years ago. What might we say about effective product development culture today? In this keynote, Jason Yip will share a summary of 2023-era effective product development culture based on his eight years at Spotify and 14 years at ThoughtWorks. This will include core beliefs, guiding principles, and core practices. Which ones will align with what you see at your workplace? Which ones will highlight opportunities for improvement? This keynote is not to...
Thursday, June 8
Balancing Agile and Cybersecurity Implementation
Over the past 25 years, software development has changed drastically due to evolving market demands. To respond to these needs, software development teams must reduce their time to market with releases that are more frequent. This has led the industry to move away from the waterfall methodology to agile development methodologies, thus enabling security to be engaged from inception instead of bolted on at the end of the process. While security methodologies rely more on a systematic and requirement-based approach to development much more conducive to the waterfall methodology, we must...
Best Practices: CI/CD with Micro Services
You have finally split your monolith into microservices. How do you validate a complex application and make it scale? Instead of having just one CI/CD pipeline, you have several. And as the number of microservices increases, so does the quantity of pipelines. As an outcome, managing pipelines for microservice applications can get out of hand, especially when you try to reuse common pipeline parts amongst different applications. If you apply monolithic solutions to microservice problems, you will have a bad time. If you treat microservices like monoliths, you’ll end up with thousands of...
Collaborating Effectively as a Tester to Anticipate Defects in Code Review
Júlio de Lima has lost count of the times he's heard people saying that he should start testing as soon as possible when working as an agile tester. However, no one told him how to do this practically. So he started thinking about how to anticipate his tests and managed to find a few ways: 1) Gather refinements and ask questions about quality risks, 2) prepare his testing strategy in advance, and 3) read the code and mentally compile the code and verify that the tests he planned would pass. Júlio can say that #1 and #2 helped him a lot, but #3 had a big impact on the software testing...
What the Titanic Disaster Can Teach Us About Software Quality
An engaging and entertaining session that takes lessons from the Titanic maritime disaster and uses them as jumping off points for lessons about software quality. As an example—on the Titanic, the lookouts did not have access to binoculars, which impacted their ability to see icebergs in time to prevent the disaster. What tools are we missing that allow us to see problems coming? By presenting this topic as a series of stories instead of as a dry set of bullet points, people will take away key details and be able to apply them to their own unique situations.
Migrating Healthcare Data for All 50 States
Is it possible to test millions of healthcare records for the entire country? Sure it is. But what about in an agile environment that requires a quick feedback loop? This session will share a case study on how Dan Reale and his team were up against a tight deadline and struggling to test a data migration. With two testers on their scrum team and constantly shifting requirements, the team tested one state a day for their MVP launch. They realized this was not sustainable if they wanted to test all 50 states, so they implemented an automation framework that could help test faster. Taking...