Infrastructure as Code (Iac) is marketed as the answer to all automation problems. How can that be true when no one really has a good definition? Let’s fix that!
This talk captures ideas from a tweet battle started when Rob asked for a definition. We’ll decompose that #IaC thread into six themes from programmatic configuration up to CI/CD pipelines. Then, we’ll explore how each theme interlocks in specific and important ways using 10 years of history around Digital Rebar as an example.
This talk provides specific and actionable ideas that will impact how you think about building automation for scale and distributed systems.

Have you heard about the Continuous Delivery Foundation? Yes, Continuous Delivery has its very own open source governing foundation home to Jenkins, Spinnaker, Tekton and Screwdriver.
The goal of the CD Foundation is to improve the world’s capacity to deliver software with security and speed. While many DevOps Pros have implemented Continuous Integration, continuous delivery is still emerging. And with the rise of cloud native, CD is becoming critical for addressing DevOps at scale.
This session will introduce the CD Foundation, cover the projects, goals, and ecosystem landscape. It will also help you understand how you can get involved as an End User, an essential piece of the CD Foundation’s strategy for building CD adoption.

In the fusion between DevOps and DevSecOps, the pace and agility of the DevSecOps approach left AppSec and InfoSec Engineers behind. The DevOps squad topology does not traditionally involve the organization’s AppSec and InfoSec Engineers. Many DevOps teams are not included by security engineers as there tends to be a disconnect when it comes to information such as DevSecOps approaches and configuring DevOps CI/CD pipelines. Therefore, it’s essential that security experts start learning the skills and tools surrounding DevSecOps. In this session, attendees will learn:
- An overview of DevSecOps approaches and tools
- The benefits of DevSecOps and the Shift-Left approach
- How to start a DevSecOps journey and where to find support

Continuous product oriented practice advocates transforming the qualitative way we build and track products to a quantitative way: identify, design, and measure “value” for product ideas. Assess and assign a score to each “value” and track them in practice from inception to operation. Eliminate silos by integrating strategy, inception, planning, design, development, and operations through a unified value radar. To provide a high-level overview, refer to the following blueprint of the journey your product will take when you introduce the continuous product oriented practice to your product. This practice will compel you to answer three questions, and introduce a data-driven approach to reaching decisions.

Many organizations attempt adopting DevOps and Agile practices only to crash against a compliance wall such as RMF, PCI-DSS, or even GDPR. Those who offer Agile management frequently want to sell you a brand. Even Gene Kim’s “The Unicorn Project'', shows a security officer experiencing a complete breakdown before becoming a DevOps enthusiast. It’s not that hard. After being a Product Owner on an Agile team, I transferred to a security lead, operating the Risk Management Frameworks with an org newly committed to Agile. My team worked through a mindset change without the breakdown, incorporating small compliance goals, integrating with developers, shifting security left, and building cooperative risk ownership. This session shares my experiences incorporating an Agile workplace with the U.S. Government's compliance in the hope of helping others.

In the fusion between DevOps and DevSecOps, the pace and agility of the DevSecOps approach left AppSec and InfoSec Engineers behind. The DevOps squad topology does not traditionally involve the organization’s AppSec and InfoSec Engineers. Many DevOps teams are not included by security engineers as there tends to be a disconnect when it comes to information such as DevSecOps approaches and configuring DevOps CI/CD pipelines. Therefore, it’s essential that security experts start learning the skills and tools surrounding DevSecOps. In this session, attendees will learn:
- An overview of DevSecOps approaches and tools
- The benefits of DevSecOps and the Shift-Left approach
- How to start a DevSecOps journey and where to find support

What is GitOps and why is it important? This talk will focus on the general practice of GitOps, the strengths and weaknesses in the process, and compare that to a more full-featured process called Verified GitOps.

2020 has been unexpected, to say the least, and the extreme uncertainty has forced organisations to reconsider their ways of working. In this fireside chat, Jayne and Helen will reflect on what that has meant for the organisations they work with, what they have seen companies do in order to make themselves more adaptable in unpredictable times, and how what we are learning as an industry will position us for 2021. We’ll address questions such as:
- Has DevOps adoption been impacted positively or negatively during 2020?
- What does the rapid change we’ve seen mean for humans in DevOps?
- What are the key DevOps technologies emerging from the pressure placed upon us all during the last 12 months?

When we talk about DevOps, there are three main conversations that form around people, processes, and technology. With the majority of our workforce remote, we’ve lost part of the human interaction that helps teams collaborate, communicate, and understand the day to day challenges that come with creating great software. In this presentation, we will take a look at the important role data plays within our DevOps organization, and how that data can influence and humanize many aspects of our organization, including people (culture), processes (tracking and planning), and technology (business agility). We will also discuss how data can be leveraged to create a culture filled with empathy and understanding. Many employers are starting to look at key “Human Skills” as part of their DevOps hiring strategy. We will cover the different types of human skills that are most sought after, and also how can we use data to help individual contributors grow from a “T-shaped” skill set to an “E-Shaped” skill set. We will also discuss how data can be leveraged to improve communication, visibility, and improve alignment between engineering and the business.

When you define ‘legacy’ as applications or systems which are no more than 4 years old, it would seem that adopting a DevOps way of working would offer an organization a fresh start. However, beginning with a tabula rasa does not mean that integrating the philosophy is without challenges. No Legacy DevOps is the telling of the tale of the DevOps team at the National Museum of African American History and Culture and the sharing of the challenges encountered, mistakes made, and the resulting strategy captured from the valuable lessons learned and learning.

Achieving your goals in DevOps is about much more than technology. It is about the cultural changes within your organisation. It is also about understanding the business goals and technology understanding how the team can help meet these goals. The importance of understanding this at the top of your leadership is vital to ensuring success. In this session, we talk about the full journey of DevOps transformation, from initial assessment, transformation activities, and assessment of maturity. This enables you to effectively plan, transform, adapt, and improve as you go through your DevOps journey.

When we talk about Observability, we often discuss it in the context of implementing at the code-base. However, the business aspect is either not thought of or not brought into the architecture.
Through this session, I will illustrate how one can bring the business-relevant observability by patterns & practices in coding, the case studies, and the research done by various cloud providers & vendors.

In the past years, the development process has become more efficient. Agile has been widely adopted as the main methodology of software development teams and the reduced cycle time introduced the concept of DevOps, which is all about connecting the Ops and Dev teams in order to maximize productivity and reduce time to market. The main goals of DevOps are: Speed, Reliability, Rapid Delivery, Scalability, Security and Collaboration. In this talk we will discuss the advantages of DevOps and also walk through the challenges DevOps brings and implementation pains. How we can measure our DevOps process, which metrics can be used to see that we are constantly improving.

Bottoms up DevOps initiatives are a wonderful way of bringing about positive change to application teams. A common danger is that local efforts can lead to local optimization. At some point, grassroots efforts start to build their own technical debt which hamper their initial promise and extinguish the teams’ excitement. Quali CTO, Maya Ber Lerner will discuss common life cycles of bottoms up DevOps projects and their use of specific open source and commercial tools as well as pros and cons of each.

Choosing the right open source product used to be relatively simple because there were very few choices. It was easy to gauge the maturity and potential success of an open source product based on the number of contributors, contributions, downloads, and “like” stars on GitHub. While these legacy criteria are still important, they are no longer the primary indicators of success they once were.
Why? Public cloud and SaaS providers have emerged as the new kingmakers of open source, influencing the entire supply chain of an open source product. IT leaders need a new decision-making framework and criteria to select open source products when many options are available for similar functionality. You will come out of this quick talk with a 3-step framework to choose the right open source products while they are emerging and evolving in nascent markets.