SlideShare a Scribd company logo

Rugged DevOps: Aligning Your Team and Your Powers for Success

Download as PPTX, PDF
S
SeniorStoryteller

Chris Carlucci at Nexus World Tour, Chicago 2016

Technology
1 of 28
Mentor’s View: Aligning your team and your powers for success Chris Carlucci Customer Success Engineer Sonatype
Agenda 2 4/27/2016 • Getting Started on Your Journey • Open Source Policy Guidelines • Policy Results in Eclipse & Jenkins • Meaningful Success Metrics
Getting started on your journey 3 4/27/2016 • Rugged DevOps, Software Supply Chain, Now What? • The Hero’s Journey • Align Your Heroes • Building Bridges • Setting Expectations
Building A Trusted Software Supply Chain 4 4/27/2016
Different Stakeholders, Different Priorities 5 4/27/2016 Where’s that release? Done! On to the next sprint. Now, where are we in that process?
6 4/27/2016 Building A Better Bridge Between Dev, Ops & Sec • Tooling needs to adopt the practice of the practitioner • A tool is not a process and a process is not a tool; learn to leverage both
Two Philosophies • Support & guide • Objective information across the lifecycle • Each performs the task they are good at • Faster component selection and issue resolution • Bridges the developer “compliance” gap 7 4/27/2016 • Scan & scold • Reactive information late in the lifecycle • Creates rework and slows remediation • Hinders technology innovation • More expensive
8 4/27/2016 Communicate Expectations Determine lifecycle enforcement strategy: Allows developers time to research & fix or to request waivers Everything is documented on an internal WIKI Development CI Build Promotion to staging or release
Fix the Red – Actionable? 9 4/27/2016
Fix the Red – Actionable? 10 4/27/2016
11 4/27/2016 Building A Good Component Practice Phase 3 Reducing risk & enforcing compliance Phase 2 Creating policy & rating risk Phase 1 Understanding your environment
Interactive Policy Development 12 4/27/2016
13 4/27/2016 What Is Policy?
14 4/27/2016 Out-of-the-box Policies With Easy Customization Architecture Component License Security
IQ Server Policy Definition 15 4/27/2016
Tool Chain Integration – IDE & CI Server 16 4/27/2016
17 4/27/2016 ZTTR (Zero Time to Remediation) Empower Developers From The Start1
18 4/27/2016 Design A Frictionless Approach2
19 4/27/2016 Create A Software Bill Of Materials3
Defining Meaningful Success Metrics 20 4/27/2016 http://www.aintitcool.com/node/44547
It’s Not Always What You Measure… 21 4/27/2016 http://ronjeffries.com/articles/016-03/you-want/
…It’s the Behavior that Results 22 4/27/2016 Manager: “Nathan, this isn’t fair. You’re just showing the number of stories, not how big they are.” Nathan: “That’s right.” Manager: “But that’s not fair!” Nathan: [silent] Manager: “All I’d have to do would be to divide up my stories into little bits and release those every month.” Nathan: [silent, smiling] Manager: “Oh.” • Soon, the manager was doing small stories, to the benefit of everyone. http://ronjeffries.com/articles/016-03/you-want/
Success Metrics 23 4/27/2016 • Short Term – Time to Value • “By the end of the workshop, we configured ~80% of our policies. Just six business days after training, we have made the test environment available in our organization” • Long Term – Quality Metrics • MTTR • WIP • New violations delivered to production
Q&A
Wrap Up 25 4/27/2016 • Manage your Software Supply Chain • Collaborate with counterparts – BA/PM/Dev/QA/Ops/Sec. • Discuss mutual interdependence and shared objectives • Automated Real-Time Feedback is a win-win • http://bit.ly/app-check
We’re here, engaged & READY TO HELP 26 Nexus Newsletter Nexus Live – Google Hangouts Cool Things in 2 Minutes Customer Success Team Training On-Site or OnlineOnline Knowledge BaseNexus Community Pages Books Online
Chicago, IL April 27, 2016 Mentor’s View: Aligning your team and your powers for success Chris Carlucci, Customer Success Engineer, Sonatype

Recommended

Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySeniorStoryteller
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzSeniorStoryteller
 
The DevOps Hero Toolkit: Nexus, Jenkins and Docker
The DevOps Hero Toolkit: Nexus, Jenkins and DockerThe DevOps Hero Toolkit: Nexus, Jenkins and Docker
The DevOps Hero Toolkit: Nexus, Jenkins and DockerSeniorStoryteller
 
Rundeck + Nexus (from Nexus Live on June 5, 2014)
Rundeck + Nexus (from Nexus Live on June 5, 2014)Rundeck + Nexus (from Nexus Live on June 5, 2014)
Rundeck + Nexus (from Nexus Live on June 5, 2014)dev2ops
 
RoboCop: Bringing Law and Order to CI/CD
RoboCop: Bringing Law and Order to CI/CDRoboCop: Bringing Law and Order to CI/CD
RoboCop: Bringing Law and Order to CI/CDFranklin Mosley
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsJakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsDevSecCon
 
Dev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDevSecCon
 
DevSecOps SG Introduction - August Meetup
DevSecOps SG Introduction - August MeetupDevSecOps SG Introduction - August Meetup
DevSecOps SG Introduction - August MeetupDevSecOpsSg
 

Recommended

Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySeniorStoryteller
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzSeniorStoryteller
 
The DevOps Hero Toolkit: Nexus, Jenkins and Docker
The DevOps Hero Toolkit: Nexus, Jenkins and DockerThe DevOps Hero Toolkit: Nexus, Jenkins and Docker
The DevOps Hero Toolkit: Nexus, Jenkins and DockerSeniorStoryteller
 
Rundeck + Nexus (from Nexus Live on June 5, 2014)
Rundeck + Nexus (from Nexus Live on June 5, 2014)Rundeck + Nexus (from Nexus Live on June 5, 2014)
Rundeck + Nexus (from Nexus Live on June 5, 2014)dev2ops
 
RoboCop: Bringing Law and Order to CI/CD
RoboCop: Bringing Law and Order to CI/CDRoboCop: Bringing Law and Order to CI/CD
RoboCop: Bringing Law and Order to CI/CDFranklin Mosley
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsJakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsDevSecCon
 
Dev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDevSecCon
 
DevSecOps SG Introduction - August Meetup
DevSecOps SG Introduction - August MeetupDevSecOps SG Introduction - August Meetup
DevSecOps SG Introduction - August MeetupDevSecOpsSg
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introductionStefan Streichsbier
 
Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Canturk Isci
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryPriyanka Aash
 
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)Dominic Tancredi
 
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016Adam Baldwin
 
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015Adam Baldwin
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Sebastian Taphanel CISSP-ISSEP
 
Null application security in an agile world
Null application security in an agile worldNull application security in an agile world
Null application security in an agile worldStefan Streichsbier
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
 
Cloudsolutionday 2016: Compliance and cost controlling on AWS
Cloudsolutionday 2016: Compliance and cost controlling on AWSCloudsolutionday 2016: Compliance and cost controlling on AWS
Cloudsolutionday 2016: Compliance and cost controlling on AWSAWS Vietnam Community
 
Unit testing : what are you missing for security
Unit testing : what are you missing for securityUnit testing : what are you missing for security
Unit testing : what are you missing for securitySuman Sourav
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information SecurityDevSecOpsSg
 
Surrogate dependencies (in node js) v1.0
Surrogate dependencies (in node js) v1.0Surrogate dependencies (in node js) v1.0
Surrogate dependencies (in node js) v1.0Dinis Cruz
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Jeff Williams
 
Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016Digia Plc
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
 
Justin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryJustin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryDevSecCon
 
Mentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessMentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessSonatype
 
Aligning Your Team and Your Powers for Success
Aligning Your Team and Your Powers for SuccessAligning Your Team and Your Powers for Success
Aligning Your Team and Your Powers for SuccessSeniorStoryteller
 
DevOps 2016 - the year ahead
DevOps 2016 - the year aheadDevOps 2016 - the year ahead
DevOps 2016 - the year aheadDustin Collins
 
Using OPPM to Build a Project Information and Collaboration Solution
Using OPPM to Build a Project Information and Collaboration SolutionUsing OPPM to Build a Project Information and Collaboration Solution
Using OPPM to Build a Project Information and Collaboration SolutionConnie Inman, MBA, PMP
 

More Related Content

Viewers also liked

DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introductionStefan Streichsbier
 
Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Canturk Isci
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryPriyanka Aash
 
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)Dominic Tancredi
 
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016Adam Baldwin
 
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015Adam Baldwin
 
Null application security in an agile world
Null application security in an agile worldNull application security in an agile world
Null application security in an agile worldStefan Streichsbier
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
 
Cloudsolutionday 2016: Compliance and cost controlling on AWS
Cloudsolutionday 2016: Compliance and cost controlling on AWSCloudsolutionday 2016: Compliance and cost controlling on AWS
Cloudsolutionday 2016: Compliance and cost controlling on AWSAWS Vietnam Community
 
Unit testing : what are you missing for security
Unit testing : what are you missing for securityUnit testing : what are you missing for security
Unit testing : what are you missing for securitySuman Sourav
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information SecurityDevSecOpsSg
 
Surrogate dependencies (in node js) v1.0
Surrogate dependencies (in node js) v1.0Surrogate dependencies (in node js) v1.0
Surrogate dependencies (in node js) v1.0Dinis Cruz
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Jeff Williams
 
Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016Digia Plc
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
 
Justin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryJustin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryDevSecCon
 

Viewers also liked (18)

DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introduction
 
Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
 
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)
 
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
 
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017
 
Null application security in an agile world
Null application security in an agile worldNull application security in an agile world
Null application security in an agile world
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
 
Cloudsolutionday 2016: Compliance and cost controlling on AWS
Cloudsolutionday 2016: Compliance and cost controlling on AWSCloudsolutionday 2016: Compliance and cost controlling on AWS
Cloudsolutionday 2016: Compliance and cost controlling on AWS
 
Unit testing : what are you missing for security
Unit testing : what are you missing for securityUnit testing : what are you missing for security
Unit testing : what are you missing for security
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information Security
 
Surrogate dependencies (in node js) v1.0
Surrogate dependencies (in node js) v1.0Surrogate dependencies (in node js) v1.0
Surrogate dependencies (in node js) v1.0
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
 
Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
 
Justin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryJustin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application delivery
 

Similar to Rugged DevOps: Aligning Your Team and Your Powers for Success

Mentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessMentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessSonatype
 
Aligning Your Team and Your Powers for Success
Aligning Your Team and Your Powers for SuccessAligning Your Team and Your Powers for Success
Aligning Your Team and Your Powers for SuccessSeniorStoryteller
 
DevOps 2016 - the year ahead
DevOps 2016 - the year aheadDevOps 2016 - the year ahead
DevOps 2016 - the year aheadDustin Collins
 
Using OPPM to Build a Project Information and Collaboration Solution
Using OPPM to Build a Project Information and Collaboration SolutionUsing OPPM to Build a Project Information and Collaboration Solution
Using OPPM to Build a Project Information and Collaboration SolutionConnie Inman, MBA, PMP
 
CraftConf 2017 "Microservices: The Organisational and People Impact"
CraftConf 2017 "Microservices: The Organisational and People Impact"CraftConf 2017 "Microservices: The Organisational and People Impact"
CraftConf 2017 "Microservices: The Organisational and People Impact"Daniel Bryant
 
Boston DevOps - DRC meeting 1-21-16
Boston DevOps - DRC meeting 1-21-16Boston DevOps - DRC meeting 1-21-16
Boston DevOps - DRC meeting 1-21-16T. J. Saotome
 
An End to End Stack for a Container Age - Continuous Delivery London 2016
An End to End Stack for a Container Age - Continuous Delivery London 2016An End to End Stack for a Container Age - Continuous Delivery London 2016
An End to End Stack for a Container Age - Continuous Delivery London 2016Chris Jackson
 
How is Analysis Done in Agile by Robin Grace
How is Analysis Done in Agile by Robin Grace How is Analysis Done in Agile by Robin Grace
How is Analysis Done in Agile by Robin Grace IndigoCube
 
Why Aren't You Using Sitecore Analytics?
Why Aren't You Using Sitecore Analytics?Why Aren't You Using Sitecore Analytics?
Why Aren't You Using Sitecore Analytics?Hero Digital
 
Why Aren't You Using Sitecore Analytics?
Why Aren't You Using Sitecore Analytics?Why Aren't You Using Sitecore Analytics?
Why Aren't You Using Sitecore Analytics?Hero Digital
 
Allocating Work: Providing Tools for Academics
Allocating Work: Providing Tools for AcademicsAllocating Work: Providing Tools for Academics
Allocating Work: Providing Tools for Academicslisbk
 
MCN 2017 | Iterating on Process and Platforms
MCN 2017 | Iterating on Process and PlatformsMCN 2017 | Iterating on Process and Platforms
MCN 2017 | Iterating on Process and PlatformsSusan Wigodner
 
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13Project Control | PROJ CTRL
 
RIPE NCC tools
RIPE NCC toolsRIPE NCC tools
RIPE NCC toolsRIPE NCC
 
Project management practitioner or software user?
Project management practitioner or software user?Project management practitioner or software user?
Project management practitioner or software user?Denise Fotopoulou
 
Information Services Project Management Change Theme Update May 2017
Information Services Project Management Change Theme Update May 2017Information Services Project Management Change Theme Update May 2017
Information Services Project Management Change Theme Update May 2017Mark Ritchie
 
Designing with Lean UX : Rapid Product Design (Handouts only) [UX Lisbon 2014]
Designing with Lean UX : Rapid Product Design (Handouts only) [UX Lisbon 2014]Designing with Lean UX : Rapid Product Design (Handouts only) [UX Lisbon 2014]
Designing with Lean UX : Rapid Product Design (Handouts only) [UX Lisbon 2014]Kate Rutter
 
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics PlatformOne North
 
Open Day December 2016
Open Day December 2016Open Day December 2016
Open Day December 2016Faris Ansari
 

Similar to Rugged DevOps: Aligning Your Team and Your Powers for Success (20)

Mentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessMentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for Success
 
Aligning Your Team and Your Powers for Success
Aligning Your Team and Your Powers for SuccessAligning Your Team and Your Powers for Success
Aligning Your Team and Your Powers for Success
 
DevOps 2016 - the year ahead
DevOps 2016 - the year aheadDevOps 2016 - the year ahead
DevOps 2016 - the year ahead
 
Using OPPM to Build a Project Information and Collaboration Solution
Using OPPM to Build a Project Information and Collaboration SolutionUsing OPPM to Build a Project Information and Collaboration Solution
Using OPPM to Build a Project Information and Collaboration Solution
 
CraftConf 2017 "Microservices: The Organisational and People Impact"
CraftConf 2017 "Microservices: The Organisational and People Impact"CraftConf 2017 "Microservices: The Organisational and People Impact"
CraftConf 2017 "Microservices: The Organisational and People Impact"
 
Boston DevOps - DRC meeting 1-21-16
Boston DevOps - DRC meeting 1-21-16Boston DevOps - DRC meeting 1-21-16
Boston DevOps - DRC meeting 1-21-16
 
An End to End Stack for a Container Age - Continuous Delivery London 2016
An End to End Stack for a Container Age - Continuous Delivery London 2016An End to End Stack for a Container Age - Continuous Delivery London 2016
An End to End Stack for a Container Age - Continuous Delivery London 2016
 
How is Analysis Done in Agile by Robin Grace
How is Analysis Done in Agile by Robin Grace How is Analysis Done in Agile by Robin Grace
How is Analysis Done in Agile by Robin Grace
 
Why Aren't You Using Sitecore Analytics?
Why Aren't You Using Sitecore Analytics?Why Aren't You Using Sitecore Analytics?
Why Aren't You Using Sitecore Analytics?
 
Why Aren't You Using Sitecore Analytics?
Why Aren't You Using Sitecore Analytics?Why Aren't You Using Sitecore Analytics?
Why Aren't You Using Sitecore Analytics?
 
Allocating Work: Providing Tools for Academics
Allocating Work: Providing Tools for AcademicsAllocating Work: Providing Tools for Academics
Allocating Work: Providing Tools for Academics
 
Pesch, NISO Update: IOTA
Pesch, NISO Update: IOTAPesch, NISO Update: IOTA
Pesch, NISO Update: IOTA
 
MCN 2017 | Iterating on Process and Platforms
MCN 2017 | Iterating on Process and PlatformsMCN 2017 | Iterating on Process and Platforms
MCN 2017 | Iterating on Process and Platforms
 
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
 
RIPE NCC tools
RIPE NCC toolsRIPE NCC tools
RIPE NCC tools
 
Project management practitioner or software user?
Project management practitioner or software user?Project management practitioner or software user?
Project management practitioner or software user?
 
Information Services Project Management Change Theme Update May 2017
Information Services Project Management Change Theme Update May 2017Information Services Project Management Change Theme Update May 2017
Information Services Project Management Change Theme Update May 2017
 
Designing with Lean UX : Rapid Product Design (Handouts only) [UX Lisbon 2014]
Designing with Lean UX : Rapid Product Design (Handouts only) [UX Lisbon 2014]Designing with Lean UX : Rapid Product Design (Handouts only) [UX Lisbon 2014]
Designing with Lean UX : Rapid Product Design (Handouts only) [UX Lisbon 2014]
 
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
#1NLab16 - Training for the Long Run: How to Strengthen Your Analytics Platform
 
Open Day December 2016
Open Day December 2016Open Day December 2016
Open Day December 2016
 

More from SeniorStoryteller

Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...SeniorStoryteller
 
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua CormanWhere Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua CormanSeniorStoryteller
 
Implementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ SchleenImplementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ SchleenSeniorStoryteller
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionScaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionSeniorStoryteller
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybSeniorStoryteller
 
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...SeniorStoryteller
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul ReedRelease Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul ReedSeniorStoryteller
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...SeniorStoryteller
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsOps Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsSeniorStoryteller
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh RaghavanBuilding Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh RaghavanSeniorStoryteller
 
Breaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John WillisBreaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John WillisSeniorStoryteller
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareSeniorStoryteller
 
NuGet Package Management Done Right
NuGet Package Management Done RightNuGet Package Management Done Right
NuGet Package Management Done RightSeniorStoryteller
 
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and DockerHero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and DockerSeniorStoryteller
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSeniorStoryteller
 
Heroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps TransformationsHeroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps TransformationsSeniorStoryteller
 
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainCreate Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainSeniorStoryteller
 
Leveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsLeveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsSeniorStoryteller
 
Guns, Germs and Microservices w/ John Willis and Josh Corman
Guns, Germs and Microservices w/ John Willis and Josh CormanGuns, Germs and Microservices w/ John Willis and Josh Corman
Guns, Germs and Microservices w/ John Willis and Josh CormanSeniorStoryteller
 
What We Learned from Three Years of Sciencing the Crap Out of DevOps
What We Learned from Three Years of Sciencing the Crap Out of DevOpsWhat We Learned from Three Years of Sciencing the Crap Out of DevOps
What We Learned from Three Years of Sciencing the Crap Out of DevOpsSeniorStoryteller
 

More from SeniorStoryteller (20)

Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
 
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua CormanWhere Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
 
Implementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ SchleenImplementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ Schleen
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionScaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
 
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul ReedRelease Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsOps Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon Edwards
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh RaghavanBuilding Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh Raghavan
 
Breaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John WillisBreaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John Willis
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged Software
 
NuGet Package Management Done Right
NuGet Package Management Done RightNuGet Package Management Done Right
NuGet Package Management Done Right
 
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and DockerHero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
 
Heroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps TransformationsHeroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps Transformations
 
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainCreate Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply Chain
 
Leveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsLeveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOps
 
Guns, Germs and Microservices w/ John Willis and Josh Corman
Guns, Germs and Microservices w/ John Willis and Josh CormanGuns, Germs and Microservices w/ John Willis and Josh Corman
Guns, Germs and Microservices w/ John Willis and Josh Corman
 
What We Learned from Three Years of Sciencing the Crap Out of DevOps
What We Learned from Three Years of Sciencing the Crap Out of DevOpsWhat We Learned from Three Years of Sciencing the Crap Out of DevOps
What We Learned from Three Years of Sciencing the Crap Out of DevOps
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Rugged DevOps: Aligning Your Team and Your Powers for Success

  • 1. Mentor’s View: Aligning your team and your powers for success Chris Carlucci Customer Success Engineer Sonatype
  • 2. Agenda 2 4/27/2016 • Getting Started on Your Journey • Open Source Policy Guidelines • Policy Results in Eclipse & Jenkins • Meaningful Success Metrics
  • 3. Getting started on your journey 3 4/27/2016 • Rugged DevOps, Software Supply Chain, Now What? • The Hero’s Journey • Align Your Heroes • Building Bridges • Setting Expectations
  • 4. Building A Trusted Software Supply Chain 4 4/27/2016
  • 5. Different Stakeholders, Different Priorities 5 4/27/2016 Where’s that release? Done! On to the next sprint. Now, where are we in that process?
  • 6. 6 4/27/2016 Building A Better Bridge Between Dev, Ops & Sec • Tooling needs to adopt the practice of the practitioner • A tool is not a process and a process is not a tool; learn to leverage both
  • 7. Two Philosophies • Support & guide • Objective information across the lifecycle • Each performs the task they are good at • Faster component selection and issue resolution • Bridges the developer “compliance” gap 7 4/27/2016 • Scan & scold • Reactive information late in the lifecycle • Creates rework and slows remediation • Hinders technology innovation • More expensive
  • 8. 8 4/27/2016 Communicate Expectations Determine lifecycle enforcement strategy: Allows developers time to research & fix or to request waivers Everything is documented on an internal WIKI Development CI Build Promotion to staging or release
  • 9. Fix the Red – Actionable? 9 4/27/2016
  • 10. Fix the Red – Actionable? 10 4/27/2016
  • 11. 11 4/27/2016 Building A Good Component Practice Phase 3 Reducing risk & enforcing compliance Phase 2 Creating policy & rating risk Phase 1 Understanding your environment
  • 14. 14 4/27/2016 Out-of-the-box Policies With Easy Customization Architecture Component License Security
  • 15. IQ Server Policy Definition 15 4/27/2016
  • 16. Tool Chain Integration – IDE & CI Server 16 4/27/2016
  • 17. 17 4/27/2016 ZTTR (Zero Time to Remediation) Empower Developers From The Start1
  • 18. 18 4/27/2016 Design A Frictionless Approach2
  • 19. 19 4/27/2016 Create A Software Bill Of Materials3
  • 20. Defining Meaningful Success Metrics 20 4/27/2016 http://www.aintitcool.com/node/44547
  • 21. It’s Not Always What You Measure… 21 4/27/2016 http://ronjeffries.com/articles/016-03/you-want/
  • 22. …It’s the Behavior that Results 22 4/27/2016 Manager: “Nathan, this isn’t fair. You’re just showing the number of stories, not how big they are.” Nathan: “That’s right.” Manager: “But that’s not fair!” Nathan: [silent] Manager: “All I’d have to do would be to divide up my stories into little bits and release those every month.” Nathan: [silent, smiling] Manager: “Oh.” • Soon, the manager was doing small stories, to the benefit of everyone. http://ronjeffries.com/articles/016-03/you-want/
  • 23. Success Metrics 23 4/27/2016 • Short Term – Time to Value • “By the end of the workshop, we configured ~80% of our policies. Just six business days after training, we have made the test environment available in our organization” • Long Term – Quality Metrics • MTTR • WIP • New violations delivered to production
  • 24. Q&A
  • 25. Wrap Up 25 4/27/2016 • Manage your Software Supply Chain • Collaborate with counterparts – BA/PM/Dev/QA/Ops/Sec. • Discuss mutual interdependence and shared objectives • Automated Real-Time Feedback is a win-win • http://bit.ly/app-check
  • 26. We’re here, engaged & READY TO HELP 26 Nexus Newsletter Nexus Live – Google Hangouts Cool Things in 2 Minutes Customer Success Team Training On-Site or OnlineOnline Knowledge BaseNexus Community Pages Books Online
  • 27.
  • 28. Chicago, IL April 27, 2016 Mentor’s View: Aligning your team and your powers for success Chris Carlucci, Customer Success Engineer, Sonatype

Editor's Notes

  1. Introduction Name CSE - Work with organizations to build better component practices such that they can improve their software supply chain management Today, I am going to.. =================
  2. In general, there are 2 main requirements when deploying software and this is especially true with component management Tooling - Non-negotiable, like any other practice, developers can’t succeed unless equipped with the right tools.  The major keys with tooling include: Integrate where developers work, not the other way around Needs to operate at the pace of development or it becomes a bottleneck Process - The process you put in place allows you to enable that tooling to developers (Eg education), set clear expectations (Eg What is required of me?) and at the end of the day monitor and track usage / progress So, when I walk into an organization.  The first goal is understanding where we are starting from: What is the culture? Education? Tooling – What are we transitioning from? Current processes – Have developers had to adhere to prior checks within the SDLC
  3. Initial success metrics. What does first value mean to you? Small/quick wins BOM Remediation Enforcement Bring in the right people Subject matter experts Organizational support – change of technology, process requires top down executive support. Ability to mandate usage? Enterprise success metrics. Provide examples Education How do developers get integrated How do they get educated What can they reference for assistance Who can they contact when encountering an issue Track – At the end of the day, someone needs to provide approval – What do they need to see?
  4. When bringing multiple groups together, we must understand and accept that they have different priorities. Establishing this and the interactions between them is key --------------------------------------------- People How many are developers? How many are managers? How many work in operations, tool chain? Governance? OSS How many people are familiar with the concept of dependencies? What languages?  Java, npm, NuGet? Tooling How many here use a repository manager? Process How many have a manual review process for component approvals? How many go straight to the internet for components? How many have application checks at release time?
  5. Successful tooling integrates where the developers are performing their work – IDE, CI, Repository Manager Tooling / Technology is not the sole answer – Process must be established around it to set expectations, train developers and track progress to continually make improvements
  6. All parties on the same playing field of information Empower developers to make better choices Initiate constructive conversations ------------------ https://www.linkedin.com/pulse/agile-transformation-what-went-wrong-pradeep-bindra Implement Agile in an Agile way. When leading organizations through the transformation from traditional software development to Agile, it is a great idea to start small. Identify only a few pilot teams that are ready to volunteer and are enthusiastic. This will not only help to focus on early, small successes in adapting Agile to the organization but it will also increase trust and help identify the barriers (organizational and personal) to fostering greater change. Starting small will help to quickly surface the delivery of business value, reduce risk, and prepare people to move the organization to greater levels of agility.
  7. You as the project team have the responsibility to ensure the tooling is generating valid issues Developers should remediate, not validate Lack of clarity leads to frustration, bottlenecks and lack of trust in the tooling ---------------------------- A developer’s options or path forward should be as obvious as possible What are the enforcement points? What do I HAVE to fix to be able to release to product? Ex. Fix the red violations Administration team should be easily accessible for questions ------------------ Limit the mandatory issues developers receive Too many issues results in tool antipathy A threat threshold should be defined Threat threshold should be communicated clearly
  8. Anyone who has ever used security or quality tooling.. Static Source Code Not every issue can be critical – Sensory overload How do you know where to start? Skepticism around the tool Cost of doing business
  9. This is more actionable Threat level denotes priority - Drives developer actions Advice: Fix the red Tip: Especially where expectations didn’t exist before – devs cannot immediately comply – pandora’s box – time period for grandfathering violations, cannot fix everything on day one
  10. This is the process that every organization goes through Discovery – Understand how my org builds and releases software. - Big need Inventory – I need to be able to identify all my applications and all the components within my applications. Do you know where they are? What they contain? Policy – Once inventory is collected, I need to identify the things that I care about Mitigation – Once you have identified the policy, you need to push this out to devs for mitigation Enforcement – This may be necessary to eliminate high risk in production application. Recommendation is to warn early and fail late, but even still, take care with this decision
  11. Question – What is the main purpose of a policy? Answer – To drive intended behavior no smoking? speed limit? – You are either following it or not – Yes or No don’t run with scissors password strength? Point - Policies don’t have to be these big, complicated things, they should be simple and concise rule(s) for defining guidelines around open source component consumption
  12. For Open Source Components, we generally see 4 main types of policy Security Legal Architecture Match State How do we decide on the exact guidelines – subject matter experts
  13. Policy characteristics Precise Contextual Actionable Continuous Fast
  14. Keep in mind Each organization is at a different starting point Different groups may sponsor the initiative, driving different directives In general, we see Most organizations begin with small goals, given the maturity of their open source supply chain Most organizations start with Auditing to better understand the scope of the problem Most organizations warn early, and fail late As always, some organizations have a compelling event as to why they purchased Eg Find struts
  15. Are you driving the intended behavior? Are developers making better choices? Is the software quality going up and productivity going up?
  16. Application Health Check is an easy no-cost way to run a report and get real results so that you can have better visibility into all of the components that make up your application. Your app does not leave your network. A one-way fingerprint is generated from the components in your app and compared against Sonatype’s Data Services to identify a Bill of Materials.