- Typical DevOps journey that we see enterprises taking
- Key challenges they encountered and ways to mitigate
- Scaling the “bottom-up” across the enterprise
- Measuring success and course-correcting during your DevOps journey
- Ingredients for success beyond the tools - Mindset and culture shift required
- Potential case study

As the creator of Jenkins, I get to see lots of real-world software development, and teams and organizations trying to push better DevOps practice forward. In those conversations, I noticed that some are more successful than others. In this talk, I will explore where those differences seem to be made. One is around data. Our automation in software development is sufficiently broad that it is producing lots of data, but by and large most of those are simply thrown away. Yet at the same time, the management is feeling like they are flying blind because they have little insight! Another is around how they leverage “economy of scale.” Successful teams seem like they managed to drive great uniformity and consistency across software development, which allow organizations to move at great speed and make developers feel great.

This session, led by the team at Women in DevOps, uncovers the global gender DevOps gap issue and demonstrates how diverse and inclusive teams drive innovation. Offering you a unique insight into HR best practices, strategies and tools on how to create a truly inclusive workforce. A session that shows the importance of the Women in DevOps' global movement on inspiring the future leaders of the DevOps world and amplifying the voices of women and all minority groups in DevOps.

Not every organization has the application delivery needs of Netflix or Google. Some desire to reach that level, others don’t. But enterprises recognize the need to accelerate, automate and be better. Spinnaker has evolved beyond the Netflix/Google use case, as the world moves beyond success equates to how many deploys a day. Today’s enterprises want continuous delivery at scale, for multiple apps, multiple clouds and multiple platforms.

Join this all-star cast of experts as they discuss how today’s use cases have changed, how Spinnaker has evolved to meet the mission and how you can take your organization to the next level.

A chasm is opening up between elite, high-performing teams and the rest of us. According to the DORA report, elite teams get code to users 25,000x faster than the bottom half of teams, deploy 46x more frequently, and restore service from incidents in 2666x less time… and while the same resources are theoretically available to all teams, the performance gap is *widening* with each year. WTF Is going on? Are the majority of teams just doomed to mediocrity? Is this a skill gap (spoiler: no), a technical problem, or a business one? Most importantly, how can you help your team function at an elite level? Let's talk through the social *and* technical strategies that great teams all of the world are using to be happier and more productive...and make their users happy too.

Kubernetes is driving a seismic shift in how we develop and ship applications. This shift completely disrupts the way we secure applications and data -- affecting people, process, and technology. Security has to adapt and be cloud-first, ‘as code’, open and frictionless. Shift left is foundational but runtime security, incident response and forensics change as well. Loris Degioanni, industry expert and open source veteran, will share his perspective on where security is going and practical advice for managing security risk in a Kubernetes and DevOps world.

With the proliferation of sensors and huge volume of data on edge devices, the promise of sending all of this data back to the cloud for AI/ML analytics has far exceeded the capacity of both the network bandwidth and compute resources. However, by moving the workload to edge devices that contain increasingly powerful processing capabilities, this data can be processed locally and efficiently aggregated in the cloud, solving a whole new set of analysis, monitoring, and optimization scenarios. This also necessitates a DevOps approach to distribution that can scale to millions of edge devices, provide continuous and reliable updates, and provide security for a highly distributed network. Learn how to take your DevOps skill set and apply it to a new and challenging domain that is in need of the same human and technology best practices that help global organizations distribute software securely and continuously to self-hosted and cloud environments.

It’s now 2020 and DevOps is no longer a nice to have. It is absolutely necessary to have DevOps best practices in place to be competitive in today’s market. Yet it isn’t easy to do right. You must have the right culture in place. You must have agile processes in place. And you must have the right tooling in place. Come to this fireside chat as Donovan Brown and Abel Wang dive in deep on transforming your organization from waterfall to DevOps. Between the two of them, there is over 20 years of real world industry experience helping organizations around the world make this transformation.

Continuous product oriented practice advocates transforming the qualitative way we build and track products to a quantitative way: identify, design, and measure “value” for product ideas. Assess and assign a score to each “value” and track them in practice from inception to operation. Eliminate silos by integrating strategy, inception, planning, design, development, and operations through a unified value radar. To provide a high-level overview, refer to the following blueprint of the journey your product will take when you introduce the continuous product oriented practice to your product. This practice will compel you to answer three questions, and introduce a data-driven approach to reaching decisions.

Infrastructure as Code (Iac) is marketed as the answer to all automation problems. How can that be true when no one really has a good definition? Let’s fix that!
This talk captures ideas from a tweet battle started when Rob asked for a definition. We’ll decompose that #IaC thread into six themes from programmatic configuration up to CI/CD pipelines. Then, we’ll explore how each theme interlocks in specific and important ways using 10 years of history around Digital Rebar as an example. This talk provides specific and actionable ideas that will impact how you think about building automation for scale and distributed systems.

A peanut butter and jelly sandwich has three key ingredients: the peanut butter, the jelly, and the perfectly toasted bread. In this analogy, if DevOps practice is the jelly and Agile practice is the peanut butter, then what exactly is Value Stream Management?

Many organizations have benefited by adopting VSM in DevOps, and understanding the value of every stage in the software development and delivery process.

But how do you know if your software delivery is efficiently delivering value to your customer? Is it moving in the right direction? How can you improve it? Digital transformations fail or get stalled because organizations can’t answer these questions.

VSM helps answer these questions and it involves taking a look at all the steps in the software delivery process from idea to production – the value stream – and then identifying silos, bottlenecks, and other inefficiencies in the flow of work.

In this talk, Lance Knight will take you through the making of a PB&J and how that applies to the entire software delivery process and the strong need for VSM for enterprises to begin optimizing their software delivery processes and realizing their digital transformation goals.

Have you heard about the Continuous Delivery Foundation? Yes, Continuous Delivery has its very own open source governing foundation home to Jenkins, Spinnaker, Tekton and Screwdriver.
The goal of the CD Foundation is to improve the world’s capacity to deliver software with security and speed. While many DevOps Pros have implemented Continuous Integration, continuous delivery is still emerging. And with the rise of cloud native, CD is becoming critical for addressing DevOps at scale.
This session will introduce the CD Foundation, cover the projects, goals, and ecosystem landscape. It will also help you understand how you can get involved as an End User, an essential piece of the CD Foundation’s strategy for building CD adoption.

Complex enterprises in highly regulated industries have been increasingly adopting DevOps ways of working. As they work to build small multi-functional teams, stand up automated pipelines, and accelerate deployment frequencies, large scale enterprises face many challenges along the way.
Join the panel discussion to hear how some of the most complex organizations are addressing their DevOps transformations. From bimodal strategies to evolving review processes and implementing CI/CD, get a look into the challenges and real-world solutions to addressing those challenges.
Key Takeaways:
- Steps to create a DevOps strategy in complex organizations
- How to navigate a DevOps transformation in regulated industries
- Best practices when driving change across an organization

In the fusion between DevOps and DevSecOps, the pace and agility of the DevSecOps approach left AppSec and InfoSec Engineers behind. The DevOps squad topology does not traditionally involve the organization’s AppSec and InfoSec Engineers. Many DevOps teams are not included by security engineers as there tends to be a disconnect when it comes to information such as DevSecOps approaches and configuring DevOps CI/CD pipelines. Therefore, it’s essential that security experts start learning the skills and tools surrounding DevSecOps. In this session, attendees will learn:
- An overview of DevSecOps approaches and tools
- The benefits of DevSecOps and the Shift-Left approach
- How to start a DevSecOps journey and where to find support

DevOps merges technologies, tools, and mindsets. It is a journey—not a destination. Therefore, enterprises should take a strategic approach to DevOps with the right mix of technologies, people, and most importantly, an ecosystem that serves as a foundation for modern and future applications. This ecosystem should promote continuous technology innovation that differentiates the business.

In this session, E.G.Nadhan will cover:
- Best practices that have worked for multiple Red Hat® customers.
- Five tips that can make IT modernization an easier experience overall.
- Steps that can be taken to advance the DevOps journey both from a “top down” and a “bottom up” perspective.

Developers and DevOps Teams are at the forefront of new application architectures and deployment workflows to achieve greater release velocity and scale. As they adopt containers, Kubernetes, and serverless technologies, security is catching up to protect these architectures and applications—not only at runtime but also across the application lifecycle.

In this interactive technical session, join Keith Mokris from the Prisma Cloud by Palo Alto Networks product team for a presentation about the latest trends in cloud native security, including exploring security of IAC and applications and git repo vulnerability management.

The world of software is becoming increasingly complex. User demand always-on applications that are accessible from all of their devices. Monolithic apps are being decomposed into distributed microservices, built and run by engineers who work remotely and need to collaborate across timezone and locations. How can infrastructure operations teams keep up?

GitOps offers a framework for modern infrastructure automation allowing you to be fast, stable, and secure. This talk will cover the fundamentals of GitOps - what it is, why it's important, and how teams who have already adopted GitOps are doing it.

Join CloudBees' Brian Dawson for a discussion with Kohsuke Kawaguchi, Co-Founder and Co-CEO of Launchable Inc. and creator of the pioneering Jenkins project. In January, it will be 10 years since the Jenkins project started on the road to becoming not only the most widely adopted CI/CD solution, but a project which helped pioneer pipeline as code, containers as a core aspect of the CD process and much more. Kohsuke and Brian will review some of the milestone developments in the Jenkins and DevOps community over the past 10 years, and discuss how that will inform the next 10 years of DevOps. Learn about the emergence of GitOps, data-driven DevOps, Software Delivery Automation and AI and how they will all impact your future.

What is GitOps and why is it important? This talk will focus on the general practice of GitOps, the strengths and weaknesses in the process, and compare that to a more full-featured process called Verified GitOps.

Many organizations attempt adopting DevOps and Agile practices only to crash against a compliance wall such as RMF, PCI-DSS, or even GDPR. Those who offer Agile management frequently want to sell you a brand. Even Gene Kim’s “The Unicorn Project'', shows a security officer experiencing a complete breakdown before becoming a DevOps enthusiast. It’s not that hard. After being a Product Owner on an Agile team, I transferred to a security lead, operating the Risk Management Frameworks with an org newly committed to Agile. My team worked through a mindset change without the breakdown, incorporating small compliance goals, integrating with developers, shifting security left, and building cooperative risk ownership. This session shares my experiences incorporating an Agile workplace with the U.S. Government's compliance in the hope of helping others.

When you define ‘legacy’ as applications or systems which are no more than 4 years old, it would seem that adopting a DevOps way of working would offer an organization a fresh start. However, beginning with a tabula rasa does not mean that integrating the philosophy is without challenges. No Legacy DevOps is the telling of the tale of the DevOps team at the National Museum of African American History and Culture and the sharing of the challenges encountered, mistakes made, and the resulting strategy captured from the valuable lessons learned and learning.

This session, led by the team at Women in DevOps, uncovers the global gender DevOps gap issue and demonstrates how diverse and inclusive teams drive innovation. Offering you a unique insight into HR best practices, strategies and tools on how to create a truly inclusive workforce. A session that shows the importance of the Women in DevOps' global movement on inspiring the future leaders of the DevOps world and amplifying the voices of women and all minority groups in DevOps.

2020 has been unexpected, to say the least, and the extreme uncertainty has forced organizations to reconsider their ways of working. In this fireside chat, Jayne and Helen will reflect on what that has meant for the organizations they work with, what they have seen companies do in order to make themselves more adaptable in unpredictable times, and how what we are learning as an industry will position us for 2021. We’ll address questions such as:
- Has DevOps adoption been impacted positively or negatively during 2020?
- What does the rapid change we’ve seen mean for humans in DevOps?
- What are the key DevOps technologies emerging from the pressure placed upon us all during the last 12 months?

- If your company depends on software engineers, everything from programmer to site reliably engineers, when your primary assets log off at the end of the day, there's no guarantee that they will log in tomorrow. If they don't come back what will you do?

- Losing a mission-critical engineer can be a catastrophic event, particularly for companies in which essential information is tribal knowledge. The way to address this risk is by ensuring that your company's documentation is always current and accurate. Sadly, this is a chore. Few engineers have the time to write the comprehensive documentation that ensures that their work lives on long after they're gone. Fortunately there is a way to make accurate, engaging, interactive documentation that works. In this talk technical writer, journalist and developer Bob Reselman will show you how.

Achieving your goals in DevOps is about much more than technology. It is about the cultural changes within your organization. It is also about understanding the business goals and technology understanding how the team can help meet these goals. The importance of understanding this at the top of your leadership is vital to ensuring success. In this session, we talk about the full journey of DevOps transformation, from initial assessment, transformation activities, and assessment of maturity. This enables you to effectively plan, transform, adapt, and improve as you go through your DevOps journey.

When we talk about DevOps, there are three main conversations that form around people, processes, and technology. With the majority of our workforce remote, we’ve lost part of the human interaction that helps teams collaborate, communicate, and understand the day to day challenges that come with creating great software. In this presentation, we will take a look at the important role data plays within our DevOps organization, and how that data can influence and humanize many aspects of our organization, including people (culture), processes (tracking and planning), and technology (business agility). We will also discuss how data can be leveraged to create a culture filled with empathy and understanding. Many employers are starting to look at key “Human Skills” as part of their DevOps hiring strategy. We will cover the different types of human skills that are most sought after, and also how can we use data to help individual contributors grow from a “T-shaped” skill set to an “E-Shaped” skill set. We will also discuss how data can be leveraged to improve communication, visibility, and improve alignment between engineering and the business.

It’s now 2020 and DevOps is no longer a nice to have. It is absolutely necessary to have DevOps best practices in place to be competitive in today’s market. Yet it isn’t easy to do right. You must have the right culture in place. You must have agile processes in place. And you must have the right tooling in place. Come to this fireside chat as Donovan Brown and Abel Wang dive in deep on transforming your organization from waterfall to DevOps. Between the two of them, there is over 20 years of real world industry experience helping organizations around the world make this transformation.

In the past years, the development process has become more efficient. Agile has been widely adopted as the main methodology of software development teams and the reduced cycle time introduced the concept of DevOps, which is all about connecting the Ops and Dev teams in order to maximize productivity and reduce time to market. The main goals of DevOps are: Speed, Reliability, Rapid Delivery, Scalability, Security and Collaboration. In this talk we will discuss the advantages of DevOps and also walk through the challenges DevOps brings and implementation pains. How we can measure our DevOps process, which metrics can be used to see that we are constantly improving.

When we talk about Observability, we often discuss it in the context of implementing at the code-base. However, the business aspect is either not thought of or not brought into the architecture.
Through this session, I will illustrate how one can bring the business-relevant observability by patterns & practices in coding, the case studies, and the research done by various cloud providers & vendors.

Prometheus is an awesome tool to consume raw data from your application stacks and extract real data about your users’ experience and the state of your fleet. But many teams end up throwing more and more data at Prometheus, or other metrics vendors, and just assume that the tool can make sense of the chaos. Well, garbage in makes for garbage out. We will look at the common methodologies for instrumenting resources and HTTP calls and how these can be applied to produce consistency across the environment. Especially in a micro-services style environment, consistency in instrumentation is key for creating debuggable systems.
On this journey we discover that Prometheus has problematic support for percentiles, but percentiles are key for understanding our applications. As application stacks grow, metric cardinality and high error rates in percentiles can blind a whole organization. How can we use Prometheus to build consistent 30 day service level objectives across our applications? We will tackle accuracy in percentile calculations, tactics for handling cardinality, and methods to handle long service level object periods.

Observability is a highly visible topic in DevOps and Cloud Native discussions. But does observability need a bigger vision or broader applicability to break through to the next level? Can past precedents point a way to accommodate current and future technical trends? Metrics and logs are well understood, and distributed tracing has surfaced on the global developer consciousness. OpenTelemetry is a very good starting point for the next iteration, but it only addresses a subset of the problem space. Several important, but under-represented, observability challenges are identified which a reference model needs to address. Lessons learned from building and using an observability platform are discussed. Based on this, an observability reference model is proposed to outline the whole problem space and provide the North Star for the journey ahead.

Microservices have many benefits but are also complex and hard to monitor and troubleshoot. Join us as we discuss the growth in adoption of these environments, including Kubernetes and containers, and the challenges that they have presented us all, focusing on why standard metrics and logs by themselves are leaving gaps in your observability strategy. We’ll then deep dive into how distributed tracing fits into this, as well as best practices, and how we at Epsagon are approaching this in modern-day cloud environments.

With the proliferation of sensors and huge volume of data on edge devices, the promise of sending all of this data back to the cloud for AI/ML analytics has far exceeded the capacity of both the network bandwidth and compute resources. However, by moving the workload to edge devices that contain increasingly powerful processing capabilities, this data can be processed locally and efficiently aggregated in the cloud, solving a whole new set of analysis, monitoring, and optimization scenarios. This also necessitates a DevOps approach to distribution that can scale to millions of edge devices, provide continuous and reliable updates, and provide security for a highly distributed network. Learn how to take your DevOps skill set and apply it to a new and challenging domain that is in need of the same human and technology best practices that help global organizations distribute software securely and continuously to self-hosted and cloud environments.

Digital Transformation requires an understanding of how members communicate and share ideas at the individuals, team, leadership, and the organization level. An enterprise’s behaviors are made up of a collection of mental models based on perceptions, relationships, actions, and conflicts between various parts of the organization. Qualitative Data Analysis (QDA) is a process that can be used to discover implicit conflicts, incoherence, and misalignment between these mental models. In this presentation, we will discuss how Computer Assisted Qualitative Data Analysis (CAQDA) and a QDA approach can be used to analyze group, individual, and leadership interviews to better understand Digital Transformation outcomes. We will also discuss how this QDA approach has been used in a number of financial institutions with some relative use case examples.

- Companies are committed to delivering on higher levels of customer satisfaction for their online services. Unfortunately, many organizations trying to support these initiatives take an interrupt driven approach where they monitor everything with every tool available. The steps you should take to manage these high levels of SLAs is to start with a review of your current approach and toolset against the business needs to help you create a path to continuous service delivery optimization.

- The first step in getting control and visibility into your DevOps environment is to collect and instrument everything. But how do you get started, what are the next steps. In this webinar we will distill the learning from hundreds of our customers into a simple 5 step process.

Security and Reliability is everyone’s responsibility, yet this statement tends to conflict as organizations that own software demand engineers upskill, innovate, and deliver quickly. Site Reliability Engineering introduces software design, implementation, and maintenance practices for successfully meeting both of these outcomes. Much unknown exists in this field, join this session to learn how to enable continuous delivery through SRE principles. Attendees will learn about popular SRE practices and how to apply them to enable a continuous delivery lifecycle.

Site reliability engineering (SRE) is becoming a popular movement within large enterprises. But what exactly does an SRE do? How do you build an SRE team? Who do you hire? Where do you hire SREs from? How do you set SREs up for success? How do you manage performance of SREs? How do you scale your SRE team? What are the responsibilities of an SRE team? Should you have one? This is the session where you get the answers. Tammy will share her experiences building and scaling SRE teams. Get practical advice on whether an SRE function makes sense for your company and a guide for success.

Does it seem like your SRE team is starting to look way too much like the familiar Ops team that you have always known? It’s easy to fall back on the well known patterns of production support. While it is critical to have strong Operations expertise, it is equally critical that your SRE team adopt a new mindset. We strive to drive our operational burden to zero. We look to automate last year’s work to make room for new challenges. We make the time to eliminate TOIL in our daily tasks. In this talk, we will take a close look at how process and automation can be the driving force behind a truly empowered SRE team.

Author and SRE expert, Alex Hidalgo, and Mitch Ashley, CEO of Accelerated Strategies Group, host a dynamic discussion about the site reliability learnings from Amazon and Netflix, and apply them today's world fo software. Alex also delves into SLOs, Service Level Objectives, which he writes about in his new book.

Companies rely on key services to be available nearly 100 percent of the time in order to make revenue. A consequence of this situation is that it has become natural for Engineers to get woken up late at night or early in the morning to resolve incidents. But whether you rise to the occasion or not, it eventually becomes a very taxing experience. Unfortunately, our industry has accepted this as the norm. There is a better way. Chaos Engineering.
In this session, we will explore how we got to this point and how we can adopt Chaos Engineering to help us wake up less and sleep better.
What will attendees Learn :
How did we get here? The State of On-Call in the Tech Industry using my experience in both Cloud Ops and SRE
Operational Maturity: Why we need to revisit this definition and the different stages Companies find themselves in
Why being an On-Call Hero seems exhilarating at first but then pretty terrible
Why are we so reactive? How do we move the needle to be proactive?
It’s not just reproducing Incidents or Playbook Validation, how can CE help us get more sleep?
Explaining the Force Function that Chaos engineering creates that causes us to ask questions about our systems and just as if not more important, our people.
Where do we go from here? What to do if you’re on-call this sprint. What’s next?

Bottom-up DevOps initiatives are a wonderful way of bringing about positive change to application teams. A common danger is that local efforts can lead to local optimization. At some point, grassroots efforts start to build their own technical debt which hamper their initial promise and extinguish the teams’ excitement. Quali CTO, Maya Ber Lerner will discuss common life cycles of bottoms up DevOps projects and their use of specific open source and commercial tools as well as pros and cons of each.

Security as Code is one of the hottest topics in containers. It’s a natural follow on to infrastructure as code. It can be used to define run-time policies for Kubernetes deployments. Monitoring and preventing egress, or external connections, is critical for preventing data breaches and attacks. Creating security policy as code to allow or deny egress should be as simple, powerful and automated as possible. In this session, we will discuss several ways of enforcing egress control using open source tools such as Kubernetes Network Policy and OpenShift as well as NeuVector.

The votes are in! Kubernetes adoption is happening everywhere around the globe, from the cloud, to the datacenter, to the edge! This talk will uncover what voters elected as their top challenges with Kubernetes adoption in 2020 - as the cloud-native technology and landscape changes. Metrics from an independent survey of 300 IT leaders and DevOps practitioners will be revealed.

Container and application sprawl on Kubernetes is creating relevant challenges when it comes to applying governance, security and control on production environments. Platform Engineering and DevOps teams are tasked with solving these challenges while ensuring Developer experience is achieved, integration into 3rd party solutions are available for the deployed applications and complexity is reduced, which always sounds like an impossible task. During this session, we will cover how a few organizations are overcoming these challenges and delivering great results.

Choosing the right open source product used to be relatively simple because there were very few choices. It was easy to gauge the maturity and potential success of an open source product based on the number of contributors, contributions, downloads, and “like” stars on GitHub. While these legacy criteria are still important, they are no longer the primary indicators of success they once were.
Why? Public cloud and SaaS providers have emerged as the new kingmakers of open source, influencing the entire supply chain of an open source product. IT leaders need a new decision-making framework and criteria to select open source products when many options are available for similar functionality. You will come out of this quick talk with a 3-step framework to choose the right open source products while they are emerging and evolving in nascent markets.

- Using open source components in today’s modern applications has become the norm - dominating anywhere between 60-80% of the codebase. Given today’s hectic release pace and the desire to release new features on a weekly or even daily basis, this comes as no surprise.

- However, taking into consideration the fact that recent years have seen an upsurge in reported open-source vulnerabilities, whose details and exploits are publicly available, it's no wonder that organizations are increasingly directing focus towards ensuring that their open-source components are securely integrated into their software.
- Join Guy Bar-Gil, Product Manager at WhiteSource, as he presents:
- The four crucial layers of open-source security;
- How to start integrating continuous security into your SDLC;
- Best practices for organizations to own and execute the security process.

Focus on resources and employees, not on networks and environments. The usage of firewalls, VPNs, intrusion detection, and other networking components have been the backbone of managing access to important resources like applications, servers, and databases. But trends towards decentralization and abstraction has made infrastructure increasingly fluid and enforcement slippery. This talk reframes how to manage secure access in a dev-friendly way using four principles:
[1] Base decisions on identity
[2] Make it easy to use
[3] Don’t trust networks, and
[4] Centralize logging with a practical application for SSH at the end.

With millions of downloads, Jetstack’s (a Venafi Company) cert-manager is used by DevOps engineers worldwide to simplify, automate, and accelerate the security of their Kubernetes deployments. In this lightning talk by our engineering experts, learn:
- How to connect Vault and Kubernetes to easily manage your TLS certificates to prevent security breaches and downtime
- Best practices for building security into your Kubernetes deployments
- How it works in real life with a demo