Agile + DevOps West 2023 - DevOps Practices
Tuesday, June 6
What DevOps Means for Testers and Testing
DevOps is more than a buzzword or a passing fad. It's a radically new approach to rapidly deliver high-quality software applications. However, many organizations don’t fully grasp the magnitude of this change or what it means for everyone involved in the software development lifecycle. Jeffery Payne says that DevOps—when done right—drives higher quality and efficiency into software development, software testing, and application management activities. It empowers teams to remove impediments to quality and productivity throughout the entire software lifecycle. However, when DevOps is done...
Wednesday, June 7
DevOps From Large Enterprises' POV
It’s been more than 10 years since the term DevOps has become popular. As of today, there is probably not a single IT organization who has not embraced DevOps in some form or fashion. Most organizations have roles, teams, and departments that have the name DevOps in them. DevOps is no longer a “cool thing” that applies to only “tech companies.” Why is it that we are still talking about it? Because we still have challenges. Most of us have not yet “figured it out.” Every DevOps transformation is unique and there is no one size fits all, yet there are some common themes. In this keynote,...
The Art of Defensive Programming
With every commit, the threat landscape increases. One single vulnerability is all a hacker needs. Vulnerabilities have multiple sources, and you must have a plan for securing each potential risk vector and identify vulnerabilities early. In this session, we will describe defensive coding techniques you can use as a daily practice and how you can build a security champion program. We will practically cover ways of identifying security vulnerabilities in your IDE using CodeQL as a Static Code Analysis tool. This is an important step in the pre-commit stage to identify security...
DevOps, Development Cadence, and the Product Lifecycle
In many DevOps initiatives, the DORA metrics are treated as the gold standard. When teams have good scores on deployment frequency, lead time for changes, time to recover, and change failure rate, we assume that we are on track, but this steady-state view doesn’t align with the fact that innovation and delivery are often episodic and have cadences that vary cross the product lifecycle. In this session, we’ll look at the general issue of development and delivery cadence, and explore a model based on Kent Beck’s 3X which allows us to interpret and target DORA performance in terms of the...
Reimagining Digital Cloud Transformation: Automation and DevOps Pipeline
Organizations face numerous challenges during their journey to Digital Cloud Transformation—the most pressing challenges are frequent failures and the absence of a “big-picture” mindset. Driven by KPMG’s quest to deliver a superior customer experience, their Digital Cloud Transformation framework delivers improved quality, reduced time to market, reliability, and sustainable Cloud Transformation. Moving away from the archaic approach from replicating traditional regression onto cloud integration validations, KPMG has helped customers minimize risk and increase test coverage by E2E...
Where the Rubber Meets the Road: How to Integrate DevOps with Development Teams
More engineering teams are adopting the use of DevOps practices in their product delivery, but sometimes it can be a struggle to integrate DevOps engineers into their organization and benefit from the investment they make in doing so. In other words, how can product owners gain a return on their investment in DevOps practices, which will lead to the benefits that DevOps promises? The solution begins with the DevOps engineers themselves and how they interact with the teams they support. It continues with the way their solutions are presented and adopted by their development team, and how...
Shifting Left the Right Way–Improving DevSecOps
"Shift left" is the mantra of DevSecOps. The closer to our developers that we can move the prevention of a security vulnerability being introduced to our codebase, the cheaper and faster it is for our organization. However even in 2023 old vulnerabilities find their way into new pull requests and merges. We can't continue to "shift left" and hope for the best. Instead, our focus needs to turn to providing the right tools and resources to our developers at the right time. Proper techniques need to be as friction free as shortcuts, workflows integrated, and correction offered in clear...
Humanizing Work
Is your favorite flavor of agility resulting in process over people? Is your contribution mired in person hours that inevitably turn into mythical person months? Are human efforts in heroic zeros and ones measured in seemingly pointless (story) points instead of customer, business, and employee value (ROI)? What began as a technology revolution has devolved into frameworks and processes that focus solely on mindless over mindful measuring, tracking, and projecting. And while many organizations find initial success that generates interest and demand for scaling agile and digital...
What Are Your Automation Strategies?
Everyone in your organization has probably discussed automation at least once. But who is responsible for automation? And what are the automation strategies for your organization? Several factors should be considered before jumping into automation. In this session, Lisette Zounon will share her personal experiences and cover case studies and successful quality transformation. Lisette will also cover what to consider for your automation strategies because it always depends on your organization and what you are trying to achieve. Attendee takeaways from this session include identifying your...
Empowering DevOps with OpenAI
AI is upending everything about the SDLC. For example, Microsoft has monetized GitHub Copilot, their AI development assistant, and now 40% of the code users check into GitHub is written by the AI. However, using Copilot is still highly dependent upon developer adoption and not fully integrated into the CI/CD pipeline and Paul wanted to bring AI into our agile process and DevOps environment. In this session, Paul Klinker will discuss how he and his team decided upon a phased approach for their customers, starting with integrating OpenAI into the CI/CD pipeline to enable greater visibility...
Thursday, June 8
Balancing Agile and Cybersecurity Implementation
Over the past 25 years, software development has changed drastically due to evolving market demands. To respond to these needs, software development teams must reduce their time to market with releases that are more frequent. This has led the industry to move away from the waterfall methodology to agile development methodologies, thus enabling security to be engaged from inception instead of bolted on at the end of the process. While security methodologies rely more on a systematic and requirement-based approach to development much more conducive to the waterfall methodology, we must...
Best Practices: CI/CD with Micro Services
You have finally split your monolith into microservices. How do you validate a complex application and make it scale? Instead of having just one CI/CD pipeline, you have several. And as the number of microservices increases, so does the quantity of pipelines. As an outcome, managing pipelines for microservice applications can get out of hand, especially when you try to reuse common pipeline parts amongst different applications. If you apply monolithic solutions to microservice problems, you will have a bad time. If you treat microservices like monoliths, you’ll end up with thousands of...
Collaborating Effectively as a Tester to Anticipate Defects in Code Review
Júlio de Lima has lost count of the times he's heard people saying that he should start testing as soon as possible when working as an agile tester. However, no one told him how to do this practically. So he started thinking about how to anticipate his tests and managed to find a few ways: 1) Gather refinements and ask questions about quality risks, 2) prepare his testing strategy in advance, and 3) read the code and mentally compile the code and verify that the tests he planned would pass. Júlio can say that #1 and #2 helped him a lot, but #3 had a big impact on the software testing...
Why Kubernetes Applications Require a New Approach to Testing Using Testkube
Microservices, CI/CD, DevOps, GitOps, cluster networking, etc.—more and more teams are building software fundamentally differently than they did even a few years ago. However, testing approaches and tooling have not caught up yet. At least not until now. What if you could apply the same type of GitOps and DevOps methodologies to your testing activities? Tests could be deployed and stored in a Kubernetes cluster, they could be decoupled from your CI/CD, orchestrated in the cluster in the same way you do with your applications and not in your CI/CD, publish results aggregated in a common...
Continuous Build and Other DevOps Anti-Patterns and How to Overcome Them
Software development is hard and poorly implemented or broken tools, techniques, and patterns just make it worse. Learn to spot DevOps anti-patterns and how to work your way back to a sane way of working. Continuous Build is an anti-pattern that Tom Stiehm has seen often, where a team will have what they call Continuous Integration (CI) in place, but it only builds the code. There are no unit tests or static analysis run. Certainly, this is better than not building, but it leaves a lot of health check information on the table that is considered part of CI. Without this information, you can...