DevOps Chat

Stacey English, Theta Lake Director of Market Intelligence, shares the results of a report showing the usage of modern communications tools and video communications tools like Microsoft Teams, Cisco WebEx and Zoom has accelerated at a breakneck speed in recent years, and it shows no sign of slowing down. https://thetalake.com

John Worrall, ZeroNorth CEO, expands on the "why" of DevSecOps, focusing on the business benefit, gain and measurement of what we seek to accomplish through DevSecOps. John advocates we concentrate on the process and data enabling us to assess risk, prioritize the most beneficial security work. Learn more about ZeroNorth athttps://www.zeronorth.io.

Colby Dyess, Director of Cloud Product Management at Tufin, joins Mitch Ashley, CEO of Accelerated Strategies Group, to discuss security policy management across hybrid cloud, multi-cloud and cloud-native security. Colby shares experiences from working with customers during the rapid migration to the cloud in 2020. Learn more about security policy management and hybrid clouds at Tufin (https://tufin.com)

Observability and Accessibility are two keys to successful app development and deployment. They are also square within the sweet spot for DevOps teams to consider as part of delivering better applications better and faster. In this episode 7 of DevOps Unbound we are joined Sean Kelly of Trcentis, Paul Pinkney of Swisslog Healthcare and Paula Goyanes of LaunchDarkly to discuss accessibility and usability design in DevOps.

Home » Blogs » DevOps Unbound » DevOps Unbound: How to Lead a DevOps Transformation DevOps Unbound: How to Lead a DevOps Transformation DevOps Unbound: How to Lead a DevOps Transformation BY ALAN SHIMEL ON NOVEMBER 27, 2020 1 COMMENT (EDIT) Is C-level support required to have a successful digital transformation? In the sixth episode of DevOps Unbound streaming broadcast on TechStrong TV and DevOps.com’s sister site Digital Anarchist, Mitchell Ashley of ASG and Alan Shimel are joined by Eveline Oehrlich of the DevOps Institute, Louise McCarthy of Bain & Company and Mark Settle, author of “Truth from the Valley, A Practical Primer on IT Management for the Next Decade,” to discuss DevOps and digital transformation at the C level.

Mitchell Ashley of ASG and Alan Shimel are joined by Ming Gong of UST Global, Chris Rolls of TTC and Robina Laughlin of Guardian Life for a discussion on outsourcing DevOps. Some say you really can't outsource DevOps, others say of course you can. Have a listen and decide for yourself

Mark Smalley of Smalley.IT, and Lead Editor with Axelos of the ITIL 4 High Velocity, IT joins ASG CEO Mitch Ashley to discuss his work creating this new contribution to ITIL 4. Mark shares the 5 value investments important for organizations seeking to operate at high velocity and some of the insights gained from himself and others covered in this ITIL 4 module.

Akshay Anand, ITSM product ambassador at AXELOS, and David Crouch, senior advisor at Beyond20, join ASG CEO Mitch Ashley to share best practices and learnings from introducing and adopting Agile and DevOps in large organizations. Akshay and David discuss overcoming change management challenges and obstacles to increase adoption.

Software teams are rapidly adopting microservices, containers and container management to promote innovation and boost digital transformation. With any newly adopted technology comes questions about data and overall security. Accelerated Strategies Group conducted research into the security of data within containers, specifically, Kubernetes. ASG Analyst Charles Kolodgy, lead analyst on this research, joins ASG CEO Mitch Ashley and Zettaset CEO Tim Reilly dig into the results of this research and relate it to today's implementations using kubernetes. This research was commissioned by Zettaset. The full analyst report is available at https://accelst.com/report-kubernetes-data-protection/.

ITIL is well established as the process, certification and information resource library for service management across many IT organizations globally. With the recent updates comprising to ITIL 4, influences from Agile and DevOps are helping ITIL to expand and adapt to changes in how create software and build operations into the delivery process. Akshay Anand, Product Ambassador with AXELOS Global Best Practice, and Jon Stevens-Hall, Principal Product Manager at BMC Software, join Accelerated Strategies Group CEO Mitch Ashley to discuss the new innovations in ITIL 4. As major contributors to ITIL 4, Akshay and Jon share the approach they took with ITIL 4, incorporating ideas from the world of Agile and DevOps.

App Modernization and the state of mainframe DevOps was the topic of episode 4 of DevOps Unbound. Our panel included Rosalind Radcliffe of IBM, Sam Knutson of Compuware and BMC and Gerta Sheganaku of Tricentis, joining MItchell Ashley and Alan Shimel. It was a lively conversation about real life scenarios that enterprises face everyday. Join us and be sure to follow DevOps Unbound at https://devopsunbound.com

DevOps has not only reached mainframe groups in the enterprise but also to large applications such as SAP. Organizations are moving away from waterfall methods and mega releases that take many months to deliver. What's needed are many more rapid release cycles and deployments that support the accelerating pace necessary to do business. David Lees, CTO of Basis Technologies, joins MediaOps CEO Alan Shimel to explore how organizations implement DevOps into their SAP integration and deployment cycles. Having lived through this transition, David shares his unique perspectives on the necessity to break through bottlenecks and make changes in supply chains, finance and many other business processes needed to support the business.

The assumption that large, established enterprises — from insurance companies to government agencies— can’t adopt Agile processes or DevOps is based on the falsehood that legacy technology stacks won’t allow for it; that existing traditional mainframe applications or legacy applications that large enterprises are built on are incapable of adapting to these approaches. Accelerated Strategies Group recently released the new research report 5 Crucial DevOps Strategies For Cloud and Mainframe 2020, sponsored by ASG Technologies. In this episode of DevOps Chats, Jeff Cherrington and Anna Murray with ASG Technologies joins Mitch Ashley (CEO, Accelerated Strategies Group) to explore how mainframe app teams embrace DevOps, processes and tools to equip software teams, so mainframe apps continue to provide businesses with vital systems and capabilities far into the future. Download the report at https://library.devops.com/5-crucial-devops-strategies-for-cloud-and-mainframes

DevOps Unbound episode 3 is about open source and DevOps. We have a great cast of Tracy Miranda, ED of the Continuous Delivery Foundation, Alon Girmonsky, found of UP9 and Kevin Dunne of Tricentis. DevOps Unbound is an every other week video series about topics related to all aspects of Devops. It is available at https://digitalanarchist.com

In this episode, Mitchell Ashley and Alan Shimel are joined by Caroline Wong, CSO at Cobalt.io (https://cobalt.io), Andrew Van Der Stock, executive director at OWASP, and Dr. Grigori Melnik, CPO at Tricentis, to discuss DevSecOps and AppSec.

This is the first episode of DevOps Unbound. A new video/audio series produced by us here at MediaOps, sponsored by Tricentis. Episodes will run every other week. Once a month there will be a roundtable open to the public as well. In this episode, two respected leaders in the testing space, Dr. Girgori Melnick and James Bach join us to look at the history of testing. How has it enabled DevOps and accelerated software deployment. We look at automation and continuous testing and more. Great discussion. The video edition of this is available on https://digitalanarchist.com

Accelerated Strategies Group has just delivered their State of Software Delivery Management Report, commissioned by CloudBees. In this DevOps Chat we speak with Mitchell Ashley, CEO, founder of ASG about the report and why it is important for everyone managing software delivery today

The whole Data/DataOps space is becoming very hot. For StorPool it is more of a case of the rest of the world catching up to what they have been doing for a while now. They are the leading distributed block storage provider globally. In this DevOps chat we speak with Boyan Krosnov, founder product at StorPool. Boyan gives us the background on StorPool as well as a good look at the state of the distributed storage/data market.

StrongDM wasn't founded to help with remote workers forced out of the office by COVID19. They have been around for 5 years now. But they do excel at allowing you to manage and audit remote access to all of you assets including DBs, servers and clusters (as well as apps and services) anywhere from anywhere. In this DevOps Chat we speak with StrongDM Justin McCarthy, CTO & Co-Founder about how the company's technology works and how it is helping companies move to remote access given current conditions. Get more information at https://www.strongdm.com/

When the cloud first caught on there was a problem with Shadow IT. Developers spinning up instances in AWS without the IT team knowing they existed. Now with the ease of CI/DC automated deployments, the problem of Shadow Code has arisen. Code being added to apps that did not go through the entire team process. In this DevOps Chat we speak with Elad Koren, VP of Product at Perimeter X about the Shadow Code issue and how his company can help.

DevOps World/Jenkins World has long established itself as a leading venue for DevOps practitioners to learn, share their knowledge, build a top-notch community. But what about leaders, people in leadership roles at companies who utilize DevOps as a vital part of there business and technology strategies? Sam Fell, CloudBees Area Vice President Enterprise Markets, joins DevOps Chats to discuss the newly announced Software Delivery Leadership Forum. DevOps World 2020 is expanding its focus and content by bringing leaders together with content specifically tailored for business and technology leaders. Accelerated Strategies Group, where Mitch Ashley is CEO, is leading the programming of the DevOps World 2020 Software Delivery Leadership Forum.

The current situation with so many working from home has shined a spotlight on potential security issues with many of our collaboration solutions. Adeya, says they have the answer, offering Swiss, Simple collaboration on a military grade scale. I sat down with Francois Rodriguez of Adeya's exec team to discuss what makes Adeya both simple and secure, as well as what the offering is all about. This is more than video conferencing by the way. This is a well developed and tested collaboration suite that has been in use by the Swiss military and others for years. Have a listen and check out Adeya

With so many working from home (WFH), security is being tested perhaps like it never has before. The good folks at SpecOps have made their password auditor product free during this trying time. We spoke with Darren James of SpecSoft about this release and some other tools they have released to help people through the rough spots. Darren had some good insights he shared and we discussed. Have a listen

Daniel "Spoons" Spoonhower made a bit of a name for himself while he was at Google, as did his two co-founders. They were there at the birth of the microservices wave that has swept through the software world. They left Google and started LightStep to help all developers build better, more scalable applications. With their new release they have pushed the bar higher. In this podcast here from Spoons as to what they are doing and where he sees things moving.

In this DevOps Chat we chat with Kirsten Newcomer,Senior Principal Product Manager, Red Hat. It is a great discussion on the state of DevSecOps and how the Red Hat Open Shift team is trying to make it easier for devs, DevOps and cyber folks to work together to create more secure applications.

Many companies are responding to the large number of people working from home as a result of the public health situation. Today Qualys rolled out a totally free 60 day version of their cloud-based security and compliance solution at no charge. We spoke with Sumedh Thakar about the free release and how Qualys is helping enterprises with their remote workforce.

WhiteSource one of the leaders in the Software Composition Analysis space recently released their annual report on "The State of Open Source Security Vulnerabilities". It is chock full of good data and findings on what is the current state of open source security and how things are trending. I had a chance to sit down with Rhys Arkins, Director, Product at WhiteSource to see what some of the highlights were. Rhys was happy to share and show us some of things you should be mindful of.

Gaining real insights, often unique insights can catapult companies ahead of the competition, but that's easier said than done. Splunk recently released its new report, "What Is Your Data Really Worth?" which produced some very compelling results. Leading-edge data innovators use data to raise gross profits by 12.5%. 97% of this top tier meet or beat their customer retention targets. Mature organizations are almost 10 times more likely to draw more than 20% of their revenue from new, innovative products and services. A select group of companies, categorized as Data Innovators, achieved impressive and measurable results. Andi Mann, Splunk Chief Technology Advocate, joins Mitch Ashley on DevOps Chats to share some of the key insights in the report and discuss how companies are utilizing their data to achieve higher revenue growth, improved customer experiences and gain cost savings. The full report is available to download at https://www.splunk.com/en_us/form/whats-your-data-really-worth.html.

Contrast Security has released the first "Route Intelligence" functionality in the latest version of their next generation security platform. https://www.contrastsecurity.com/contrast-news In this DevOps Chat we speak with Contrast's CTO/co-founder, Jeff Williams, about what route intelligence is and why you should have a look at it. Contrast continues to set the bar in DevSecOps, pushing beyond vulnerability scanning to enable more security software.

Datical has been a leader in the DevOps for databases since even before the term was used. What many may not realize was that the open source Liquibase project was a major contributor to Datical's success. So it should be no surprise then that in filling the open President's seat, they would tap an open source veteran. Dion Cornett, has open source credibility from his time at Red Hat and MariaDB. In his new role he is responsible for marketing, sales and product. He is determined to see the same kind of success with open source business models he has been part of before, succeed at Datical. In this discussion we hear from Dion on his plans and views.

SauceCon 2020 (https://saucecon.com/) by the good folks at Sauce Labs is just about a month and half away (April 27). As part of our lead up to the show and our coverage including live broadcasting on Digital Anarchist, we caught up with newly minted, Chief Product Officer, Matt Wyman. Matt discusses how continuous testing, automation and DevOps has led to better testing. With that though we are more complex and sophisticated than ever in how, what and when we test. Can't we just keep it simple? Do we want to keep it simple? Have a listen to what Matt has to say, as well as why he is so excited about this coming event. If you are interested in testing at all, do check out the great lineup for SauceCon and hope to see you there.

Sumo Logic has been one of the pioneers in DevSecOps and log analysis for many years now. In this DevOps Chat we speak with Founding VP of Product & Strategy, Bruno Kuric about the Sumo Continuous Intelligence Platform and how it is taking security into the next era. Have a listen as Bruno explains how Sumo is trying to meet the challenges of keeping up with the speed of business, today.

A new company announced their launch and Series A funding. Esper (https://esper.io)is building a platform for android device deployment and application management. Not just for Android phones either. The Esper founders are betting that Android will be the dominant form for embedded devices in both headless and IoT deployments. The CEO/co-founder of Esper, Yadhu Gopalan knows a little something about this, as he was one of the key people behind Microsoft's Windows CE embedded program. Yadhu was also a leader of Amazon's Go Store program prior to Esper. We had a chance to sit down with Yadhu and talk about what raising their $7.5m series A means for Esper and where they are going.

Rancher Labs is a great example of a start up that was smart enough to sense the way the market was moving and adopted a strategy to capitalize on it. But if you know Rancher co-founder, CEO Sheng Liang, you should not be surprised. Sheng has been seeing the market and staying one step ahead for a long time. In this DevOps chat we sat down with Sheng and spoke about the recent momentum at Rancher. We also spoke a lot about Kubernetes becoming the industry standard for compute. It is always a good learning experience speaking with Sheng and this conversation is no different. Have a listen.

Tufin Technologies announced Secure Cloud https://www.businesswire.com/news/home/20200211005174/en/Tufin-SecureCloud-Enables-Companies-Secure-Hybrid-Cloud. The product combines and builds on Tufin Orca and Tufin Iris to offer one product for comprehensive cloud security policy. We had a chance to catch up with Tufin CTO and co-founder, Reuven Harrison to chat about this and the state of the market before the upcoming RSA Conference.

How do you know if your cyber team is up to snuff? Like any good team, they need training and practice to stay on top of their game. The concept of cyber ranges for red and blue teams has been in use for a few years now. Gov and military organizations have been some of the big leaders in this space. Rangeforce comes out of Estonia where NATO teams used the idea of a cyber range to train up their teams.They are taking this concept to the commercial space and will be at RSAC this year. I sat down with Gordon Lawson, President of Rangeforce to discuss the technology behind Rangeforce and the use cases. Have a listen and be sure to check them out at RSAC this year!

Ask any tech person what is involved in evaluating and purchasing tech tools and their eyes will often roll into their heads. While open source and free versions have made it easier to get the tools into people's hands, evaluating them to choose what is the best fit for your organization is still more art than science. In this podcast we sit down with two security industry veterans to talk about what is the best strategy to evaluate and pick the right security products. Les Correia and Migo Kedem are two industry veterans who have written the book on this. Have a listen

Brian Gracely has been helping to shape the Red Hat OpenShift product line for over 4 years. Brian is a key person in the product team there. In this podcast Brian gives us an update on the latest innovation at OpenShift. Much of what he is talking about will be visible or announced by KubeCon in Amsterdamn. So if you want to get an early look at the latest in Openshift, have a listen to what Brian has to see.

WhiteHat Security is one of the pioneers in AppSec. As such they were an early advocate for DevSecOps. They have been doing annual surveys of the security and developer space for several years. In this years survey the good news is that we are seeing real progress in DevSecOps adoption by developers and security teams. But all is not roses. Some of the same old issues are still there, including how long it takes us to fix vulnerabilities and security issues. In this DevOps Chats we speak with Eric Sheridan, Chief Scientist of WhiteHat about the survey results and what they mean. Have a listen to find out Eric's take on the foundings.

Jenkins founder Kohsuke Kawaguchi (KK) and respected DevOps veteran, Harpreet Singh have launched a new company called Launchable https://launchableinc.com Launchable aims to help you improve your delivery velocity by prioritizing and applying some ML and intelligence to testing. There is still much work to be done but with these two industry luminaries behind it, the expectations are high for something impactful. The VC community and a blue chip list of investors are already on board. Yes this means KK is no longer at CloudBees (several CloudBees execs are investors in Launchable)and Jenkins, while he is still an advisory. But with Jenkins now in the capable hands of the CDF and Linux Foundation and CloudBees well established, he felt this was a good time to pursue an issue he thinks needs to be solved. Hear from KK and Harpreet themselves in this great podcast.

Walkme recently announced a funding round of 90 million dollars bringing their total raise to over $300 million. But according to Rephael Sweary, that is great but the real measure of Walkme's success is their annual reoccurring revenue being over a $100m (which it is) and whether or not that company is helping their customers. In the case of Walkme, that are business's undergoing digital transformations and are looking to accelerate their digital platform adoption. Walkme has been a tremendous success no matter what yardstick you use. Listen to Rephael to understand better his view of the world and what is important for the coming times ahead.

DevSecOps has become a real thing over the last few years. The big shift has been making security tools that developers can use. ShiftLeft has been one of the leaders in this movement, recognizing that security had to shift left (hence the name). I had a chance to sit down right before the holidays with ShiftLeft CEO Manish Gupta about how the shift to developers using security tools is helping to make applications more secure.

Ken Rutsky is on a mission. In addition to being a master cybersecurity marketing ninja, Ken is also the founder of the Cybersecurity Go To Market Dojo. It is the hub of a community of cybersecurity marketers who seek to up their game and bring even more professionalism to cybersec marketing. Frankly, cybersecurity marketers get a bad wrap. Many of them have great technical chops. Just because they have marketing in their title don't assume they are not technical. Ken and the group are again putting on a great together on the Sunday of RSAC week. Also they will be doing a Cyber Marketer of the Year awards as well. Alan Shimel is one of the judges. You can find out more at https://www.gotomarketdojo.com/events/rsa2020-marketers-prefresher-happy-hour-the-marketer-of-the-year-awards

The Eclipse Foundation recently launched a new working group for Edge Native (https://edgenative.eclipse.org/). The mission is to deliver open source edge platforms now. I had a chance to sit down with the guests highlighted below to discuss. Enjoy. Mike Milinkovich, Executive Director, Eclipse Foundation Mike serves as the executive editor for the Eclipse Foundation. An influential voice in the open source and Java communities, Mike has worked tirelessly over the last two decades to help establish the open source model for software development. Outside of work, Mike's passions are his family, the family cottage and hockey (as a coach, player and fan) in pretty much that order. When he's not working, or traveling for work, you will probably find him involved in one of those three things. Kilton Hopkins, CEO and co-founder, Edgeworx Kilton started programming computers when he was 8 years old. That was 1986. He started a software company a few years later. The world is very different than it was back then, but Kilton is still bringing new tech companies to life. He currently serves as the Co-Founder and Chief Executive Officer of Edgeworx, which provides the world with an open-source universal edge computing platform called Eclipse ioFog. Kilton lives in Berkeley, California. He received his MBA from The University of Chicago Booth School of Business in 2010. He likes to meditate, make music, and read about everything scientific.

Sometimes the best way to accomplish something is to choose a path requiring the least friction, or amount of change. Qualys customers now have that path available to them in bring vulnerability scanning into Google Cloud Platform. Qualys' recent announcement means a one-click configuration change enables vulnerability scans in GCP with the results appearing in both Qualys Cloud Center and GCP Security Command Center. Join me on this DevOps Chats to explore this announcement with Sumedh Thakar, Qualys President and Chief Product Officer. We discuss Qualys' and Google's collaboration and how this benefits DevOps teams.

The increasing breadth and complexity of the environments we manage are nothing short of breathtaking. Understanding the security risks and applying policies across the cloud, multi-cloud, private clouds, and a plethora of software technologies is a challenge faced by every enterprise. vArmour recently announced version 5 of the vArmour Application Controller, which opens more significant access to vast amounts of information the Security Graph represents and organizes through its Security Graph and SDK. By streaming cloud, network, and agent information into the Security Graph, enterprises now have a centralized understanding of application relationships across their multi-cloud infrastructure, enabling centralized risk and policy management that is simple, accurate, and secure. Marc Woolward, vArmour CTO and CISO, and I discuss establishing abd assessing policies becomes more manageable through expanded access to information about software infrastructure, systems, environments across the organization. I hope you'll join Marc and me in this fascinating conversation.

Application security is top of mind now more than ever. For more than a decade, Veracode examined increasing amounts of code as it passes through their source code vulnerability scanning service. During this period, automation is increasingly prevalent, making it easier to run scans more frequently and regularly. But has automation helped?. Is the software we create more secure? We gain key insights about this in Veracode's The State of Software Security Report X (10th edition). Chris Eng, Chief Research Officer at Veracode, joins us on DevOps Chats. We talk about many insights uncovered in the latest report, such as 50% of applications are accruing security debt over time, the regularity of scanning correlates to vulnerability fix times, and that scanning frequency directly impacts security debt. There is a wealth of information in the report, and you can get a jump on the key findings on this podcast episode with Chris. Download the full report at https://www.veracode.com/state-of-software-security-report.

Data Privacy is the new front in the compliance wars. For many organizations Data Privacy is a dreaded subject with a maze of governance and compliance issues. Osano wants to make it easy. Led by serial entrepreneur Arlo Gilbert, it is catching fire as enterprises learn that complying with Data Privacy laws is possible and even affordable. Have a listen as Arlo and Alan Shimel discuss this important topic.

Ci/CD has changed the way we do software. From architecting it, to coding it, storing it, testing it, deploying it. GitLab has been a leader in this revolution. I spoke with Darby Frey of GitLab's CI/CD team about this and what the future has in store. Have a listen and hope you enjoy!

While at times it seemed the adoption of DevSecOps was like pushing rope uphill, the market has embraced the premise that DevSecOps is real and is much needed in bringing a higher level of quality to software. StackHawk is a new company out of Boulder, Co that is seeking to allow developers to better secure their code and increase quality. I spoke to two of the co-founders of the company, Ryan Severns and Scott Gerlach while I was out in Boulder recently. Have a listen to what they see as the game changing solutions they want to bring to market.

In this episode of DevOps Chats we talk with Donald Lutz, Principal Software Architect, specializing in systems integration and creating large, scalable cloud applications. Occasionally DevOps Chats is fortunate to spotlight DevOps and cloud native developers doing trailblazing work in contemporary software architectures. Donald fits that bill to a "t.", as an entrepreneur and employee at startups like Faction, BoldTech Systems, and his own company Technetronic Solutions, and established companies including Via West. Our discussion focuses on creating cloud native applications in startups and large enterprise IT. Donald's currently working with one of the world's largest financial institutions to move from legacy applications directly to cloud native apps, bypassing any interim lift-n-shift moves. His work spans many Microsoft technologies, including .NET Core, runtime framework Dapper for RDBMS mapping, Service Fabric, and Azure, and opensource Kubernetes, Terraform, and Puppet (and Enterprise). During our discussion, we cover the challenges of architecting and scaling very large cloud native applications, implementing DevOps in less mature software organizations, how established software patterns benefit DevOps and cloud app developers, and the importance of giving back by hosting meetups to share knowledge and mentor others. Donald also gives back as an active leader and mentor of the FIRST Robotics Team 1410 since 2005. Join in on our conversation as we explore the complex and sophisticated inter-workings of a cloud native software architect.