Loading…
Looking for a specific timezone? We have it covered...
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, October 24
 

03:00

Keynote - Jaya Baloo: Everything is Quantum!
Click to View the Session

As the race for quantum computing systems rapidly evolves, the threat to modern cryptography becomes more pressing. There must be new strategies and clear options to ensure data protection for the near and long term.

The presentation will discuss current developments and projects in this area, which is set against the background of ever more persistent government surveillance.


Speakers
avatar for Jaya Baloo

Jaya Baloo

CISO, KPN Telecom
Jaya Baloo the CISO of KPN Telecom in the Netherlands. She is recognized in 2017 as one of the top 100 CISO's globally. Jaya works with an amazing information security team of highly driven specialists.  Working in the information security arena for the past 18 years, she has wor... Read More →
avatar for Mark Miller

Mark Miller

Co-Founder and Senior Storyteller, All Day DevOps
Mark is the co-founder of the "All Day DevOps" live online conference.He is the Editor-in-Chief of the LinkedIn DevOps Group(56K+ members), Executive Producer of the OWASP 24/7 Podcast Series (210,000+ listens), and Producer of the DevOps tracks at: RSAC 2017/2016/2015, AppSec EU Belfast 2017, InfoSec Europe 2016, and AppSec USA 2016. | | Mark travels the world as the DevOps Evangelist for... Read More →
avatar for Derek Weeks

Derek Weeks

VP, Sonatype
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevSecOps practice... Read More →


Tuesday October 24, 2017 03:00 - 04:00
Keynote: Global

04:00

But We Can't Do That Here!
For some organizations, getting started with DevOps seems impossible. When Dev or Ops is a separate org, oblivious to Agile, overworked, tribal in behaviour, the last champion got fired and you’re a lowly techie… how do you start the movement towards great practices that work for both Dev and Ops?

The introduction of DevOps is often a “wicked” problem to solve, resisting attempts to introduce change. In this talk Liz introduces some of the principles of Cynefin and complexity thinking, showing how to look at multiple contexts, flip negatives into positives, anchor valuable practices, grow great relationships and create safe-to-fail experiments, all backed up with stories from the world of IT.

Find out how you can start making change happen between Dev and Ops… and beyond!

Speakers
avatar for Liz Keogh

Liz Keogh

Lunivore Limited
Liz Keogh is a Lean and Agile consultant based in London. She is a well-known blogger and international speaker, a core member of the BDD community and a contributor to a number of open-source projects including JBehave. She has a strong technical background with almost 20 years... Read More →


Tuesday October 24, 2017 04:00 - 04:45
Cultural Transformation: Europe

04:00

Modern Security Operations (aka Secure DevOps)
We will discuss the what, why and the how of running modern security operations. We will take a look at the pain points in a DevOps life cycle and see the benefits of pragmatic security solutions. Attendees will get an idea about where and how to start devsecops for secure devops pipeline.

This talk is focused on the what, why and the how of running security operations in the modern world. The way attacks are changing and developers are moving ahead with the next generation technologies is blazingly fast. However, traditional operations still exist. It then becomes imperative to make changes in the way security operations should run to defend against attackers and work with developers and modern businesses. In this talk, we will see what are the real world problems faced by organisations, how we can rapidly adapt to changes by modifying the culture and methodologies while relying on processes, tools and techniques.

Speakers
avatar for Madhu Akula

Madhu Akula

Madhu is a security ninja, security and devops researcher with extensive experience in the industry ranging from client facing assignments building scalable and secure infrastructure, to publishing industry leading research to running training sessions for companies and governments alike. | | Madhu's research papers are frequently selected for major security industry conferences including Defcon 24, All Day DevOps, DevSecCon (London, Asia), DevOpsDays India, ToorCon, DefCamp, SkydogCon and NolaCon. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in Feb 2016 | | When he's not working with Appsecco's clients or speaking at events he's actively involved in researching vulnerabilities in open source products/platforms such as WordPress, Ntop, Opendocman etc. and is also a contributing bug hunter with Code Vigilant (a project to Secure Open Source Software). His research has identified many vulnerabilities in over 200 organisations including US Department of Homeland Security, Google, Microsoft, Yahoo, Adobe, LinkedIn, Ebay... Read More →


Tuesday October 24, 2017 04:00 - 04:45
Automated Security: India

04:00

Increasing the Dependability of DevOps Processes
System outages often stem from problems during operations processes, like upgrading software. We have developed an approach and tool framework, Process-Oriented Dependability (POD) to address this challenge in DevOps processes. POD enables fast error detection, root cause analysis, and recovery. In this talk, I will describe the approach, tool, and some key findings. As such, the talk will give a brief, practitioner-oriented overview of 4 years of research.

Speakers
avatar for Ingo Weber

Ingo Weber

Dr. Ingo Weber is a Principal Research Scientist & Team Leader of the Architecture & Analytics Platforms (AAP) team at Data61, CSIRO in Sydney. In addition he is a Conjoint Associate Professor at UNSW Australia and an Adjunct Associate Professor at Swinburne University. H... Read More →


Tuesday October 24, 2017 04:00 - 04:45
Gov/Fed: Australia/NZ

04:00

The Secrets In Our Clouds
Almost everyone realises the benefits of automation opportunities due to the modern infrastructure and practices. Also many of us, struggle to understand what is the secure way of bootstrapping secure ways of sharing secrets in the cloud and clusters.

This talk will start at the point that we already have a cloud infra in place and now we would like to evaluate the best way to bootstrap and share secrets for our production workload.

We will look at things to take care of:
-Are there any alternatives to using Cloud HSMs
-What is the experience of a person who would like to do secret management in the cloud
-How to tackle the fear of everything can go horribly wrong
-Will it be too bad to be stuck with a cloud provider if using their Key Management Solution?

This talk will of interest to people who are responsible for security of the infrastructure, the applications, the underlying data and who prefer not to get their stuff hacked. Also they would like to or are doing secrets management but have a nagging fear that they may not be doing it right.

Speakers
avatar for Akash Mahajan

Akash Mahajan

Director, Appsecco Ltd.
Akash Mahajan | Co-Founder Appsecco | OWASP Bangalore Chapter Leader | null Community Manager | Author Burp Suite Essentials - Have been doing application security for more than 9 years now as "That Web Application Security Guy". - Wrote a book on Burp Suite Pro. This is the to... Read More →


Tuesday October 24, 2017 04:00 - 04:45
Modern Infrastructure: India

04:45

Strategy, Structure, Delivery - Building High Performing DevOps Engineering Teams
Are you integrating DevOps methodology or defining the ROI of DevOps?

Specialist DevOps & Cloud recruiters Jack Moore (Co-organiser of London DevOps) and Chris Monticolombi will be discussing strategy, structure and delivery in the market and how to attract the best technical talent for your teams.

Content of the presentation:
-Industry trends, market & technology analysis (From a hiring perspective).
-Brand identity and attraction including the meetup scene & events (How to position your brand and transformational programmes)
-Structure and efficient process management, including successful on boarding processes to prevent project disruption.
-Enabling teams to understand digital hiring plans which compliment the core business objectives
-Delivering against agreed strategic roadmaps, with a key focus on the challenges in hiring DevOps specialists.

Speakers
avatar for Chris Monticolombi

Chris Monticolombi

DevOps Consultant, La Fosse Associates
Organiser of La Fosse DevOps (Strategic level DevOps meetup focussing on Digital transformation) | | 2 years DevOps, infrastructure and opensource recruitment experience (Started the La Fosse DevOps practice) | | One of the leading DevOps recruiters in the market, including... Read More →
avatar for Jack Moore

Jack Moore

DevOps Specialist Recruiter, La Fosse Associates
Co-organiser of London DevOps (4500+ active members) | | 5 years DevOps & opensource recruitment experience (3 leading DevOps practices) | | One of the leading DevOps recruiters in the market, including an endorsed network | | Advanced technical and industry knowledge (A... Read More →


Tuesday October 24, 2017 04:45 - 05:30
Cultural Transformation: Europe

04:45

ABN AMRO Transforms with CI/CD to Accelerate Software Delivery and Improve Security
The focus will be how to deal with automated code quality, secure coding and OSS library management in CI pipelines.

ABN AMRO Bank is focusing on code quality and secure coding. This talk will explain how this is implemented in CI pipelines and what governance is implemented to ensure security.

Speakers
avatar for Stefan Simenon

Stefan Simenon

Head of IT Tooling & Software Development, ABN AMRO Bank N.V.
Stefan Simenon studied physics and information technology at Technical University/Eindhoven. He has been working in IT at ABN AMRO since 1997 and has held a wide range of roles, including programming, testing, design, project management, service delivery management, global service delivery, service management and vendor management. Stefan has been head of COE tooling and COE software development since 2014 and is currently responsible for tools, software quality and CI/CD implementation within ABN... Read More →


Tuesday October 24, 2017 04:45 - 05:30
Automated Security: Europe

04:45

Building Technical and Organizational Confidence Through Automated Deployments
UWV is a Dutch government agency responsible for the collection and payment of social security for all employees and for helping unemployed people (back) to work. As it is spending taxpayer money on critical social benefits, UWV is subject to intense public scrutiny. 

Delivering mission-critical software without failure is one of the core themes, especially since every unavailability of their applications generates lots of negative publicity. Our 3 main KPI’s are availability, stability and performance. 

When you want to implement DevOps, you will have some challenges. When you are a government agency that wants to implement DevOps, you will have some extra challenges. 
This presentation is about our journey and how we managed the extra challenges. It will give the audience advice about how to pave the way for DevOps in a risk averse government agency.

Speakers
avatar for Mieke Deenen

Mieke Deenen

Project Manager, Deployment Automation, UWV
Mieke is an independant consultant leading innovative change projects for industrial and governmental organizations. In her current role, she is implementing DevOps for UWV, the dutch government organization responsible for collection and payment of social security benefits (unem... Read More →


Tuesday October 24, 2017 04:45 - 05:30
Gov/Fed: Europe

04:45

Ultimate Guide to Microservice Architecture
In this session I will provide best practices about microservice architecture. I will use Spring Boot for application development, Consul for service discovery, Elasticsearch & Kibana for Monitoring, Docker & Jenkins for Continous Delivery. Also I will mention about new test approach of Spring Boot, also I will give brief information about CQRS.

Speakers
avatar for Hüseyin Babal

Hüseyin Babal

Full-Stack Software Engineer, Kloia
Currently working as Software / DevOps Consultant at Kloia, Chief Software Architect at Aurea Software. Google Developer Expert on Web Technologies, Tuts+ and Java Code Geeks Author, Java, Node.js Developer, Docker performer, Building Highly Available and Scalable Systems, GDG Co... Read More →


Tuesday October 24, 2017 04:45 - 05:30
Modern Infrastructure: Middle East

05:30

Keeping Track of Your CI/CD Mess

When your CI/CD is adopted massively by your company, it can lead to thousands of jobs generating information all the time about your commits:

  • change logs
  • results of builds
  • results of pipeline validation tests
  • quality results
  • deployments on different platforms
  • release statuses
  • etc.


And then, you want in turn to use this information to:

  • get an overview of the quality of your pipelines
  • get detailed information about your tickets and commits, and the qualifications they went through
  • get metrics about your CI/CD
  • generate change logs automatically


While your CI/CD engine, like Jenkins, can provide some basic insight on this abundance of data, we have found useful to use specialised tooling to collect and to exploit this information.

In this talk, I’ll explain how we collected the data over almost 10,000 jobs, commit after commit, build after build, how we stored it and used it in turn to extract useful information and to inject this data as feedback into our pipelines.


Speakers
avatar for Damien Coraboeuf

Damien Coraboeuf

Continuous Delivery Expert, Multipharma, Clear2Pay
I’ve started many years ago in the Java development before switching progressively toward continuous delivery aspects. I’m now a consultant implementing CD solutions based on Jenkins. Implementation of the Pipeline as Code principles have allowed one of my clients to be able... Read More →


Tuesday October 24, 2017 05:30 - 06:15
Continuous Everything: Europe

05:30

Microservices: The Organisational and People Impact
Microservices are where it’s at. Everything is easier to manage when it’s smaller, right? ‘Micro’ things may appear to be easier to manage, but there is always a macro context, and working with people and teams is no exception. Join this session to learn more.

Microservices are where it’s at. Everything is easier to manage when it’s micro, right? Micro code bases (less than 10 LOC), micro containers (less than 10Mb), and micro teams (less than one person???). ‘Micro’ things may appear to be easier to manage, but there is always a macro context, and working with people and teams is no exception. This talk presents some of the challenges the OpenCredo team have seen when implementing microservices within a range of organisations, and we’ll suggest tricks and techniques to help you manage your ‘micro’ teams and the ‘macro’ level.

Topics covered include: leadership - advice on creating shared understanding, conveying strategy, and developing your team; empathy - because understanding others is at the heart of everything you do; organisational structure - from Zappos’ holocracy to MegaOrg’s strict hierarchy, from Spotify’s squads, chapters and guilds, to BigCorp’s command and control. There is a management style for everybody; and more.

Speakers
avatar for Daniel Bryant

Daniel Bryant

Reporter, Big Picture Tech
Daniel Bryant is leading change within organisations and technology. His current work includes enabling agility within organisations by introducing better requirement gathering and planning techniques, focusing on the relevance of architecture within agile development, and facili... Read More →


Tuesday October 24, 2017 05:30 - 06:15
Cultural Transformation: Europe

05:30

DevSecOps and the DevOps Superpattern
The DevOps Superpattern expresses how the collective body of knowledge takes key thinking from principles such as Safety Culture, Learning Organisations, Agile, Lean, ITSM, Holacracy and The Theory of Constraints & delivers a methodology we can use practically to drive principles such as DevSecOps.

DevOps has become so much more than just a way to help IT development and operations teams work better together. It has broadened to include the whole business value stream and may be better expressed as BizIT. The DevOps Superpattern seeks to express how many systems of thinking are evolving and converging to produce a set of best practices that aid us in delivering better outcomes to customers, faster and more safely. Safety Culture is a critical converging strand and one that drives DevSecOps capability ensuring the right levels of governance are in place to mitigate risk around failure, including cyber-security.

Speakers
avatar for Helen Beal

Helen Beal

DevOpsologist, Ranger4
Helen has 20 years experience working in the technology industry with a focus on the Software Development and Delivery Lifecycle for a wealth of cross industry clients in the UK and abroad. Helen is passionate about DevOps and is the creator of the Ranger4 DevOps LiftOff Workshop... Read More →


Tuesday October 24, 2017 05:30 - 06:15
Automated Security: Europe

05:30

What Quality Means to Singapore’s Government Digital Services

Software quality is crucial for product development, especially in Government Digital Services (GDS) in Singapore, where creation of value-added products for citizens and various government agencies takes place.

Manual testing takes up a lot of time and labour. Imagine If you could cut half the manpower required to conduct manual testing, replace a major part of the testing procedure with automated testing and let your CI server do all the work. Sounds too good to be true? Well, it’s not.

In this session, you will get a high level view as we walk you through the different CI/CD processes and open-source automation testing tools (for both mobile and web) that are utilised by GDS on a day-to-day basis.

Some of the biggest takeaways are: - An overview of a complete and working CI/CD pipeline - Which automation testing tools have been tried, tested and proved to work for us - How we integrate these tools as one to make them portable and easy to set up for our users - How to enable testing at scale with one single package - Writing Robot Framework tests - Work in progress: building features on top of the test automation frameworks to make testing easy to write and maintain.


Speakers
avatar for Jiamin Ong

Jiamin Ong

Government Technology Agency of Singapore
A curious intern at Government Technology Agency of Singapore (GovTech), and a final-year undergraduate from Singapore Institute of Technology. I am currently situated in Hive, where the awesome bunch of people from different development teams of Government Digital Services can b... Read More →


Tuesday October 24, 2017 05:30 - 06:15
Gov/Fed: SE Asia

05:30

Understand Immutable Infrastructure: What? Why? How?
Why everybody is speaking about Immutability? Immutable infrastructure? The All IT automation ecosystem need to rely on the append only, remove historical management of servers. This talk explain what is immutable infrastructure, how to build it, and how to manage data in this infrastructure pattern. It will cover pattern to use it on containers or virtual machine world.

Speakers
avatar for Quentin Adam

Quentin Adam

CEO, Clever Cloud
Quentin ADAM is the CEO of Clever Cloud: a Platform as a Service company allowing you to run java, scala, ruby, node.js, php, python or go applications, with auto scaling and auto healing features. This position allow him to study lots of applications, code, practice, and extract... Read More →


Tuesday October 24, 2017 05:30 - 06:15
Modern Infrastructure: Europe

06:15

Creating An Appsec Pipeline With Containers In A Week: How We Failed and Succeeded
Join us on our adventure of setting up a appsec pipeline with docker containers. What did go wrong, how did we succeed? How do you fight false positives and how do you get the best out of the products out there without bothering the development teams too much.

The goal of the presentation: to inform other developers, risk-managers and devsecops on how one can easily create an Appsec pipeline and which pitfalls there are when it comes to automated testing. The presentation is about how we created an appsec pipeline using a set of docker images (Threadfix, burp, zap, etc.), with a stateless jenkins machine using the Job-DSL. Our job was to create an appsec pipeline that would both provide the security/risk team feedback as well as the developers. The nice thing was that we had to create a demo-pipeline in a week and during this work-intensive week we leanred a lot (false positives from the tools, Threadfix workings, alternatives such as using Mittn and BDD-security on top of ZAP/Burp), how test-mocks spoiled our security tests, how untestable APIs had to be guarded and still manually tested and much more.

Speakers
avatar for Jeroen Willemsen

Jeroen Willemsen

Jeroen is a security architect with a passion for mobile and risk management. He loves to work on secure building blocks, security automation pipelines and embedding information security risk management controls in an agile environment. He is dedicated to help developers... Read More →


Tuesday October 24, 2017 06:15 - 07:00
Continuous Everything: Europe

06:15

Introducing DevOps into an Enterprise
Introducing DevOps into an enterprise is different to being in the agile start-up space. It requires cultural change, a roadmap and finding unique ways of keeping your people, processes and technology at the heart of your transformation.

If somebody had told me how difficult it would be to implement DevOps into a large Enterprise organisation, I think I may not have accepted the role. So not being one to shy away from a challenge, in this presentation, I will give you my top lessons learned, share a few stories of what worked well for us and what was the hardest cultural change required (it’s not always internal teams). These are real lessons from the messy trenches of the DevOps battle to change how Software Factories of the future operate. You will go away having a few new idea’s to try.

Speakers
avatar for Clinton Elston

Clinton Elston

GM - DevOps & Cloud, TUI
Clinton Elston GM of DevOps & Cloud at TUI UK&I. With over 25 years of international IT experience, Clinton has worked in a diverse range of industries in the UK, including Banking, Retail, Defense and Healthcare. Clinton has advised numerous businesses on various disciplines suc... Read More →


Tuesday October 24, 2017 06:15 - 07:00
Cultural Transformation: Europe

06:15

Continuous Patch and Security Assessment with InSpec
Best-practices for server hardening and patching have been in place for decades. Nevertheless, it is still very cumbersome to enforce those rules continuously and many servers are still unsecured in 2016. DevOps tools like Chef, Puppet or Ansible help to enforce secure configuration, but they cannot fully assess a state of a machine e.g. you cannot easily verify if something is not installed. InSpec is here to help. It is an open source tool for infrastructure, security and compliance testing. InSpec’s DSL is a human and machine-readable assessment language that is extendable and customizable. Since testing can be fully automated with InSpec, companies are enabled to assess and enforce secure configuration across their IT fleet. Integration with CI/CD systems allows continuous testing in high-velocity organizations. This talk will give an introduction to InSpec and demonstrate how patch and security level can be assessed in CI/CD and production environments.

Speakers
avatar for Christoph Hartmann

Christoph Hartmann

Christoph is a leading the compliance engineering at Chef, and founder who spent the last decade building complex software and infrastructure systems. He is the co-founder and creator of InSpec, Chef Compliance, and the dev-sec.io project. Prior to this, Christoph was res... Read More →


Tuesday October 24, 2017 06:15 - 07:00
Automated Security: Europe

06:15

Event Driven Microservices
Scalability, fault tolerance, high throughput and low latency … these are terms which we here more and more these days. Most of us will say that the answer to these are the microservice, and they are right, but make them happen is quite a challenge especially if our business need to be data intensive, agile and fast to market.

But these microservice, as they name say, are small services that communicate to each other to deliver business value. The key word here is communication. Without communication all the power of microservices falls apart. And communication is not trivial, especially when involves multiple systems that are talking to one another over many channels. Each of the channel requiring their own protocol and communication methods. This is where communication can become a bottleneck if not handled properly.

One answer to this problem is REST, and up to a certain level is a good fit. We will show you why an event-based approach could suit you better. And if we are talking about even-driven approach … well one of the fastest things out there is Apache Kafka, so we will show you some advantages of using it as your central event bus. This presentation will show you an alternative way of doing microservices with event-driven architecture through Kafka.

Speakers
avatar for László-Róbert Albert

László-Róbert Albert

Chief Software Architect, Jive Software
I'm an enthusiastic Java developer. I worked hard on backend systems over the last 10+ years, solving technical challenges of a broad range of enterprise Java applications as a developer. During these years I have had the chance to learn to handle Java's performance in ways most... Read More →


Tuesday October 24, 2017 06:15 - 07:00
Modern Infrastructure: Europe

07:00

Stating the Obvious: Adding Performance and Scalability Tests to Your Continuous Integration Pipeline
Performance and scalability are core quality attributes of any system; unit testing, integration testing, UI testing, they all focus on functional requirements. Good performances mean happy users, less resource usage which translates to lower running costs (power, cloud bills) and customer retention. In this session we will recall some basic concept of performance testing and demonstrate by adding specific test to an VSTS build of a simple ASP.NET Core application running on Azure.

Speakers
avatar for Giulio Vian

Giulio Vian

NOLBEJ
Giulio's passion started with a TI-57, quickly followed by a Sinclair ZX80, an Apple II. After a degree and long years consulting lots of customers on Microsoft technologies, he is now focused on Application Lifecycle Management (ALM) and DevOps themes; in spite of what you... Read More →


Tuesday October 24, 2017 07:00 - 07:45
Continuous Everything: Europe

07:00

Taking Back “Software Engineering”
Would you fly in a plane designed by a craftsman or would you prefer your aircraft to be designed by engineers? Engineering is the application of iterative, empirical, practical science to real-world problems. Craftsmanship is a wonderful thing, and as a reaction to the terrible abuses of the term Engineering in software development Software Craftsmanship has helped in our learning of what really works.

The term “Software Engineering” has gained a bad reputation. It implies “Big up-front design” and “Mathematically provable models” in place of working code. However, that is down to our interpretation, not a problem with “Engineering” as a discipline.

In recent years we have discovered what really works in software development. Not everyone practices approaches like Continuous Delivery, but it is widely seen as representing the current state-of-the-art in software development. This is because at its root CD is about the application of an iterative, practical, empirical, maybe even science based approach to solving problems in software development. Is this a form of software engineering?

Software isn’t bridge-building, it is not car or aircraft development either, but then neither is Chemical Engineering, neither is Electrical Engineering. Engineering is different in different disciplines. Maybe it is time for us to begin thinking about retrieving the term “Software Engineering” maybe it is time to define what our “Engineering” discipline should entail.

Speakers
avatar for Dave Farley

Dave Farley

Continuous Delivery Ltd.
Dave Farley is a thought-leader in the field of Continuous Delivery, DevOps and Software Development in general. He is co-author of the Jolt-award winning book 'Continuous Delivery' a regular conference speaker and blogger and one of the authors of the Reactive Manifesto... Read More →


Tuesday October 24, 2017 07:00 - 07:45
Cultural Transformation: Europe

07:00

Testing Docker Images Security
Docker is a great technology that allows developers to build and deploy the infrastructure of an application in one source code image, but, security is one of the biggest challenges. In this talk, we present the best practices and lessons learned of security reviews on docker images deployments.

While configuration management with docker offer many advantages in terms of single point of maintenance, security testing and the ability to perform security audits, they are also an attractive target for attackers as they can be used to gain control of the full software stack and sometines you have to make an additional work to harden your Docker based environment and make it more secure.

In this talk, we present the lessons learned of security reviews on docker images deployments. First, we give an overview of a typical process docker deployment. Second, we explain the attack surface and threats over docker images. Third, we present how we can detect vulnerabilities in source images with code analysis techniques. We conclude with best practices explaining how to remediate these vulnerabilities.

These could be the main talking points:

1-Introduction to docker security ecosystem,examining the main parts of a docker application.

2-Tools for auditing docker images for detecting vulnerabilities like docker-bench-security and lynis

The target of these tools is detect potential vulnerabilities in docker images/containers and to monitor running docker containers for detecting anomalous activities.

3- Other tools for testing the security of a docker container.

We can use tools such as Jenkins/TravisCI for automated testing, and Coveralls to ensure all lines of code inside docker image are tested.

4-Security best-practices around deploying Docker containers in production.

Speakers
avatar for Jose Manuel Ortega

Jose Manuel Ortega

My career has been focused from the beginning to specialize in application security. My strengths live on at the technical level by the type of training that I have received in recent years and the projects where I have worked. In recent years Im interesting in mobile application... Read More →


Tuesday October 24, 2017 07:00 - 07:45
Automated Security: Europe

07:00

Infrastructure As Code On AWS
Managing infrastructure as code, instead of hardware, is key to scaling software organizations. Cloud APIs and automation tools can bring many techniques from software engineering to platform operation, including version control, automated testing, configuration management and reliable duplication.

Managing infrastructure as artifacts of code, instead of hardware, is key to scaling software organizations. Cloud APIs and automation tools can bring many techniques from software engineering to platform operation, including version control, automated testing, configuration management and reliable duplication. Programmable infrastructure becomes invaluable as organizations and applications scale and decomposes.

Automating the provisioning, configuration and deployment of complex applications requires some design choices on top of AWS services. Specifically, when some resources are shared among tenants, such as databases, and others dedicated, such as distributions, these automations can become quite complex. Learn how to automate complex multi-tenant applications using CloudFormation and other tools from Amazon Web Services.

Speakers
avatar for Julio Machado Faerman

Julio Machado Faerman

AWS
Julio is a software engineer and educator, fascinated by learning processes - machine and human. Cares for Developer Relations at Amazon Web Services, presenting the greatest and latest from the cloud and bringing back user experiences. Before that, worked at Red Hat, Borland, Go... Read More →


Tuesday October 24, 2017 07:00 - 07:45
Modern Infrastructure: Europe

07:45

There is No Root Cause: Emergent Behavior in Complex Systems

Once upon a time, our systems were simple. A server, an app, some code. Troubleshooting was simple… or was it? In the most basic environment, people, process, and systems interact in complex ways. Root Cause Analysis has been misleading teams for decades, and it is time we put it finally to rest.

What went wrong? Why does this always happen? How can we ensure it Never Happens Again? For most of the internet age, engineering teams have focused on finding a cause of an outage. A belief existed, and persists, that all errors or behaviors can be traced back to a single causal entity. The Root Cause Analysis is conducted in service of finding that entity, and correcting it. By doing so, we have been taught, we prevent recurrence of the error in question.

Much of RCA thinking comes from manufacturing and electrical systems, where simple causality can exist. An oft failing fuse is caused by poor wiring. In computing environments, there is rarely so simple a cause. Within even the simplest application nest dependencies, logic, bottlenecks, and inefficiency. By wrapping that application in an operating system, on a server, on a network, on the internet, managed by process, actioned by people we add enough complexity to force us to reconsider the Root Cause Analysis approach.

Modern tools and practices, like DevOps, enable engineering teams to adopt significant complexity at relatively low operational cost. Once unthinkable, microservice architecture in a public cloud environment is now a common choice for new software projects. Consider, for a moment, the layers of complexity captured in that decision. Now consider how opaque the agents in those systems are to the operators (us).

Emergence is a phenomenon whereby larger entities arise through interactions among smaller or simpler entities. In theory, complex systems exhibit highly unpredictable behavior, and generate surprising patterns. In practice, teams operating complex engineering systems always see deeply interrelated causality - a blend of people, process, and the systems themselves. So why do we still focus our after action analysis on a Single Cause?

In this talk, we’ll explore these conflicting realities for incident management teams. Attendees will learn about differences between Root Cause Analysis, and more techniques like Postmortem. While this is a technical talk with examples of both simple and complex infrastructures, much time will be spent considering the impacts of people and process to those same systems. Attendees will leave with some actionable ideas to bring back to their teams to improve their own after action analysis activities.


Speakers
avatar for Matthew Boeckman

Matthew Boeckman

Owner, Dryas
Matthew is an 18 year veteran building infrastructure and leading engineering teams. Despite his heavy Ops background, Matthew has been a longtime friend of Developers and considers DevOps his primary passion and focus. Most recently VP of Infrastructure at Craftsy, Matthew now o... Read More →


Tuesday October 24, 2017 07:45 - 08:30
Continuous Everything: USA/Central

07:45

Work in Progress: The Quantum State of "Done" in DevOp
Getting to “done” is a critical enabler to releasing reliable code on time, and it’s easy to proclaim “done” just to move on. The problem is, exactly what “done” means is tricky…or is it?

As engineers, we love to take things apart and build; but we don’t always close well, accruing tech debt without realizing the total cost to the business in terms of confidence and velocity. Continuous delivery preaches that we must march onward, but without clean hand-offs and consistent automation, we simply run into a wall of unplanned work faster than ever.

A paradox of the DevOps mindset is that we need to both close well on work items while maintaining continuous work flow and improvement. Like the world of the tiny quanta, when measured our work seems to be either in one state (done) or the other (not done), but at the macro level follows a very different set of dynamics. Managing work-in-progress (WIP) limits at the individual, team, and organizational levels requires that we must carry the importance of “done” into our DevOps automation practices to cover critical aspects of quality in every line of code we deploy.

In this session, Paul Bruce of Growgistics will discuss the impact of implementing right-fit definition(s) of done over various types of work that flow through your team’s boards, pipelines, and production systems. We’ll cover how to:
  • Keep WIP limits in check through personal “done-ness” katas
  • Efficiently manage expectations for when work might not be “done” on time
  • Implement multiple definitions of done aligned with risk and schedules
  • Reduce inefficiencies in work flow that lead to “done” slippage
  • Improve release confidence with better performance and acceptance criteria

Speakers
avatar for Paul Bruce

Paul Bruce

Founder, Growgistics
Paul Bruce is a DevOps Advocate, helping to transform software teams and practices through cultural, technical, and process advisement. He has previously worked as a full stack developer, a site reliability engineer, and in API developer relations. He is currently an IEEE working... Read More →


Tuesday October 24, 2017 07:45 - 08:30
Cultural Transformation: USA/East Coast

07:45

10 Ways Kubernetes Enables DevOps
DevOps adoption has increased rapidly over the last few years and with it the guidelines, practices, and tool that support this journey. Nevertheless, finding the right path towards DevOps is challenging for most organizations. In this session, we will discuss why containers and container orchestrators have proven to be a key enabler for DevOps practices with examples from real-world implementations and furthermore, you will learn about 10 ways that Kubernetes is helping teams to get ahead in their DevOps initiatives.

Speakers
avatar for Siamak Sadeghianfar

Siamak Sadeghianfar

Principal Technical Marketing Manager, OpenShift, Red Hat
Siamak Sadeghianfar is a DevOps Evangelist at Red Hat and speaks at a wide array of industry events such as, ClusterEurope, DevOps Helsinki, Cloud Native Con Seattle, and IDC Directions. He strives to educate IT professionals, customers and partners on all aspects of application... Read More →


Tuesday October 24, 2017 07:45 - 08:30
Modern Infrastructure: Europe

09:00

Keynote - David Robertson: The Power of Little Ideas
Click to View the Session
Conventional wisdom today says that to survive, companies must move beyond incremental, sustaining innovation and invest in some form of radical innovation. "Disrupt yourself or be disrupted!" is the relentless message company leaders hear.

"The Power of Little Ideas" argues there's a "third way" that is neither sustaining nor disruptive. This low-risk, high-reward strategy is an approach to innovation that all company leaders should understand so that they recognize it when their competitors practice it, and apply it when it will give them a competitive advantage. 

Moderators
avatar for Mark Miller

Mark Miller

Co-Founder and Senior Storyteller, All Day DevOps
Mark is the co-founder of the "All Day DevOps" live online conference.He is the Editor-in-Chief of the LinkedIn DevOps Group(56K+ members), Executive Producer of the OWASP 24/7 Podcast Series (210,000+ listens), and Producer of the DevOps tracks at: RSAC 2017/2016/2015, AppSec EU Belfast 2017, InfoSec Europe 2016, and AppSec USA 2016. | | Mark travels the world as the DevOps Evangelist for... Read More →

Speakers
avatar for David Robertson

David Robertson

David Robertson is a Senior Lecturer at the MIT Sloan School of Management, where he teaches Innovation and Product Design. Dave is also the host of the weekly radio show "Innovation Navigation", a live show on SiriusXM Channel 111 where David interviews world-renowned thought leaders about the management of innovation... Read More →


Tuesday October 24, 2017 09:00 - 10:00
Keynote: Global

09:50

How We Went From 40 Days to 3 Building Crystal Clear Test Cases While Improving Test Coverage
Our development teams share many of the same challenges producing quality software as our customers. Requirements are often vague and the assumption is made that everyone in the room is thinking of the business solution in the same way. Our tests on existing application functionality were simply inadequate. Some areas were over tested, others under. And as quickly as things changed, it was hard to really know if tests were current.

In this session I take you on our journey of how we introduced collaborative modeling between our product owners and engineers to drive extreme clarity around requirements during backlog refinement, before a story was picked up for a sprint. I’ll share with you ways you can build out a requirements model to generate a set of test cases that can fully cover the acceptance criteria for your stories.

In this session I take you on our journey of how we introduced collaborative modeling between our product owners and engineers to drive extreme clarity around requirements during backlog refinement, before a story was picked up for a sprint. I’ll share with you ways you can build out a requirements model to generate a set of test cases that can fully cover the acceptance criteria for your stories.

The result: We reduced the time it took to build out regression test cases from 40 days to 3! And we improved test coverage with less test cases as well. This 30-minute session could help you save weeks and months of lost productivity.

Speakers
avatar for Stephen Tyler

Stephen Tyler

VP, Software Engineering, CA Technologies
Hello reader. Like you, I have an exciting career in software development spanning a wide range of industry sectors and technologies, supplemented with an MBA and entrepreneurial experience as a founder of a startup. I am driving DevOps initiatives at CA Technologies and I'm exci... Read More →


Tuesday October 24, 2017 09:50 - 10:30
Continuous Everything: USA/Central

09:50

Control Without Being Controlling: Minimum Viable Change Management
How much Change Management is “just enough” in order to enable faster, more frequent, more automated releases while still meeting governance, risk and compliance requirements? This session will explore innovative way to create a “minimum viable” Change Management process that enables DevOps.

How much Change Management is “just enough” in order to enable faster, more frequent, more automated releases while still meeting governance, risk and compliance requirements? Too often, DevOps squads, agile software developers and automated pipelines are frustrated and delayed by the rigorous timeframes and controls built into Change Management policies.

In its purest intent, Change Management was never meant to be a constraint. It’s primary purpose is to enable innovation, intelligent risk taking and to always be able to answer the question “what changed?” when incidents occur. Change Management was not meant to be a one-size-fits-all process and major bodies of knowledge such as ITIL encourage a tiered approach. Unfortunately, in command and control waterfall environments, this guidance may have been confusing or overlooked. This session explores innovative ways to create a flexible Change Management process that adapts to the scope and risk of various types of changes. The session will help attendees seek a “minmum viable process” approach that seeks the right level of control based on the governance, risk and compliance requirements of the customer and organization. Topics to be covered - Nurturing a culture of change - How much is “just enough” change control? - Empowering decision authorities including peer reviews - The power of the Standard Change and risk models - Using automation and CI/CD to lower risk and provide compliance evidence - Building a bridge between Dev/Ops and Change Management.

Speakers
avatar for Jayne Groll

Jayne Groll

CEO, DevOps Institute
Jayne Groll is co-founder and CEO of the DevOps Institute (DOI). Jayne carries many IT credentials including ITIL Expert, Certified ScrumMaster, Certified Agile Service Manager, DevOps Foundation and is a Certified Process Design Engineer (CPDE). Her IT management career spans ov... Read More →


Tuesday October 24, 2017 09:50 - 10:30
Cultural Transformation: USA/East Coast

09:50

A Tale of Three Horses
We all envy the unicorns like Amazon, Netflix, and Google. They have it all figured out and are light years ahead of the rest of the pack. However, most traditional organizations, which are called horses, have a hard time adopting Agile and DevOps approaches.
This talk will explore security challenges that common organizations encounter as part of their digital transformation journey and show that DevOps is a perfect opportunity to embed security throughout this journey.

Speakers
avatar for Stefan Streichsbier

Stefan Streichsbier

Stefan has been focusing on information security since 2003. He is passionate about analyzing complex applications through architecture, design and source code reviews and improving their security posture. At Numisec he is working on revolutionary approaches of integrating securi... Read More →


Tuesday October 24, 2017 09:50 - 10:30
Automated Security: SE Asia

09:50

The Journey to DevSecOps at DHS USCIS
In this session, get to know how the Department of Homeland Security’s USCIS division started on their journey towards a true DevSecOps culture, enabled by the adoption of an enterprise container platform. Hear from the heads of Development, Operations, and Security to get a deeper perspective from each discipline on how they viewed and embarked upon their goal of modernizing the USCIS culture, its people, its processes, and its tools to better meet the mission at DHS. You’ll learn about where they began, challenges faced, successes realized, and the strategies they used to overcome common organizational hurdles in the process towards container adoption and a DevSecOps culture.

Speakers
avatar for Robert D. Brown

Robert D. Brown

Division Chief, DHS USCIS
Robert is a DHS USCIS Branch Chief within SDD OIT modernizing applications and services. Previously a Cloud Solutions Developer with Booz Allen Hamilton with 14 years of experience providing technical, managerial and business development solutions to the IT industry --- Robert ha... Read More →
avatar for Steve Grunch

Steve Grunch

DHS USCIS
Steve is a DHS USCIS Branch Chief within EIT OIT providing technical management of cloud infrastructure platforms.  Previously an infrastructure environment manager with ICF International –Steve has focused on modernizing the deployment and operations of infrastructure services. ... Read More →
AM

Adrian Monza

Chief, Cyber Defense Branch, DHS USCIS


Tuesday October 24, 2017 09:50 - 10:30
Gov/Fed: USA/East Coast

09:50

Team Topologies – How and Why to Design Your Teams for Modern Software Systems
For effective, modern, cloud-connected software systems we need to organize our teams in certain ways. Taking account of Conway’s Law, we look to match the team structures to the required software architecture, enabling or restricting communication and collaboration for the best outcomes.

This talk will cover the basics of organization design, exploring a selection of key team topologies and how and when to use them in order to make the development and operation of your software systems as effective as possible. The talk is based on experience helping companies around the world with the design of their teams.

Takeaways:
  • The implications of Conway’s Law for software teams
  • Cognitive Load for teams
  • Effective team topologies
  • Team evolution

Speakers
avatar for Matthew Skelton

Matthew Skelton

Co-founder and Principal Consultant, Skelton Thatcher Consulting Ltd
Matthew Skelton has been building, deploying, and operating commercial software systems since 1998. Co-founder and Principal Consultant at Skelton Thatcher Consulting (http://skeltonthatcher.com/), he specialises in helping organisations to adopt and sustain good practices for building and operating software systems: Continuous Delivery, DevOps, aspects of ITIL... Read More →


Tuesday October 24, 2017 09:50 - 10:30
Modern Infrastructure: Europe

10:30

Becoming a Plumber: Building Deployment Pipelines
A core part of our IT transformation program is the implementation of deployment pipelines. Attendees will learn how to build abstract pipelines that allow multiple applications to fit the same basic pipeline structure. This has been a big win for injecting change into our system.

Attendees will learn how to build abstract pipelines that will allow multiple types of applications to fit the same basic pipeline structure. Attendees will be introduced to high-level diagrams and sample source code as well as lessons learned.

Speakers
avatar for Daniel Barker

Daniel Barker

DevOps Engineer, DST Systems
Dan spent 12 years in the military working on fighter jets, like the F-16. as a mechanic before transitioning to a career in technology as a Software Engineer, then a DevOps Engineer, and now a Software Development Manager. He‰Ûªs leading a team of engineers dedicated to bringing... Read More →


Tuesday October 24, 2017 10:30 - 11:15
Continuous Everything: USA/Central

10:30

Breaking Bad Equilibrium
Speakers
avatar for John Willis

John Willis

Docker
John Willis has worked in the IT management industry for more than 35 years. Currently he is an Evangelist at Docker Inc.   Prior to Docker Willis was the VP of Solutions for Socketplane (sold to Docker) and Enstratius (sold to Dell). Prior to to Socketplane and Enstratius Willis was the VP of Training... Read More →


Tuesday October 24, 2017 10:30 - 11:15
Cultural Transformation: USA/East Coast

10:30

The DevSecOps Dilemma
DevOps believes in intelligent agents. Security assumes the worst of intentions. Both risk an imbalance of trust. The Prisoner’s Dilemma and the devSecOps Dilemma, defined as a lack of cooperation that stems from a lack of trust in an over-competitive environment, have the same flaw: There’s not a game position that’s safe for everyone because of obliviousness or malicious intent. A low trust cooperative game state is emerging as a result of this conflict. In a devOps world everyone means Everyone both internally and externally. This includes the unique identities, teams, their organization, the customers that keep them in business, and even their perceived competition.

This presentation will discuss a Nash equilibrium forming as a result of the tension between security and high trust devOps environments, the complementary set operations found outside the equilibria, and provide ecological examples of these adaptations. We’ll also take a look at the technologies we need to automate our environments & how moving with agility ends up making us safer in the long run.

Speakers
avatar for Chris Corriere

Chris Corriere

Autotrader
My primary role at Autotrader is centered in build automation, metrics, & data visualization. My background in mathematics and engineering has helped me learn how to troubleshoot particularly difficult problems, so I get tagged in on other items across Cox Automotive from time to time. I write for devOps.com but have been on an extended break while I'm finishing a paper on a cybernetics model I've been developing. I also M.C. and organize devopsdays Atlanta, speak at various in Atlanta, other states... Read More →


Tuesday October 24, 2017 10:30 - 11:15
Automated Security: USA/East Coast

10:30

DevOps, Government Policy, and You
Speakers
avatar for Joshua Corman

Joshua Corman

Founder, I am The Cavalry
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the... Read More →


Tuesday October 24, 2017 10:30 - 11:15
Gov/Fed: USA/East Coast

10:30

Terraform at Scale
Terraform, is no doubt very flexible and powerful. The question is, how do we write Terraform code and construct our infrastructure in a reproducible fashion that makes sense? How can we keep code DRY, segment state, and reduce the risk of making changes to our service/stack/infrastructure?

HashiCorp’s infrastructure management tool, Terraform, is no doubt very flexible and powerful. The question is, how do we write Terraform code and construct our infrastructure in a reproducible fashion that makes sense? How can we keep code DRY, segment state, and reduce the risk of making changes to our service/stack/infrastructure?

This talk describes a design pattern to help answer the previous questions. The talk is divided into two sections, with the first section describing and defining the design pattern with a Deployment Example. The second part uses a multi-repository GitHub organization to create a Real World Example of the design pattern.

Speakers
avatar for Jonathon Brouse

Jonathon Brouse

Jon hails from South Central Jersey. He is passionate, tenacious, and a self proclaimed info-junkie. He enjoys playing hockey, taking walks with his dog, and enjoying artsy fartsy things with his girlfriend. His favorite drink at the moment is Bulleit Bourbon on the rocks.


Tuesday October 24, 2017 10:30 - 11:15
Modern Infrastructure: USA/East Coast

11:15

Enterprise DevOps: Crossing the Chasm from Vision to Pragmatism
This session will capture the following:


  • DevOps at an enterprise level is a different challenge than in cloud first/start up companies;
  • How it can be done successfully – which requires people, process and tool chain transformation with a philosophy on continuous improvement and eye of getting better all the time;
  • Why to build application security in-Perspective that most organizations have pre-existing investments in tool chains and open source; and 
  • Results on how Micro Focus is evolving its DevOps practices on an enterprise scale. 

Speakers
avatar for Ashish Kuthiala

Ashish Kuthiala

Director, Global Product and Technical Marketing, Micro Focus
Ashish is the Director of Global Product and Technical Marketing (DevOps and Agile Portfolio) at Micro Focus, formerly Hewlett Packard Enterprise Software. He lead the global marketing team in driving $800m revenue stream for HPE Software’s DevOps, Agile, and Application Lifecycle management portfolio. He also launched... Read More →


Tuesday October 24, 2017 11:15 - 12:00
Continuous Everything: USA/Central

11:15

Cracking the Culture Code: Practical Advice on Promoting a Generative Culture
Culture is one of the hardest parts of DevOps to get right. It’s messy, and organic, and not well suited to the more analytical skills found in IT departments. This presentation will present practical steps to promote a healthy, generative, DevOps-compatible culture within any enterprise.

We’re a DevOps shop. You need a new hyperconverged infrastructure? No problem! Microservices architecture with service discovery? You bet. Containerized, stateless applications that self-configure and scale at will? Coming right up.

You want a generative culture based on mutual respect and communication?… Did I mention we do microservices really well?

Many choose careers in IT because technology is predictable. Programming and engineering is deterministic. If you’re getting the wrong outputs, change the algorithm.

Humans are messier than that. We have egos, moods, and opinions. We have good days and bad days. We have differing backgrounds, which is a good thing but also a challenge. This presentation will demystify the difficult, elusive, and most important part of DevOps: the trust relationships critical to maintaining a positive, generative culture.

This presentation will demystify the most difficult, and most important part of DevOps: Culture. Dave Swersky, Solutions Architect with SAIC, and Ron Mackenzie, Chief of Strategy and Architecture at the Risk Management Agency of the US Department of Agriculture, will present real-world challenges and wins in promoting a DevOps culture. We’ll break down the key elements of a culture that works, and discuss the real challenges in keeping it alive. DevOps culture is a fragile thing that must be cultivated and fed every day. Dave and Ron will present perspectives from several dimensions: contractor-government relationships, individual contributor and executive management, and IT and business-focused concerns. Attendees will come away with practical advice for promoting a healthy DevOps culture, that can be applied in any enterprise.

Speakers
avatar for Ron MacKenzie

Ron MacKenzie

Chief of Strategy & Architecture, USDA's Risk Management Agency
Ron MacKenzie, Chief of Strategy & Architecture at USDA's Risk Management Agency (RMA), is a passionate DevOpsSec evangelist working to create an Agile and Lean Startup culture in the Federal Government.  With 20 years of civilian service, he brings a unique business perspective to IT supporting the delivery of the Crop Insurance program to our nation's farmers... Read More →
avatar for Dave Swersky

Dave Swersky

SAIC
Dave Swersky has been working in IT for over 20 years, in roles from support engineer, to software developer, to Enterprise Architect. Dave is an aspiring polyglot, and passionate about all things DevOps. Dave has presented on DevOps at conferences including DevOps Enterprise Sum... Read More →


Tuesday October 24, 2017 11:15 - 12:00
Cultural Transformation: USA/Central

11:15

Securing Modern Applications
Security is no longer an afterthought to development. Every organization is concerned with the need to keep its data and applications secure. Designing and building secure applications requires an approach where security awareness is woven through the entire development process. Every role should be responsible for ensuring applications are built to properly handle identity & access, to ensure transport meets secure code requirements, and to secure the data behind the application. In this seminar, we will discuss: · The importance of addressing security through the entire development process · Using OpenID Connect and OAuth 2.0 in modern application architecture with JavaScript frameworks like Angular 2 with social and enterprise identity providers · How to architect your application to detect and prevent vulnerabilities including the OWASP Top 10 and Open Source Components · How to verify code is secure during development by running automated penetration tests as part of your CI/CD process.

Speakers
avatar for Mike Douglas

Mike Douglas

Solution Consultant, Deliveron
Mike Douglas is a Solution Consultant at Deliveron Consulting Services. He specializes in working with development teams to implement DevOps and Application Lifecycle Management (ALM) solutions to eliminate traditional silos between development, testing, project management, and o... Read More →


Tuesday October 24, 2017 11:15 - 12:00
Automated Security: USA/Central

11:15

Application Build and Deploy Automation at National Cancer Institute
National Cancer Institute supports over 600 websites ranging from flat HTML to complex bioinformatics applications on a variety of container technologies. This talk covers the processes and technologies which enable software to move from source code repositories all the way to production servers at nci.nih.gov, including the use of GitHub, Jenkins, and Nexus, and more technologies, with a variety of teams involved.

Speakers
avatar for Sarah Elkins

Sarah Elkins

CSRA
Sarah Elkins has supported National Cancer Institute for nine years, working as a network engineer, in configuration management, and on the Linux systems engineering team, working closely with multiple teams and supporting the transition of projects to DevOps. She has presented o... Read More →


Tuesday October 24, 2017 11:15 - 12:00
Gov/Fed: USA/East Coast

11:15

DevOps – Systems Thinking for Software Development
DevOps is systems thinking for software development, where the software development project’s mindset requires us to consider every aspect of a problem, its impact across all disciplines, and our individual contribution to the mission.

DevOps is systems thinking for software development, where the software development project’s mindset requires us to consider every aspect of a problem, its impact across all disciplines, and our individual contribution to the mission. This mindset change brings business, engineering, development, testing operations staff, and our customers into the process of delivering frequent system updates to our customers. Our systems thinking focused, DevOps development process facilitates collaboration and communication across the project’s staff with the express goal of bringing project wide systems thinking culture changes to support successful DevOps process. This allows projects to implement the continuous integration, automated, quality assurance and delivery with automated deployment practices that are necessary for a successful DevOps process. This presentation will be discuss system thinking for software developers, DevOps, and the application of systems thinking to DevOps.

Speakers
avatar for Ray Renner

Ray Renner

Northrop Grumman
Ray Renner is a Technical Fellow and a senior software engineer at Northrop Grumman Mission Systems with over 25 years of experience in software engineering. His experience has covered all aspects of software engineering, including software architecture, requirements, design and... Read More →


Tuesday October 24, 2017 11:15 - 12:00
Modern Infrastructure: USA/East Coast

12:00

Twelve Months of Test Metrics at Code.org
A year ago our team added CI build metrics to our weekly engineering meeting. Since then our builds are faster, more reliable, and run more tests. See our reporting tools, hear about problems we found and fixed along the way, and learn how Code.org ships daily updates for millions of students.

"Measurement is the first step that leads to control and eventually to improvement. If you can’t measure something, you can’t understand it. If you can’t understand it, you can’t control it. If you can’t control it, you can’t improve it."

-H. James Harrington

In October 2016, our CI system was in bad shape: Our pass rate had dropped to an all-time low of 30%, driven by struggles with our Selenium tests. To turn things around, our team asked me to report CI build metrics in our weekly engineering meeting. The effect was dramatic. In the last year our builds have gotten faster, we’ve moved more of our acceptance tests into CI, and our pass rate is now better than 90%.

Come and see the tools we built for our weekly reports, hear about the problems we found and fixed along the way, and learn how our test infrastructure enables Code.org to release daily updates for millions of students.

Speakers
avatar for Brad Buchanan

Brad Buchanan

Software Engineer, Code.org
Brad Buchanan is all about crafting excellent experiences in education, games, and beyond. He's a Software Engineer at [Code.org] where he gets to build the curriculum he wished for as a kid, including tools like the [Internet Simulator], [Game Lab], [Maker Toolkit] and [Star War... Read More →


Tuesday October 24, 2017 12:00 - 12:45
Continuous Everything: USA/West Coast

12:00

Top Lessons Learned Researching And Co-Authoring The DevOps Handbook
Speakers
avatar for Gene Kim

Gene Kim

Founder, Tripwire
Gene Kim is a multiple award winning CTO, researcher and author. He was founder and CTO of Tripwire for 13 years. He has written three books, including "The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win" and "The Visible Ops Handbook." Gene is a huge fa... Read More →


Tuesday October 24, 2017 12:00 - 12:45
Cultural Transformation: USA/West Coast

12:00

Automating Security in DevOps – Security in the Pipeline
This session will walk through the lifecycle of a product from conception to deployment; identifying places where security tools were integrated at Aetna in an automated way.

One of the big challenges facing organizations today is how to implement Security Controls into their continuous delivery pipelines. Traditionally organizations have utilized waterfall or agile methodologies where applications are pushed to production less than a dozen times per year. With the advent of DevOps, applications can be pushed multiple times a day – or even multiple times per hour – into a production environment. With this kind of velocity, it can often be difficult to apply security controls without adversely impacting the production pipeline.

This session will cover how security departments can help the business understand the advantages of DevOps and containers for securing applications while walking through the lifecycle of a product from conception to deployment - identifying places where security tools were integrated in an automated way at Aetna. DJ will also discuss how these security controls can help the organization promote secure code to production while providing minimal impacts to the velocity of the delivery chain.

Speakers
avatar for DJ Schleen

DJ Schleen

Information Security Advisor, Aetna
DJ is a DevOps Security Architect at a large healthcare organization, assisting them though their journey of digital transformation and containerization. He specializes in automating security controls in DevOps environments and is a hacker by training, doing significant R&D work... Read More →


Tuesday October 24, 2017 12:00 - 12:45
Automated Security: USA/Central

12:00

Governance and Transparency in GovSec DevOps
Speakers
avatar for Leonel Garciga

Leonel Garciga

J6 Chief and Chief Technology Officer, Joint Improvised Threat Defeat Organization
Mr. Garciga is the Joint Improvised Threat Defeat Organization (JIDO) J6 Chief and Chief Technology Officer (CTO). In these roles, he provides technical leadership, oversight and direction for mission and enterprise information technology planning, research, development, experimentation, validation, acquisition, accreditation and application of future information technology programs, architectures and capabilities within JIDO. His expertise enable the rapid integration of cutting-edge technology for counter-IED and counter threat network operations and intelligence support to a myriad of missions for the Department of Defense (DoD) and U.S. national security. | | Mr. Garciga is also the technical advisor to the JIDO Director and his senior staff and; serves as the JIDO technical lead and information technology integrator to the DoD, Intelligence Community... Read More →


Tuesday October 24, 2017 12:00 - 12:45
Gov/Fed: USA/East Coast

12:00

Beginning Blue Green Deployments
You’ve read the blog posts and decided to move to blue green (red black) deployments. But how do you actually get started from where you are?

Moving from a deployment pattern where you take an outage and redirect to a maintenance page to blue green raises a number of questions. Can I do this with my existing technology stack? Do I need to switch to an immutable infrastructure pattern beforehand? How do I know if something went wrong with the deployment and how do I fix it?

This session traces the journey from the maintenance page to immutable blue green deployments outlining the potential trials and tribulations each step of the way. Code examples will illustrate the steps taken each iteration moving to an immutable blue green deployment of an autoscaling group behind an elastic load balancer. Tips for increasing the observability of the deploy as well as troubleshooting potential issues will also be covered.

Speakers
avatar for Ed Rousseau

Ed Rousseau

Cure Forward
Ed is a 20+ year veteran of the software industry who has worked in numerous roles from tech support to QA and even management (!). He is passionate about software quality, efficient resilient delivery pipelines and is an unabashed kanban fanboy. He is also a philosopher, lover o... Read More →


Tuesday October 24, 2017 12:00 - 12:45
Modern Infrastructure: USA/East Coast

12:00

Fannie Mae's Open Workspace Fosters Efficiency and Productivity
Click to View the Session
Fannie Mae created an open workspace and formed cross-functional squads 100% focused on reducing cycle times to deliver environments. Not only have we been able to improve environment delivery times by more than 50%, but the team members are happier too.

Speakers
avatar for Jason Meltzer

Jason Meltzer

Director, Technology, Fannie Mae
Jason Meltzer is a technology leader and transformation enthusiast who collaborates on lean, innovative solutions that deliver business value quicker and of higher quality. After almost 20 years working in large enterprise technology organizations, Jason knows what it takes to tr... Read More →


Tuesday October 24, 2017 12:00 - 12:45
Tech Crawl: USA/East Coast

12:45

Lessons in Leading a Fortune 100 Team to a DevOps Philosophy
Managing the journey to DevOps within a large enterprise is no easy task - requiring major cultural and organizational changes in order to achieve business results and benefits. In this session, Uldis Karlovs-Karlovskis will share details and lessons learned as he and his team moved to DevOps throughout Accenture; an organization with 400,000 employees and clients spread around the globe. Uldis Karlovs-Karlovskis will share their steps to success, how he and his team learned by failing, where they are in their DevOps journey and what's next. 

Speakers
avatar for Uldis Karlovs-Karlovskis

Uldis Karlovs-Karlovskis

Nordics DevOps Lead, Accenture
Uldis Karlovs-Karlovskis has been working in IT and DevOps since 2005. He currently leads a large DevOps team for Accenture Latvia.  Karlovs-Karlovskis speaks and presents about DevOps advantages and best practices within Accenture, for its clients and throughout the industry. ... Read More →


Tuesday October 24, 2017 12:45 - 13:30
Continuous Everything: Europe

12:45

The Open Innovation Labs DevOps Experience
DevOps is foundational to the world’s highest-performing organizations. But more than anything else, DevOps is about culture, and culture can be elusive. In this session, Justin Holmes will share his team’s journey building a DevOps culture at Red Hat’s Open Innovation Lab. You’ll learn about:
  • Behaviors and processes to enable collaboration between development and operations.
  • How tools like Ansible, OpenShift Container Platform and Jenkins can help drive cross-team collaboration and cultural transformation.
  • How to successfully leverage the open source community to accelerate and improve your DevOps solutions, while contributing back to the upstream community. 

Speakers
avatar for Justin Holmes

Justin Holmes

Red Hat
Justin Holmes is a passionate consultant who helps teams deliver better software products, faster. He is a fan of methods that lead delivery teams towards shared understanding and technologies that capture that understanding in software. Justin is active in the Behavior Driven De... Read More →


Tuesday October 24, 2017 12:45 - 13:30
Cultural Transformation: USA/Central

12:45

Why Is DevOps Not DevSecOps?
DevOps has not yet become DevSecOps, leaving DevOps insecure. What is preventing security from integration into DevOps? This presentation offers the answer. It defines capabilities that application security should adopt, explains how existing technologies should change, forecasts emerging technologies, and estimates the pace of application security transformation in the era of DevOps. In this presentation, we prove that DevSecOps is in need of technologies with specific features and technologies that application development, operation, and security specialists have to learn, see, or run. Only these technologies will seamlessly integrate into DevOps, making it DevSecOps. We name these technologies, forecast the pace of their adoption, and evaluate benefits of adopting one technology versus another.

This presentation is intended for CISOs and CIOs, security managers and security specialists, as well as development and operation managers and specialists.

Attendees of this session will learn what will come to the market within the next few years, how to plan adoption, and what will or will not work in the era when application security transforms to enable DevSecOps.

Speakers
avatar for Joseph Feiman

Joseph Feiman

CIO, Veracode
Joseph Feiman, PhD is Chief Innovation Officer at Veracode responsible for advanced technologies that drive innovative security strategies. He is a recognized industry leader with nearly two decades of experience in application development and security, analyzing the markets for... Read More →


Tuesday October 24, 2017 12:45 - 13:30
Automated Security: USA/East Coast

12:45

Lessons From Our Journey To Infrastructure As Code
For the last three years, our DevOps tiger team has focused on moving towards full infrastructure automation using the cloud, software defined networks and infrastructure as code for both our internal IT, and for multiple CSRA customers at federal agencies. We've focused our journey on automating manual processes and moving at the speed of culture. Through that experience we have learned many realities as well as techniques that we plan to share so you can make your own transformation to this new model in your organization. We'll also give a short demonstration of some of our current automation in action.

Speakers
avatar for Paula Thrasher

Paula Thrasher

Director of Digital Services, CSRA
Paula is the Director of Digital Services at CSRA and leads the Agile, Testing, User Experience and DevOps centers of excellence delivery organizations. She has over 18 years' experience in information technology and works in the federal market leading agencies and teams towards Agile and DevOps. Paula's first Agile project was in 2001, since then she has led 20... Read More →


Tuesday October 24, 2017 12:45 - 13:30
Gov/Fed: USA/East Coast

13:30

CI/CD with Tightly Controlled Governance
After a great deal of work your team has setup Continuous Delivery Pipeline only to hit a wall with Change Control Board. How do you achieve agility and speed with compliance, governance, and decision gates held hostage by bureaucratic gridlock? This presentation will offer tips and strategy to break thru the cultural and technical barriers to accomplish agility and governance concurrently. By getting CCB to accept your CD pipeline as standard changes, policies and qualities can be consistently enforced, continuously improved, and provide more robust audit trail. Moreover, the CCB’s role need not be diminished. The roles are changed from approving releases to setting the policy and codify guidelines for CD pipeline.

Speakers
avatar for Sherry Chang

Sherry Chang

Intel
Sherry Chang started the DevOps grass root movement in Intel IT which became a CIO mandate in 2016. Sherry has over 23 years in software development spanning SaaS, commercial as well as large enterprise apps. Her passion for the last 5 years has been proliferating and coaching De... Read More →
avatar for Edward Harris

Edward Harris

Enterprise Architect, Intel
Edward Harris is an IT professional with more than 25 years of experience analyzing, developing, integrating, and implementing business solutions. As an architect at Intel, he has been instrumental in leading Agile and DevOps inititives within InfoSec to improve compliance and co... Read More →


Tuesday October 24, 2017 13:30 - 14:15
Continuous Everything: USA/West Coast

13:30

We Are All Equifax: The Data Behind DevSecOps

In March 2017, hackers took three days to identify and exploit a new vulnerability in Equifax’s web applications.  In the post-Equifax world, moving new business requirements (e.g., a non-vulnerable version of Struts2) into production in under three days might just be your new normal.

Join this session to better understand how DevSecOps teams are applying lessons from W. Edwards Deming (circa 1982), Malcolm Goldrath (circa 1984) and Gene Kim (circa 2013) to improve their ability to respond to new business requirements and cyber risks.  It starts with emphasizing the performance of the entire system and never passing known defects downstream.

To that end, DevOps teams are consuming billions of open source components and containerized applications to improve productivity at a massive scale. The good news: they are accelerating time to market. The bad news: many of the components and containers they are using are fraught with defects including critical security vulnerabilities.

This session aims to enlighten DevOps teams, security and development professionals by sharing results from the 2017 State of the Software Supply Chain Report -- a blend of public and proprietary data with expert research and analysis. Throughout the discussion, I will share lessons that Deming employed decades ago to help us accelerate adoption of the right DevSecOps culture, practices, and measures today.

Attendees in this session will learn:

  • What our analysis of 17,000 applications reveals about the quality and security of software built with open source components
  • How organizations like PayPal, Intuit, Fannie Mae and the Department of Defense are utilizing the DevOps principles of software supply chain automation

  • Why avoiding open source components and containers over 3 years old might be a really good idea

  • How to balance the need for speed with quality and security -- early in the development lifecycle

Attend this session and leverage the insights to understand how your organization's application DevOpsSec practices compare to others. We'll share the industry benchmarks to take back and discuss with your DevOps, development and security teams.


Speakers
avatar for Derek Weeks

Derek Weeks

VP, Sonatype
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevSecOps practice... Read More →


Tuesday October 24, 2017 13:30 - 14:15
Automated Security: USA/East Coast

13:30

Microcosm: Secure DevOps Pipeline as Code, D-PaC
You’ve heard the hype and read dozens of blog posts on Secure DevOps, and finally your organization has decided to make this cultural shift in hopes of taking advantage of automation and the benefits of DevOps. Making this shift as an engineering team, however, can often be cumbersome because many tech professionals are still unfamiliar with the technologies required to implement a complete DevOps pipeline, let alone one that includes security automation as well. In this talk, I will introduce Microcosm, a miniature, secure DevOps pipeline we developed at the SEI that is available through infrastructure as code. Microcosm represents a miniature version of a secure DevOps pipeline in comparison to what would actually be found in a large, enterprise environment. While delivering Secure DevOps training to DoD and civilian agencies, we wanted to create a solution that would show our stakeholders how to integrate security into a DevOps platform. I will go through key principles of D-PaC and share our lesson learned examples with the DevOps community.

Speakers
avatar for Hasan Yasar

Hasan Yasar

Technical Manager, Carnegie Mellon University
Hasan Yasar is the technical manager of the Secure Lifecycle Solutions group in the CERT Division of the Software Engineering Institute, CMU. Hasan leads an engineering group on software development processes and methodologies, specifically on DevOps and development; and cloud technologies, and big data problems while providing expertise and guidance to SEI's clients. Hasan has more than 25... Read More →


Tuesday October 24, 2017 13:30 - 14:15
Gov/Fed: USA/East Coast

13:30

Wondrous Widgets in a Windows World
As DevOps culture permeates the Windows world, challenges arise. How can IT orgs integrate components of the toolchain in a sensible, iterative way while avoiding tool proliferation? We’ll look at example toolchains, how to chop-and-change tools in the chain, and explore what the future holds.

There has been a major movement in the Microsoft Windows world towards DevOps culture. DevOps practices and tools are not only being endorsed, but embraced and expanded. This has resulted in tool proliferation and questions over how to integrate components of the toolchain in a sensible, iterative way. How do we stitch tools together into pipelines and build our own DevOps toolchains? Where do we even start? If you’ve found yourself asking these questions, then this presentation is for you! We’ll walk through what example toolchains could look like, how we can chop-and-change tools in the chain, and what the future holds.

Speakers
avatar for Glenn Sarti

Glenn Sarti

Puppet
Glenn Sarti is a Windows Software and Infrastructure Developer -- with a penchant for DevOps, Puppet, Neo4j or anything Windows related. Originally from Perth, Western Australia, Glenn and his family made the move to Portland, Oregon, in 2015, where he now works at Puppet as Seni... Read More →


Tuesday October 24, 2017 13:30 - 14:15
Modern Infrastructure: USA/West Coast

14:45

Keynote - Ann Winblad: The Rise of Software
Click to View the Session

I have been fortunate to be a venture capitalist for almost 30 years. In 1989 when we raised our first fund—the first venture fund 100% dedicated to software companies—132 institutional investors turned us down, saying that software investments were too risky as the assets –that would be you –walk out the door at night.  We prevailed and raised the fund.

Each day of the last 28 years my job has been to audition the future and fund early stage enterprise software companies.  We have had a ringside seat on the rise of software and  a great opportunity to fund extraordinary engineers. Thank you for letting me share my thoughts with you today.


Moderators
avatar for Derek Weeks

Derek Weeks

VP, Sonatype
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevSecOps practice... Read More →

Speakers
avatar for Ann Winblad

Ann Winblad

Co-Founder and Managing Director, Hummer Winblad Venture Partners
Ann Winblad is the co-founder and a Managing Director of Hummer Winblad Venture Partners.  Hummer Winblad Venture Partners (www.hwvp.com ) is a leading venture capital firm focused exclusively on software investing and manages over $1 billion in cumulative capital.  Since Hummer Winblad Venture... Read More →


Tuesday October 24, 2017 14:45 - 15:45
Keynote: Global

15:45

Everyone Is Part Of Continuous Delivery
Getting full value from Continuous Delivery means catering for the needs of everyone in the organization: business, devs, ops, etc. Pipelines are excellent for visualizing work status. But even better when they increase collaboration by highlighting bottlenecks due to hand-offs between siloed teams.

The true value of Continuous Delivery lies beyond the Jenkins, the Dockers and the cloudz. Its true value will be found when it involves and caters for the needs of everyone in the delivery organization, from business owners, to developers, testers, operations, etc.

Delivery pipelines are an excellent tool for visualizing work status. But they’re even better as collaboration tools! A pipeline that accurately maps the flow of work will highlight recurring bottlenecks and waiting times, often due to work hand-offs between siloed teams, working in isolation.

Unfortunately, pipelines often lead to Continuous Delivery exclusion because they’re only focusing on the (automatable) technical bits. But if your organization needs to deliver fast(er), don’t buy a Ferrari that only takes 2 people… Prefer a family car that can take everyone comfortably at the max speed that is safe and reliable!

In this talk we will go through concrete pipeline scenarios for different personas in the organization, demonstrating their full transformation power.

Key takeaways include:
-understanding the benefits of making your pipeline an accurate visualization of the full workflow (beyond the technical bits)
-understanding the need to bring everyone along in this journey to deliver on the promise of faster and more reliable software development

Speakers
avatar for Manuel Pais

Manuel Pais

Consultant, Skelton Thatcher Consulting
Team-first technologist at Skelton Thatcher Consulting. DevOps advocate with a diverse background as developer, build manager and QA lead. Manuel enjoys helping organizations adopt test automation, continuous delivery and cloud, from both technical and human perspectives. He has worked on a range of technologies (Java, .Net, web, mobile) and industries (banking, telecom, legal, defense and aviation). Co-author of the books... Read More →


Tuesday October 24, 2017 15:45 - 16:30
Continuous Everything: Europe

15:45

Not Actually A DevOps Talk
Most people putting DevOps in place have only the foggiest notion of what it is beyond a “better mouse trap, and something about ‘culture.’” This talk uses failures and successes from DevOps-practicing organizations to give advice from the real world on doing the DevOps real-good like.

“DevOps” has developed a vulgar definition that’s come to mean “whatever the things are we do that makes IT better.” While it’s annoying to have to spend the first 10 minutes of any conversation calibrating on what “DevOps” means, this points towards a broader need: organizations are desperate to improve how they create, deploy, and manage their custom written software. The goals of DevOps align perfectly with this need, though as organizations who try to “scale” DevOps are finding, DevOps doesn’t solve all of your problems. This talk will cover this framing of DevOps and then walk through several case studies of how (mostly large, but some medium and small) organizations are failing and succeeding at applying DevOps. In doing so, this talk provides advice for high level planning and then daily tactics for not only “doing the DevOps,” but improving the way organizations manage their stable of software.

Speakers
avatar for Michael Coté

Michael Coté

Director, Pivotal
Michael Coté works at Pivotal on the advocate team. He's been an industry analyst at 451 Research and RedMonk, worked in corporate strategy and M&A at Dell in software and cloud, and was a programmer for a decade before all that. He blogs and podcasts at Cote.io and is @cote in T... Read More →


Tuesday October 24, 2017 15:45 - 16:30
Cultural Transformation: USA/Central

15:45

Escrow: How To Share Secrets
Let’s face it - application configuration via environment variables is hard. This is why at Under Armour we decided it was worth reducing the barrier to entry. Enter Escrow, a way to compose and share hierarchical environment variable configuration to make updating hundreds of mirco services easy.

veryone who has had to configure a unix application before knows about environment variables. They also know it does not scale out easy, so they add configuration as code, but then it becomes a 1000 line file maybe with jinja templating to extract or build up configuration and soon it becomes impossible to unwind.

Here at Under Armour we wanted to avoid these pitfalls, while still being able to scale out usage to everyone in the organization, all while making it easy to share environment variables and to make the updating process more transparent and easy.

We have created a standalone tool that consists of React/Redux UI and REST API that gives you an interface to compose application configuration (environment variables) in a way that can be shared from application to application, but still flexible enough, easy to understand, and easy to introspect.

Speakers
avatar for Kyle Rockman

Kyle Rockman

Under Armour
I currently work at Under Armour Connected Fitness (previously MapMyFitness). I've worked on the Infrastructure team for the past three years developing tooling to make every developers life easier and more automated. I have spent the last three years working on this tool from th... Read More →


Tuesday October 24, 2017 15:45 - 16:30
Automated Security: USA/Central

15:45

DevOps in Secure Environments: Strategies for Success
How does a secure, controlled environment successfully implement DevOps activities? In this talk, the listener will learn about strategies and techniques for introducing DevOps tools, pipelines and culture into traditionally secure and risk-averse government environments. Includes actual examples.

In large organizations with critical production environments, traditional approaches to security and reliability don’t lend themselves to DevOps continuous delivery and deployment goals. Individual projects have achieved limited measures of success in non-production environments, but without a clear path to enabling production participation, such efforts aren’t able to fully deliver on the DevOps promise.

While we all know that to truly achieve DevOps benefits we need a holistic approach with multi-stakeholder participation, it can be difficult to define a widely accepted roadmap that has on-ramps for all necessary participants including security and operational professionals.

This talk describes approaches for incorporating non-developer stakeholders into DevOps initiatives in ways that enable full end-to-end consistent, reliable and continuous delivery of reliable working software into secure environments. You’ll hear about techniques for addressing concerns about security, software supply chain integrity, patching, governance and automated compliance that can make DevOps in secure environments a reality.

Speakers
avatar for Dominic Delmolino

Dominic Delmolino

CTO, Accenture Federal Services
Dominic Delmolino is the Chief Technology Officer at Accenture Federal Services. He is responsible for the oversight, strategy and definition of Accenture Federal Services technical offerings. | | In his career, Delmolino has assisted clients in the application of leading edge data management and software development productivity solutions, with a specialization in Oracle knowledge that had him named Oracle ACE by Oracle Corporation in 2013. He has worked with large government agencies to design database architecture, directed the development and deployment of sales and customer database software, and managed a database... Read More →


Tuesday October 24, 2017 15:45 - 16:30
Gov/Fed: USA/East Coast

15:45

Freeways Instead of Toll Booths: Moving Fast and Unifying Teams with Policy-as-Code
Over the past decade, DevOps has evolved to unify development and operations via practical automation of an application’s lifecycle. But, policy and security compliance has been the odd man out in the sense that it remains a manual, expensive, and slow process. The fix is in compiled policy-as-code.

Code can be easily reviewed, certified, and automated. When everything is code, your teams build freeways instead of toll booths. That is, instead of having some groups that are trying to fast track data flow (developers) and others (I&O and security) saying “Hey, wait a minute, we need to look at this,” DevOps with an infrastructure coding approach for the cloud allows teams to move fast and correctly within a unified process. They can build and deploy new software with dramatically reduced friction. They can be innovative without breaking critical system components. Concise infrastructure validations and compiled policy-as-code close the DevOps gap on security. It gets integrated into a single, powerful system that will help define both the future of app deployment and of team cohesion.

Speakers
avatar for Trigg Borgerson

Trigg Borgerson

Berico Technologies
Trigg Borgerson started working for Berico Technologies in January 2017 as their Director of Cloud Solutions, overseeing all Commercial and Federal cloud programs. Trigg is a Navy veteran and cloud technology subject matter expert with over 25 years of leadership and technical ex... Read More →
avatar for Josh Stella

Josh Stella

CEO, Fugue
Josh Stella is Co-founder and CEO of Fugue, which radically simplifies cloud operations and centralizes cloud control by automating and enforcing infrastructure at scale. Previously, Josh was a Principal Solutions Architect at Amazon Web Services. He has served as CTO for a prior... Read More →


Tuesday October 24, 2017 15:45 - 16:30
Modern Infrastructure: USA/East Coast

16:30

A Blueprint for a Successful DevOps Metamorphis
DevOps allows organizations to release software at mind blowing capacity, but most companies are still in the process of change, taking small but impactful steps towards a DevOps metamorphosis that will vastly improve the quality and speed of software delivery. Several things are driving interest by enterprise IT groups towards continual improvement of their delivery chain. These include:

▪ Higher customer expectations fueled by mobile applications that require fast changes to respond to short feedback cycles ▪ Demand for faster time-to-market, which requires streamlining the automated deployment approach ▪ Rising need to coordinate releases across multiple platforms, teams, and technologies ▪ Increased competition and lower barriers to entry ▪ Need for a better plan to greatly accelerate delivery cycles now, rather than being rushed into it later by competitive pressures

But how do IT teams accelerate delivery while ensuring quality considering prolonged release cycles, too many production incidents, and ongoing clashes between Dev and Ops? They need a plan—a blueprint that guides them through the complexities of fully transitioning their enterprise environment to DevOps.

In this presentation, Sunil Mavadia uses real world examples to demonstrate how IT groups can get started with creating a blueprint specific to their cultural and technology environment and how they can use their toolchain as a point of reference for customizing and streamlining all DevOps activities. He’ll also cover topics like managing and governing DevOps adoption across silos, designing an approach for the support of your DevOps tools and their implementation, establishing DevOps tooling on cloud and internal platforms through automation, and more.

Speakers
avatar for Sunil Mavadia

Sunil Mavadia

Director of Customer Success, XebiaLabs
Sunil Mavadia is Director of Customer Success for XebiaLabs. A former customer, Sunil brings deep experience with DevOps initiatives, having lead major DevOps transition projects with his previous company. At XebiaLabs, Sunil works closely with customers to ensure successful impl... Read More →



Tuesday October 24, 2017 16:30 - 17:15
Continuous Everything: USA/Central

16:30

A DevOps State of Mind: Continuous Security with DevSecOps + Containers
Is your organization ready to address the security risks with containers for your DevOps environment? Learn about the top security risks with containers and how to incorporate security best practices at scale with DevSecOps.

With the rise of DevOps, containers are at the brink of becoming a pervasive technology in Enterprise IT to accelerate application delivery for the business. When it comes to adopting containers in the enterprise, Security is the highest adoption barrier.

In this presentation, you’ll learn about:
-The top security risks with containers and how to manage theses risks at scale.
-DevSecOps - embedding security best practices in the CI/CD pipeline
-Improving container image security with reproducible builds
-Automating security vulnerability and security policy scanning for container images
-Deployment strategies for continuous deployment of security updates at scale
-DevSecOps metrics to track success and failure

Speakers
avatar for Chris Van Tuin

Chris Van Tuin

Chief Technologist, NA West, Red Hat
Chris Van Tuin, Chief Technologist, NA West at Red Hat, has over 20 years of experience in IT and Software. Since joining Red Hat in 2005, Chris has been architecting solutions for strategic customers and partners and is a frequent speaker on DevOps, Security, and Containers. He... Read More →


Tuesday October 24, 2017 16:30 - 17:15
Automated Security: USA/West Coast

16:30

DevSecOps at the General Services Administration
GSA is most well known as the US Government-wide manager of buildings, vehicles, and acquisition services. But the GSA also manages some of the most widely used websites across the government. This talk will provide a retrospective on the ongoing GSA’s DevSecOps and Hardware Working Group efforts.

Topics will include, ongoing authorizations (ATO) with component reuse and closed loop CI/CD pipelines, Managing Client Machines for Continuous Diagnostics and Management (CDM) with open source, and how we found fertile grounds between DevOps and SecOps while under the Federal Government compliance regimes.

Speakers
avatar for John Jediny

John Jediny

Lead Engineer, GSA
Ecologist turned sysadmin. I have been a Federal Employee in the US government for just short of 10 years. I started my career planning and approving Renewable Energy grants and projects for the Department of Energy. Became a self-professed Open Source purist seven years ago whil... Read More →


Tuesday October 24, 2017 16:30 - 17:15
Gov/Fed: USA/East Coast

16:30

Creating A Heroku-like Deployment Solution With Docker
This presentation is based on the article Creating a Heroku-like Deployment Solution with Docker.

As developers, it is part of our job to build tools to make our life easier, usually through automation of every kind of action. My first option when hosting an application is Heroku, but there are some times when this is not an option. Since I love that kind of easiness for deploying software, I built my own deploy tool, that works much like Heroku’s.

This presentation will cover the creation of an automation tool for deploying your software in a simple way, similar to deploying to Heroku. I’ll explain how to use Docker to version control each deploy, how to use a Docker Registry to upload containers. After that, I’ll show to wrap everything in simple Ruby CLI script, capable of deploying a sample application to a remote host, and some other extra commands for rolling back to previous versions, attaching logs and tracking which application version is running.

Speakers
avatar for Pedro Cavalheiro

Pedro Cavalheiro

Software Developer, Me Salva!
Back End Software Developer who loves the web and innovation. Pedro believes in the power of exchanging knowledge with other people, and loves high quality code, development best practices, and automation.


Tuesday October 24, 2017 16:30 - 17:15
Modern Infrastructure: South America

17:15

Moving 70,000 Microsofties to DevOps on the Public Cloud
This is the story of transforming is the story of transforming Microsoft to One Engineering System with a globally distributed 24x7x365 service on the public cloud. We’ll show you round the system that handles the load of some of the most demanding engineering teams in the world and share some stories about how they got there.

Description: This is a seven-year story of moving to Cloud-First Development and modern DevOps practices, supporting an internal engineering organization of 65,000, while growing both the SaaS and traditional software business.

The organizational and engineering practices include: • agile project management, scheduling, teaming, and development • enterprise git to enable distributed version control at scale • modern release pipeline with automated testing, continuous integration and continuous deployment • live site quality of service and feature work in the same product backlog • public cloud hosting for flexible infrastructure and global presence • canary deployment across data centers • feature flags to make dark launches and progressive experimentation possible.

Speakers
avatar for Sam Guckenheimer

Sam Guckenheimer

Product Owner - Microsoft Visual Studio, Microsoft
Sam Guckenheimer is the Product Owner for the Microsoft Visual Team Services and Team Foundation Server. In this capacity, he acts as the chief customer advocate, responsible for strategy of the next releases of these products, focusing on DevOps, Agile and Application LifeCycle... Read More →


Tuesday October 24, 2017 17:15 - 18:00
Continuous Everything: USA/West Coast

17:15

Time Adventures: Reimagining DevOps Ideology Session (TARDIS)
Step into the TARDIS (it’s bigger on the inside) & let’s take a journey in time to examine the past, present and future of DevOps. We’ll battle monsters & villains along the way… & perhaps even save the world!

In this fun and imaginative session, we’ll take a look at the past, present and future of DevOps. We’ll start with a brief journey to the pre-historic DevOps time, when sysadmins and developers battled each other and dinosaurs and chaos ruled. Then we’ll jump back to the present time to observe how DevOps is shaping infrastructure and development practices. Finally we’ll take a trip to the future to see whether DevOps has created the glorious paradise we’ve been promised or whether some sinister force lurking in shadows has come to power and doomed humanity.

During our time travel, we’re certain to face villains like Silos and Weeping Angels. But with our cleverness and some handy tools, we should be able to defeat them.

Attendees will end the session with some action steps for ways they can improve their DevOps journey both in the near future and in the long-term.

Speakers
avatar for Jason Yee

Jason Yee

Technical Writer/Evangelist, Datadog
Jason is a technical writer & evangelist at Datadog, where he works to inspire engineers with the power of data, metrics and monitoring. He's also involved in the global DevOpsDays community and was formerly the DevOps and performance community manager at O'Reilly Media. When he... Read More →


Tuesday October 24, 2017 17:15 - 18:00
Cultural Transformation: USA/West Coast

17:15

Security In The Land of Microservices
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture can be challenging. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and what it takes to secure them.

Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way. In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.

Speakers
avatar for Jack Mannino

Jack Mannino

CEO, nVisium
Jack Mannino is the CEO and co-founder of nVisium. Solving software security's biggest problems across a variety of industries, Jack's expertise spans building, breaking and securing software for nVisium's portfolio of Fortune 500 clients. While focusing on solutions for making s... Read More →


Tuesday October 24, 2017 17:15 - 18:00
Automated Security: USA/East Coast

17:15

Keep CALM and Architect On: An Architects Role in DevOps
The key concepts in DevOps are CALM: Culture, Automation, Lean, and Measurement. How does an architect support the transformation to DevOps in the 4 CALM areas? Culture: Removing silos, reducing fear of making mistakes and encouraging learning and experimentation Automation: Changing the architecture to support dynamic infrastructure, automated deployments and automated tests Lean: Structuring capabilities and features to deliver higher value in smaller batch sizes Measurement: Architecting to expose, aggregate and route the right data for monitoring, analysis and trending

In this presentation, we’ll talk about patterns, interactions and behavior that architects will want to consider to keep CALM in the face of DevOps.


Speakers
avatar for Eric Ort

Eric Ort

Eric Ort is the Lead SW Architect for an IIS SW program in Aurora, CO. He has over 20 years of experience in domains ranging from Visual Simulation/Virtual Reality, Artificial Intelligence, Telephony, Commodities Trading and Satellite Data Processing. Eric has been leading effort... Read More →
avatar for Terri Potts

Terri Potts

Raytheon Company
Terri Potts is an Engineering Fellow at Raytheon where she is the Technical Director for the Information, Intelligence and Services Software Organization. She has worked at Raytheon since 1998 and has been an advocate and champion for modern software development methods since 1999. Her current professional interests include software and systems architecture, model driven software development, domain specific languages, software product lines, software factories and DevOps. Terri has been successful leading adoption of DevOps on Raytheon programs... Read More →


Tuesday October 24, 2017 17:15 - 18:00
Gov/Fed: USA/Central

17:15

Including The Database In A DevOps Process
When your application developers want a fast, DevOps development process, the database often becomes a hindrance. It doesn’t have to be as many best practice software development practices still apply. Come learn about mitigating the challenges of database development in a DevOps environment.

Many of the DevOps ideas and philosophies have been developed for rapid changes and deployment of application code, often ignoring the database or just accepting there may be limitations to coordinating with database teams. However, the database can be included in your DevOps process. This quick look at live demonstrations of automatic database CI and CD to local and remote databases will use demos to illustrate the concepts of database DevOps.

Speakers
avatar for Steve Jones

Steve Jones

Editor/Evangelist, Redgate Software
Steve Jones has been working with databases and computers for over two decades. He has worked with SQL Server since 1991, from v4.2 through SQL Server 2016. He has been a DBA, developer, and manager in a variety of large and small companies across multiple industries. In... Read More →


Tuesday October 24, 2017 17:15 - 18:00
Modern Infrastructure: USA/Central

18:00

It's ALL The Product. Putting a Value On Non-Feature Work
How can we make a business case for quality, tooling, and craft? How can we (in the words of a developer friend) "ever compete with the near term gains of feature work?" 

My goal with this talk is to help developers gain an equal footing when it comes to advocating for their continuous improvement ideas. We'll discuss approaches to beating back short-termism and the present bias, as well as shifting thinking away from a "customer facing" vs. "non-feature" dichotomy. Finally, I'll present some concrete tips on how to play the prioritization game with your Product Manager in a way that is firmly rooted in economic outcomes. 

Speakers
avatar for John Cutler

John Cutler

Senior Product Manager for Search and Relevance, Zendesk
John Cutler is keenly focused on user experience and evidence-driven product development.  He mixes and matches various methodologies — jobs-to-be-done, Lean UX, Lean Startup, customer development, and design thinking — to help teams deliver lasting outcomes for their customers... Read More →


Tuesday October 24, 2017 18:00 - 18:45
Continuous Everything: USA/West Coast

18:00

The Power of #DadOps for #WomenInTech
Five practical actions Dads (and Moms, uncles and friends) can take to help girls pursue STEM careers and succeed in tech. 68% of girls interested in STEM were encouraged by a male champion. Mandy Whaley (@mandywhaley) explores specific ways to be that champion for the girls in your life.

Five specific and practical actions Dads (and Moms, uncles and friends) can take to help girls pursue STEM careers and succeed in tech. A recent study showed that 68% of girls interested in STEM were encouraged by a male champion. Mandy Whaley (@mandywhaley) explores specific ways men can be that champion for the girls in their lives. This talk is inspired by many of the amazing members of the Austin DevOps Days Community who have helped encourage the author to speak about this topic.

Speakers
avatar for Amanda Whaley

Amanda Whaley

Director of Developer Experience at Cisco DevNet, Cisco DevNet
Amanda Whaley is Director of Developer Experience & Developer Evangelism for Cisco DevNet. She spends most of her time thinking about how developers use Cisco APIs, and about how to make their job easier. She also leads a team of developer evangelists who work with Cisco partners... Read More →


Tuesday October 24, 2017 18:00 - 18:45
Cultural Transformation: USA/Central

18:00

Planning for Testing
All too often, testing is an afterthought. What are the things that we should be thinking about in the beginning in order to make testing, monitoring, and auditing easier? In this talk we will discuss some of the ways that we can build into our applications test endpoints that will support automated testing, monitoring application health and performance, and configuration audits.

All too often, an application that suddenly and unexpectedly looses its connectivity to its database will blow up in some in elegant manner - confusing the user and loosing data that was in flight.

Wouldn't it be great if when your application loses its connection to its database that the application sent out notification and then, as appropriate to your use case, either reconnected once the database became available again or gracefully informed users that processing was on hold until the system administrators worked out the problem?

Wouldn't it be great if you could ask your application "How are you doing?" and it responses within "I am doing fine. I am connected to my database and I have processed 1000 user transactions within the past 60 seconds."

Wouldn't it be great if before testing your application you could ask your application "Which version are you?" and your application could respond "I am version x.y.z-build. I am connected to the database and it is using the a.b.c version of the schema."

These sorts of things are all possible if you plan for your application to be testable.

Speakers
avatar for Rob White

Rob White

Technical Architect, Enterprise Data Analytics Section, Federal Bureau of Investigation
Rob White joined the Federal Bureau of Investigation as a Computer Scientist in 2006. Rob serves as the Technical Architect for the Enterprise Data Analytics Section. In 2015, Rob was a recipient of the Attorney General's Award for Excellence in Information Technology Management... Read More →



Tuesday October 24, 2017 18:00 - 18:45
Gov/Fed: USA/East Coast

18:00

The Path of DevOps Enlightenment for InfoSec
Security as we have known it has completely changed. Through challenges from the outside and from within there is a wholesale conversion happening across the industry where DevOps and Security are joining forces. This talk is a hybrid of inspiration and pragmatism for dealing with the new landscape.

DevOps is the practice of the entire engineering team participating together through the entire service lifecycle of delivering software. This includes security and out of necessity, security as we have known it has completely changed.

Through challenges from the outside and forces from within there is a wholesale conversion taking place across the industry where DevOps and Security are joining forces. This talk is a hybrid of inspiration and pragmatism for dealing with the new landscape. There are four key areas that have changed with the rise of DevOps.

-Treat all systems and infrastructure as code
-Change the engineering culture to orient around delivery
-Favor a fast delivery cadence
-Create feedback loops across the organization

With these shifts the organization has new demands and expectations on security. This talk will cover a pragmatic approach and focus on principles, practices and tooling to meet demands in these four key areas.

Speakers
avatar for James Wickett

James Wickett

Head of Research, Signal Sciences
James does most of his research and work is at the intersection of the DevOps and Security communities. He works as a Sr. Engineer at Signal Sciences and is a supporter of the Rugged Software and Rugged DevOps movements. Seeing the gap in software testing, James founded an open s... Read More →


Tuesday October 24, 2017 18:00 - 18:45
Modern Infrastructure: USA/Central

18:45

The Five Dirty Words of CI
“Blameless postmortems” and “learning from failure” are very en vogue in the technology industry right now. Both fall into that less-discussed category of “CI”: Continuous Improvement. But for as much as we all talk about them, in many organizations and teams, the outcome of continual organizational learning and improvement remains elusive. Why is this?

In this talk, we’ll look at five “dirty words”* that are often thrown around during postmortems, retrospectives, and other learning exercises that not only make it difficult for teams to discuss learning, but promote activities and behaviors that are actually counterproductive to continuous improvement. We’ll dig into the existing research on why this is–it turns out we’re not the only industry struggling with this!–and look at some different language we can start using that can more ably facilitate sustainable Continuous Improvement in our work environments.

*Not actually dirty words.

Speakers
avatar for J. Paul Reed

J. Paul Reed

Build/Release Engineering, DevOps, and Human Factors Consultant, Release Engineering Approaches
J. Paul Reed has over fifteen years experience in the trenches as a build/release engineer, working with such storied companies as VMware, Mozilla, Postbox, Symantec, and Salesforce. | | In 2012, he founded Release Engineering Approaches, a consultancy incorporating a host of tools and techniques to help organizations "Simply Ship. Every time." He's worked across a number of industries, from financial services to cloud-based infrastructure to health care, with teams ranging from 2 to 2,500 on everything from tooling, operational analysis and improvement, cultural transformation, and business value optimization. | | He speaks internationally on release engineering, DevOps, operational complexity, and human factors and is currently a Masters of Science candidate in Human Factors... Read More →


Tuesday October 24, 2017 18:45 - 19:30
Continuous Everything: USA/West Coast

18:45

Value Stream Integration
Click to View the Session
It’s time to apply the same level of discipline to our DevOps transformations as we have to software architecture. In this talk, I’ll introduce the concept of Value Stream Integration as the way for maximizing the flow of business value across your planning an delivery pipelines, at any scale.

While they had all the right goals in mind, Agile got many large IT transformations off on the wrong foot. Deliberately or not, many of the failed transformations focused on development while ignoring operations and ITSM downstream, as well as requirements management and business planning upstream. With DevOps came a critical new focus on automation, tooling and end-to-end feedback loops. To scale DevOps, we need to determine how we structure the flows of information, the combinations of best-of-breed tools and the integration of seemingly incompatible processes models such as SAFe and ITIL. If we don’t, the result will once again be value streams that are fragmented across tool boundaries, disconnected from the business, and impossible to optimize and to measure. But what if we could:

• See the flow of business value in real-time? • See evidence of bottlenecks use them to prioritize IT investment? • Re-architect our software and organization around maximizing flow? • Hypothesis test based on real-time data from every team?

It’s time to apply the same level of discipline to our software delivery transformations that we have to software architecture. In this talk, I’ll introduce the concept of Value Stream Integration, which will provide you with a way of understanding and mapping the flow of business value across your planning an delivery pipelines, at any scale.

Speakers
avatar for Mik Kersten

Mik Kersten

CEO, Tasktop
Dr. Mik Kersten is the Founder & CEO of Tasktop and drives the strategic direction of the company, Tasktop's key partnerships, and the culture of customer-focused innovation. Mik's goal is to help create the Value Stream Integration and visibility layers needed for the world's la... Read More →


Tuesday October 24, 2017 18:45 - 19:30
Cultural Transformation: USA/West Coast

18:45

Build It and They Will Come-pliant: DevSecOps in the Real World
Everybody wants security… until it comes time to pay the bill.

Everybody wants DevOps… if they could agree on what it is, or were in environments that could wield it, or could just make all we weird evangelists shut up.

Let DevSecOps help make your org make good choices! Win-win.

This tak will focus on real world examples on using Security/Compliance to drive DevOps practices, and vice versa. Availability, security, compliance can come together in workflows that sing. Bring security and configuration management upstream into your development and operations ways-of-working. Transcending old silos becomes a joyful habit benefiting the customer, the business — and your quality of worklife.

Speakers
avatar for Julie Tsai

Julie Tsai

Box
Julie favorite recent professional description of herself is, when her sister asked a friend to browse her LI profile to explain to her sister what she did for a living, the friend said, "Oh yeah, I got it. She's an old-school neckbeard."


Tuesday October 24, 2017 18:45 - 19:30
Automated Security: USA/West Coast

18:45

Operations as a Service: Because Failure Still Happens
DevOps has provided plenty of lessons for how to speed up the pace of delivery and deployment. But what about what happens after deployment? How do we bring DevOps principles to the rest of the lifecycle to relieve to capacity crunch that already plagues so many enterprise operations organizations.

DevOps has provided plenty of lessons for how to speed up the pace and frequency of application delivery and deployment. But delivery and deployment only covers one part of the lifecycle. What about what happens after deployment? In many enterprises, increasing the pace and frequency of delivery has just increased the operational support load, work interrupts, and context switching that exasperates the capacity crunch that already existed within their Operations organization. How do we bring DevOps principles to the rest of the lifecycle to avoid or relieve that Operations capacity crunch?

This talk will focus on the successful design patterns that high-performing, large scale organizations have applied to reduce the operational burden and support costs across their entire organization. Specifically, we’ll look at how they apply DevOps principles and practices to improving the post-deployment lifecycle and how Developers can play a key role in reducing the difficultly and cost of operations activity for everyone.

Speakers
avatar for Damon Edwards

Damon Edwards

Co-Founder and Chief Product Officer, Rundeck, Inc.
Damon Edwards is a Co-Founder of Rundeck, Inc., the makers of Rundeck, the popular orchestration and scheduling platform. Damon was previously a Managing Partner at DTO Solutions, a DevOps and IT Operations improvement consultancy. Damon has spent over 15 years working with both the technology and business ends of IT operations and is noted for being a leader in porting cutting-edge DevOps techniques to large enterprise organizations. Damon is also a frequent conference speaker and writer who focuses on DevOps and operations improvement topics. Damon is active in the international DevOps community, including being a co-host of the DevOps Cafe podcast, an early core organizer of the DevOps Days conference series, and a content chair for Gene... Read More →


Tuesday October 24, 2017 18:45 - 19:30
Modern Infrastructure: USA/West Coast

19:30

You Will NEVER Be "Done"
Click to View the Session
Frequently, there’s a question that sounds like “When will you be done with X?”, which translates roughly to “When can I completely rely on X without dealing with a filthy human?” This talk, per its title, should answer that question definitively.

People crave order. They especially crave order from services. They expect their fast-food orders to be correct and they expect the cable television installer to arrive within their scheduled window. They expect FEMA to help them when disaster strikes. They expect to be able to get 4G signal from anywhere on the planet. They expect their elected officials to keep the promises they made during their campaign (or worry that they might…), and to paraphrase Master Carlin, they expect people to drive like neither idiots nor maniacs.

All too frequently, they’re disappointed when these expectations aren’t met.

If you work in any automation-related field, the muggles will view you as a wizard. At least in the beginning. You’re automating their builds, but they still have to check the test reports. You automated the testing check, but they still have to push the button. You automated the deployment, but they’re still able to deploy things that break.

WHY CAN’T YOU MAKE MAGIC HAPPEN, WIZARD? DIDN’T YOU GET A MS IN CS FROM HOGWARTS?

Dealing with providing service to a automation-consuming user base, technically proficient or otherwise, has a number of challenges and this talk will seek to address some of those challenges. It will attempt to cover:
-Estimation
-“Done”-ness (aka LGTM)
-Needs for testing
-Recruiting your user=base to assist you in defining completeness

Speakers
avatar for Mykel Alvis

Mykel Alvis

DevOps Computational Demonologist, Cotiviti
Mykel Alvis has had 4 decades of working in software development to arrive at the hot mess that he is today. His career has covered essentially every phase of the software delivery lifecycle, including support, operations, testing, architecture and management. Mykel currently coa... Read More →


Tuesday October 24, 2017 19:30 - 20:00
Cultural Transformation: USA/East Coast

19:30

Swimming in Services: Navigating Unknown Waters
Whether a monolithic or microservices architecture, in-house solution or third party platforms, our environments are trending towards increased complexity. What measures can we take to ensure quality work experiences for ourselves, companies, and customers?

In this talk, we will examine operational patterns, practices and tools that serve in these unstable and rapidly changing waters. While we can't know what we don't know, we can be prepared with appropriate responses to avoid drowning and in the process change the way we build our products.

Topics will include:
-Qualifying and Quantifying Risk,
-Recognizing and Responding to Issues,
-Recovering and Reflection on Failure.

Speakers
avatar for Jennifer Davis

Jennifer Davis

Senior Software Engineer, Chef
Jennifer is the co-author of Effective DevOps. She is a Global Organizer of devopsdays, and the founder of Coffeeops. In her role at Chef, Jennifer develops Chef cookbooks to simplify building and managing infrastructure. She has spoken at a number of industry conferences about d... Read More →


Tuesday October 24, 2017 19:30 - 20:15
Continuous Everything: USA/West Coast

19:30

Monitoring Unknown Unknowns with AI
In this talk, veteran DevOps engineer Guy Fighel dissects a few real world examples where not knowing what you don’t know led to massive outages and service disruptions. He’ll explore how despite the fact that modern DevOps teams have multiple monitoring tools, hundreds of metrics instrumented and are capturing billions of data points…downtime still happens. How about instead of implementing more monitoring, we bring forward a future where DevOps teams can augment their existing tooling with AI and machine learning to draw richer correlations across events, metrics and logs to surface insights about threats to uptime that aren’t even being monitored. Or put another way, how DevOps teams can get closer to a state of “known knowns!”

Speakers
avatar for Guy Fighel

Guy Fighel

Co-Founder & CTO, SignifAI
Guy Fighel is the Co-Founder & CTO at SignifAI, a machine intelligence platform that helps Site Reliability Engineers to get answers faster by learning from their expertise, not just generic algorithms. He's accumulated 18+ years of experience in system & software architecture an... Read More →


Tuesday October 24, 2017 19:30 - 20:15
Modern Infrastructure: USA/West Coast

21:45

Continuous Performance Testing
Performance testing is difficult. It’s often shown in CI pipelines alongside unit and integration testing, but how do people actually pull off automated performance testing? This talk will demonstrate a combination of tools to show how your development team can run automated performance tests.

This talk will demonstrate the combination of:
  • Terraform for constructing ephemeral environments in AWS, Google Cloud, etc,
  • writing performance tests in Scala with Gatling,
  • and running the tests via Jenkins Pipeline.


I’ll provide examples of how to stitch it all together and ways to extract value out of the stress tests, as well as some pitfalls and costs.


Speakers
avatar for Nicholas Blair

Nicholas Blair

Senior Software Engineer, Sonatype
Nicholas has been creating software for 15 years in public and private sectors, finding ways to contribute to Open Source software for most of that time. He has broad experience on software design, architecture, devops, and scaling high throughput web services and applications.


Tuesday October 24, 2017 21:45 - 22:30
Continuous Everything: USA/Central

21:45

How Senior Leaders Need to Evolve to Create and Support a Learning Culture
Click to View the Session
Courtney will talk about her personal journey as a senior leader in three different companies and what she's learned along the way (the good and the bad).

Speakers
avatar for Courtney Kissler

Courtney Kissler

Vice President of Digital Platform Engineering, Nike
Courtney is the Vice President of Digital Platform Engineering at Nike.  Her teams are accountable for building a re-usable seamless platform to power Nike Direct to Consumer experiences. She is leading the teams accountable for core commerce services, user services, consumer data engineering and global retail solutions. Prior to that, Courtney was the VP of Retail Technology at... Read More →


Tuesday October 24, 2017 21:45 - 22:30
Cultural Transformation: USA/West Coast

21:45

DevOps: A How-To for Agility with Security
This presentation will cover advanced techniques on security automation across the service delivery lifecycle including static and dynamic code analysis, continuous monitoring for infrastructure and platform vulnerability management. The model addresses cybersecurity threats across various attack vectors including hacking, insider threats and denial of service.

Speakers
avatar for Murray Goldschmidt

Murray Goldschmidt

Chief Operating Officer, Sense of Security Pty Ltd
Murray Goldschmidt is an industry recognised expert for achieving security in a DevOps having developed, enhanced and presented on this topic at several events with the objective of rapidly enhancing the capability within our region. | Murray Goldschmidt is an information secur... Read More →


Tuesday October 24, 2017 21:45 - 22:30
Automated Security: Australia/NZ

21:45

Become a Garbage Collection Hero
Are you building high throughput, low latency application? Are you struggling to choose optimal garbage collection algorithm and JVM heap settings? Are you striving to achieve pause less GC? Do you know the right tools & best practices to tame the GC? Get answers to these questions in this session.

Tuning Garbage collection for an application is both an art & science. There are 5 different GC algorithms (serial, Parallel, CMS, G1, shenandoah) and 690+ JVM settings, which makes GC tuning to be a daunting task. There are very limited high quality literature and documentations are available for GC tuning. In this session developers will taught on how to tune GC settings for optimal performance. They will also be introduced to industry’s best tools and practices to achieve finest performances. They will also be taught of effective patterns to be observed in GC logs to troubleshoot complex memory problems.

Speakers
avatar for Ram Lakshmanan

Ram Lakshmanan

GCeasy.io & fastThread.io
Every single day millions and millions of people in North America travel, bank, do commerce & shipments using the applications that Ram Lakshmanan has architected. Ram is the founder of the highly popular GCeasy.io - Universal Garbage Collection log analyzer and fastThread.io - Java thread dump analyzer. Ram advices startups to Fortune 500 enterprises to Governmental organizations on their critical technology initiatives. He is the recipient of popular developer contest awards... Read More →


Tuesday October 24, 2017 21:45 - 22:30
Modern Infrastructure: USA/West Coast

22:30

The DevOps Smart Road: Integrating AI Into DevOps (Barry Snyder)
In our third year of enterprise DevOps and Agile adoption, Fannie Mae has the need for rapid improvements to our DevOps platform. This is challenging with over 450 application teams with diverse practices, technologies, and in some cases derivatives to the enterprise DevOps platform. This presentation speaks to our first step on the journey towards realizing a smart road that allows Fannie Mae to identify patterns as they evolve via AI Machine Intelligence.

Driven by continual improvement in our practices, realizing transparent governance, and our underpinning technologies we evaluated options for a smarter and faster analysis of our monitoring. We identified that the current trends in Machine Intelligence may open doors to solving our dilemma as a “DevOps Smart Road”. With that thought in mind we have embarked on a journey leveraging both deep and wide machine learning techniques to perform cognitive analysis of our technical event data.

Through cognitive analysis of event data we hypothesized that we could quickly and rapidly target the impacts of using specific practices (agile, BDD, TDD, CI\CD, etc.) coupled with particular tools (Jenkins, Cucumber, JIRA, Nexus, SonarQube, etc.). Above and beyond this analytics we could identify where projects are going astray, projects that are not fully adopting best practices, and remove the need for traditional governance.

Using the Improvement Kata to achieve our goals, we have been experimenting towards the implementation of a Solution. Core to the solution are python algorithms built upon TensorFlow analyzing the event data generated by projects as they utilize the enterprise DevOps platform.

Speakers
avatar for Barry Snyder

Barry Snyder

Senior Manager, DevOps Developer Frameworks & Application Quality, Fannie Mae
Accomplished enterprise change leader delivering lean, innovative solutions.Envisioned and Led Enterprise IT Transformation Strategies with lean teams actualizing agile and DevOps solutions across the IT Enterprise landscape, launched IT service portfolios, and realized lean ente... Read More →


Tuesday October 24, 2017 22:30 - 23:15
Continuous Everything: East Coast

22:30

DevOps Lessons from Digital Transformation

DevOps is more than just a tool or a process change. It inherently requires an organizational culture shift, which is generally very challenging. In this perspective, it’s very similar to an industry movement in the recent years called Digital Transformation (DX). Unlike DevOps, DX is typically a bigger enterprise initiative that involves a transformation of the business and culture of the entire company. As such, perhaps DevOps can learn something from the DX practitioners.

This talk will start with “the WHY?” to understand why companies must transform digitally, and what competitive advantages they gain if they do DX well. Then we will examine some of the most common failure modes of DX and provide a strategic framework to help companies pave the road for success DX. Throughout this talk, we will outline the similarity between DX and DevOps and highlight some of the lessons that the DevOps community can learn from the success and failure of DX initiatives.


Speakers
avatar for Michael Wu

Michael Wu

Dr. Michael Wu is the Chief Scientist at Lithium, where he focuses on developing predictive and prescriptive algorithms to extract insights from social big data. His research spans many areas, including customer experience, CRM, online influence, gamification, digital transformation, AI, etc. His... Read More →


Tuesday October 24, 2017 22:30 - 23:15
Cultural Transformation: USA/West Coast

22:30

Secure DevOps for Enterprise Cloud Apps: Insights and Lessons Learned
As businesses switch to modern engineering approaches of agile, dev ops and adopt the cloud, long-established security practices are liable to become hindrances rather than enablers. Traditional security teams face the possibility of (a) either being bypassed altogether or (b) bear the blame for stifling the agility of dev ops teams and slowing down innovation (in a bid to make them conform with outdated security practices).

At Microsoft IT, we have been through an adventurous journey in migrating enterprise line of business applications to the cloud. In the process, we ‘left-shifted’ security and empowered teams to become self-sufficient.

We focused on automating and integrating security into dev ops with emphasis on 6 areas: (a) security of the cloud subscription, (b) secure application development, (c) security integrated into CICD, (d) operational security through continuous assurance, (e) ‘cloud + dev ops’ ready alerting and monitoring and (f) leveraging telemetry towards security risk governance

In the session, we will share our experiences implementing the above framework in the context of real line of business application scenarios. We will also demonstrate the cumulative risk reduction that was achieved coupled with improvements in efficiency. We will end with key insights and lessons learned from the experience.

Takeaways: To successfully embrace secure dev ops in the cloud you should: a) Identify inhibitors: Carefully examine end-to-end workflows that engineering teams currently follow to identify security-related roadblocks b) Simplify and automate: Make security simple and seamlessly integrate into dev ops workflows c) Make monitoring and response ‘dev ops and cloud’ ready: Develop capabilities to regularly monitor security state of cloud workloads d) Be data-driven: Leverage ‘security telemetry’ to make measured improvements to risk posture.

Speakers
avatar for Sudhindranath Byna

Sudhindranath Byna

Microsoft
Sudhindranath Byna has 10 years of experience at Microsoft. He is responsible for creating accelerators for enabling agile methodologies and empowering engineering teams in migrating business-critical apps to the cloud securely. His recent work has been around creating a Secure D... Read More →
avatar for Manish Prabhu

Manish Prabhu

Microsoft
Manish owns defining and delivering secure devops for the cloud transformation for Microsoft IT. Manish has been driving the effort to create engineering tools, automation and guidance that can enable secure dev ops in Azure and accelerate cloud transformation for an enterprise... Read More →


Tuesday October 24, 2017 22:30 - 23:15
Automated Security: India

22:30

Graphs: The Fabric of DevOps
From datacenter to cloud, bare metal to containers, monoliths to microservices, DevOps practices are more effective with a real-time graph model of all the things! We will share how Lending Club uses graph database technology to manage infrastructure and operate the company.

Speakers
avatar for Rob Schoening

Rob Schoening

Vice President of Technical Operations, Lending Club
Rob is the VP of Technical Operations at LendingClub. He fell in love with the process of writing software at the age of eight, graduated with a degree in Philosophy and has spent the balance of his career in financial services.


Tuesday October 24, 2017 22:30 - 23:15
Modern Infrastructure: USA/West Coast

23:15

Continuous Delivery Sounds Great But It Won’t Work Here
Speakers
avatar for Jez Humble

Jez Humble

Jez Humble is co-author of The DevOps HandbookLean Enterprise, and the Jolt Award winning Continuous Delivery. He has spent his career tinkering with code, infrastructure, and product development in companies of varying sizes across three continents, most recently working for the US Federal Government... Read More →


Tuesday October 24, 2017 23:15 - Wednesday October 25, 2017 00:00
Continuous Everything: USA/West Coast

23:15

Secrets of a High Performance Security Focused Agile Team
Quality (security included) does not have to be neglected when you’re planning, building and running a high performance development team.

Kim will set the stage with how and why Agile Development Teams fail, explained with a familiar anecdote taken from his new book “Holistic Info-Sec for Web Developers”, coupled with how you can change this.

Kim will then cover a set of light weight processes, practises and tools, that when combined have proven their value in: (1) Aiding high throughput (reducing time to market) (2) Significantly increasing quality (finding and removing bugs) (3) Without descoping and all while reducing total project cost (fact). If this sounds like breaking the laws of physics, or to good to be true, then this talk is for you.

Kim will finish off with the habits of top developers and how we can make them part of our lives.

Speakers
avatar for Kim Carter

Kim Carter

Architect. OWASP Chapter Leader, BinaryMist Limited
Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 15 years of commercial industry experience across many domains, Kim enjoys teaching others how to apply information security to their Agile processes, bringing the sec... Read More →


Tuesday October 24, 2017 23:15 - Wednesday October 25, 2017 00:00
Cultural Transformation: Australia/NZ

23:15

Tyro Payments: Securing Australia's Newest Bank
As Australia's Newest Bank, we need to innovate and move fast. We use an Agile methodology, build the NextGen Bank on a micro-services architecture and do continuous releases. Doing this securely, without making security a bottle neck, presents a unique challenge.

In this presentation, Edwin Kwan, will talk about Tyro's SSDLC (Secure Software Development Life Cycle) security journey. He will be talking about the security approaches that were taken, sharing what worked well, what didn't work (and why) and what they are trying now.

Speakers
avatar for Edwin Kwan

Edwin Kwan

Application and Security Team Lead, Tyro Payments
Edwin Kwan is Application and Software Security Team Lead at Tyro Payments in Australia. He is a Software Engineer with over nine years experience developing large scale; real-time; high performance; high reliability software applications for major telecommunication vendors. Edwi... Read More →



Tuesday October 24, 2017 23:15 - Wednesday October 25, 2017 00:00
Automated Security: Australia/NZ

23:15

Disposable Development Environments
Vagrant, then Docker, changed the way we can develop applications.  Django  `runserver`? ... nope ... evil. Nginx reverse proxy to  UWSGI or Gunicorn? ... now you\'re talking.

Developers must have the ability to work with the production configuration if they are going to be responsible for the production operation. As a DevOps practitioner, we have learned that the more things we can put in to source control, the more wins everyone in the software value chain experiences. 

Vagrant and Docker are tools that separate the run time of the software from the software itself. They make infrastructure and configuration as code easy to do. Once infrastructure and configuration are code they become collaboration points the same way a code base is. Testing, experimenting and sharing are greatly eased leading to gains in critical non-functional requirements like security, stability and performance. 

This presentation will motivate the use of tools such as Vagrant and Docker for better developer participation in operations.

You know ... DevOps!

Speakers
avatar for Boyd Hemphill

Boyd Hemphill

CTO, VictoryCTO
Boyd Hemphill is the CTO at VictoryCTO where he helps customers win in their respective markets by realizing the potential of their technology. | | Boyd is a DevOps raconteur and thought leader in the silicon hills of Austin Texas. Boyd founded Austin DevOps and plays a role... Read More →


Tuesday October 24, 2017 23:15 - Wednesday October 25, 2017 00:00
Modern Infrastructure: USA/Central
 
Wednesday, October 25
 

00:00

Scenario Logging for Effective Telemetry and Retention Analysis
Software today is more complex than ever,and our ability to analyze it is limited by our telemetry and monitoring frameworks. Scenario logging provides a way to record a chain of events from a single starting point to one optional end,giving us a way to gain insights on the dynamics of our software.

“Irreproducible bugs become highly reproducible right after delivery to the customer.”
— Michael Stahl’s derivative of Murphy’s Law

Is it possible to reduce the number of bugs being closed as “not repro”?

We’ve all seen it before: customer bugs describe a product behavior previously believed to be impossible, and no amount of time spent in logs or dashboards will provide a clue to how the user got to that state. In search of information, we try to reproduce this behavior in the lab, usually with no success.

Contrary to developers’ popular belief, irreproducible bugs exist outside the imagination of testers and users, signaling warning signs of blind spots and dead ends in our software.

Wouldn’t you just love to have all the information needed already in the logs? And even more, have a way to find other customers facing the same issue and not complaining? If you had a way to achieve that you wouldn’t need to try and reproduce the bug.

By adding scenario logging to these problematic flows not only we’ll be able to investigate and fix these bugs faster, but also be able to identify them earlier and analyze the impact on the user experience.

Scenario logging is designed to log the user’s activities from the moment the user enters the initial state until reaching one of the expected final states, be it success or failure. Using these logs, we can find in which step the user diverted from the expected flow and how, making the fix very simple (blocking that route). More importantly we can also use scenario logging to identify unexpected flows in cases where the user didn’t notice the problem until later or decided not to report it.

Speakers
avatar for Renana Yacobi

Renana Yacobi

Microsoft
I have been working for over 9 years in leading startups as a senior server-side software engineer, providing solutions in areas such as data mining, operating systems and image processing, specializing in distributed and high performance computation. | 3.5 years ago, when chal... Read More →


Wednesday October 25, 2017 00:00 - 00:45
Continuous Everything: USA/West Coast

00:00

The Lizard Brain
The lizard brain is a colloquial term for the most basic parts of your brain. We are primal animals. We dont interact with machines in the same way as we interact with humans. IT is very good at overlooking the lizard brain. Technical solutions are limited in their ability to meet human needs.

This presentation looks at the often overlooked instinctual levels of human behaviour in the context of IT transformational change driven by DevOps. Culture change doesn’t happen unless we cater for the primitive subconscious needs of humans to interact, communicate and bond. The ideas presented are simple starting points for building a human community of trust and collaboration to make DevOps happen. They will give you a new lens to examine the things you do to ensure they succeed.

Speakers
avatar for Rob England

Rob England

The IT Skeptic
Rob is an independent IT management consultant, trainer, and commentator based in Wellington, New Zealand. Rob is an internationally-recognised thought leader in DevOps and IT Service Management (ITSM) and a published author of seven books and many articles. He is an acknowledged... Read More →


Wednesday October 25, 2017 00:00 - 00:45
Cultural Transformation: Australia/NZ

00:00

Remove Developers' Shameful Secrets
One goal: eliminate hard coded secrets in code repository. For this talk, I will do a short demo using some (or one) of the secret management tools to automate security into CICD, building on my previous workflow.

I started out with one goal: to eliminate hard coded secrets in code repository.

I’ve searched a long time to find a process / solution. There are many secret management tools out there but none talks in details about what is the secret sauce to integrating them into your DevOps pipeline. For this talk, I will do a short demo using some (or one) of these secret management tools to automate security into CICD, building on my previous workflow.

Speakers
avatar for Fabian Lim

Fabian Lim

DevSecOps Engineer, DevSecOps
Fabian is a returning addict to All Day DevOps; does DevSecOps all day and is a vigilante at night. While he enjoys hacking into systems, he likes to teach others how to get it correct without laughing at them (too loudly). Fabian presented at RSAC Singapore, All Day DevOps, and... Read More →


Wednesday October 25, 2017 00:00 - 00:45
Automated Security: SE Asia

00:45

The Gift of Feedback - Shannon Lietz
Are you frustrated with the complexity that security brings to your development process? Are the OWASP Top 10 working for your organization? Do you find yourself begging for security defects to get proper attention? Do you feel like you are in the loop on how software is getting built or surprised by what you are finding? Is there really any wonder that attackers are finding easy opportunities for malicious fame or gain? Is it possible that most everything we believe about how we endeavor to secure workloads is simply wrong?

With the current migration of everything to code, complexity is increasing and so are opportunities to make mistakes. Because of this trend, it is essential that we re-evaluate how to implement security by pushing it as far to the left as possible and accelerating outcomes by making security consumable.

Come hear how to engage in next generation security by leveraging the gift of feedback

Speakers
avatar for Shannon Lietz

Shannon Lietz

Director, DevSecOps, Intuit
Award winning leader in security innovation with experience developing emerging security programs for Fortune 500 companies: Intuit, ServiceNow, Sony, Sempra Energy, Savvis, Cable and Wireless, 99 Cents Only, Exodus, Bank of America, among others internationally. Received the Scott Cook Innovation Award in 2014 for developing and cultivating a world class Cloud Security Program that allows for sensitive data to be protected in AWS. Ms. Lietz is currently the Director of DevSecOps for Intuit where she is responsible for setting and driving the... Read More →


Wednesday October 25, 2017 00:45 - 01:30
Cultural Transformation: USA/West Coast

00:45

0 to 60 Researchers - Jumpstarting a Bug Bounty Program
Learn about where the rubber meets the road for rolling out a bug bounty program and specifically learn about how the Lending Club Application Security team partnered with security researchers to uncover vulnerabilities in Internet accessible sites, APIs and mobile apps.

Join Lending Club’s Director of Application Security, Ty Sbano, and Lending Club’s Bug Bounty Program Engineer, Wendy Zenone, as they provide details of their nine-month journey of going from zero to sixty security researchers. Lending Club’s tech organization applies an Agile mindset and DevOps practices and integrating a private bug bounty program came with a few takeaways. The Lending Club Application Security team will discuss how they integrated another layer of security, provide a dose of reality to their secure software development lifecycle and helped foster a strong relationship with the security researcher community.

Speakers
avatar for Ty Sbano

Ty Sbano

Director of Application Security, LendingClub
Ty Sbano is currently the Director of Application Security at Lending Club, his primary career focus has been developing application and product security programs for Target, Capital One and JPMorgan Chase. Key areas of knowledge include developing security champions, secure code... Read More →


Wednesday October 25, 2017 00:45 - 01:30
Automated Security: USA/West Coast

01:30

From Rogue One to Rebel Alliance: Building Developers into Security Champions

Are you responsible for more than just AppSec? What do you do when you have more teams to support than security experts? How can you make security champions out of dissenters in the development team?

There just aren’t enough security experts to go around. You have to support the multitude of Agile and DevOps teams that are making production software changes anywhere from once a month to several times a day? The lack of resources coupled with the ever increasing responsibilities can make you feel like a rouge warrior in the battle against cybercrime. What’s a security professional to do? Whether you are a team of one or five, there aren’t enough hours in the day and even if there was more budget, good luck finding someone to fill that security role. What if I told you that through careful selection and good training it is possible to build your own army from the very people who own the development process?

What you will learn:

  1. Who to recruit as security champions 
  2. How to train these champions in productive application security 
  3. How to measure success 
  4. How to build a scalable security program 5. What to expect from champions 

Speakers
avatar for Peter Chestna

Peter Chestna

Pete Chestna has more than 25 years of experience developing software and leading development teams, and has been granted three patents. Pete has been developing web applications since 1996, including one of the first applications to be delivered through a web interface. He led his current company from Waterfall to Agile, and finally to DevOps, in addition to taking the company from a monolithic architecture to one based on microservices. Since 2006, Pete has been a leader in the Application Security (AppSec) space and has consulted with some of the... Read More →


Wednesday October 25, 2017 01:30 - 02:15
Cultural Transformation: Australia/NZ

01:30

The Kubes Dialogues
What if Kubernetes, let call him/her Kubes, was a person, what would she/he say to you? Is he/she your friend, your lover or your worst enemy? What would you say to her/him? In “The Kubes Dialogues” play we delve into consensual and nonconsensual experiences, deployments, operations, wins and failures, over- and under engineering work, open-source extravaganza and marketing glitter and glamour.

With >1000 Kubes clusters deployed on any cloud, bare-metals and on any scale using Cloud 66 the stories are rich, great, terrible, horrifying and full-on awesomeness.

In 10 x 2 minutes snack-bite size stories you get the inside-out of true real life Kubes in production. Sit back and relax and enjoy the show and learn a thing or two about Kubes you didn’t even know about.

Speakers
avatar for Daniël van Gils

Daniël van Gils

Developer Advocate, Cloud 66
I'm a developer advocate at Cloud 66 Inc. with over 15+ year of experience. I like to help others, speak to and be creative and educate other developers to craft web applications and container based microservice architectures. I'm an accomplished creative technologist, Got a vast and varied experience in application development (java, ruby, go, c#), embedded computing (arduino, electronics, clusters, sensors), agile workflows and building container technologies (docker, rkt, kubernetes) at scale, gained working in the web development, creative technologies and gaming industries. I received multiple awards for my work in the creative industries. In my spare time... Read More →


Wednesday October 25, 2017 01:30 - 02:15
Modern Infrastructure: Europe

02:15

It's Not Continuous Delivery If You Can't Deploy Right Now
Automated processes that don’t actually reach production are called continuous delivery when they’re actually more like improved continuous integration. This talk explores code management strategies, deployment patterns, and cd pipelines you can use to make sure you can deploy right now.

People often say that they’re practicing continuous delivery, and then add something like “I can let the security team know any time” or “I just have to run the performance tests.” Ken Mugrage explains why you’re not done with your continuous delivery journey if you can’t push your software to production right now. Along the way, Ken explores code management strategies, deployment patterns, and types of continuous delivery pipelines you can use to make sure you can deploy right now.

Speakers
avatar for Ken Mugrage

Ken Mugrage

ThoughtWorks
Ken Mugrage has 25 years of experience in the IT industry, spending the last 8 at ThoughtWorks. During his entire career, Ken has focused on using technology to increase business effectiveness, as opposed to using the "latest cool thing". Ken has been focused on Continuous Delive... Read More →


Wednesday October 25, 2017 02:15 - 03:00
Continuous Everything: USA/West Coast

02:15

Measuring DevOps: The Key Metrics That Matter

How is your DevOps transformation coming along? 

How do you measure Agility? Reliability? Efficiency? Quality? Culture? Success?!

How do you optimize your software delivery processes?

You can’t improve what you cannot measure. But are you measuring the right things? Are you measuring too little (or too late), or are you drowning in disparate data points that make it hard for you to get to the bottom line: where should you be focusing on next as you optimize your process?

Having the right goals, asking the right questions and learning by doing are paramount to achieving success with DevOps. Having specific milestones and shared KPIs play a critical role in guiding your DevOps adoption and lead to continuous improvement - towards realizing true agility, improved quality, and faster time to market throughout your organization.

This session will walk you through a practical framework for implementing measurement and tracking of your DevOps efforts and software delivery performance that will provide you with data you can act on!

These KPIs include metrics related to your software delivery pipeline and technical progress, as well as cultural indicators and business impact. In addition, we will cover common use cases and real world examples for implementing these metrics to drive DevOps success, as well as best practices for how to address certain challenges and problematic areas along your process that these metrics may bring to light.


Speakers
avatar for Anders Wallgren

Anders Wallgren

CTO, Electric Cloud
Anders Wallgren is chief technology officer at Electric Cloud. Anders has over 25 years’ experience designing and building commercial software. Prior to joining Electric Cloud, he held executive positions at Aceva, Archistra, and Impresse and management positions at Macromedia (MACR), Common Ground Software, and Verity (VRTY), where he played critical technical leadership roles in delivering award winning technologies such as... Read More →


Wednesday October 25, 2017 02:15 - 03:00
Modern Infrastructure: USA/West Coast