This is a presentation on the "Business Value of Continuous Integration, Continuous Delivery, & DevOps(Sec): Scaling Up to Billion User Global Systems of Systems Using End-to-End Automation & Containerized Docker Ubuntu Cloud Image-Based Microservices," which are late-breaking 21st century approaches for rapidly and cost-effectively building high-quality global information systems, minimum viable products, minimum marketable features, service oriented architectures, web services, and microservices using containerization and end-to-end automation.

1. Business Value of
CI, CD, & DevOpsSec
Scaling Up to Billion User Global Systems of
Systems Using END-TO-END AUTOMATION &
CONTAINERIZED DOCKER UBUNTU IMAGES
Dr. David F. Rico, PMP, CSEP, FCP, FCT, ACP, CSM, SAFe
Twitter: @dr_david_f_rico
Website: http://www.davidfrico.com
LinkedIn: http://www.linkedin.com/in/davidfrico
Agile Capabilities: http://davidfrico.com/rico-capability-agile.pdf
Agile Resources: http://www.davidfrico.com/daves-agile-resources.htm
Agile Cheat Sheet: http://davidfrico.com/key-agile-theories-ideas-and-principles.pdf
Dave’s NEW Business Agility Video: https://www.youtube.com/watch?v=-wTXqN-OBzA
DoD Fighter Jets vs. Amazon Web Services: http://davidfrico.com/dod-agile-principles.pdf

2. Author Background
 Gov’t contractor with 33+ years of IT experience
 B.S. Comp. Sci., M.S. Soft. Eng., & D.M. Info. Sys.
 Large gov’t projects in U.S., Far/Mid-East, & Europe
2

 Career systems & software engineering methodologist
 Lean-Agile, Six Sigma, CMMI, ISO 9001, DoD 5000
 NASA, USAF, Navy, Army, DISA, & DARPA projects
 Published seven books & numerous journal articles
 Intn’l keynote speaker, 150 talks to 13,000+ people
 Specializes in metrics, models, & cost engineering
 Cloud Computing, SOA, Web Services, FOSS, etc.
 Adjunct at six Washington, DC-area universities

3. Today’s Global Marketplace
 Most of world’s population connected to Internet
 Systems must support billions of simultaneous users
 New approaches are needed to scale to global market
3Kemp, S. (2016). Digital in 2016: We are social's compendium of global digital, social, and mobile data, trends, and statistics. New York, NY: We Are Social, Inc.


4. What is AGILE TESTING?
 Test-ing (tĕst′ĭng) An early, iterative, and automated
V&V of customer requirements; Incremental testing
 A testing approach embracing principles & values of lean
thinking, product development flow, & agile methods
 Early, collaborative, and automated form of incremental
development, integration, system, & operational testing
 Testing method that supports collaboration, teamwork,
iterative development, & responding to change
 Mult-tiered automated framework for TDD, Continuous
Integration, BDD, Continuous Delivery, & DevOps
 Maximizes BUSINESS VALUE of organizations, portfolios,
programs & projects with lean-agile principles/practices
4

Crispin, L., & Gregory, J. (2009). Agile testing: A practical guide for testers and agile teams. Boston, MA: Addison-Wesley.
Crispin, L., & Gregory, J. (2015). More agile testing: Learning journeys for the whole team. Boston, MA: Addison-Wesley.

5. Network
Computer
Operating System
Middleware
Applications
APIs
GUI
How Agile Testing Works
 Agile requirements implemented in slices vs. layers
 User needs with higher business value are done first
 Reduces cost & risk while increasing business success
5Shore, J. (2011). Evolutionary design illustrated. Norwegian Developers Conference, Oslo, Norway.
Agile Traditional
1 2 3 Faster
 Early ROI
 Lower Costs
 Fewer Defects
 Manageable Risk
 Better Performance
 Smaller Attack Surface
Late 
No Value 
Cost Overruns 
Very Poor Quality 
Uncontrollable Risk 
Slowest Performance 
More Security Incidents Seven Wastes
1. Rework
2. Motion
3. Waiting
4. Inventory
5. Transportation
6. Overprocessing
7. Overproduction
MINIMIZES MAXIMIZES
 JIT, Just-enough architecture
 Early, in-process system V&V
 Fast continuous improvement
 Scalable to systems of systems
 Maximizes successful outcomes
 Myth of perfect architecture
 Late big-bang integration tests
 Year long improvement cycles
 Breaks down on large projects
 Undermines business success


6. 6
 Methods to “scope” project, product, or system
 “Key” is smallest possible scope with highest value
 Reduces cost, risk, time, failure, & tech. obsolescence
Barely Sufficient Design
INCREASES TESTABILITY, QUALITY, RELIABILITY, SECURITY, MORALE, MAINTAINABILITY, & SUCCESS
Denne, M., & Cleland-Huang, J. (2004). Software by numbers: Low-risk, high-return development. Santa Clara, CA: Sun Microsystems.
Ries, E. (2011). The lean startup: How today's entrepreneurs use continuous innovation. New York, NY: Crown Publishing.
Patton, J. (2014). User story mapping: Discover the whole story, build the right product. Sebastopol, CA: O'Reilly Media.
Layton, M. C., & Maurer, R. (2011). Agile project management for dummies. Hoboken, NJ: Wiley Publishing.
Krause, L. (2014). Microservices: Patterns and applications. Paris, France: Lucas Krause.

MINIMUM
MARKETABLE FEATURE
- MMF -
 Advantage
 Difference
 Revenue
 Profit
 Savings
 Brand
 Loyalty
MINIMUM
VIABLE PRODUCT
- MVP -
 Goal
 Process
 Features
 Priorities
 Story Map
 Architecture
STORY MAP
OR IMPACT MAP
- SM or IM -
 Goal
 Actors
 Impacts
 Deliverables
 Measures
 Milestones
VISION
STATEMENT
- VS -
 For <customer>
 Who <needs it>
 The <product>
 Is a <benefit>
 That <customer>
 Unlike <other>
 Ours <different>
MICRO-
SERVICE
- MS -
 Purpose
 Automated
 Unique
 Independent
 Resilient
 Ecosystem
 Consumer

7. 7

Agile Containerized Microservices
 Lightweight, fast, disposable virtual environments
 Set of isolated processes running on shared kernel
 Efficient way for building, delivering, & running apps
Monolithic Applications Just-Enough Applications Containerized Apps
Minimal - Typically single process entities
Declarative - Built from layered Docker images
Immutable - Do exactly same thing from run to kill
• Small autonomous services that work together
• Self-contained process that provides a unique capability
• Loosely coupled service oriented architecture with bounded contexts
• Small independent processes communicating with each other using language-agnostic APIs
• Fined-grained independent services running in their own processes that are developed and deployed independently
• Suite of services running in their own process, exposing APIs, and doing one thing well (independently developed and deployable)
• Single app as a suite of small services, each running in its own process and communicating with lightweight mechanisms (HTTP APIs)
Krause, L. (2014). Microservices: Patterns and applications. Paris, France: Lucas Krause.

8. Thousands of Tests
Continuously Executed
No More Late Big
Bang Integration
 User needs designed & developed one-at-a-time
 Changes automatically detected, built, and tested
 System fully tested and deployed as changes occur
8Humble, J., & Farley, D. (2011). Continuous delivery. Boston, MA: Pearson Education.
Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration. Boston, MA: Addison-Wesley.
Build
Integration
Server
Version
Control
Server
Build
Scripts
UsesWatches
Build
Status
ProvidesDeveloper A
Developer B
Developer C
Commits
Changes
Commits
Changes
Commits
Changes
Builds
Database
Analysis
Testing
Reporting
Documentation
Deployment
Early, Automated, Fast,
Efficient, & Repeatable
Constant Readiness
State & CM Control
Lean, Waste Free, Low WIP,
No Deadlocked Test Queues
Rapidly & Successfully
Dev. Complex Systems

Agile Testing—Workflow

9. 9
Traditional vs. Agile Cumulative Flow
Work(Story,Point,Task)orEffort(Week,Day,Hour)
Time Unit (Roadmap, Release, Iteration, Month, Week, Day, Hour, etc.)
Work(Story,Point,Task)orEffort(Week,Day,Hour)
Time Unit (Roadmap, Release, Iteration, Month, Week, Day, Hour, etc.)
Traditional Cumulative Flow Agile Cumulative Flow
 Late big bang integration increases WIP backlog
 Agile testing early and often reduces WIP backlog
 Improves workflow and reduces WIP & lead times
Anderson, D. J. (2004). Agile management for software engineering. Upper Saddle River, NJ: Pearson Education.
Anderson, D. J. (2010). Kanban: Successful evolutionary change for your technology business. Sequim, WA: Blue Hole Press.

Agile Testing—Workflow—Cont’d

10. Large Traditional Projects
10
 Big projects result in poor quality and scope changes
 Productivity declines with long queues/wait times
 Large projects are unsuccessful or canceled
Jones, C. (1991). Applied software measurement: Assuring productivity and quality. New York, NY: McGraw-Hill.
Size vs. Quality
DEFECTS
0.00
3.20
6.40
9.60
12.80
16.00
0 2 6 25 100 400
SIZE
Size vs. Productivity
PRODUCTIVITY
0.00
1.00
2.00
3.00
4.00
5.00
0 2 6 25 100 400
SIZE
Size vs. Change
CHANGE
0%
8%
16%
24%
32%
40%
0 2 6 25 100 400
SIZE
Size vs. Success
SUCCESS
0%
12%
24%
36%
48%
60%
0 2 6 25 100 400
SIZE


11. Global Project Failures
11
Standish Group. (2015). Chaos summary 2015. Boston, MA: Author.
Sessions, R. (2009). The IT complexity crisis: Danger and opportunity. Houston, TX: Object Watch.
 Challenged and failed projects hover at 67%
 Big projects fail more often, which is 5% to 10%
 Of $1.7T spent on IT projects, over $858B were lost
$0.0
$0.4
$0.7
$1.1
$1.4
$1.8
2002 2003 2004 2005 2006 2007 2008 2009 2010
Trillions(USDollars)
Expenditures Failed Investments

0% 20% 40% 60% 80% 100%
28%
34%
29%
35%
32%
33%
27%
28%
29%
49%
51%
53%
46%
44%
41%
56%
55%
52%
23%
15%
18%
19%
24%
26%
17%
17%
19%
2000
2002
2004
2006
2008
2010
2012
2014
2015
Year
Successful Challenged Failed

12. 12

Models of AGILE TESTING
TDD
- 2003 -
CI
- 2006 -
BDD
- 2008 -
CD
- 2011 -
DEVOPS
- 2012 -
DEVOPSSEC
- 2014 -
 User Story
 Acc Criteria
 Dev Unit Test
 Run Unit Test
 Write SW Unit
 Re-Run Unit Test
 Refactor Unit
 Building
 Database
 Inspections
 Testing
 Feedback
 Documentation
 Deployment
 Analyze Feature
 Acc Criteria
 Dev Feat. Test
 Run Feat. Test
 Develop Feature
 Re-Run Feature
 Refactor Feat.
 Packaging
 Acceptance
 Load Test
 Performance
 Pre-Production
 Certification
 Deployment
 Sys Admin
 Config. Mgt.
 Host Builds
 Virtualization
 Containerization
 Deployment
 Monitor & Supp
 Sec. Engineer.
 Sec. Containers
 Sec. Evaluation
 Sec. Deploy.
 Runtime Prot.
 Sec. Monitoring
 Response Mgt.
Beck, K. (2003). Test-driven development: By example. Boston, MA: Addison-Wesley.
Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration. Boston, MA: Addison-Wesley.
Barker, K., & Humphries, C. (2008). Foundations of rspec: Behavior driven development with ruby and rails. New York, NY: Apress.
Humble, J., & Farley, D. (2011). Continuous delivery. Boston, MA: Pearson Education.
Huttermann, M. (2012). Devops for developers: Integrate development and operations the agile way. New York, NY: Apress.
Bird, J. (2016). Devopssec: Delivering secure software through continuous delivery. Sebastopol, CA: O'Reilly Media.
 Numerous models of lean-agile testing emerging
 Based on principles of lean & agile one piece flow
 Include software, hardware, system, & port. testing

13. BASIC—Test Driven Development
 Term coined by Kent Beck in 2003
 Consists of writing all tests before design
 Ensures all components are verified and validated
13Beck, K. (2003). Test-driven development: By example. Boston, MA: Addison-Wesley.

14.  Agile TDD consists of seven broad practices
 Document test criteria, tests, software units, etc.
 Include refactoring, verification, optimization, etc.
14
Practice
User Story
Acc Criteria
Dev Test
Run Test
Dev Unit
Rerun Test
Refactor Unit
Description
Read story, analyze meaning, ask questions, and clarify understanding
Identify, verify, and document acceptance criteria for each user story
Design, develop, code, and verify automated unit test for user story
Run automated unit test to verify that it fails the first time (sanity check)
Design, develop, code, and verify the software unit to satisfy user story
Rerun automated unit test to see if code satisfies automated unit test
Refine, reduce, and simplify code to remove waste and optimize performance
PRACTICES—Test Driven Develop.

Beck, K. (2003). Test-driven development: By example. Boston, MA: Addison-Wesley.

15. BASIC—Behavior Driven Develop.
 Term coined by Dan North in 2006
 Consists of writing feature tests before design
 Ensures all system features are verified and validated
15Smart, J. F. (2014). BDD in action: Behavior-driven development for the whole software lifecycle. Shelter Island, NY: Manning Publications.

16.  Agile BDD consists of seven broad practices
 Document test criteria, tests, syst. features, etc.
 Include refactoring, verification, optimization, etc.
16
Practice
Feature
Acc Criteria
Dev Test
Run Test
Dev Feature
Rerun Test
Refac Feature
Description
Read feature, analyze meaning, ask questions, and clarify understanding
Identify, verify, and document acceptance criteria for each feature
Design, develop, code, and verify automated feature test for feature
Run automated feature test to verify that it fails the first time (sanity check)
Design, develop, code, and verify the feature software to satisfy feature
Rerun automated feature test to see if code satisfies automated feature test
Refine, reduce, and simplify code to remove waste and optimize performance
PRACTICES—Behavior Driven Dev.

Smart, J. F. (2014). BDD in action: Behavior-driven development for the whole software lifecycle. Shelter Island, NY: Manning Publications.

17. ADVANCED—Continuous Integration
 Term coined by Martin Fowler in 1998
 Process of automated build/regression testing
 Evaluates impact of changes against entire system
17Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration: Improving software quality and reducing risk. Boston, MA: Addison-Wesley.
 ALL DEVELOPERS RUN PRIVATE BUILDS
 DEVELOPERS COMMIT CODE TO VERSION CONTROL
 INTEGRATION BUILDS OCCUR SEVERAL TIMES PER DAY
 100% OF SYSTEM TESTS MUST PASS FOR EVERY BUILD
 A SHIPPABLE PRODUCT RESULTS FROM EVERY BUILD
 FIXING BROKEN BUILDS IS OF THE HIGHEST PRIORITY
 REPORTS AUTOMATICALLY GENERATED & REVIEWED

18.  Agile CI consists of seven broad practices
 Automated build, database, inspection, tests, etc.
 Include reporting, documentation, deployment, etc.
18
Practice
Building
Database
Inspections
Testing
Feedback
Documentation
Deployment
Description
Frequently assembling products and services to ensure delivery readiness
Frequently generating/analyzing database schemas, queries, and forms
Frequently performing automated static analysis of product/service quality
Frequently performing automated dynamic product and service evaluation
Frequently generating automated status reports/messages for all stakeholders
Frequently performing automated technical/customer document generation
Frequently performing automated delivery of products/services to end users
Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration: Improving software quality and reducing risk. Boston, MA: Addison-Wesley.
Humble, J., & Farley, D. (2011). Continuous delivery. Boston, MA: Pearson Education.
PRACTICES—Continuous Integration


19.  Created by Jez Humble of ThoughtWorks in 2011
 Includes CM, build, testing, integration, release, etc.
 Goal is one-touch automation of deployment pipeline
19
Humble, J., & Farley, D. (2011). Continuous delivery. Boston, MA: Pearson Education.
Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration. Boston, MA: Addison-Wesley.
Ohara, D. (2012). Continuous delivery and the world of devops. San Francisco, CA: GigaOM Pro.


CoQ
• 80% MS Tst
• 8/10 No Val
• $24B in 90s
• Rep by CD
• Not Add MLK
ENTERPRISE—Continuous Delivery

20.  Agile CD consists of seven broad practices
 Automated acceptance, load, performance, etc.
 Include packaging, pre-production test, C&A, etc.
20
Practice
Packaging
Acceptance
Load Test
Performance
Pre-Production
Certification
Deployment
Description
Frequently generating system images for pre-production testing & checkout
Frequently performing automated system & user acceptance testing
Frequently performing automated system load, stress, & capacity testing
Frequently performing automated system user & technical performance testing
Frequently performing automated pre-production tests prior to final deployment
Frequently performing automated system certification & accreditation tests
Frequently generating product images for pre-deployment testing & checkout
Mukherjee, J. (2015). Continuous delivery pipeline: Where does it choke. Charleston, SC: CreateSpace.
Swartout, P. (2014). Continuous delivery and devops: A quickstart guide. Birmingham, UK: Packt Publishing.
PRACTICES—Continuous Delivery


21.  Created by Patrick Debois of Jedi BVBA in 2007
 Collaboration of developers & infrastructure people
 Goal to automate the deployment to end-user devices
21
Bass, L., Weber, I., & Zhu, L. (2015). Devops: A software architect's perspective. Old Tappan, NJ: Pearson Education.
Gruver, G., & Mouser, T. (2015). Leading the transformation: Applying agile and devops at scale. Portland, OR: IT Revolution Press.
Humble, J., Molesky, J., & O'Reilly, B. (2015). Lean enterprise: How high performance organizations innovate at scale. Sebastopol, CA: O'Reilly Media.

GLOBAL—Development Operations


22.  Agile DevOps consists of seven broad practices
 Automated sys admin, CM, building, monitor, etc.
 Include virtualization, containerize, deployment, etc.
22
Practice
Sys Admin
Config. Mgt.
Host Builds
Virtualization
Containerize
Deployment
Monitor & Supp
Description
Frequently performing automated system administration tasks, i.e., scripting
Frequently performing automated infrastructure config. mgt./version control
Frequently performing automated system and server host builds and config.
Frequently performing automated system, server, & net virtualization services
Frequently performing automated software and Microservices containerization
Frequently generating final end-user system & software images for distribution
Frequently performing automated metrics collection & deployment monitoring
Duffy, M. (2015). Devops automation cookbook: Over 120 recipes coverying key automation techniques. Birmingham, UK: Packt Publishing.
Farcic, V. (2016). The devops 2.0 toolkit: Automating the continuous deployment pipelines with containerized microservices. Victoria, CA: LeanPub.

PRACTICES—Development Operations

23. 23

GLOBAL—Development Ops Sec
 DevOpsSec coined by Shannon Lietz in 2014
 Rugged devops, devsecops, secdevops, devopssec
 Microservices, security engineering & operations keys
Secure Microservices
• Docker App
• Docker Bins
• Docker Files
• Docker Images
• Docker Scanning
• Docker Registry
• Docker Host
• Docker Hub
• Docker Monitoring
Secure Engineering
• Security Champions
• Security Planning
• Security Training
• Security Requirements
• Security Architecture
• Security Analysis
• Security Testing
• Security Review
• Security Response
Secure Operations
• Activity Logging
• Event Monitoring
• Configuration Mgt.
• Patch Management
• User Access Control
• Privilege Management
• Vulnerability Mgt.
• Response Mgt.
• Performance Mgt.
Bird, J. (2016). Devopssec: Delivering secure software through continuous delivery. Sebastopol, CA: O'Reilly Media.

24.  DevOpsSec consists of seven broad practices
 Automated secure build, analysis, & deployment
 Includes containerization, engineering & operations
24
Practice
Engineering
Containers
Evaluation
Deployment
Protection
Monitoring
Responses
Description
Frequently performing “baked-in” lean and agile security engineering practices
Frequently performing automated microservices containerization practices
Frequently performing automated static and dynamic vulnerability analysis
Frequently performing automated digitally signed security deployment practices
Frequently performing automated real-time self-security protection practices
Frequently performing automated real-time security monitoring practices
Frequently performing automated trigger-based rollback response practices

Bird, J. (2016). Devopssec: Delivering secure software through continuous delivery. Sebastopol, CA: O'Reilly Media.
PRACTICES—Development Ops Sec

25. Agile Testing Metrics—Example
25Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration: Improving software quality and reducing risk. Boston, MA: Addison-Wesley.

26.  Fewer integrations leave in higher bug counts
 Frequent, early integrations eliminate most defects
 Goal is to have as many early integrations as possible
26
Lacoste, F. J. (2009). Killing the gatekeeper: Introducing a continuous integration system. Proceedings of the Agile 2009 Conference, Chicago, Illinois, USA, 387-392.
 
Number of
Integrations
Less Defects
•More Integrations
•Early IntegrationsMore Defects
•Few Integrations
•Late Integrations

Agile Testing—CI Statistics

27. 27
 Hewlett-Packard is a major user of CI, CD, & DevOps
 400 engineers developed 10 million LOC in 4 years
 Major gains in testing, deployment, & innovation
Gruver, G., Young, M. & Fulghum, P. (2013). A practical approach to large-scale agile development. Upper Saddle River, NJ: Pearson Education.

TYPE METRIC MANUAL DEVOPS MAJOR GAINS
CYCLE TIME
IMPROVEMENTS
Build Time 40 Hours 3 Hours 13 x
No. Builds 1-2 per Day 10-15 per Day 8 x
Feedback 1 per Day 100 per Day 100 x
Regression Testing 240 Hours 24 Hours 10 x
DEVELOPMENT
COST EFFORT
DISTRIBUTION
Integration 10% 2% 5 x
Planning 20% 5% 4 x
Porting 25% 15% 2 x
Support 25% 5% 5 x
Testing 15% 5% 3 x
Innovation 5% 40% 8 x
Agile Testing—CD Statistics

28.  Assembla went from 2 to 45 releases every month
 15K Google developers run 120 million tests per day
 30K+ Amazon developers deliver 136K releases a day
28Singleton, A. (2014). Unblock: A guide to the new continuous agile. Needham, MA: Assembla, Inc.

62x Faster
U.S. DoD
IT Project
3,645x Faster
U.S. DoD
IT Project

Agile Testing—DevOps Statistics

29. 29Juengst, D. (2015). Deliver better software faster: With the cloudbees jenkins platform. San Francisco, CA: CloudBees.
Weeks, D. E. (2014). Devops and continuous delivery reference architectures (volume 1 & 2). Fulton, MD: Sonatype.

Agile Testing—DevOps Ecosystem
 Numerous tools to automate DevOps pipeline
 People can piece together toolset along with hubs
 Tools include version control, testing, & deployment

30.  Simple example of a DevOps reference architecture
 Includes CM, continuous integration, & deployment
 Code automatically built/tested/deployed to users
30Morris, B., & Cassatt, C. (2015). Devops for the rest of us. Proceedings of the Agile DC Conference, Washington, DC, USA.
Weeks, D. E. (2014). Devops and continuous delivery reference architectures (volume 1 & 2). Fulton, MD: Sonatype.

Agile Testing—DevOps Example

31. 31Tesauro, M. (2016). Taking appsec to 11: Appsec pipelines, devops, and making things better. Denver, CO: SnowFROC 2016.
Weeks, D. E. (2014). Devops and continuous delivery reference architectures (volume 1 & 2). Fulton, MD: Sonatype.

Agile Testing—DevOps Security
 Many tools emerging for DevOps application security
 Begins-ends with microservices—tiny attack surface
 Includes containers, testing, & real-time monitoring

32. 32
Agile Tools
“Periodic Table of DevOps Automation”
XeniaLabs. (2016). Periodic table of devops tools. Retrieved April 11, 2016, from https://xebialabs.com/periodic-table-of-devops-tools.
Weeks, D. E. (2014). Devops and continuous delivery reference architectures (volume 1 & 2). Fulton, MD: Sonatype.

33.  Eliminates big-bang integration in the 11th hour
 Creates a repeatable and reliable testing process
 Evaluates system-wide changes throughout project
33Maeda, M. K. (2009). Agile testing: Early, often, and smart. Arlington, MA: Cutter Consortium.
What’s the Bottom Line?
“Agile Testing Done Early & Often”
Agile TestingTraditional Testing
Dramatically reduces risks
· Automates manual processes
· Instant verification & validation
· High project visibility
· Greater confidence and morale
· Incremental business value
· 24x7 deployability to users
· Highly quality and reliability
Late defect discovery
· Low quality software
· Poor project visibility
· Lack of deployability
· Late big-bang integration
· Testing is a bottleneck
· Poor customer satisfaction
· Outright project failure
··


34. Books on Agile Testing
 Thousands of textbooks on agile methods
 Include requirements, design, coding, test, etc.
 Continuous Integration, Delivery, & DevOps best
34
Beck, K. (2003). Test-driven development: By example. Boston, MA: Addison-Wesley.
Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration. Boston, MA: Addison-Wesley.
Smart, J. F. (2014). BDD in action: Behavior-driven development for the whole software lifecycle. Shelter Island, NY: Manning Publications.
Humble, J., & Farley, D. (2011). Continuous delivery. Boston, MA: Pearson Education.
Kim, G., Debois, P., Willis, J., & Humble, J. The devops handbook: How to create world-class agility, reliability, and security in technology
organizations. Portland, OR: IT Revolution Press.


35. Dave’s PROFESSIONAL CAPABILITIES
35
Software
Quality
Mgt.
Technical
Project
Mgt.
Software
Development
Methods
Strategy &
Roadmapping
Systems
Engineering
Cost Estimates
& Scheduling
Acquisition &
Contracting
Organization
Change
Lean, Kanban,
& Six Sigma
Modeling &
Simulations
Big Data,
Cloud, NoSQL
Workflow
Automation
Metrics,
Models, & SPC
BPR, IDEF0,
& DoDAF
DoD 5000,
TRA, & SRA
PSP, TSP, &
Code Reviews
CMMI &
ISO 9001
Innovation
Management
Statistics, CFA,
EFA, & SEM
Research
Methods
Evolutionary
Design
Valuation — Cost-Benefit Analysis, B/CR, ROI, NPV, BEP, Real Options, etc.
Lean-Agile — Scrum, SAFe, Continuous Integration & Delivery, DevOps, etc.
STRENGTHS – Data Mining  Gathering & Reporting Performance Data  Strategic Planning  Executive & Manage-
ment Briefs  Brownbags & Webinars  White Papers  Tiger-Teams  Short-Fuse Tasking  Audits & Reviews  Etc.
● Data mining. Metrics, benchmarks, & performance.
● Simplification. Refactoring, refinement, & streamlining.
● Assessments. Audits, reviews, appraisals, & risk analysis.
● Coaching. Diagnosing, debugging, & restarting stalled projects.
● Business cases. Cost, benefit, & return-on-investment (ROI) analysis.
● Communications. Executive summaries, white papers, & lightning talks.
● Strategy & tactics. Program, project, task, & activity scoping, charters, & plans.
PMP, CSEP,
FCP, FCT
ACP, CSM,
& SAFE
33 YEARS
IN IT
INDUSTRY

36. Backup Slides

37. Five Keys to Enterprise Agility
37Kim, G., Debois, P., Willis, J., & Humble, J. The devops handbook: How to create world-class agility, reliability, and security
in technology organizations. Portland, OR: IT Revolution Press.

 


 Everything begins with lean & agile principles
 Next step is smaller portfolio & simpler designs
 Final step is modular interfaces & E2E automation

38. 38
Capability #1
● Feature 1
● Feature 2
● Feature 3
● Feature 4
● Feature 5
● Feature 6
● Feature 7
Capability #2
● Feature 8
● Feature 9
● Feature 10
● Feature 11
● Feature 12
● Feature 13
● Feature 14
Capability #3
● Feature 15
● Feature 16
● Feature 17
● Feature 18
● Feature 19
● Feature 20
● Feature 21
Capability #4
● Feature 22
● Feature 23
● Feature 24
● Feature 25
● Feature 26
● Feature 27
● Feature 28
Capability #5
● Feature 29
● Feature 30
● Feature 31
● Feature 32
● Feature 33
● Feature 34
● Feature 35
Capability #6
● Feature 36
● Feature 37
● Feature 38
● Feature 39
● Feature 40
● Feature 41
● Feature 42
Capability #7
● Feature 43
● Feature 44
● Feature 45
● Feature 46
● Feature 47
● Feature 48
● Feature 49
1
2 3
4
5 6
7
8 9
10
11 12
13
14 15
16
17 18
19
20 21
Evolving “Unified/Integrated” Enterprise Data Model
“Disparate” LEGACY SYSTEM DATABASES (AND DATA MODELS)
ETL
A A
B C
D E F
G H I J K
A
B C
D E F
A
B C
D E
A
B C
D
A
B C
A
B
“Legacy” MS SQL Server Stovepipes “Inter-Departmental” Linux Blade/Oracle/Java/WebSphere Server
“Leased” DWA/HPC/Cloud Services
Sprint 1 Sprint 2 Sprint 3 Sprint 4 Sprint 5 Sprint 6 Sprint 7
ETL ETL ETL ETL ETL ETL
Bente, S., Bombosch, U., & Langade, S. (2012). Collaborative enterprise architecture: Enriching EA with lean, agile, and enterprise 2.0 practices. Waltham, MA: Elsevier.
(for example, assume 25 user stories per feature, 175 user stories per capability, and 1,225 user stories total)
 Organize needs into capabilities, features, and stories
 Prioritize features, group releases, and initiate sprints
 Develop minimum set of features with highest value
Agile Systems Development
Release
Release
Release
Release

MMF
- or -
MVP


39. Grant, T. (2005). Continuous integration using cruise control. Northern Virginia Java Users Group (Novajug), Reston, Virginia, USA.
Fredrick, J. (2008). Accelerate software delivery with continuous integration and testing. Japanese Symposium on Software Testing, Tokyo, Japan.
 Most agile testing tools are “free” open source
 Build server costs no more than a commodity PC
 10x more efficient/effective than traditional testing
39

Agile Testing—CI Stats—Cont’d

40. Traditional vs. Agile Testing
 Traditional testing is a late, manual process
 Agile testing is an early and automated process
 Goal to deliver early & often and V&V components
40
Rico, D. F. (2012). Agile testing resources. Retrieved Sep. 9, 2012, from http://davidfrico.com/agile-testing-resources.txt
Crispin, L., & Gregory, J. (2009). Agile testing: A practical guide for testers and agile teams. Boston, MA: Addison-Wesley.
Grant, T. (2005). Continuous integration using cruise control. Northern Virginia Java Users Group (Novajug), Reston, Virginia, USA.

AGILE TESTING
- Early Incremental Testing -
TRADITIONAL TESTING
- Late Big Bang Integration Testing -
Test Criteria Accompany Stories
Automated Tests Written First
Units Coded-Tested One at Time
Code is Frequently Checked In
Code Automatically Retrieved
Code Automatically Compiled
Tests Automatically Executed
Instant Feedback & Test Reports
Test Criteria Written After Fact
Manual Tests Written Much Later
Units Coded Late All at One Time
Code Checked In Late in Project
Code Manually Submitted to Test
Code Manually Compiled & Built
Tests Manually Executed Late
Late Project Feedback & Reports

Code Automatically DeployedLate Defects Freeze Projects

41.  Agile teams don’t often use TDD, CI, CD & DevOps
 Implement independent test teams after Sprints done
 Sprint Waterfalling, Scrummerfalling, & Wagile result
41
Heusser, M. (2015). 12 years of agile testing: What do we know now. Proceedings of the Agile Gathering, Grand Rapids, Michigan, USA.



Incorrect
• Phased Testing
• Separate Teams
• Delayed Testing
Correct
• Integrated Testing
• Integrated Teams
• Continuous Testing
Agile Testing—Anti-Patterns


42.  Agile testing slows down with very large systems
 Slow testing slows integration and increases bugs
 Agile testing can speed back up with more attention
42
Kokko, H. (2009). Increase productivity with large scale continuous integration. Proceedings of the Agile 2009 Conference, Chicago, Illinois, USA.
MICRO ADJUSTMENTS
- Focused Impact Tuning-
MACRO ADJUSTMENTS
- Wide Impact Tuning-
Add More CPUs & Memory
Parallelize System Builds
Replace 3rd Party Test Libraries
Reduce or Remove Test Timeouts
Select Different Tests
Refactor Code & Components
Tune Network & Software
Tune Database & Middleware
In-Memory Compilation
Parallelize Test Runs
Pre-Install Test Libraries
Remove Process Randomness
Use Faster Code & Test Tools
Incremental vs. Big Bang Tests
Parallelize Build & Install
Tune & Optimize Build Process

Agile Testing—Scaling Practices


43.  Industry very slow in adopting agile testing model
 Cost, difficulty, and territorialism are common issues
 Developers must take initiative for disciplined testing
43
Technical BarriersOrganizational Barriers
Developers don’t want to test
· Infrequently committing code
· Committing broken code
· Failing to immediately fix builds
· Not writing automated tests
· Not ensuring 100% of tests pass
· Not running private builds
· Resorting to traditional testing
Resistance to change
· Fear of investment costs
· Fear of learning new skills
· Test group territorialism
· Organizational policy conflicts
· Overhead of maintaining CI
· Complexity and scaling
· Not developing a quality culture
··
Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration: Improving software quality and reducing risk. Boston, MA: Addison-Wesley.






Agile Testing—Common Barriers

44.  Agile test use is low in spite of its age, i.e., 15 years
 Many do not understand its utter simplicity and power
 Failure to use agile testing undermines project success
44
Kim, D. (2013). The state of scrum: Benchmarks and guidelines. Indianapolis, IN: Scrum Alliance.
Agile Practices
Retrospectives
Refactoring
Done Definition
Test Tools
Test Driven Dev.
CM Tools
Simplicity
Pair Programming
Technical Debt
Agile Testing 13%
Continuous Integrations
Weekly
Daily
2-3 Times
Per Day
Never
2-3
Times
Per
Iteration


Agile Testing—Usage Statistics


45.  DevOps adoption growing fast in-spite of slow start
 24% firms use DevOps, 38% plan to, & 38% in-dark
 DevOps a global industry-wide extinction-level event
45
Brown, A. (2016). Devops and the need for speed, quality, and security: Do organizations really have to pick two out of three. Portland, OR: Puppet Labs.

Agile Testing—DevOps Adoption


46. Activity Def CoQ DevOps Economics Hours ROI
Development Operations 100 0.001 100 Defects x 70% Efficiency x 0.001 Hours 0.070 72,900%
Continuous Delivery 30 0.01 30 Defects x 70% Efficiency x 0.01 Hours 0.210 24,300%
Continuous Integration 9 0.1 9 Defects x 70% Efficiency x 0.1 Hours 0.630 8,100%
Software Inspections 3 1 2.7 Defects x 70% Efficiency x 1 Hours 1.890 2,700%
"Traditional" Testing 0.81 10 0.81 Defects x 70% Efficiency x 10 Hours 5.670 900%
Manual Debugging 0.243 100 0.243 Defects x 70% Efficiency x 100 Hours 17.010 300%
Operations & Maintenance 0.073 1,000 0.0729 Defects x 70% Efficiency x 1,000 Hours 51.030 n/a
46
 Agile testing is orders-of-magnitude more efficient
 Based on millions of automated tests run in seconds
 One-touch auto-delivery to billions of global end-users
Rico, D. F. (2016). Devops cost of quality (CoQ): Phase-based defect removal model. Retrieved May 10, 2016, from http://davidfrico.com

Agile Testing—DevOps CoQ

47.  Microsoft created software security life cycle in 2002
 Waterfall approach tailored for Scrum sprints in 2009
 Uses security req, threat modeling & security testing
47
Microsoft. (2011). Security development lifecycle: SDL Process Guidance (Version 5.1). Redmond, WA: Author.
Microsoft. (2010). Security development lifecycle: Simplified implementation of the microsoft SDL. Redmond, WA: Author.
Microsoft. (2009). Security development lifecycle: Security development lifecycle for agile development (Version 1.0). Redmond, WA: Author.
Bidstrup, E., & Kowalczyk, E. C. (2005). Security development lifecycle. Changing the software development process to build in security from the start. Security Summit West.

SEE DETAILED - SECURITY LIFE CYCLE STEPS
http://davidfrico.com/agile-security-lifecycle.txt
Agile Testing—Security Life Cycle

48. Key Agile SCALING POINTERS
 One must think and act small to accomplish big things
 Slow down to speed up, speed up ‘til wheels come off
 Scaling up lowers productivity, quality, & business value
48
Rico, D. F. (2014). Dave's Notes: For Scaling with SAFe, DaD, LeSS, RAGE, ScrumPLoP, Enterprise Scrum, etc. Retrieved March 28, 2014 from http://davidfrico.com
EMPOWER WORKFORCE - Allow workers to help establish enterprise business goals and objectives.
ALIGN BUSINESS VALUE - Align and focus agile teams on delivering business value to the enterprise.
PERFORM VISIONING - Frequently communicate portfolio, project, and team vision on continuous basis.
REDUCE SIZE - Reduce sizes of agile portfolios, acquisitions, products, programs, projects, and teams.
ACT SMALL - Get large agile teams to act, behave, collaborate, communicate, and perform like small ones.
BE SMALL - Get small projects to act, behave, and collaborate like small ones instead of trying to act larger.
ACT COLLOCATED - Get virtual distributed teams to act, behave, communicate and perform like collocated ones.
USE SMALL ACQUISITION BATCHES - Organize suppliers to rapidly deliver new capabilities and quickly reprioritize.
USE LEAN-AGILE CONTRACTS - Use collaborative contracts to share responsibility instead of adversarial legal ones.
USE ENTERPRISE AUTOMATION - Automate everything with Continuous Integration, Continuous Delivery, & DevOps.





49. Patterson, K., et al. (2008). Influencer: The power to change anything: New York, NY: McGraw-Hill.
Pink, D. H. (2009). Drive: The surprising truth about what motivates us. New York, NY: Riverhead Books.
Heath, C., & Heath, D. (2010). Switch: How to change things when change is hard. New York, NY: Random House.
Pink, D. H. (2012). To sell is human: The surprising truth about moving others. New York, NY: Riverhead Books.
Heath, C., & Heath, D. (2013). Decisive: How to make better choices in life and work. New York, NY: Random House.
 Change, no matter how small or large, is difficult
 Smaller focused changes help to cross the chasm
 Validating, simplifying, & incrementalism are keys
49

INFLUENCER
 Create new experiences
 Create new motives
 Perfect complex skills
 Build emotional skills
 Recruit public figures
 Recruit influential leaders
 Utilize teamwork
 Power of social capital
 Use incentives wisely
 Use punishment sparingly
 Make it easy
 Make it unavoidable
MAKE IT DESIRABLE
SURPASS YOUR LIMITS
USE PEER PRESSURE
STRENGTH IN NUMBERS
DESIGN REWARDS
CHANGE ENVIRONMENT
DRIVE
PURPOSE
AUTONOMY
MASTERY
 Purpose-profit equality
 Business& societal benefit
 Share control of profits
 Delegate implementation
 Culture & goal alignment
 Remake society-globe
 Accountable to someone
 Self-select work tasks
 Self-directed work tasks
 Self-selected timelines
 Self-selected teams
 Self-selected implement.
 Experiment & innovate
 Align tasks to abilities
 Continuously improve
 Learning over profits
 Create challenging tasks
 Set high expectations
A-B-C
 Reduce Your Power
 Take Their Perspective
 Use Strategic Mimicry
 Use Interrogative Self-Talk
 Opt. Positivity Ratios
 Offer Explanatory Style
 Find the Right Problem
 Find Your Frames
 Find an Easy Path
ATTUNEMENT
BUOYANCY
CLARITY
SWITCH
 Follow the bright spots
 Script the critical moves
 Point to the destination
 Find the feeling
 Shrink the change
 Grow your people
 Tweak the environment
 Build habits
 Rally the herd
DIRECT THE RIDER
MOTIVATE ELEPHANT
SHAPE PATH
DECISIVE
COMMON ERRORS
 Narrow framing
 Confirmation bias
 Short term emotion
 Over confidence
WIDEN OPTIONS
 Avoid a narrow frame
 Multi-track
 Find out who solved it
TEST ASSUMPTIONS
 Consider the opposite
 Zoom out & zoom in
 Ooch
ATTAIN DISTANCE
 Overcome emotion
 Gather & shift perspective
 Self-directed work tasks
PREPARE TO BE WRONG
 Bookend the future
 Set a tripwire
 Trust the process
Models of AGILE ORG. CHANGE

50. Agile vs. Traditional Success
 Traditional projects succeed at 50% industry avg.
 Traditional projects are challenged 20% more often
 Agile projects succeed 3x more and fail 3x less often
Standish Group. (2012). Chaos manifesto. Boston, MA: Author.
50
Agile Traditional
Success
42%
Failed
9%
Challenged
49%
Success
14%
Failed
29%
Challenged
57%


51. Hoque, F., et al. (2007). Business technology convergence. The role of business technology convergence in innovation
and adaptability and its effect on financial performance. Stamford, CT: BTM Corporation.
51
 Study of 15 agile vs. non-agile Fortune 500 firms
 Based on models to measure organizational agility
 Agile firms out perform non agile firms by up to 36%
Fin. Benefits to ENTERPRISE AGILITY

52. Suhy, S. (2014). Has the U.S. government moved to agile without telling anyone? Retrieved April 24, 2015, from http://agileingov.com
Porter, M. E., & Schwab, K. (2008). The global competitiveness report: 2008 to 2009. Geneva, Switzerland: World Economic Forum. 52
 U.S. gov’t agile jobs grew by 13,000% from 2006-2013
 Adoption is higher in U.S. DoD than Civilian Agencies
 GDP of countries with high adoption rates is greater
High
Low
Low HighAGILITY
COMPETITIVENESS
GOVERNMENT AGILE JOB GROWTH
PERCENTAGE
13,000%
0
2006 2013YEARS
GOVERNMENT COMPETITIVENESS
Nat’l Benefits to ENTERPRISE AGILITY