Podcasts about devops report

Play Episode Listen Later Nov 1, 2024 66:17

This week, we discuss the latest DORA report and what happens when open-source projects make money. Plus, some thoughts on Halloween abroad in the Netherlands and Australia. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=QcL0uQFjNkY) 491 (https://www.youtube.com/watch?v=QcL0uQFjNkY) Runner-up Titles This is a lifestyle business. The Benioff Line. Mahalo The innings in the marathon We're left picking up the trash 20 pounds of crap in a 10 pound sack Focus on all parts of the chain If any open source project creates value, it's going to create resentment. The Open Source Success Paradox Mad King for Cash. (In the world of Brandon's mind.) Rundown DORA 2024 State of DevOps Report (https://cloud.google.com/resources/devops/state-of-devops) L (https://softwaredefinedtalk.slack.com/archives/C6CDLDCVB/p1729668625078209)istener Chris did some live PDF reading in the SDT Slack (https://softwaredefinedtalk.slack.com/archives/C6CDLDCVB/p1729668625078209) Key findings and takeaways from this year's State of DevOps report (https://newsletter.getdx.com/p/2024-dora-report) DORA Community of Practice (https://dora.community/) AI is terrible at shift-left (DORA Models and Practices) (https://newsletter.cote.io/p/ai-is-terrible-at-shift-left?open=false#§dora) Trademarks and OSS The Wordpress Drama Interview (this got cited in a lawsuit (https://www.youtube.com/watch?v=OUJgahHjAKU) Elasticsearch is open source, again with Shay Banon (https://changelog.com/podcast/614) Linkerd Forever (https://buoyant.io/blog/linkerd-forever) Relevant to your Interests Excel enters its 40th year (https://www.theregister.com/2024/10/22/excel_enters_its_40th_year/) San Francisco to pay $212 million to end reliance on 5.25-inch floppy disks (https://arstechnica.com/gadgets/2024/10/212-million-contract-will-finally-get-san-francisco-trains-off-floppy-disks/) Linus Torvalds Comments On The Russian Linux Maintainers Being Delisted (https://www.phoronix.com/news/Linus-Torvalds-Russian-Devs) Several Linux Kernel Driver Maintainers Removed Due To Their Association To Russia (https://www.phoronix.com/news/Russian-Linux-Maintainers-Drop) Ghosts in the Machine - JSTOR Daily (https://daily.jstor.org/ghosts-in-the-machine/) Apple opens Private Cloud Compute to public scrutiny (https://www.theregister.com/2024/10/25/apple_private_cloud_compute/) #1467 OpenCost Incubation Proposal #1046 (vote closed) (https://github.com/cncf/toc/discussions/1467) Big Blue (https://buildingslack.com/big-blue/) Balatro creator admits his attempt to 100% his own roguelike game before the mobile port was doomed, and now he has "some words for John Balatro" (https://www.gamesradar.com/games/roguelike/balatro-creator-admits-his-attempt-to-100-percent-his-own-roguelike-game-before-the-mobile-port-was-doomed-and-now-he-has-some-words-for-john-balatro/) We finally have an 'official' definition for open source AI (https://techcrunch.com/2024/10/28/we-finally-have-an-official-definition-for-open-source-ai/) Introducing the analysis tool in Claude.ai (https://www.anthropic.com/news/analysis-tool) A Million People Play This Video Wargame. So Does the Pentagon. (https://www.wsj.com/politics/national-security/a-million-people-play-this-video-wargame-so-does-the-pentagon-e6388f50?mod=tech_lead_story) Apple's new Magic Keyboard, Magic Mouse, and Magic Trackpad have USB-C (https://www.theverge.com/2024/10/28/24275569/apple-usb-c-magic-keyboard-mouse-trackpad-no-lightning) Nonsense Severance season two teaser trailer shows the world's worst return-to-office policy in action (https://www.engadget.com/entertainment/tv-movies/severance-season-two-teaser-trailer-shows-the-worlds-worst-return-to-office-policy-in-action-142930296.html?guccounter=1&guce_referrer=aHR0cHM6Ly9uZXdzLmdvb2dsZS5jb20v&guce_referrer_sig=AQAAAKB3e3-ph307Dt1A-GNN2BkGZidUcGuIlF-9SUa05b35lAsup7k_0PSunw3bFWTOX1PhMZ3lnHtlu-iJGvK5TE_U_JEn560pHkGuwsG0E4pY2Mpo_ZmEIsLVc1LUHawBc8sjtHXpWZXQ5X7p76XwuYvdL_VU9vRZt4A0usKg7YFd) Few truly shocked that NFL player used illegal stream to watch his own team (https://arstechnica.com/gadgets/2024/10/nfl-player-illegally-streams-his-own-teams-game-garners-mostly-sympathy/) Listener Feedback T-Mobile back up Home Internet (https://www.t-mobile.com/home-internet/plans/5g-backup-internet-options) Conferences VMware Explore Barcelona (https://www.vmware.com/explore/eu), Nov 4-7, 2024, Coté speaking. GoTech World (https://www.gotech.world/), Bucharest, Nov 12- 13, 2204, Coté speaking. SREday Amsterdam (https://sreday.com/2024-amsterdam/), Nov 21, 2024, Coté speaking (https://sreday.com/2024-amsterdam/Michael_Cote_VMwarePivotal_We_Fear_Change), 20% off with code SRE20DAY DevOpsDayLA (https://www.socallinuxexpo.org/scale/22x/events/devopsday-la) at SCALE22x (https://www.socallinuxexpo.org/scale/22x), March 6-9, 2025, discount code DEVOP SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: ESPN, Disney+ to Stream Live NFL Game Set in the World of ‘The Simpsons' (https://www.hollywoodreporter.com/tv/tv-news/the-simpsons-nfl-game-espn-disney-plus-altcast-1236046927/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axiosmediatrends&stream=top) Matt: Audio books on Spotify 200,000+ Audiobooks Are Now Available to Spotify Premium Listeners in the U.S (https://newsroom.spotify.com/2023-11-08/audiobooks-us-spotify-premium-users/) Coté: Impro (https://en.wikipedia.org/wiki/Impro:_Improvisation_and_the_Theatre) book (https://en.wikipedia.org/wiki/Impro:_Improvisation_and_the_Theatre). paper and pen. Best (https://bsky.app/profile/cote.io/post/3l7nrtcwsru2k) The Economist (https://bsky.app/profile/cote.io/post/3l7nrtcwsru2k) cover ever (https://bsky.app/profile/cote.io/post/3l7nrtcwsru2k). Photo Credits Artwork (https://unsplash.com/photos/white-and-black-printer-paper-WyxqQpyFNk8)

Summer Replay - Innovations and the Changing DevOps Tides of Tech with Nigel Kersten

The Engineering Enablement Podcast

Play Episode Listen Later Aug 22, 2024 38:34

In this Screaming in the Cloud Summer Replay, we revisit our discussion with Nigel Kersten. When we spoke to him in 2021, he was the Field CTO at Puppet. Today, he works as the Chief Product Officer for Platform.sh. In this trip down memory, Nigel joins Corey to reflect on his time spent as a traveling contract trainer for Puppet, dive into the changes in DevOps since, and look back at how Docker handed over the keys and some of the attachments we have to a techno-social system. Nigel speaks on the innovations that have changed along the way and the impact they've had in the industry. Especially those who have a tendency to cling to “legacy.”Show Highlights:(0:00) Intro(1:18) Duckbill Group sponsor read(1:52) Corey's Puppet experience(3:49) What is Puppet?(5:04) Puppet's role in DevOps(8:12) Challenges in technology adoption(12:36) Issues with legacy in tech(18:26) The misconception of “limited” skilled workers(23:16) Duckbill Group sponsor read(24:00) Corporate communication breakdowns(25:22) State of DevOps Report(32:02) Cloud adoption and missteps(37:46) More from the report and NigelAbout Nigel Kersten:Nigel is a technical leader with 13 years of experience building teams and growing B2B startups as a CTO, VP of Engineering, and Head of Product, with substantial experience working with enterprise customers. Prior to that, he was recruited into the Google SRE org to develop an industry-leading infrastructure-as-code system.Links:Puppet: https://puppet.com2020 State of DevOps Report: https://puppet.com/resources/report/2020-state-of-devops-report/Original Episode:https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/innovations-and-the-changing-devops-tides-of-tech-with-nigel-kersten/Sponsor:The Duckbill Group: https://www.duckbillgroup.com/

The science behind DORA | Derek DeBellis (Google)

Play Episode Listen Later May 7, 2024 47:50

In this week's episode, we welcome Derek DeBellis, lead researcher on Google's DORA team, for a deep dive into the science and methodology behind DORA's research. We explore Derek's background, his role at Google, and how DORA intersects with other research disciplines. Derek takes us through DORA's research process step by step, from defining outcomes and factors to survey design, analysis, and structural equation modeling.Discussion points:(3:00) Derek's transition from Microsoft to the DORA team at Google(4:28) Derek talks about his connection to surveys(6:16) Derek's journey to becoming a quantitative user experience researcher(7:48) Derek simplifies DORA(8:19) DORA - Philosophy vs practice(11:09) Understanding desired outcomes(12:45) Self reported outcomes vs objective outcomes(16:16) Derek and Abi discuss the nuances of literature review(19:57) Derek details survey development(27:55) Pretesting issues(29:30) Designing surveys for other companies(35:02) Derek simplifies model analysis and validation techniques(38:48) Benchmarks: Balancing data limitations with method sensitivityMentions and Links:Derek DeBellis on LinkedInDX's guide to measuring GenAI adoption and impact2023 Accelerate State of DevOps Report

google microsoft designing science behind abi genai software engineering developer experience engineering leadership developer productivity devops report abi noda

We Surveyed ~500 People Doing Platform Engineering. Here's What We Learned.

Puppet Podcast

Play Episode Listen Later Apr 3, 2024 40:14

The 2024 State of DevOps Report: The Evolution of Platform Engineering is live! In this episode, we're taking you behind the scenes with the authors of the report and one of the people who helped run the survey.Download the 2024 report for free here!On this episode, join us as host Ben Ford, report authors Margaret Lee and David Sandilands, and project manager Stephanie Fairchild pull back the curtain on the 2024 State of DevOps Report.What are the characteristics of successful platforms? Why is the new practice driving a surge in security? Where is platform engineering going next? Learn more in this episode!Highlights:Why the State of DevOps Report pivoted to cover platform engineering last yearWhat we wanted to find out this yearThe big takeaways from the 2024 reportOur predictions for the next year of platform engineeringSpeakers:Ben Ford, Community Lead at Puppet by PerforceMargaret Lee, Manager of Product Management at Puppet by PerforceDavid Sandilands, Principal Solutions Architect at Puppet by PerforceStephanie Fairchild, Senior Manager at ClearPath StrategiesLinks:Download the 2024 State of DevOps Report: The Evolution of Platform EngineeringEmail Margaret at Margaret.Lee@perforce.comFind Ben on Mastodon, Twitter, and in the Puppet Community Slack as binford2kFind David on Mastodon and TwitterCheck out another episode with Ben, Margaret, and David about how return-to-office plans are shaping platform strategiesRead the episode transcriptFind Us Online:puppet.comApple PodcastsTwitterLinkedIn

state puppets senior manager product management mastodon benford platform engineering community lead surveyed principal solutions architect devops report margaret lee

Sideways Test Pyramid, WebDriver Visual Testing and More TGNS115

TestGuild News Show

Play Episode Listen Later Mar 25, 2024 9:52

What is a Sideways Test Pyramid in testing Have you seen the latest WebDriver.io feature that allows developers and teste to easily verify web page content and layout. What skill should you add to your tool kit after the recent announcement of 13billion dollars in this area? Find out in this episode of the Test Guild New Shows for the week of March 24 Time News Title Link 0:00 Register for LinkedIn NewsLetter https://links.testguild.com/wwA8x 0:36 TestResults.io + TestGuild https://testguild.me/z36t2k 2:12 The sideways test pyramid https://testguild.me/qcnjxv 3:25 open source test automation project https://testguild.me/zaxxkz 4:25 Storybook 8 https://testguild.me/mz9qtz 5:35 WebDriver.IO Visual snapshot testing https://testguild.me/tyvscg 6:42 Learn Synthetic Monitoring Testing Webinar https://testguild.me/5ntk74 7:53 Puppet 2024 State of DevOps Report https://testguild.me/rjgq6w 8:29 Cleric AI SRE https://testguild.me/n5dstv 9:03 Follow the money 13 Billion https://testguild.me/upwdg4

state testing register billion visual puppets pyramid sideways storybook devops report webdriver

Dev Debate #2 [ITA] - Continuous Delivery e burnout con Ruggero Visintin

Dan The Dev

Play Episode Listen Later Feb 28, 2024 54:51

Link e riferimenti episodio:Accelerate https://amzn.to/3SwV85GThe 2023 State of DevOps Report https://cloud.google.com/devops/state-of-devops___________________________________________________________________Discover Learn Agile Practices: https://learnagilepractices.com/Subscribe to the newsletter: https://learnagilepractices.com/subscribeNeed help in developing your career in Software? Discover our coaching and mentorship program: https://learnagilepractices.com/coaching

discover state debate burnout software developers accelerate coding programmers tdd continuous delivery ruggero devops report

510 - The Forecastr Formula: Steven Plappert's Path to Startup Success

Giant Robots Smashing Into Other Giant Robots

Play Episode Listen Later Feb 1, 2024 32:04

Host Victoria Guido sits down with Steven Plappert, CEO of Forecastr, an online software designed to aid founders in financial modeling, which was born to help non-finance savvy founders understand and communicate their company's financial health. Despite the pandemic beginning right after Forecastr's launch in 2020, the company didn't pivot significantly thanks to extensive preparation and customer discovery before the launch. Steven delves into the operational and strategic aspects of Forecastr, highlighting the importance of balancing growth with financial sustainability, a consistent theme in their business strategy. Forecastr's significant development was integrating a strong human element into their software service, a move very well-received by their customers. Steven also outlines the company's key objectives, including cultivating a solid culture, achieving profitability, and exploring opportunities for exponential growth. Additionally, Steven discusses the importance of work-life balance, reflecting on his previous startup experience and emphasizing the necessity of balance for longevity and effectiveness in entrepreneurship. Victoria and Steven further explore how companies, including Forecastr and thoughtbot, incorporate these philosophies into their operations and culture. Forecastr (https://www.forecastr.co/) Follow Forecastr on LinkedIn (https://www.linkedin.com/company/forecastr/), X (https://twitter.com/forecastr), Instagram (https://www.instagram.com/forecastrco/), Facebook (https://www.facebook.com/ForecastrHQ), YouTube (https://www.youtube.com/forecastr), or TikTok (https://www.tiktok.com/@forecastrco). Follow Steven Plappert on LinkedIn (https://www.linkedin.com/in/steven-plappert-59477b3b/). Follow thoughtbot on X (https://twitter.com/thoughtbot) or LinkedIn (https://www.linkedin.com/company/150727/). Become a Sponsor (https://thoughtbot.com/sponsorship) of Giant Robots! Transcript: VICTORIA: This is the Giant R¬obots Smashing Into Other Giant Robots podcast, where we explore the design, development, and business of great products. I'm your host, Victoria Guido. And with me today is Steven Plappert, CEO of Forecastr, an online software that helps founders who hate building financial models in Excel actually understand their numbers, predict runway, and get funded. Steven, thank you for joining us. STEVEN: Hey, yeah, Victoria, thanks for having me. I'm stoked to be here. What's up, guys? VICTORIA: Just to get us warmed up here a little bit, can you tell me what's going on in your world? STEVEN: Well, you know, what is going on in my world? I had a great year last year, very healthy. I have a loving fiancé, and I'm getting married this year, which is going to be super fun. And, obviously, running a business, which takes up more than its fair share of my life. But yeah, it's early Jan, so I've been kind of reflecting on my life, and I got a lot to be grateful for, Victoria, I really do. VICTORIA: That's wonderful. You know, I used to work with a VP of strategic growth who likened forming partnerships with companies as getting into a marriage and building that relationship and that level of trust and communication that you have, which I think is really interesting. STEVEN: Oh, for sure. Emily always, Emily is my fiancé, she always says that, you know, Forecastr is essentially my mistress, if you will, you know what I mean? Because, like, that's [laughs] where the rest of my time goes, isn't it? Between hanging out with her and working on the company, you know, so... VICTORIA: So, how long have you been in a relationship with your business around Forecastr? [laughs] STEVEN: Yeah, right? Yeah [laughs]. Four years with this one. So, you know, we started it actually January 1st of 2020, going into the pandemic, although we didn't know it at the time. And so, we just celebrated our four-year anniversary a few weeks ago. VICTORIA: Well, that's really exciting. So, I'm curious about when you started Forecastr, what was the essential problem that you were trying to solve that you had identified in the market? STEVEN: I'd say the main problem we were trying to solve is that, like, specifically founders, you know, startup founders, really struggle to get, like, a clear picture of their financial health or, like, just the financial aspect of their business. And then they also struggle to communicate that to investors because most founders aren't finance people. You know, like, most people that start a company they don't do it because they're excellent in even, like, business or finance or anything like that. They usually do it because, like, they've identified some problem; they've lived it; they've breathed it, you know what I mean? They're some kind of subject matter expert. They may be good at sales, or marketing, or product. But a lot of times, finance is, like, a weak part for them, you know, it's not something that they're strong in. And so, they really have a hard time, like, understanding the viability of the business and communicating the financial outcome of the company to investors and stuff like that. And my co-founder Logan and I live that because all we did all day was built financial models in Excel for startup founders working for a CFO shop called Venture First. So, that's what we really saw. We really saw that just, you know, it's really hard for folks to get this clear picture. And we thought a big part of that, at least, was just the fact that, you know, there's no great software for it. It was just like, people are using Excel, which, you know, for people that are great in finance, you know, works but for most people, doesn't. And so, yeah, I think that that's what kind of inspired Logan and I to fly the coop there at Venture First and start a company. VICTORIA: No, that's really interesting. So, you found this problem. You knew that this was an issue for founders, and you built this hypothesis and started it. I think you said, like, right before 2020, right before the pandemic. So, were there any decisions you made that once you got more information or once you got started, you decided to pivot? And, like, what were those pivot points for you early on? STEVEN: There wasn't a lot of pivoting early on, I will say. And a part of that is because, like, this isn't my first company. I started a company right out of college back in 2013 called FantasyHub. In that company, we pivoted a lot and, largely because we didn't really put a lot of forethought into that company when we launched it, you know, we didn't do any customer discovery. We just launched the company. And then we skinned our knees a bunch of times [laughs] as we scaled that company up and had to change gears a lot of times. In Forecastr, you know, we had actually been kind of building towards starting the company for 18 months. So, Logan and I actually had the idea originally in middle of 2018. And we decided at that time, look, like, we're not going to go launch this company right away because we got full-time jobs, and we might as well de-risk it. So, we spent about 12 to 18 months just doing a lot of customer discovery, kind of in stealth mode while at Venture First. After about six months, we brought it up to Venture First and said, "Hey, here's this idea for a company we have. We want to go do it." You know, to Venture First's credit, you know, rather than viewing that territorially and saying, "Hey, you know, there's a great new product line for our company," they really inspired us to go forward with it. They said, "Hey, this is great. We want to support you guys." They put some money in. We did some more discovery. We built a prototype. So, long-winded way of saying that by the time we actually got to the starting line in 2020, you know, we had 18 months' worth of really clear thought put into this thing. And we had been building in this space for years, you know, building financial models and Excel for founders. So, I think we had a great understanding of the customer. We had a great understanding of the market and the needs. We'd done our diligence in terms of distribution and figuring out how we wanted to generate, you know, a good, healthy funnel for the business. And so, it was really just kind of a matter of execution at that point. And, you know, here we are four years in, and there really hasn't been anything that we've done that's really pivoted the business that much across those four years, except for one moment, which was actually six months ago. So, in July of 2023, we did finally have our first kind of pivot moment where one of the interesting things about Forecastr versus some other solutions in the market is that we're not just a product, just a SaaS platform. There's a real strong human layer to our solution. We've always felt like a SaaS plus human model was the right model for financial modeling for startups because a lot of these startup founders don't have finance expertise on staff or inherently. And about six months ago, it wasn't as much of a pivot as it was a double down. You know, we really doubled down on that human element, you know, and now that human element isn't just through, like, a white glove onboarding and some email support. But we actually do give our customers an analyst in addition to the software that's with them for the lifetime of their subscription and is with them every step of the way. And so, that's the only time that we really made, like, a significant change into what we were doing. And it was just, I think, off the back of three years of saying, "Hey, like [chuckles], people really love the human element, you know, let's lean into that." VICTORIA: I love that you saw that you couldn't solve this problem with just technology and that you planned for and grew the people element as well. And I'm curious: what other decisions did you have to make as you were growing the business, how to scale the tech side or the people side? STEVEN: So many decisions, right? And that's why I tell people all the time, I'm like, you know, I've been a founder for 11 years now. And, in my opinion, by far, the hardest part about being a founder is that all day, every day, you have to make a bunch of decisions. And you hardly ever have enough data to, like, know, you're making the right decision. So, you got to make a bunch of judgment calls, and ultimately, these are judgment calls that could make or break your company. And it's really taxing. It's taxing on the mind. It's stressful, you know. It is not easy. So, you know, I think it's one of the really hard things about being an entrepreneur. I would say one of the most consistent decisions that we've had to make at the highest level is decisions around kind of capital preservation, fiscal responsibility, and investing in the growth. So, categorically, it's like, on the one hand, you have a desire to build the company kind of sustainably, to get to profitability, to have a healthy working model, you know, where you have some real staying power, you know. And that line of thinking leads you to, you know, be conscientious about investments that you're making that, you know, increase the burn. On the other hand, you have a desire to grow the company very quickly. You know, you have certain benchmarks you need to meet, you know, in order to be attractive to venture capitalists. And so, you have decisions that you want to make, you know, to invest in that growth. And so, I think that's a very consistent theme that's played out across the four years is Logan and I trying to walk that tightrope between growing 2 to 3X year over year and being really mindful of the company's burn, you know, both for equity preservation and just to build the company in a more sustainable way. And I think as financial professionals and founders, the finance person in Logan and I a lot of times wants to be more conservative. The founder in Logan and I, a lot of times, wants to be more aggressive. And so, we kind of just, like, let those two forces kind of play themselves out. And I think it creates, like, a nice, healthy tension. VICTORIA: That is really interesting, yeah. And sometimes you have to make a guess [chuckles] and go with it and then see the results of what happens. So, you're a financial forecasting company. What kind of, like, key results or objectives are you working towards this year with Forecastr? STEVEN: Yeah, great question. So, we're really mindful of this kind of stuff. I'd say, you know, it's something that we really consider at a deep level is, like, you have to ultimately set objectives, which are very aligning and clarifying, you know, at an executive level, and then those should kind of filter all the way down through the organization. Because so much, I think, of building a company is you have to kind of punch above your weight. You have to grow faster than [chuckles] the resources that you're putting into it might expect or whatever. I mean, you have limited resources, limited time, but you got to go really quickly. I think alignment is a big part of that, and that starts with setting clear objectives. So, we actually have three very clear objectives, really four. The first one is living up to our cultural values. You know, we're a culture-first organization. We believe that, like, culture, you know, kind of eats strategy for breakfast, that age-old kind of cliché, but it's true. It's just like, I think, you know, if you build a really good culture, people are just...they're happier. They're more productive. You get more done. So, that is our number one strategic objective. Number two is to become profitable. Like I mentioned, we want to become profitable. We want to build a sustainable company. So, by setting that objective, it kind of forces us to be conscientious about spend and only invest in areas that we think is, like, a one plus one equals three. Our third strategic objective is reach 5 million in annual recurring revenue by the end of the year. We're at 2.4 right now. We want to at least double year over year. That's kind of, like, the minimum threshold to keep playing the venture game. And then number four is unlock exponential growth opportunities. So, we definitely adopt the philosophy of, like, hey, we've got a model. It's working. We've got 700 customers, you know, we've got two and a half million in annual recurring revenue. So, like, 80% of our focus should be on becoming profitable and hitting $5 million in annual recurring revenue. Like, that's, like, the bread and butter there, just keep doing what's working. But 20% of our attention should be paid to, well, what could we be doing to, like, triple down on that, you know, to really start to create an exponential growth curve? And, for us, that stuff and, like, kind of the data in investor space, like, there's a lot of interesting things that we could do, of course, as long as it's consensual, anonymized, et cetera, safe and secure, you know, with the kind of data that we have on private companies, you know, anonymously benchmarking companies against their peers, things like that. And I think there's a really big opportunity that we have to serve investors as well, you know, and to create a better investor experience when it comes to financial reporting, also something that we think can unlock exponential growth. So, those are the four objectives that we have going into this year. VICTORIA: Well, I really appreciate that you had culture at number one, and it reminds me, you know, you said it's old adage, but it's true, and you can verify that in reports like the State of DevOps Report. The number one indicator of a high-security environment is the level of trust and culture that you have within your company, not necessarily the technology or tools that you're using. So, being a financial company, I think you're in a good position [chuckles] to have, like, you know, protect all those assets and protect your data. And yeah, I'm curious to hear more about what you said about just unlocking, like, exponential growth. It's hard to keep both the let's keep the lights on and keep running with what we have, and make room for these bigger strategic initiatives that are really going to help us grow as a company and be more sustainable over time. So, how do you make room for both of those things in a limited team? STEVEN: Yeah, it's a great question. And it's not easy, I would say. I mean, I think the way we make room for it probably on the frontend is just, like, being intentional about creating that space. I mean, ultimately, putting unlocking exponential growth opportunities on the strategic company roadmap, which is the document that kind of memorializes the four objectives that I just went through, that creates space inherently. It's one of four objectives on the board. And that's not just, like, a resource that sits, you know, in a folder somewhere. We use the OKR system, you know, which is a system for setting quarterly objectives and things like that. And these strategic objectives they make it on our OKR board, which filters down into our work. So, I think a big piece of creating the space is just as an executive and as a leader, you know, being intentional about [chuckles] putting it on the board and creating that space. The thing that you have to do, though, to be mindful is you have to make sure that you don't get carried away with it. I mean, like you said, at the end of the day, succeeding in a business requires a proper balancing of short-term and long-term priorities. You know, if you're focused too much on the short term, you know, you can kind of hamstring yourself in the long run. Yeah, maybe you build, like, a decent business, but you don't quite, you know, reach your highest potential because you're not investing in some of those things that take a while to develop and come to play in the long run. But if you're too focused on the long run, which is what these exponential opportunities really are, you know, it's very easy to lose your way [laughs] in the short term, and it's very easy to die along the way. You know, I do think of startups as much of a game of survival as anything. I always say survive until you thrive. And so, that's where the 80/20 comes in, you know, where we just kind of say, "Hey, look, like, 80% of our time and energy needs to be devoted to kind of short-term and less risky priorities, such as doubling down on what's already working. 20% of our time, thereabouts, can be devoted to some of these more long-term strategic objectives, like unlocking exponential growth. And I think it just takes a certain mindfulness and a certain intentionality to, like, every week when you're organizing your calendar, and you're, like, talking with your team and stuff like that, you're just always trying to make sure, hey, am I roughly fitting into that framework, you know? And it doesn't have to be exact. Some weeks, it may be more or less. But I think that's kind of how we approach it, you know, conceptually. VICTORIA: Oh, what a great perspective. I think that I really like hearing those words about, like, balance and, like, being intentional. MID-ROLL AD: Now that you have funding, it's time to design, build, and ship the most impactful MVP that wows customers now and can scale in the future. thoughtbot Liftoff brings you the most reliable cross-functional team of product experts to mitigate risk and set you up for long-term success. As your trusted, experienced technical partner, we'll help launch your new product and guide you into a future-forward business that takes advantage of today's new technologies and agile best practices. Make the right decisions for tomorrow today. Get in touch at thoughtbot.com/liftoff. VICTORIA: You mentioned earlier that you're getting married, so, like, maybe you can talk about how are you intentional with your own time and balancing your personal life and making room for these, you know, big life changes while dealing with also the stress of being in kind of a survivor mode with the company. STEVEN: Like I mentioned, this is my second company, and Emily, bless her heart, my fiancé, she's been with me my entire entrepreneurial career. We started dating the first month that I started my first company, FantasyHub. And in that company, I ran that company for three years. We took it through Techstars down in Austin. It was a consumer gaming company. Interesting company. It ended up being a failure but, like, super interesting and set me on my path. Yeah, I was a complete and total workaholic. I worked around the clock. It was a fantasy sports company, so weekends were our big time, and I worked seven days a week. I worked, like, a lot of 80-hour-plus weeks. And, you know, looking back on it, it was a lot of fun, but it was also miserable. And I also burned out, you know, about six months before the company failed. And had the company not failed when it did, you know, I don't know what the future would have held for us. I was really out of balance. You know, I had deprioritized physical health. I hadn't worked out in years. I wasn't healthy. I had deprioritized mental health. Emily almost left me as a part of that company because I wasn't giving her any attention. And so, you know, when that company failed, and I was left with nothing, you know, and I just was kind of, like, sitting there licking my wounds [laughs], you know, in my childhood bedroom at my parents' house, you know, I was like, you know what? Like, I don't know that that was really worth it, and I don't know that that was the right approach. And I kind of vowed...in that moment, I was like, you know, look, I'm a startup founder. I love building these companies, so I'm, like, definitely going to do it again, but I'm not going to give it my entire life. Like, regardless of your religious beliefs, like, we at least have one life to live. And in my opinion, there's a lot more to life than [chuckles] just cranking out work and building companies. Like, there's a whole world to explore, you know, and there's lots of things that I'm interested in. So, this time around, I'm very thoughtful about creating that balance in my life. I set hard guidelines. There's hard, like, guardrails, I guess I should say, when I start and end work, you know, and I really hold myself accountable to that. Emily holds me accountable to that. And I make sure that, like, I work really hard when I'm at work, but I take the mask off, you know, so to speak, when I'm at home. And I just kind of...I don't deprioritize the rest of my life like I did when I was running FantasyHub. So, I think it's super important. I think it's a marathon building companies. I think you got to do that. I think it's what's in the best interest of the company and you as an individual. So, I think it's something I do a lot better this time around. And I think we're all better off for it, not the least of which is, like, one of our six cultural values is live with balance, and that's why. You know, because, like, we adopt the philosophy that you don't have to work yourself to death to build a great company. You can build a great company working a pretty reasonable workload, you know what I mean? It's not easy. It is kind of a pressure cooker trying to get that much done in that little time, but I think we're living proof that it works. VICTORIA: And if you don't make time to rest, then your ability to make good decisions and build high-quality products really starts to suffer eventually, like, I think, is what you saw at the end there. So, I really appreciate you sharing that and that personal experience. And I'm glad to see the learning from that, and making sure that's a core part of your company values the next time you start a company makes a lot of sense to me. STEVEN: Yeah, totally, you know, yeah. And I've always remembered, although this might be an extreme and a privileged extreme, but, you know, J.P. Morgan, the person, was famous for saying, "I get more done in 9 months than I get in 12," in relationship to the fact that he would take his family over to Europe for, like, three months of the year and, like, summer in Europe and not work. And so, while that's probably an unrealistic, you know, ideal for a startup founder, there's some truth to it, you know what I mean? Like you said, like, you got to rest. And, in fact, if you rest more, you know, yeah, you might be working less hours. You'll actually get more done. You're a lot clearer while you're at work. It's a mindset game. It's a headspace game. And the better you can put yourself in that good mindset, that good headspace, the more effective you are. Yeah, there's just a lot of wisdom to that approach. VICTORIA: Right. And, you know, thoughtbot is a global company, so we have employees all over the world. And I think what's interesting about U.S-based companies, I'm interested in how Forecastr might even help you with this, is that when you start a company, you basically form, like, a mini-government for your employees. And you have input over to how much they paid, how much healthcare they get. You have input over their hours and how much leave and everything. And so, trying to balance all those costs and create a good environment for your employees and make sure they have enough time for rest and for personal care. How does Forecastr kind of help you also imagine all of those costs [laughs] and make sense of what you can offer as a company? STEVEN: I would say the main way that we help folks do that, and we really do play in that space, is just by giving you a clear picture of what the future holds for your company from a financial perspective. I mean, it's one of the things that I think is such a superpower when it comes to financial modeling, you know, it can really help you make better decisions along these lines because, like, what does a financial model do? A financial model just simulates your business into the future, specifically anything related to the cash flow of your business, you know, cash in, cash out, revenue expenses, and the like. And so, your people are in there, and what they're paid is in there and, you know, your revenue and your expenses, your cash flow, your runway, all that's in the model. One of the things I feel like we do really help people do is just get a clearer picture of like, hey, what do the next 3, 6, 12, you know, 24 months look like for my company? What is my runway? When am I going to run out of money? What do I need to do about that? Can I afford to give everybody a raise, or can I afford to max out my benefits plan or whatever that is? It's like, you can make those assessments more easily. You know, if you have a financial model that actually makes sense to you that you can look at and say, oh, okay, cool. Yeah, I can offer that, like, Rolls Royce benefits plan and still have 18 months' worth of runway, or maybe I can't [laughs]. And I have to say, "Sorry, guys, you know, like, we're cash-constrained, and this is all we can do for now. But maybe when we raise that next round and when we hit these growth milestones, you know, we can expand that." So yeah, I think it's all, for us, about just, like, helping founders make better decisions, whether they be your decisions around employees and benefits, et cetera, or growth, or fundraising, you know, through the power of, like, financial health and hygiene. VICTORIA: Great. Thank you. I appreciate you letting me bring it all the way back [laughs]. Yeah, let me see. Let me go through my list of questions and see what else we have here. Do you have any questions for me or thoughtbot? STEVEN: Yeah. I mean, so, like, how do you guys think about this kind of stuff? Like, you know, you said thoughtbot's a global company at this point, but the name would imply, you know, a very thoughtful one. So, I'd be curious in y'alls kind of approach to just, like, culture and balance and some of these things that we're talking about kind of, like, straddling that line, you know, between, like, working really hard, which you have to do to build a great company but, you know, being mindful of everything else that life has to offer. VICTORIA: Yeah. Well, I think thoughtbot, more than any other company I've ever worked for, really emphasizes the value of just, like, people really want you to have a work-life balance and to be able to take time off. And, you know, I think that for a company that does consulting and we're delivering at a certain quality, that means that we're delivering at the quality where if someone needs to take a week off for a vacation, there's enough documentation; there's enough backup support for that service to not be impacted. So, that gives us confidence to be able to take the time off [chuckles], and it also just ends up being a better product for our clients. Like, our team needs to be well-rested. They need to have time to invest in themselves and learning the latest technology, the latest upgrades, contributing to open source, and writing about the problems they're seeing, and contributing back to the community. So, we actually make time every Friday to spend on those types of projects. It's kind of like you were saying before, like, you get as much done in four days as many companies get in five because that time is very highly focused. And then you're getting the benefit of, you know, continually investing in new skills and making sure the people you're working with are at the level that you're paying for [laughs]. STEVEN: Yeah, right. No, that's super cool. That's super cool. VICTORIA: Yeah, and, actually, so we're all remote. We're a fully remote company, and we do offer some in-person events twice a year, so that's been a lot of fun for me. And also, getting to, like, go to conferences like RubyConf and RailsConf and meeting the community has been fantastic. Yeah, you have a lot of value of self-management. So, you have the ability to really adjust your schedule and communicate and work with what meets your needs. It's been really great. STEVEN: Yeah, I love that, too. And we're also a remote company, and I think getting together in person, like you just talked about it, is so important. We can only afford to do it once a year right now as an earlier-stage company. But as amazing as, you know, Zoom and things like this are, it's like, there's not really a perfect replacement for that in-person experience, you know. VICTORIA: I agree, and I also agree that, like, once a year is probably enough [laughter]. That's a great amount of time. Like, it really does help because there are so many ways to build relationships remotely, but sometimes, at least just meeting in person once is enough to be like, oh yeah, like, you build a stronger connection, and I think that's great. Okay. Let me see. What other questions do we have? Final question: is there anything else that you would like to promote? STEVEN: I guess it's my job to say we are a really awesome financial modeling platform and team in general. So, if you are a startup founder or you know a startup founder out there that just could use some help with their financial model, you know, it is definitely something that we'd love to do. And we do a ton of education and a ton of help. We've got a ton of resources that are even freely available as well. So, our role in the market is just to get out there and help folks build great financial models, whether that be on Forecastr or otherwise, and that's kind of the approach that we take to it. And our philosophy is like, if we can get out there and do that, you know, if we can be kind of the go-to resource for folks to build great models regardless, you know, of what that means for them, a rising tide will float all boats, and our boat the most of which, hopefully. So [laughs], if you need a model, I'm your guy. VICTORIA: Thank you so much for sharing that. And I have a fun question for you at the end. What is your favorite hike that you've been on in the last three years or ever, however long you want to go back? [laughs] STEVEN: Well, I would say, you know, I did have the great pleasure this year of returning to the Appalachian Trail to hike the Roan Highlands with a friend of mine who was doing a thru-hike. So, a friend of mine did a southbound thru-hike on the A.T. this year, went from Maine to Georgia. Good friend of mine. And I had not been on the Appalachian Trail since I did a thru-hike in 2017. So, I had not returned to the trail or to that whole community. It's just a very special community. It really is a group of, like, really awesome, eclectic people. And so, yeah, this last year, I got to go down to the Roan Highlands in Tennessee. It's a beautiful, beautiful area of Tennessee and in the Southeast, rolling hills and that kind of thing. And hike, for him, for, like, three or four days and just be a part of his journey. Had a ton of fun, met some awesome people, you know, great nature, and totally destroyed my body because I was not prepared to return to the grueling nature of the Appalachian Trail. So yeah, I'd have to say that one, Victoria. I'd have to say that was my favorite in the last couple of years for sure. VICTORIA: Yeah, it's beautiful there. I've hiked certain parts of it. So, I've heard that obviously the Appalachian Trail, which is the eastern side of the United States, was the earlier trail that was developed because of the dislocation of people over time and that they would create the trail by getting to a peak and then looking to another peak and being like, "Okay, that's where I'm going to go." So, when you say it's grueling, I was, like, a lot of up and down hills. And then what I've heard is that the Pacific Trail on the western part of the United States, they did more of figuring out how to get from place to place with minimizing the elevation change, and so it's a much more, like, sustainable hike. Have you ever heard that? STEVEN: Oh yeah, that is 100% true. In terms of, like, the absolute change in elevation, not, like, the highest elevation and the lowest, just, like, the change up and down, there's twice as much going up and down on the A.T. as there is on the Pacific Crest Trail. And the Pacific Crest Trail is graded for park animals, so it never gets steeper than, like, a 15% grade. So, it's real groovy, you know, on the PCT where you can just get into a groove, and you can just hike and hike and hike and hike for hours, you know, versus the A.T. where you're going straight up, straight down, straight up, straight down, a lot of big movements, very exhausting. I've hiked a good chunk of the PCT and then, obviously, the whole A.T., so I can attest, yes, that is absolutely true. VICTORIA: I feel like there's an analogy behind that and what Forecastr does for you. Like, you'll be able [laughs] to, like, smooth out your hills a little bit more [laughs] with your finances, yeah. STEVEN: [laughs] Oh, I love that. Absolutely. Well, and I've honestly, like, I've often likened, you know, building a company and hiking the Appalachian Trail because it is one of those things where one of the most clarifying things about hiking a long trail is you just have this one monster goal that's, you know, that's months and months ahead of you. But you just got to get up every day, and you just got to grind it out. And every day is grindy, and it's hard, you know, but every day you just get one step closer to this goal. And it's one of the cool things about a trail is that you kind of steep yourself in that one goal, you know, one-track mind. And, you know, like we were saying earlier, there's so much more to life. So, you can't and probably shouldn't do that with your startup. You should continue to invest in other aspects of your life. But maybe while you're within the four walls of your office or when you open up that laptop and get to work on your computer, you know, if you take that kind of similar approach where you got this big goal that's, you know, months or years away but every day you just got to grind it out; you just got to work hard; you got to do what you can to get 1 step closer. And, you know, one day you'll wake up and you'll be like, oh shit, like, I'm [laughs] pretty close, you know what I mean? Yeah, I think there's definitely some similarities to the two experiences. VICTORIA: I appreciate that, yeah. And my team is actually it's more like starting up a business within thoughtbot. So, I'm putting together, like, my three-year plan. It's very exciting. And I think, like, those are the types of things you want to have. It's the high-level goal. Where are we going? [chuckles] Are we on our track to get there? But then day to day, it's like, okay, like, let's get these little actions done that we need to do this week [laughs] to build towards that ultimate goal. Well, thank you so much for joining us today, Steven. I really enjoyed our conversation. Is there anything final you want to say? STEVEN: I just want to thank you, Victoria. I think it's a wonderful podcast that you guys put on, and I really appreciate the opportunity to be here and to chat with you. You're lovely to talk to. I enjoyed the conversation as well, and I hope everyone out there did, also. So, let's make it a great 2024. VICTORIA: Thank you so much. Yeah, this is actually my second podcast recording of the year, so very exciting for me. I appreciate it. Thanks so much for joining again. So, you can subscribe to the show and find notes along with a complete transcript for this episode at giantrobots.fm. If you have questions or comments, you can email us at hosts@giantrobots.fm. And you can find me on X, formerly known as Twitter, @victori_ousg. And this podcast is brought to you by thoughtbot and produced and edited by Mandy Moore. Thanks for listening. See you next time. AD: Did you know thoughtbot has a referral program? If you introduce us to someone looking for a design or development partner, we will compensate you if they decide to work with us. More info on our website at: tbot.io/referral. Or you can email us at referrals@thoughtbot.com with any questions.

united states ceo tiktok europe state zoom tennessee startups mvp maine formula cfo saas excel southeast rolls royce appalachian trail techstars liftoff okr 3x mandy moore pacific crest trail pct startup success giant robots railsconf devops report rubyconf victoria you venture first steven well steven oh pacific trail victoria well

Using DevOps to Ignite a Chain Reaction of Productivity and Happiness with Dave Mangot

The Engineering Enablement Podcast

Play Episode Listen Later Dec 14, 2023 34:03

Dave Mangot, CEO and founder of Mangoteque, joins Coreyon Screaming in the Cloud to explain how leveraging DevOps improves the lives of engineers and results in stronger businesses. Dave talks about the importance of exclusively working for private equity firms that act ethically, the key difference between venture capital and private equity, and how conveying issues and ideas to your CEO using language he understands leads to faster results. Corey and Dave discuss why successful business are built on two things: infrastructure as code and monitoring.About DaveDave Mangot, author of DevOps Patterns for Private Equity, helps portfolio companies get good at delivering software. He is a leading consultant, author, and speaker as the principal at Mangoteque. A DevOps veteran, Dave has successfully led digital, SRE, and DevOps transformations at companies such as Salesforce, SolarWinds, and Cable & Wireless. He has a proven track record of working with companies to quickly mature their existing culture to improve the speed, frequency, and resilience of their software service delivery.Links Referenced: Mangoteque: https://www.mangoteque.com DevOps Patterns for Private Equity: https://www.amazon.com/DevOps-Patterns-Private-Equity-organization/dp/B0CHXVDX1K “How to Talk Business: A Short Guide for Tech Leaders”: https://itrevolution.com/articles/how-to-talk-business-a-short-guide-for-tech-leaders/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. My guest today is someone that I have known for, well, longer than I've been doing this show. Dave Mangot is the founder and CEO at Mangoteque. Dave, thank you for joining me.Dave: Hey, Corey, it's great to be here. Nice to see you again.Corey: I have to say, your last name is Mangot and the name of your company is Mangoteque, spelled M-A-N-G-O-T-E-Q-U-E, if I got that correctly, which apparently I did. What an amazing name for a company. How on earth did you name a company so well?Dave: Yeah, I don't know. I have to think back, a few years ago, I was just getting started in consulting, and I was talking to some friends of mine who were giving me a bunch of advice—because they had been doing consulting for quite some time—about what my rates should be, about all kinds of—you know, which vendors I should work with for my legal advice. And I said, “I'm having a lot of trouble coming up with a name for the company.” And this guy, Corey Quinn, was like, “Hey, I got a name for you.” [laugh].Corey: I like that story, just because it really goes to show the fine friends of mine over at all of the large cloud services companies—but mostly AWS—that it's not that hard to name something well. The trick, I think, is just not to do it in committee.Dave: Yeah. And you know, it was a very small committee obviously of, like, three. But yeah, it's been great. I have a lot of compliments on the name of my company. And I was like, oh, “You know that guy, the QuinnyPig dude?” And they're like, “Yeah?” “Oh, yeah, it was—that was his idea.” And I liked it. And it works really well for the things that I do.Corey: It seems to. So, talk to you about what it is that you do because back when we first met and many, many years ago, you were an SRE manager at a now defunct observability company. This was so long ago, I don't think that they used the term observability. It was Librato, which, “What do you do?” “We do monitoring,” back when that didn't sound like some old-timey thing. Like, “Oh, yeah. Right, between the blacksmith and the cobbler.” But you've evolved significantly since you were doing the mundane, pedestrian tasks of keeping the service up and running. What do you do these days?Dave: Yeah, that was before the observability wars [laugh] [whatever you like 00:02:55] to call it. But over time, that company was owned by SolarWinds and I wound up being responsible for all the SolarWinds cloud company SRE organizations. So, started—ran a global organization there. And they were owned by a couple of private equity firms. And I got to know one of the firms rather well, and then when I left SolarWinds, I started working with private equity firm portfolio companies, especially software investments. And what I like to say is I teach people how to get good at delivering software.Corey: So, you recently wrote a book, and I know this because I make it a point to get a copy of the book—usually by buying it, but you beat me to it by gifting me one—of every guest I have on the show who's written a book. Sometimes that means I wind up with the eclectic collections of poetry, other times, I wind up with a number of different books around the DevOps and cloud space. And one of these days, I'm going to wind up talking to someone who wound up writing an encyclopedia or something, to where I have to back the truck around. But what I wanted to ask is about your title, of all things. It's called DevOps Patterns for Private Equity. And I have to ask, what makes private equity special?Dave: I think as a cloud economist, what you also just told me, is you owe me $17.99 for the book because it was gifted.Corey: Is that how expensive books are these days? My God, I was under the impression once you put the word ‘DevOps' in the title, that meant you're above 40 bucks, just as, you know, entrance starting fees here.Dave: I think I need to talk to my local cloud economist on how to price things. Yeah, the book is about things that I've basically seen at portfolio companies over the years. The thing about, you know, why private equity, I think it would be one question, just because I've been involved in the DevOps movement since pretty much the start, when John Willis calls me a DevOps OG, which I think is a compliment. But the thing that I like about working with private equity, and more specifically, private equity portfolio companies is, like I wrote in the book, they're serious. And serious means that they're not afraid to make a big investment, they're not afraid to change things quickly, they're not afraid to reorganize, or rethink, or whatever because a lot of these private equity firms have, how they describe it as a three to five year investment thesis. So, in three to five years, they want to have some kind of an exit event, which means that they can't just sit around and talk about things and try it and see what happens—Corey: In the fullness of time, 20 years from now. Yeah, it doesn't work that well. But let's back up a little bit here because something that I have noticed over the years is that, especially when it comes to financial institutions, the general level of knowledge is not terrific. For a time, a lot of people were very angry at Goldman Sachs, for example. But okay, fair enough. What does Goldman Sachs do? And the answer was generally incoherent.And again, I am in no way, shape or form, different from people who form angry opinions without having all of the facts. I do that myself three times before breakfast. My last startup was acquired by BlackRock, and I was the one that raised our hand internally, at the 40-person company when that was announced, as everyone was sort of sitting there stunned: “What's a BlackRock?” Because I had no idea. Well, for the next nine months, I assure you, I found out what a BlackRock is. But what is private equity? Because I see a lot of them getting beaten up for destroying companies. Everyone wants to bring up the Toys-R-Us story as a for instance. But I don't get the sense that that is the full picture. Tell me more.Dave: Yes. So, I'm probably not the best spokesperson for private equity. But—Corey: Because you don't work for a private equity firm, you only work with them, that makes you a terrific spokesperson because you're not [in 00:06:53] this position of, “Well, justify what your company does here,” situation, there's something to be said for objectivity.Dave: So, you know, like I wrote in the book, there are approximately 10,000 private equity firms in the United States. They are not all going to be ethical. That is just not a thing. I choose to work with a specific segment of private equity companies, and these private equity companies want to make a good business. That's what they're going for.And you and I, having had worked at many companies in our careers, know that there's a lot of companies out there that aren't a good business. You're like, “Why are we doing this? This doesn't make any sense. This isn't a good investment. This”—there's a lot of things and what I would call the professional level private equity firms, the ones at the top—and not all of them at the top are ethical, don't get me wrong; I have a blacklist here of companies I won't work for. I will not say who those companies are.Corey: I am in the same boat. I think that anyone who works in an industry at all and doesn't have a list of companies that they would not do business with, is, on some level, either haven't thought it through, hasn't been in business long enough, or frankly, as long as you're paying them, everything you can do is a-okay. And you know, I'm not going to sit here and say that those are terrible people, but I never wanted to do that soul-searching. I always thought the only way to really figure out where you stand is to figure it out in advance before there's money on the table. Like, do you want to go do contracting for a defense company? Well no, objectively, I don't, but that's a lot harder to say when they're sitting on the table with $20 million in front of you of, “Do you want to work with a defense company?” Because you can rationalize your way into anything when the stakes are high enough. That's where I've always stood on it. But please, continue.Dave: I'd love to be in that situation to turn down $20 million [laugh].Corey: Yeah, that's a hard situation to find yourself in, right?Dave: But regardless, there's a lot of different kinds of private equity firms. Generally the firms that I work with, they all want—not generally; the ones I work with want to make better companies. I have had operating partners at these companies tell me—because this always comes up with private equity—there's no way to cut your way to a good company. So, the private equity firms that I work with invest in these companies. Do they sell off unprofitable things? Of course they do. Do they try to streamline some things sometimes so that the company is only focused on X or Y, and then they tuck other companies into it—that's called a buy and build strategy or a platform strategy—yes. But the purpose of that is to make a better company.The thing that I see a lot of people in our industry—meaning, like, us tech kind of folks—get confused about is what the difference is between venture capital and private equity. And private equity, in general, is the thing that is the kind of financing that follows on after venture capital. So, in venture capital, you are trying to find product-market fit. The venture capitalists are putting all their bets down like they're in Vegas at re:Invent, and trying to figure out which bet is going to pay off, but they have no expectation that all of the bets are going to pay off. With private equity, the companies have product-market fit, they're profitable. If they're not profitable, they have a very clear line to profitability.And so, what these private equity firms are trying to do, no matter what the size of the company is, whether it's a 50-person company or a 5000-person company, they're trying to get these companies up to another level so that they're more profitable and more valuable, so that either a larger fish will gobble them up or they'll go out on the public markets, like onto the stock market, those kinds of things, but they're trying to make a company that's more valuable. And so, not everything looks so good [laugh] when you're looking at it from the outside, not understanding what these people are trying to do. That's not to say they're not complete jerks who are in private equity because there are.Corey: Because some parts are missing. Kidding. Kidding. Kidding.Dave: [laugh].Corey: It's a nuanced area, and it's complicated, just from the perspective of… finance is deceptively complicated. It looks simple, on some level, because on some level, you can always participate in finance. I have $10. I want to buy a thing that costs $7. How does that work? But it gets geometrically more complex the further you go. Financial engineering is very much a thing.And it is not at all obvious how those things interplay with different dynamics. One of the private equity outcomes, as you alluded to a few minutes ago, is the idea that they need to be able to rapidly effect change. It becomes a fast turnaround situation, and then have an exit event of some kind. So, the DevOps patterns that you write about are aligned with an idea of being effective, presumably, rather than, well, here's how you slowly introduce a sweeping cultural mindset shift across the organization. Like, that's great, but some of us don't have that kind of runway for what we're trying to achieve to be able to pull that off. So, I'm assuming that a lot of the patterns you talk about are emphasizing rapid results.Dave: Well, I think the best way to describe this, right, is what we've talked about is they want to make a better company. And for those of us who have worked in the DevOps movement for all these years, what's one great way of making a better company? Adopting DevOps principles, right? And so, for me, one of the things I love about my job is I get to go in and make engineers' lives better. No more working on weekends, no more we're only going to do deployments at 11 o'clock at night, no more we're going to batch things up and ship them three or four times a year, which all of us who've done DevOps stuff for years know, like, fastest way to have a catastrophe is batch up as many things as possible and release them all at once.So like, for me, I'm going in making engineers' lives better. When their lives are better, they produce better results because they're not stressed out, they're not burned out, they get to spend time with their families, all those kinds of things. When they start producing better results, the executives are happier. The executives can go to the investors and show all the great results they're getting, so the investors are happier. So, for me, I always say, like, I'm super lucky because I have a job that's win, win, win.And like, I'm helping them to make a better company, I'm helping them to ship faster, I'm helping them do things in the cloud, I'm helping them get more reliability, which helps them retain customers, all these things. Because we know from the—you know, remember the 2019 State of DevOps Report: highest performers are twice as likely to meet or exceed their organization's performance goals, and those can be customer retention, revenue, whatever those goals are. And so, I get to go in and help make a better company because I'm making people's lives better and, kind of, everybody wins. And so, for me, it's super rewarding.Corey: That's a good way of framing it. I have to ask, since the goal for private equity, as you said, is to create better companies, to effectively fix a bunch of things that, for better or worse, had not been working optimally. Let me ask the big, dumb, naive question here. Isn't that ostensibly the goal of every company? Now, everyone says it's their goal, but whether that is their goal or not, I think, is a somewhat separate question.Dave: Yeah. I—that should be the goal of every company, I agree. There are people who read my book and said, “Hey, this stuff applies far beyond private equity.” And I say, “Yeah, it absolutely does.” But there are constraints—[gold rat 00:15:10]—within private equity, about the timing, about the funding, about whatever, to get the thing to another level. And that's an interesting thing that I've seen is I've seen private equity companies take a company up to another level, have some kind of exit event, and then buy that company again years later. Which, like, what? Like, how could that be?Corey: I've seen that myself. It feels, on some level, like that company goes public, and then goes private, then goes public, then goes private to the same PE firm, and it's like, are you really a PE company or are you just secretly a giant cat, perpetually on the wrong side of a door somewhere?Dave: But that's because they will take it to a level, the company does things, things happen out in the market, and then they see another opportunity to grow them again. Where in a regular company—in theory—you're going to want to just get better all the time, forever. This is the Toyota thesis about continual improvement.Corey: I am curious as far as what you are seeing changing in the market with the current macroeconomic conditions, which is a polite way to say the industry going wonky after ten years of being relatively up and to the right.Dave: Yeah, well, I guess the fun thing is, we have interest rates, we had a pandemic, we had [laugh], like, all this exciting stuff. There's, you know, massive layoffs, [unintelligible 00:16:34] and then all this, kind of like, super churn-y things. I think the fun thing for me is, I went to a private equity conference in San Francisco, I don't know, a month ago or something like that, and they had all these panelists on stage pontificating about this and that and the other thing, and one of the women said something that I thought was really great, especially for someone like me. She said, “The next five to ten years in private equity are going to be about growth and operational efficiency.” And I was like, “That's DevOps. That's awesome.” [laugh].That really works well for me because, like, we want to have people twice as likely to meet or exceed their organization's performance goals. That's growth. And we want operational efficiency, right? Like, stop manually copying files around, start putting stuff in containers, do all these things that enable us to go fast speed and also do that with high quality. So, if the next five to ten years are going to be about growth and operational efficiency, I think it's a great opportunity for people to take in a lot of these DevOps principles.And so, the being on the Screaming in the Cloud podcast, like, I think cloud is a huge part of that. I think that's a big way to get growth and operational efficiency. Like, how better to be able to scale? How better to be able to Deming's PDSA cycle, right—Plan, Do, Study, Act—how better to run all these experiments to find out, like, how to get better, how to be more efficient, how to meet our customers' demands. I think that's a huge part of it.Corey: That is, I think, a very common sentiment as far as how folks are looking at things from a bigger picture these days. I want to go back as well to something you said earlier that I was joking around at the start of the episode about, “Wow, what an amazing name for the company. How did you come up with it?” And you mentioned that you had been asking a bunch of people for advice—or rather, you mentioned you had gotten advice from people. I want to clarify, you were in fact asking. I wasn't basically the human form of Clippy popping up, “It looks like you're starting a business. Let me give you unsolicited advice on what you should be doing.”What you've done, I think, is a terrific example of the do what I say not what I do type of problem, where you have focused on your positioning on a specific segment of the market: private equity firms and their portfolio companies. If I had been a little bit smarter, I would have done something similar in my own business. I would fix AWS bills for insurance companies in the Pacific Northwest or something like that, where people can hear the type of company they are reflected in the name of what it is that you do. I was just fortunate enough or foolish enough to be noisy enough in order to talk about what I do in a way that I was able to overcome that. But targeting the way that you have, I think is just so spot on. And it's clearly working out for you.Dave: I think a Corey Quinn Clippy would be very distracting in [laugh] my Microsoft Word, first of all [laugh]. Second of all—Corey: They're calling it Copilot now.Dave: [laugh]—there's this guy Corey and his partner Mike who turned me on to this guy, Jonathan Stark, who has his theory about your business. He calls it, like, elucidating, like, a Rolodex moment. So, if somebody's talking about X or Y, and they say, “Oh, yeah. You want to talk to Corey about that.” Or, “You want to talk to Mike about that.”And so, for me, working with private equity portfolio companies, that's a Rolodex moment. When people are like, “I'm at a portfolio company. We just got bought. They're coming in, and they want to understand what our spend is on the cloud, and this and that. Like, I don't know what I'm supposed to do here.” A lot of times people think of me because I tend to work on those kinds of problems. And so, it doesn't mean I can't work on other things, and I definitely do work on other things, I've definitely worked with companies that are not owned by private equity, but for me, that's really a place that I enjoy working, and thankfully, I get Rolodex moments from those things.Corey: That's the real value that I've found. The line I've heard is always it's not just someone at a party popping up and saying, “Oh, yeah, I have that problem.” But, “Oh, my God, you need to talk to this person I know who has that problem.” It's the introduction moment. In my case at least, it became very hard for me to find people self-identifying as having large AWS bills, just because, yeah, individual learners or small startup founders, for example, might talk about it here and there, but large companies do not tend to complain about that in Twitter because that tends to, you know, get them removed from their roles when they start going down that path. Do you find that it is easier for you to target what you do to people because it's easier to identify them in public? Because I assure you, someone with a big AWS bill is hard to spot out of a crowd.Dave: Well, I think you need to meet people where they are, I think is probably the best way of saying that. So, if you are—and this isn't something I need to explain to you, obviously, so this is more for your listeners, but like, if you're going to talk about, “Hey, I'm looking for companies with large AWS bills,” [pthhh] like that's, maybe kind of whatever. But if you say, “Hey, I want to improve your margins and your operational efficiencies,” all of a sudden, you're starting to speak their language, right? And that language is where people start to understand that, “Hey, Corey's talking about me.”Corey: A large part of how I talk about this was shaped by some of the early conversations I had. The way that I think about this stuff and the way that I talk is not necessarily what terms my customers use. Something that I found that absolutely changed my approach was having an investigative journalist—or a former investigative journalist, in this case—interview people I'd worked with to get case studies and testimonials from them. But what she would also do was get the exact phrasing that they use to describe the value that I did, and how they talked about what we'd done. Because that became something that was oh, you're effectively writing the rough draft of my marketing copy when you do that. Speaking in the language of your customer is so important, and I meet a lot of early-stage startups that haven't quite unlocked that bit of insight yet.Dave: And I think looking at that from a slightly different perspective is also super important. So, not only speaking the language of your customer, but let's say you're not a consultant like me or you. Let's say you work inside of a company. You need to learn to speak the language of business, right? And this is, like, something I wrote about in the beginning of the book about the guy in San Francisco who got locked up for not giving away the Cisco passwords, and Gavin Newsom had to go to his jail cell and all this other crazy stuff that happened is, technologists often think that the reason that they go to work is to play with technology. The reason we go to work is to enable the business.And—so shameless plug here I—wrote a paper that came out, like, two months ago with IT Revolution—so the people who do The Phoenix Project, and Accelerate, and The DevOps Handbook, and all that other stuff, I wrote this paper with, like, Courtney Kissler, and Paul Gaffney, and Scott Nasello, and a whole bunch of amazing technologists, but it's about speaking the language of business. And as technologists, if we want to really contribute and feel like the work that we're doing is contributing and valuable, you need to start understanding how those other people are talking. So, you and I were just talking about, like, operational efficiencies, and margins, and whatever. What is all that stuff? And figuring that out and being able to have that conversation with your CEO or whoever, those are the things that get people to understand exactly what you're trying to do, and what you're doing, and why this thing is so important.I talk to so many engineers that are like, “Ah, I talked to management and they just don't understand, and [da-dah].” Yeah, they don't understand because you're speaking technology language. They don't want to hear about, like, CNCF compliant this, that, and the—that doesn't mean anything to them. You need to understand in their lang—talk to them and their language and say like, “Hey, this is why this is good for the business.” And I think that's a really important thing for people to start to learn.Corey: So, a question that I have, given that you have been doing this stuff, I think, longer than I have, back when cloud wasn't really a thing, and then it was a thing, but it seemed really irresponsible to do. And then it went through several more iterations to the point where now it's everywhere. What's your philosophy of cloud?Dave: So, I'll go back to something that just came out, the 2023 State of DevOps Report just came out. I follow those things pretty closely. One of the things they talked about in the paper is one of the key differentiators to get your business to have what they call high organizational performance—again, this [laugh] is going back to business talk again—is what they call infrastructure flexibility. And I just don't think you can get infrastructure flexibility if you're not in the cloud. Can you do it? Absolutely.You know, back over a decade ago, I built out a bunch of stuff in a data center on what I called cloud principles. We could shoot things in the head, get new ones back, we did all kinds of things, we identified SKUs of, like, what kind of classes of machines we had. All that looks like a lot of stuff that you would just do in AWS, right? Like, I know, my C instances are compute. I know my M instances are memory. Like, they're all just SKUs, right?Corey: Yeah, that changed a little bit now to the point where they have so many different instance families that some of their names look like dumps of their firmware.Dave: [laugh]. That is probably true. But like, this idea that, like, I want to have this infrastructure flexibility isn't just my idea that it's going to turn out well. Like, the State of DevOps Report kind of proves it. And so, for me, like, I go back to some of the principles of the DevOps movement, and like, if you look at the DORA metrics, let's say you've got deployment frequency and lead time for changes. That's speed: how fast can I do something? And you've got time-to-recover, and you've got change failure rate. That's quality: how much can I ship without having problems, and how fast can I recover when I do?And I think this is one of the things I teach to a lot of my clients about moving into the cloud. If you want to be successful, you have to deliver with speed and quality. Speed: Infrastructure as Code, full stop. If I want to be able to go fast, I need to be able to destroy an environment, bring a new environment up, I need to be able to do that in minutes. That's speed.And then the second requirement, and the only other requirement, is build monitoring in from the start. Everything gets monitored. And that's quality. Like, if I monitor stuff, I know when I've deployed something that's spiking CPU. If that's monitored, I know that this thing is costing me a hell of a lot more than other things. I know all this stuff. And I can do capacity planning, I can do whatever the heck I want. But those are the two fundamental things: Infrastructure as Code and monitoring.And yes, like you said, I worked at a monitoring or observability company, so perhaps I'm slightly biased, but what I've seen is, like, companies that adopt those two principles, and everything else comes from that—so all my Kubernetes stuff and all those other things are not at odds with those principles—those are the people who actually wind up doing really well. And I think those are the people that have—State of DevOps Report—infrastructure flexibility, and that enables them to have higher organizational performance.Corey: I think you're onto something. Like, I still remember the days of having to figure out the number of people who you had in your ops team versus how many servers they could safely and reasonably run. And now that question has little, if any, meaning. If someone asked me, “Okay, so we're running right now 10,000 instances in our cloud environment. How many admins should it take us to run those?” The correct response is, “How the heck are you running those things?” Like, tell me more because the answer is probably terrifying. Because right now, if you do that correctly, it's you want to make a change to all of them or some subset of them? You change a parameter somewhere and computers do the heavy lifting.Dave: Yeah, I ran a content delivery network for cable and wireless. We had three types of machines. You know, it was like Windows Media Server and some squid-cache thing or whatever. And it didn't matter how many we had. It's all the same. Like, if I had 10,000 and I had 50,000, it's irrelevant. Like, they're all the same kind of crap. It's not that hard to manage a bunch of stuff that's all the same.If I have 10,000 servers and each one is a unique, special snowflake because I'm running in what I call a hosted configuration, I have 10,000 customers, therefore I have 10,000 servers, and each of them is completely different than the other, then that's going to be a hell of a lot harder to manage than 10,000 things that the load balancer is like [bbbrrrp bbbrrrp] [laugh] like, just lay it out. So, it's sort of a… kind of a nonsense question at this point. Like you're saying, like, it doesn't really matter how many. It's complexity. How much complexity do I have? And as we all say, in the DevOps movement, complexity isn't free. Which I'll bet is a large component of how you save companies money with The Duckbill Group.Corey: It goes even beyond that because cloud infrastructure is always less expensive than the people working on it, unless you do something terrifying. Otherwise, everything should be running an EC2 instances. Nothing higher-level built on top of it because if people's time is free, the cheapest thing you're going to get is a bunch of instances. The end. That is not really how you should be thinking about this.Dave: [laugh]. I know a lot of private equity firms that would love to find a place where time was free [laugh]. They could make a lot of money.Corey: Yeah. Pretty sure that the biggest—like, “What's your biggest competitive headwind?” You know [laugh], “Wage laws.” Like it doesn't work that way. I'm sorry, but it doesn't [laugh].I really want to thank you for taking the time to talk to me about what you're up to, how things are going over in your part of the universe. If people want to learn more, where's the best place for them to go to find you?Dave: They can go to mangoteque.com. I've got all the links to my blog, my mailing list. Definitely, if you're interested in this intersection of DevOps and private equity, sign up for the mailing list. For people who didn't get Corey's funky spelling of my last name, it is a play on the fact that it is French and I also work with technology companies. So, it's M-A-N-G-O-T-E-Q-U-E dot com.If you type that in—Mangoteque—to any search engine, obviously, you will find me. I am not difficult to find on the internet because I've been doing this for quite some time. But thank you for having me on the show. It's always great to catch up with you. I love hearing about what you're doing. I super appreciate you're asking me about the things that I'm working on, and you know, been a big help.Corey: No, it's deeply fascinating. It's neat to watch you continue to meet your market in a variety of different ways. Dave Mangot, CEO and founder of Mangoteque, which is excellently named. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this episode, please leave a five-star review on your podcast platform of choice, along with an angry comment almost certainly filled with incoherent screaming because you tuned out just as soon as you heard the words ‘private equity.'Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business, and we get to the point. Visit duckbillgroup.com to get started.

united states god ceo amazon las vegas state french speaking san francisco happiness study plan financial code productivity act cloud infrastructure pe pacific northwest salesforce toyota goldman sachs ignite generally cisco cable gavin newsom accelerate screaming blackrock private equity aws kidding wage wireless my god devops invent toys r us copilot cpu kubernetes solarwinds microsoft word sre chain reaction rolodex skus clippy deming tech leaders phoenix project ec2 cncf jonathan stark john willis corey quinn pdsa devops report duckbill group dave yeah dave well it revolution dave so dave yes chief cloud economist last week in aws corey is

2023 State of DevOps Report

Patoarchitekci

Play Episode Listen Later Nov 10, 2023 18:29

Tym razem rozkładamy na czynniki pierwsze świeżutki raport "State of DevOps Report" prosto z 2023 roku! Zagłębiamy się w DORA Metrics, aby zobaczyć, co naprawdę napędza wydajność naszych zespołów. Będzie też o user centricity – bo kto by pomyślał, że użytkownicy są ważni?

#95 Effiziente Knowledge Sharing Formate: Wissen teilen und begeistern

Engineering Kiosk

Play Episode Listen Later Oct 31, 2023 65:09

Als Knowledge-Worker sein Wissen teilen: Welche Arten gibt es und was ist für dich das Richtige?Leute im Tech-Bereich werden oft als Knowledge-Worker bezeichnet. Und es gibt auch noch diesen Mythos, dass im Team jeder alles wissen muss, damit jeder alles übernehmen kann. Wurde dieser Zustand jemals erreicht? Dennoch ist das Teilen von Wissen wichtig. Schon allein, um Flaschenhälse zu vermeiden und sich vom Bus-Faktor zu lösen.In dieser Episode sprechen wir über verschiedene Formate wie Hackathons, Code Challenges, interne Konferenzen und Guilds, Book-Clubs und Co. Wir teilen unsere Erfahrung und worauf es besonders ankommt, wenn du etwas ähnliches in deiner Firma starten möchtest.Bonus: Was Hardware-Buzzer und Jeopardy! spiele mit Knowledge Sharing zu tun haben.**** Diese Episode wird gesponsert von https://www.workshops.deOb öffentliche Schulungen, die du einfach buchen kannst oder maßgeschneiderte Schulungen für dein Unternehmen – Workshops.de bietet deutschsprachige Kurse in den Bereichen Angular, React, VueJS, Spring Boot, Typescript, Docker, Security, Data Science und den Grundlagen von HTML, CSS und JavaScript an.Alle Infos unter https://www.workshops.de****Das schnelle Feedback zur Episode:

Key findings from the 2023 State of Devops Report | Nathen Harvey (DORA at Google)

Play Episode Listen Later Oct 25, 2023 45:59

This week's episode dives into the DORA research program and this year's State of DevOps Report. Nathen Harvey, who leads DORA at Google, shares the key findings from the research and what's changed since previous reports. Discussion points: (1:10) What DORA focuses on (2:17) Where the DORA metrics fit (4:35) Introduction to user-centric software development (8:05) Impact of user-centricity on software delivery (9:40) Team performance vs. organizational performance (13:50) Importance of internal documentation (15:19) Methodology for designing surveys (19:52) Impact of documentation on software delivery (23:11) Reemergence of the Elite cluster (25:55) Advice for leaders leveraging benchmarks (28:30) Redefining MTTR (33:45) Changing how Change Failure Rate is measured (36:45) Impact of AI on software delivery (41:25) Impact of code review speed Mentions and links: Connect with Nathen on LinkedIn Listen to the previous episode with Nathen Read the 2023 State of Devops Report The DORA Quick Check Blog post: Documentation is like sunshine Join the DORA community DevEx: What Actually Drives Productivity

google ai advice state team impact elite methodology documentation software engineering reemergence developer experience key findings nathen engineering leadership developer productivity devops report nathen harvey abi noda

2023 State of DevOps Report with Nathen Harvey

Play Episode Listen Later Oct 22, 2023 36:15

This episode is a special one for me since, for the first time, I have a reappearance in the show – my friend Nathen Harvey, the godfather of the DORA community! We talked about the community, the inaugural DORA Summit, and the freshly published 2023 State of DevOps Report. Nathen touched upon a couple of very interesting insights and shared a ton of advice!An interesting insight is about trunk-based development influencing burnout. Community is working hard to explain this so feel free to join the DORA community trunk-based development discussion that is scheduled for Thursday, December 7 at 6PM UTC. Join the DORA Community of Practice for details and an invitation to the discussion.Please leave a review on your favorite podcast platform or Podchaser, and subscribe to 0800-DEVOPS newsletter here.This interview is featured in 0800-DEVOPS #54 - 2023 State of DevOps Report with Nathen Harvey.[Check out podcast chapters if available on your podcast platform or use links below](0:00)Introduction (1:18)DORA community (6:49)2023 State of DevOps Report (28:25)DORA research and service organizations (31:21)Accelerate, second edition (34:36)Follow recommendations

community state practice accelerate devops podchaser nathen devops report nathen harvey

Unpacking DORA's State of DevOps Report w/ Nathen Harvey of Google Cloud

Dev Interrupted

Play Episode Listen Later Oct 17, 2023 45:04

What does this year's Accelerate State of DevOps Report 2023 mean for your team?LinearB & DORA have officially joined forces. On this week's episode of Dev Interrupted, co-host Conor Bronsdon interviews Nathen Harvey, Head of Google Cloud's DORA team. With data gathered from over 36,000 global professionals, this year's report investigated how top DevOps performers integrate technical, process, and cultural capabilities into their practices for success.Listen to learn how your team can focus on three core outcomes of DevOps: enhancing organizational value, boosting team innovation and collaboration, and promoting team member well-being and productivity.Show Notes:DORA's 2023 State of DevOps ReportGet your DORA Metrics free foreverLinearB's 2023 Software Engineering Benchmarks ReportSupport the show: Subscribe to our Substack Leave us a review Subscribe on YouTube Follow us on Twitter or LinkedIn Offers: Learn about Continuous Merge with gitStream Want to try LinearB? Book a Demo & use discount code "Dev Interrupted Podcast"

head state unpacking demo devops google cloud linearb devops report nathen harvey dora metrics

Episode 436: Understand what you're measuring, or you'll just get measurements

google state rich iphone artificial intelligence devops looney move it zero days national security commission devops report

Play Episode Listen Later Oct 13, 2023 64:59

This week, we discuss measuring developer productivity, Unity licensing backlash, and some follow-up on Wireless Emergency Alerts. Plus, thoughts on coconuts. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=bQtDvRPqXFs) 436 (https://www.youtube.com/watch?v=bQtDvRPqXFs) Runner-up Titles One day an ice machine will run on RISC-V Mo Developers Mo Problems W3C my ass. That's almost an aggressive blue. Wait. Do I live in an office complex? You pay the same Quarantine Quarters Maybe I have too much mindlessness Out of my way Costco, I'm going direct. Candy Corn Have you tried a bubble-sort? Omerta for developers Understand what you're measuring, or you'll just get measurements. KCNA23VMWEO20 Just make the bed Rundown Developer Productivity McKinsey Developer Productivity Review (https://dannorth.net/mckinsey-review/) Even longer rebuttal (https://newsletter.pragmaticengineer.com/p/measuring-developer-productivity). The only people who don't like metrics are the people being measured, or, developer productivity metrics quicksand (https://newsletter.cote.io/p/the-only-people-who-dont-like-metrics) Reports Kubernetes at Scale: Challenges, Priorities, Adoption Patterns, and Solutions (https://tanzu.vmware.com/content/analyst-reports/kubernetes-at-scale) Announcing the 2023 State of DevOps Report (https://cloud.google.com/blog/products/devops-sre/announcing-the-2023-state-of-devops-report) John Riccitiello is out at Unity, effective immediately (https://www.theverge.com/2023/10/9/23910441/unity-ceo-president-john-riccitiello-out-retire) Wireless Emergency Alerts (WEA) (https://www.fcc.gov/consumers/guides/wireless-emergency-alerts-wea) Relevant to your Interests Why companies still want in-house data centres (https://www.economist.com/business/2023/10/05/why-companies-still-want-in-house-data-centres) Understanding the Cyber Resilience Act: What Everyone involved in Open Source Development Should Know (https://www.linuxfoundation.org/blog/understanding-the-cyber-resilience-act) PayPal faces new antitrust lawsuit claiming it unfairly stifles competition with Stripe, Shopify and more (https://techcrunch.com/2023/10/05/paypal-faces-new-antitrust-lawsuit-claiming-it-unfairly-stifles-competition-with-stripe-shopify-and-more/) DuckDB Labs puts limit on free support, rules out VC funding (https://www.theregister.com/2023/10/05/duckdb_labs_puts_limit_on_vc_funds/) Genetics firm 23andMe says user data stolen in credential stuffing attack (https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/) Hackers are selling the data of millions lifted from 23andMe's genetic database (https://www.theverge.com/2023/10/7/23907330/23andme-leak-hackers-selling-user-dna-data) Datadog stumbles as Bank of America downgrades, citing recent checks (https://seekingalpha.com/news/4019064-datadog-stumbles-bank-of-america-downgrades-recent-checks) IBM CEO in damage control mode after AI job loss comments (https://www.itpro.com/technology/artificial-intelligence/ibm-ceo-in-damage-control-mode-after-ai-job-loss-comments) Google announces new generative AI search capabilities for doctors (https://www.cnbc.com/2023/10/09/google-announces-new-generative-ai-search-capabilities-for-doctors-.html) Be an Open Source Absolutist! (https://twitter.com/ID_AA_Carmack/status/1711737838889242880) Google Cloud mitigated largest DDoS attack, peaking above 398 million rps (https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/) Nonsense Ice Is Not Necessary. So Why Do Hotels Provide It for Free? (https://slate.com/human-interest/2015/08/why-are-there-ice-machines-in-so-many-hotels.html) Listener Feedback Biogen hiring Senior Manager, Solution Architecture, Global Commercial and Medical IT (hybrid work) (https://jobs.smartrecruiters.com/Biogen/743999935046183-senior-manager-solution-architecture-global-commercial-and-medical-it-hybrid-work-) RedHat hiring Principal Product Marketing Manager, OpenShift in Remote (https://us-redhat.icims.com/jobs/100399/principal-product-marketing-manager%2c-openshift/job?mode=view&mobile=true&width=428&height=739&bga=true&needsRedirect=false&jan1offset=-300&jun1offset=-240) Conferences Oct 17th SpringOne Tour Online (free!) (https://springonetour.io/?utm_source=cote&utm_campaign=devrel&utm_medium=newsletter&utm_content=newsletterUpcoming) - Coté talking about platform engineering. Oct 17th and 24th **talk series (yes, a “webinar”): Building a Path to Production: A Guide for Managers and Leaders in Platform Engineering (https://series.brighttalk.com/series/6011/?utm_source=cote&utm_campaign=devrel&utm_medium=newsletter&utm_content=newsletterUpcoming). Coté's doing this. Nov 6-9, 2023, KubeCon NA (https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/), SDT's a sponsor, Matt's there. Use this VMware discount code for 20% off: KCNA23VMWEO20. Nov 6-9, 2023 VMware Explore Barcelona (https://www.vmware.com/explore/eu.html), Coté's attending Nov 7–8, 2023 RISC-V Summit | Linux Foundation Events (https://events.linuxfoundation.org/riscv-summit/) Jan 29, 2024 to Feb 1, 2024 That Conference Texas (https://that.us/events/tx/2024/schedule/) If you want your conference mentioned, let's talk media sponsorships. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Get a SDT Sticker! Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us: Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), Mastodon (https://hachyderm.io/@softwaredefinedtalk), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk), Threads (https://www.threads.net/@softwaredefinedtalk) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Use the code SDT to get $20 off Coté's book, Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: macOS Sonoma (https://www.apple.com/macos/sonoma/) Matt: HomeSeek (https://www.homeseekgame.com/) - post apocalyptic SimCity Coté: Menewood (https://www.goodreads.com/en/book/show/60784675), finally out! Over 700 subscribers for my newsletter - are you subscribed (https://newsletter.cote.io)?! Photo Credits Header (https://unsplash.com/photos/dFoOWRT97_0) Artwork (https://unsplash.com/photos/umixjcVd0Ws)

america tiktok google ai state building leaders unity twitch bank priorities paypal remote hackers relevant vc measuring threads slack costco managers genetics shopify artwork senior manager blue sky mastodon stripe vmware google cloud 23andme ddos red hat measurements biogen datadog cot omerta platform engineering openshift sdt john riccitiello solution architecture matt ray devops report kubecon na principal product marketing manager wireless emergency alerts wea

MoveIT, Looney Tunables, iPhone zero days, state of DEVOPS

Phoenix Cast

Play Episode Listen Later Oct 13, 2023 71:36

In this episode of Phoenix Cast, hosts John, Rich, and Kyle discuss a trio of terrible items from the news. They also discuss Google's state of DEVOPS report. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts. Links: Looney Tunables - https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so https://www.bleepingcomputer.com/news/security/exploits-released-for-linux-flaw-giving-root-on-major-distros/?mibextid=Zxz2cZ https://hackaday.com/2023/10/06/this-week-in-security-looney-tunables-not-a-0-day-and-curl-warning/ MoveIt - https://techcrunch.com/2023/08/25/moveit-mass-hack-by-the-numbers/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAKI26YxLOJ3LtfPNiJcdBP7BjU5pY0NLPt_rZ1BSmhkA67JuGSVuYD5tuhnZTBdr6h-hdVsmq97cSlvBy-cClsH8C5uTJ5sLvcl9QDYYhdFqMu_8FDx4wLMOKUb7ixUEF2kg6NXDtajrK38ERHg4zm487zavIDNsKJrbDr4h-fGE https://www.darkreading.com/attacks-breaches/financial-firms-breached-in-moveit-cyberattacks-now-face-lawsuits https://www.bleepingcomputer.com/news/security/the-moveit-hack-and-what-it-taught-us-about-application-security/ https://www.progress.com/moveit https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/ Apple Zero Days: https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/?fbclid=IwAR1V3v3W0kJslsY59ayfrB0UswUzpE9bP0ARmlp1VDLDjx2po4WDUoKuGWs_aem_AVWQ2hLENrbnURcSsKrImQS79tU85DLt59xWTfeGF7ByyJ61n4Nt8jnosltfbzscecE&mibextid=Zxz2cZ https://support.apple.com/en-us/102657#:~:text=Mac%3A%20Choose%20Apple%20menu%20%EF%A3%BF,system%20files%22%20is%20turned%20on. State of DevOps Report: https://cloud.google.com/blog/products/devops-sre/announcing-the-2023-state-of-devops-report Industrial DevOps: https://itrevolution.com/product/industrial-devops-book/ National Security Commission on Artificial Intelligence: https://www.nscai.gov/

AI LLMs in Testing, Cypress LockDown and more! TGNS98

TestGuild News Show

Play Episode Listen Later Oct 9, 2023 9:46

Want an example of a practical application of AI in enhancing user engagement and experience? Or have you heard about a crowd-sourced experiment that used LLMs for testing And what feature was just released that Enhances Web App Testing with Microsoft Playwright Find out in this episode of the Test Guild New Shows for the week of Oct 8. So, grab your favorite cup of coffee or tea, and let's do this. Time News Title Rocket Link 0:25 Applitoools FREE Account Offer https://applitools.info/joe 0:44 Opsera Secures $12M Funding to Boost AI in DevOps https://testguild.me/zrhhmw 1:32 Crowd-sourced experiment on using LLMs for testing https://testguild.me/sfl3bq 2:56 So We Shipped an AI Product. Did it Work? https://testguild.me/8ts5p5 4:00 GenAIEnhance Productivity https://testguild.me/8oavzc 4:47 Announcing Microsoft Playwright Testing https://testguild.me/07xnh7 5:39 Accelerate State of DevOps Report 2023 https://testguild.me/0z0ahv 6:37 Changes in defense of Cypress Intellectual Property https://testguild.me/lq8ufy 7:51 Load Tests for Go Applications Running in Kubernetes https://testguild.me/f5km3r 8:48 Mastering API Testing with Katalon Studio and JMeter https://testguild.me/wlzn3a

ai work lockdown testing crowd devops kubernetes cypress devops report

492: Backstop.it and Varo Bank with Rishi Malik

Giant Robots Smashing Into Other Giant Robots

Play Episode Listen Later Sep 14, 2023 40:17

Victoria and Will interview Rishi Malik, the Founder of Backstop.it and VP of Engineering at Varo Bank. They talk about Rishi's recent adventure at DEF CON, the renowned annual security conference that he's attended for six years, and describes how it has transformed from a mere learning experience into a thrilling competition for him and his team. The conference = their playground for tackling an array of security challenges and brain-teasing puzzles, with a primary focus on cloud security competitions. They talk about the significance of community in such events and how problem-solving through interaction adds value. Rishi shares his background, tracing his path from firmware development through various tech companies to his current roles in security and engineering management. The vital topic of security in the fintech and banking sector highlights the initial concerns people had when online banking emerged. Rishi navigates through the technical intricacies of security measures, liability protection, and the regulatory framework that safeguards online banking for consumers. He also highlights the evolving landscape, where technological advancements and convenience have bolstered consumer confidence in online banking. Rishi shares his unique approach to leadership and decision-making, and pearls of wisdom for budding engineers starting their careers. His advice revolves around nurturing curiosity and relentlessly seeking to understand the "why" behind systems and processes. __ Backstop.it (https://backstop.it/) Follow Backstop.it on X (https://twitter.com/wearebackstop). Varo Bank (https://www.varomoney.com/) Follow Varo Bank on Instagram (https://www.instagram.com/varobank/), Facebook (https://www.facebook.com/varomoney/), X (https://twitter.com/varobank), YouTube (https://www.youtube.com/varomoney), or LinkedIn (https://www.linkedin.com/company/varobank/). Follow Rishi Malik on LinkedIn (https://www.linkedin.com/in/rishilmalik/). Follow thoughtbot on X (https://twitter.com/thoughtbot) or LinkedIn (https://www.linkedin.com/company/150727/). Become a Sponsor (https://thoughtbot.com/sponsorship) of Giant Robots! Transcript: VICTORIA: This is the Giant Robots Smashing Into Other Giant Robots podcast, where we explore the design, development, and business of great products. I'm your host, Victoria Guido. WILL: And I'm your other host, Will Larry. And with us today is Rishi Malik, Founder of Backstop.it and VP of Engineering at Varo Bank. Rishi, thank you for joining us. RISHI: Thanks for having me. I'm excited to be here. VICTORIA: Yes, Rishi. I'm so excited to talk with you today about your security background and get into your role at Varo and Backstop IT. But first, I wanted to hear a little bit more about your recent experience attending DEF CON. How was that? RISHI: It was awesome. I do have quite the background in security at this point. And one of the things I started doing early on, as I was getting up to speed and learning more about the security-specific side of things, was beginning to attend DEF CON itself. So, I've now gone six years straight. And it started out as just kind of experiencing the conference and security and meeting folks. But it's progressed to where I now bring a team of people where we go and we compete. We have a good time. But we do get to kind of bring the security side of things into the software engineering and engineering leadership stuff that we all do on a day-to-day basis. VICTORIA: Yeah. And what kind of puzzles do you solve with your team when you attend DEF CON? RISHI: There's definitely a lot of variety there, which I think is part of the fun. So, DEF CON frequently has electronic badges, you know, with random puzzles on there that you have to solve. Some of it are cryptographic. Some of them are kind of random cultural things. Sometimes there's music challenges based around it. Sometimes, it's social and interactive. And you have to go find the right type of badge or the right person behind it to unlock something. So, all of those, you know, typically exist and are a ton of fun. Primarily, in the last few years, we've been focusing more on the cloud CTF. So, in this case, it's our team competing against other teams and really focused on cloud security. So, it's, you know, figuring out vulnerabilities in, you know, specially designed puzzles around AWS and GCP, the application side of things as well, and competing to see how well you can do. Three years ago, the last couple of years, we've not won it, but we've been pretty competitive. And the great thing is the field is expanding as more and more people get into CTF themselves but, more importantly, into cloud infrastructure and cloud knowledge there. So, it's just great to see that expansion and see what people are into, what people are learning, and how challenging some of these things can be. VICTORIA: I love the idea of having a puzzle at a conference where you have to find a specific person to solve it. And yeah, I'm always interested in ways where we can have these events where you're getting together and building community and growing expertise in a field but in a way that makes it fun [laughs] and isn't just life-draining long, like, talks about random stuff. RISHI: [laughs] I think what you're touching on there is crucial. And you said the word community, and, to me, that is, you know, a big part of what DEF CON and, you know, hacking and security culture is. But it is, I think, one of the things that kind of outside of this, we tend to miss it more, you know, specifically, like, focused conferences. It is more about kind of the content, you know, the hallway track is always a thing. But it's less intentional than I personally, at this stage, really prefer, you know. So, I do like those things where it is encouraging interaction. For me, I'd rather go to happy hour with some people who are really well versed in the subject that they're in rather than even necessarily listening to a talk from them on what they're doing. Simply because I think the community aspect, the social aspect, actually gets you more of the information that is more relevant to what you're doing on a day-to-day basis than just consuming it passively. VICTORIA: I agree because consuming it passively or even intentionally remotely, there are things that you didn't even think to think about [laughs] that aren't going to come up just on your own. You have to have another person there who's...Actually, I have a good friend who's co-working with me this week who's at Ticketmaster. And so, just hearing about some of the problems they have and issues there has been entertaining for me. So yeah, I love that about DEF CON, and I love hearing about community stories and fun ways that companies can get a benefit out of coming together and just putting good content out there. RISHI: Absolutely. I think problem-solving is where you get the most value out of it as a company and as a business. VICTORIA: Yeah, maybe that's a good segue to tell me a little bit more about your background and how you came to be where you are today. RISHI: Yeah. For me growing up, I was always that problem-solver type of person. So, I think that's what kind of naturally gravitated me towards tech and, you know, hardware and software engineering. You know, so, for me, I go back quite a while. I'd been doing a lot of development, you know, in the early days of my career. I started out doing firmware development back in the days of large tape libraries, right? So, if you think about, like, big businesses back before cloud was a big thing and even back before SSDs were a thing, you know, it was all spinning disks. It was all tape. And that's kind of the area that I started in. So, I was working on robots that actually move tapes around these giant tape libraries that are, you know, taller than I am that you can walk inside of because they're so big, for big corporations to be able to backup their data on an overnight basis. You have to do that kind of stuff. Then I started going into smaller and smaller companies, into web tech, into startups, then into venture-backed startups. And then, eventually, I started my own company and did that for a while. All of this is really just kind of, you know, software engineering in a nutshell, lots of different languages, lots of different technologies. But really, from the standpoint of, here's a whole bunch of hard problems that need to be solved. Let's figure out how we can do that and how we can make some money by solving some of these problems. That eventually kind of led me down the security path as well and the engineering management side of things, which is what I do now, both at Backstop...is a security consulting business and being VP of Engineering at Varo Bank. WILL: How was your journey? Because you started as an intern in 2003. RISHI: [laughs] WILL: And then, you know, 20 years later. So, how was your journey through all of that? [laughs] RISHI: [laughs] You know, I hadn't actually put it together that it has been 20 years this year until you said that. So, that's awesome. It's been a blast, you know. I can honestly say it's been wildly different than what I imagined 20 years ago and interesting in different ways. I think I'm very fortunate to be able to say that. When I started out as an intern in 2003, technologies were very different. I was doing some intern shifts with the federal government, you know, so the pace was wildly different. And when I think of where technology has come now, and where the industry has gone, and what I get to do on a day-to-day basis, I'm kind of just almost speechless at just how far we've come in 20 years, how easy some things are, how remarkably hard some other things are that should honestly be easy at this point, but just the things that we can do. I'm old enough that I remember cell phones being a thing and then smartphones coming out and playing with them and being like, yeah, this is kind of mediocre. I don't really know why people would want this. And the iPhone coming out and just changing the game and being like, okay, now I get it. You know, to the experience of the internet and, you know, mobile data and everywhere. It's just phenomenal the advances that we've had in the last 20 years. And it makes me excited for the next 20 years to see what we can do as we go forward. VICTORIA: I'm going to take personal offense to someone knowing that technology being too old [laughs], but, yeah, because it really wasn't that long ago. And I think one thing I always think about having a background in civic tech and in financial tech as well is that the future is here; it's just not evenly distributed. So, now, if you're building a new company, of course, the default is to go straight to the cloud. But many companies and organizations that have been around for 60-80 years and using the internet right when it first came out are still in really old technologies that just simply work. And maybe they're not totally sure why, and change is difficult and slow. So, I wonder if you have any experience that you can take from the banking or fintech industry on how to make the most out of modern security and compliance platforms. RISHI: Yeah, you know, I think most people in tech especially...and the gray hairs on me are saying the younger folks in tech especially don't realize just how much older technologies still exist and will exist for quite some time. When you think of banking itself, you know, most of the major companies that you can think of, you know, in the U.S. especially but kind of across the world that are the top tier names of banks, and networks, and stuff like that, still run mainframes. When you swipe your credit card, there's a very good chance that is processed on a mainframe. And that's not a bad thing. But it's just, you know when you talk to younger engineers, it's not something that kind of crosses their mind. They feel like it is old-tech. The bulk of businesses don't actually run on the cloud. Having been through it, I've racked and stacked servers and had to figure out how to physically take hardware across, you know, country borders and things like those lines. And now, when I do want to spin up a server somewhere else, it's just a different AWS region. So, it's remarkably easy, at this point, to solve a lot of those problems. But once you're up and live and you have customers, you know, where downtime is impactful or, you know, the cost of moving to the cloud or modernizing your technology is substantial, things tend to move a lot slower. And I think you see that, especially when it comes to security, because we have more modern movements like DevOps bringing security into it. And with a lot of the, you know, the modern security and compliance platforms that exist, they work very, very well for what they do, especially when you're a startup or your whole tech stack is modernized. The biggest challenges, I think, seem to come in when you have that hybrid aspect of it. You do have some cloud infrastructure you have to secure. You do have some physical data centers you have to secure. You have something that is, you know, on-premise in your office. You have something that is co [inaudible 10:01] somewhere else. Or you also have to deal with stuff like, you know, much less modern tech, you know, when it comes to mainframes and security and kind of being responsible for all of that. And I think that is a big challenge because security is one of those things where it's, you know, if you think of your house, you can have the strongest locks on your door and everything else like that. But if you have one weak point, you have a window that's left open, that's all it takes. And so, it has to be all-inclusive and holistic. And I think that is remarkably hard to do well, even despite where technology has come to these days. WILL: Speaking of securities, I remember when the Internet banking started a couple of years ago. And some of the biggest, I guess, fears were, like, the security around it, the safety. Because, you know, your money, you're putting your money in it, and you can't go to a physical location to talk to anyone or anything. And the more and more you learn about it...at first, I was terrified of it because you couldn't go talk to someone. But the more and more I learned about it, I was like, oh, there's so much security around it. In your role, what does that look like for you? Because you have such a huge impact with people's money. So, how do you overcome that fear that people have? RISHI: There's, I think, a number of steps that kind of go into it. And, you know, in 2023, it's certainly a little bit easier than it used to be. But, you know, very similar, I've had the same questions, you know, and concerns that you're describing. And I remember using one of the first banks that was essentially all digital and kind of wondering, you know, where is my money going? What happens if something goes wrong? And all of those types of things. And so, I think there is kind of a number of different aspects that go into it. One is, you know, obviously, the technical aspects of security, you know, when you put your credit card number in on the internet, you know, is it encrypted? You know, is it over, you know, TLS? What's happening there? You know, how safe and secure is all that kind of thing? You know, at this point, pretty much everyone, at least in the U.S., has been affected by credit card breaches, huge companies like Home Depot and Target that got cards accessed or, you know, just even the smaller companies when you're buying something random from maybe something...a smaller website on the internet. You know, that's all a little bit better now. So, I think what you have there was just kind of a little bit of becoming comfortable with what exists now. The other aspect, though, I think, then comes into, well, what happens when something goes wrong? And I think there's a number of aspects that are super helpful for that. I think the liability aspect of credit card, you know, companies saying, you know, and the banks "You're not liable for a fraudulent transaction," I think that was a very big and important step that really helps with that. And on top of that, then I think when you have stuff like the FDIC, you know, and insurance in the U.S., you know, that is government-backed that says, you know what? Even if this is an online-only digital bank, you're safe. You're protected. The government's got your back in that regard. And we're going to make sure that's covered. At Varo, that's one of the key things that we think about a lot because we are a bank. Now, most FinTechs, actually, aren't banks, right? They partner with other third-party banks to provide their financial services. Whereas at Varo, we are federally regulated. And so, we have the full FDIC protection. We get the benefits of that. But it also means that we deal with the regulation aspects and being able to prove that we are safe and secure and show the regulators that we're doing the right things for our customers. And I think that's huge and important because, obviously, it's safety for customers. But then it changes how you begin to think about how you're designing products, and how you're [inaudible 13:34] them, and, you know, how you're marketing them. Are we making a mobile app that shows that we're safe, and secure, and stable? Or are we doing this [inaudible 13:42] thing of moving too fast and breaking things? When it's people's money, you have to be very, very dialed into that. You still have to be able to move fast, but you have to show the protection and the safety that people have because it is impactful to their lives. And so, I think from the FinTech perspective, that's a shift that's been happening over the last couple of years to continue that. The last thing I'll say, too, is that part of it has just come from technology itself and the comfort there. It used to be that people who were buying, you know, items on the internet were more the exception rather than the rule. And now with Amazon, with Shopify, with all the other stuff that's out there, like, it's much more than a norm. And so, all of that just adds that level of comfort that says, I know I'm doing the right things as a consumer, that I'm protected. If I, you know, do have problems, my bank's got my back. The government is watching out for what's happening and trying to do what they can do to regulate all of that. So, I think all of that has combined to get to that point where we can do much more of our banking online and safely. And I think that's a pretty fantastic thing when it comes to what customers get from that. I am old enough that I remember having to figure out times to get to the bank because they're open nine to five, and, you know, I have to deposit my paycheck. And, you know, I work nine to five, and maybe more hours pass, and I had no idea when I can go get that submitted. And now, when I have to deposit something, I can just take a picture with my phone, and it safely makes it to my account. So, I think the convenience that we have now is really amazing, but it has certainly taken some time. And I think a number of different industry and commercial players kind of come together and make that happen. MID-ROLL AD: Now that you have funding, it's time to design, build, and ship the most impactful MVP that wows customers now and can scale in the future. thoughtbot Liftoff brings you the most reliable cross-functional team of product experts to mitigate risk and set you up for long-term success. As your trusted, experienced technical partner, we'll help launch your new product and guide you into a future-forward business that takes advantage of today's new technologies and agile best practices. Make the right decisions for tomorrow today. Get in touch at thoughtbot.com/liftoff. VICTORIA: I appreciate that perspective on approaching security from the user experience of wanting safety. And I'm curious if we can talk in contrast from that experience to the developer experience with security. And how do you, as a new leader in this financial product company, prioritize security and introduce it from a, like, building a safety culture perspective? RISHI: I think you just said that very eloquently. It is a safety culture. And cultural changes are hard. And I think for quite some time in the developer industry, security was either an afterthought or somebody else's problem. You know, it's the security team that has to think about it. It's, you know, and even these days, it's the red team that's going to go, you know, find these answers or whatever I'm shipping as a developer. My only thing to focus on is how fast I can ship, or, you know, what I'm shipping, rather than how secure is what I'm shipping. And so, I think to really be effective at that, it is a cultural shift. You have to think and talk about security from the outset. And you have to bake those processes into how you build product. Those security conversations really do need to start at the design phase. And, you know, thinking about a mobile app for a bank as an example, you know, it starts when you're just thinking about the different screens on a mobile app that people are going to go through. How are people interpreting this? You know, what is the [inaudible 17:23], and the feeling, and the emotions, that we're building towards? You know, is that safe and secure or, you know, is it not? But then it starts getting to the architecture and the design of the systems themselves to say, well, here's how they're going to enter information, here's how we're passing this back and forth. And especially in a world where a lot of software isn't just 100% in-house, but we're calling other partners for that, you know, be it, you know, infrastructure or risk, you know, or compliance, or whatever else it may be, how are we protecting people's data? How are we making sure our third parties are protecting people's data? You know, how are we encrypting it? How are we thinking about their safety all the way through? Again, even all the way down to the individual developer that's writing code, how are we verifying they're writing good, high-quality, secure code? Part of it is training, part of it is culture, part of it is using good tooling around that to be able to make sure and say, when humans make mistakes because we are all human and we all will make mistakes, how are we catching that? What are the layers do we have to make sure that if a mistake does happen, we either catch it before it happens or, you know, we have defense in depth such that that mistake in and of itself isn't enough to cause a, you know, compromise or a problem for our customers? So, I think it starts right from the start. And then, every kind of step along the way for delivering value for customers, also let's add that security and privacy and compliance perspective in there as well. VICTORIA: Yes, I agree. And I don't want to work for a company where if I make a small human mistake, I'm going to potentially cost someone tens or however many thousands of dollars. [laughs] WILL: I have a question around that. How, as a leader, how does that affect you day to day? Because I feel like there's some companies, maybe thoughtbot, maybe other companies, that a decision is not as critical as working as a bank. So, you, as a leader, how do you handle that? RISHI: There's a couple of things I try and consider in any given big or important decision I have to make, the aspects around, like, you know, the context, what the decision is, and that type of stuff. But from a higher level, there's kind of two things I try and keep in mind. And when I say keep in mind, like, when it's a big, impactful decision, I will actually go through the steps of, you know, writing it down or talking this out loud, sometimes by myself, sometimes with others, just, again, to make sure we are actually getting to the meat of it. But the first thing I'm trying to think of is kind of the Amazon idea of one-way versus two-way doors. If we make this decision and this is the wrong decision, what are the ramifications of that? You know, is it super easy to undo and there's very little risk with it? Or is it once we've made this decision or the negative outcome of this decision has happened, is it unfixable to a certain degree? You know, and that is a good reminder in my head to make sure that, you know, A, I am considering it deeply. And that, B, if it is something where the ramifications, you know, are super huge, that you do take the time, and you do the legwork necessary to make sure you're making a good, valid decision, you know, based on the data, based on the risks involved and that there's a deep understanding of the problem there. The second thing I try to think of is our customers. So, at Varo, our customers aren't who most banks target. A lot of banks want you to take all your money, put it in there, and they're going to loan that money out to make their money. And Varo is not that type of bank, and we focus on a pretty different segment of the market. What that means is our customers need their money. They need it safely and reliably, and it needs to be accurate when they have it. And what I mean by that is, you know, frequently, our customers may not have, you know, hundreds or a thousand dollars worth of float in their bank accounts. So, if they're going and they're buying groceries and they can't because there's an error on our side because we're down, and because the transactions haven't settled, then that is very, very impactful to them, you know, as an individual. And I think about that with most of these decisions because being in software and being in engineering I am fortunate enough that I'm not necessarily experiencing the same economic struggles that our customers may have. And so, that reminder helps me to think about it from their perspective. In addition, I also like to try and think of it from the perspective...from my mom, actually, who, you know, she is retired age. She's a teacher. She's non-technical. And so, I think about her because I'd say, okay, when we're making a product or a design decision, how easy is it for her to understand? And my biases when I think about that, really kind of come into focus when I think about how she would interpret things. Because, you know, again, for me, I'm in tech. I think about things, you know, very analytically. And I just have a ton of experience across the industry, which she doesn't have. So, even something as simple as a little bit of copy for a page that makes a ton of sense to me, when I think about how she would interpret it, it's frequently wildly different. And so, all of those things, I think, kind of come together to help make a very strong and informed decision in these types of situations where the negative outcomes really do matter. But you are, you know, as Varo is, you're a startup. And you do need to be able to build more products quickly because our customers have needs that aren't being met by the existing banking industry. And so, we need to provide value to them so that their lives are a bit better. VICTORIA: I love that focus on a specific market segment and their needs and solving for that problem. And we know that if you're at a certain income level, it's more expensive [laughs] because of the overdraft fees and other things that can cause you problems. So, I really appreciate that that's the mission at Varo, and that's who you're focusing on to create a better banking product that makes more sense. I'm curious if there were any surprises and challenges that you could share from that discovery process and finding out, you know, exactly what were those things where your mom was, like, uh, actually, I need something completely different. [laughs] RISHI: Yeah, so, [chuckles] I'm chuckling because, you know, it's not, like, a single kind of time or event. It's, you know, definitely an ongoing process. But, you know, as actually, we were talking, you know, about earlier in terms of being kind of comfortable with doing things digital and online, that in and of itself is something that even in 2023, my mom isn't as comfortable or as confident as, you know, say, maybe the three of us are. As an example, when sending money, you know, kind of like a peer-to-peer basis, like, if I'm sending my mom a little bit of money, or she's sending me something, you're kind of within the family. Things that I would think would be kind of very easy and straightforward actually do cause her a little bit more concern. Okay, I'm entering my debit card number into this so that it can get, you know, the cash transferred into my bank account. You know, again, for me, it didn't even cross my mind, actually, that that would be something uncomfortable. But for my mom, that was something where she actually had some concerns about it and was messaging me. Her kind of personal point of view on that was, I would rather use a credit card for this and get the money on a credit card instead of a debit card because the debit card is linked to a bank account, and the security around that needs to be, you know, much tighter. And so, it made her more uncomfortable entering that on her phone. Whereas even a credit card it would have given her a little bit more peace of mind simply because it wasn't directly tied to her bank account. So, that's just, you know, the most recent example. I mean, honestly, that was earlier today, but it's something I hadn't thought of. And, again, for most of our customers, maybe that's not the case and how they think. But for folks that are at that retirement age, you know, in a world where there are constant barrages of scam, you know, emails, and phone calls, and text messages going around, the concern was definitely there. VICTORIA: That happened to me. Last week, I was on vacation with my family, and we needed to pay my mom for the house we'd rented. And I had to teach her how to use Zelle and set up Zelle. [laughter] It was a week-long process. But we got there, and it works [laughs] now. But yeah, it's interesting what concerns they have. And the funny part about it was that my sister-in-law happens to be, like, a lawyer who prevents class action lawsuits at a major bank. And she reassured us that it was, in fact, secure. [laughs] I think it's interesting thinking about that user experience for security. And I'm curious, again, like, compare again with the developer experience and using security toolings. And I wonder if you had any top recommendations on tools that make the developer experience a little more comfortable and feeling like you're deploying with security in mind. RISHI: That, in particular, is a bit of a hard question to answer. I try and stay away from specific vendors when it comes to that because I think a lot of it is contextual. But I could definitely talk through, like, some of the tools that I use and the way I like to think about it, especially from the developer perspective. I think, first off, consider what aspect of the software development, you know, lifecycle you're in. If you are an engineer writing, you know, mostly application code and dealing with building product and features and stuff like that, start from that angle. I could even take a step back and say security as an industry is very, very wide at this point. There is somebody trying to sell you a tool for basically every step in the SDLC process, and honestly, before and after to [inaudible 26:23]. I would even almost say it's, to some extent, kind of information and vendor overload in a lot of ways. So, I think what's important is to think about what your particular aspect of that is. Again, as an application engineer, or if you're building cloud infrastructure, or if you're an SRE, you know, or a platform team, kind of depending on what you are, your tooling will be different. The concepts are all kind of similar ideas, but how you go about what you build will be different. In general, I like to say, from the app side of things, A, start with considering the code you're writing. And that's a little bit cultural, but it's also kind of more training. Are you writing code with a security mindset? are you designing systems with a security mindset? These aren't things that are typically taught, you know, in school if you go get a CS degree, or even in a lot of companies in terms of the things that you should be thinking about. So, A, start from there. And if you don't feel like you think about, you know, is this design secure? Have we done, you know, threat modeling on it? Are we considering all of the error paths or the negative ways people can break the system? Then, start from that and start going through some of the security training that exists out there. And there's a lot of different aspects or avenues by which you can get that to be able to say, like, okay, I know I'm at least thinking about the code I write with a security mindset, even if you haven't actually changed anything about the code you're writing yet. What I actually think is really helpful for a lot of engineers is to have them try and break things. It's why I like to compete in CTFs, but it's also why I like to have my engineers do the same types of things. Trying to break software is both really insightful from the aspect that you don't get when you're just writing code and shipping it because it's not something you have time to do, but it's also a great way to build up some of the skills that you need to then protect against. And there's a lot of good, you know, cyber ranges out there. There's lots of good, just intentionally vulnerable applications that you can find on GitHub but that you can just run, you know, locally even on your machine and say, okay, now I have a little web app stood up. I know this is vulnerable. What do I do? How do I go and break it? Because then all of a sudden, the code that you're writing you start to think about a little bit differently. It's not just about how am I solving this product problem or this development problem? But it's, how am I doing this in a way that is safe and secure? Again, as an application side of things, you know, just make sure you know the OWASP Top 10 inside and out. Those are the most basic things a lot of engineers miss. And it only takes, again, one miss for it to be critical. So, start reviewing it. And then, you start to think about the tooling aspect of it. People are human. We're going to make mistakes. So, how do we use the power of technology to be able to stop this? You know, and there is static scanning tools. Like, there's a whole bunch of different ones out there. You know, Semgrep is a great one that's open source just to get started with that can help you find the vulnerable code that may exist there. Consider the SQL queries that you're writing, and most importantly, how you're writing them. You know, are you taking user input and just chucking it in there, or are you sanitizing it? When I ask these questions, for a lot of engineers, it's not usually yes or no. It's much more of an, well, I don't know. Because in software, we do a really good job of writing abstraction layers. But that also means, you know, to some extent, there may be a little bit of magic in there, or a lack thereof of magic that you don't necessarily know about. And so, you have to be able to dive into the libraries. You have to know what you're doing to even be able to say something like, oh no, this SQL query is safe from this user input because we have sanitized it. We have, you know, done a prepared statement, whatever it may be. Or, no, actually, we are just doing something here that's been vulnerable, and we didn't realize we were, and so now that's something we have to address. So, I think, like, that aspect in and of itself, which isn't, you know, a crazy ton of things. It's not spending a ton of money on different tools. But it's just internalizing the fact that you start to think a little bit differently. It provides a ton of value. The last thing on that, too, is to be able to say, especially if you're coming from a development side, or even just from a founder or a startup side of things, what are my big risks? What do I need to take care of first? What are the giant holes or flaws? You know, and what is my threat model around that? Obviously, as a bank, you have to care very deeply right from the start. You know, if you're not a bank, if you're not dealing with financial transactions, or PII, or anything like that, there are some things that you can deal with a little bit later. So, you have to know your industry, and you have to know what people are trying to do and the threat models and the threat vectors that can exist based on where you are. WILL: That's amazing. You know, earlier, we talked about you being an engineer for 20 years, different areas, and stuff like that. Do you have any advice for engineers that are starting out right now? And, you know, from probably year one to year, you know, anything under ten years of experience, do you have any advice that you usually give engineers when you're chatting with them? RISHI: The advice I tend to give people who are just starting out is be the type of person that asks, "How does this work?" Or "Why does this work?" And then do the work to figure out the answer. Maybe it is talking to someone; maybe it's diving into the details; maybe it's reading a book in some aspect that you haven't had much exposure to. When I look at my career and when I look at the careers of folks around me and the people that I've seen be most successful, both in engineering but also on the business side, that desire to know why something is the case is I think, one of the biggest things that determines success. And then the ability to answer that question by putting in the right types of work, the right types of scientific method and processes and such, are the other factor. So, to me, that's what I try and get across to people. I say that mostly to junior folks because I think when you're getting started, it's really difficult. There's a ton out there. And we've, again, as software engineers, and hardware engineers, and cloud, and all this kind of stuff, done a pretty good job of building a ton of abstraction layers. All of our abstraction layers [inaudible 32:28] to some degree. You know, so as you start, you know, writing a bunch of code, you start finding a bunch of bugs that you don't necessarily know how to solve and that don't make any sense in the avenue that you've been exposed to. But as soon as you get into the next layer, you understand how that works begin to make a lot more sense. So, I think being comfortable with saying, "I have no idea why this is the case, but I'm going to go find out," makes the biggest difference for people just starting out their career. WILL: I love that advice. Not too long ago, my manager encouraged me to write a blog post on something that I thought that I really knew. And when I started writing that blog post, I was like, oh boy, I have no idea. I know how to do it, but I don't know the why behind it. And so, I was very thankful that he encouraged me to write a blog post on it. Because once you start explaining it to other people, I feel you really have to know the whys. And so, I love that advice. That's really good advice. VICTORIA: Me too. And it makes sense with what we see statistically as well in the DORA research. The DevOps Research Association publishes a survey every year, the State of DevOps Report. And one of the biggest findings I remember from last year's was that the most secure and reliable systems have the most open communication and high trust among the teams. And so, being able to have that curiosity as a junior developer, you need to be in an environment where you can feel comfortable asking questions [laughs], and you can approach different people, and you're encouraged to make those connections and write blog posts like Will was saying. RISHI: Absolutely, absolutely. I think you touched on something very important there as well. The psychological safety really makes a big difference. And I think that's critical for, again, like, folks especially earlier in their career or have recently transitioned to tech, or whatever the case may be. Because asking "Why?" should be something that excites people, and there are companies where that's not necessarily the case, right? Where you asking why, it seems to be viewed as a sign that you don't know something, and therefore, you're not as good as what you should be, you know, the level you should be at or for whatever they expect. But I do think that's the wrong attitude. I think the more people ask why, the more people are able and comfortable to be able to say, "I don't know, but I'm going to go find out," and then being able to be successful with that makes way better systems. It makes way safer and more secure systems. And, honestly, I think it makes humans, in general, better humans because we can do that. VICTORIA: I think that's a great note to start to wrap up on. Is there any questions that you have for me or Will? RISHI: Yeah. I would love to hear from both of you as to what you see; with the experiences that you have and what you do, the biggest impediments or speed bumps are when it comes to developers being able to write and ship secure code. VICTORIA: When we're talking with new clients, it depends on where they are in really the adoption of their product and the maturity of their organization. Some early founders really have no technology experience. They have never managed an IT organization. You know, setting up basic employee account access and IDs is some of the initial steps you have to take to really get to where you can do identity management, and permissions management, and all the things that are really table stakes for security. And then others have some progress, and they have a fair amount of data. And maybe it's in that situation, like you said before, where it's really a trade-off between the cost and benefit of making those changes to a more secure, more best practice in the cloud or in their CI/CD pipeline or wherever it may be. And then, when you're a larger organization, and you have to make the trade-offs between all of that, and how it's impacting your developer experience, and how long are those deployed times now. And you might get fewer rates of errors and fewer rates of security vulnerabilities. But if it's taking three hours for your deployments to go out [laughs] because there's so many people, and there's so many checks to go through, then you have to consider where you can make some cuts and where there might be more efficiencies to be gained. So, it's really interesting. Everyone's on a different point in their journey. And starting with the basics, like you said, I love that you brought up the OWASP Top 10. We've been adopting the CIS Controls and just doing a basic internal security audit ourselves to get more ready and to be in a position where... What I'm familiar with as well from working in federal agencies, consulting, maintaining some of the older security frameworks can be a really high cost, not only in terms of auditing fees but what it impacts to your organization to, like, maintain those things [laughs] and the documentation required. And how do you do that in an agile way, in a way that really focuses on addressing the actual purpose of the requirements over needing to check a box? And how do we replicate that for our clients as well? RISHI: That is super helpful. And I think the checkbox aspect that you just discussed I think is key. It's a difficult position to be in when there are boxes that you have to check and don't necessarily actually add value when it comes to security or compliance or, you know, a decrease in risk for the company. And I think that one of the challenges industry-wide has always been that security and compliance in and of itself tends to move a little bit slower from a blue team or a protection perspective than the rest of the industry. And so, I mean, I can think of, you know, audits that I've been in where, you know, just even the fact that things were cloud-hosted just didn't make sense to the auditors. And it was a struggle to get them to understand that, you know, there is shared responsibility, and this kind of stuff exists, and AWS is taking care of some things, and we're taking care of some other things when they've just been developed with this on-premise kind of mentality. That is one of the big challenges that still exists kind of across the board is making sure that the security work that you're doing adds security value, adds business value. It isn't just checking the box for the sake of checking the box, even when that's sometimes necessary. VICTORIA: I am a pro box checker. RISHI: [laughs] VICTORIA: Like, I'll get the box checked. I'll use Trello and Confluence and any other tool besides Excel to do it, too. We'll make it happen with less pain, but I'd rather not do it [laughs] if we don't have to. RISHI: [laughs] VICTORIA: Let's make it easy. No, I love it. Is there anything else that you want to promote? RISHI: No, I don't think there's anything else I want to promote other than I'm going to go back to what I said just earlier, like, that culture. And if, you know, folks are out there and you have junior engineers, you have engineers that are asking "Why?", you have people that just want to do the right thing and get better, lean into that. Double down on those types of folks. Those are the ones that are going to make big differences in what you do as a business, and do what you can to help them out. I think that is something we don't see enough of in the industry still. And I would love for that to change. VICTORIA: I love that. Thank you so much, Rishi, for joining us. RISHI: Thanks for having me. This was a great conversation. I appreciate the time. VICTORIA: You can subscribe to the show and find notes along with a complete transcript for this episode at giantrobots.fm. If you have questions or comments, email us at hosts@giantrobots.fm. And you can find me on Twitter @victori_ousg. WILL: And you could find me on Twitter @will23larry. This podcast is brought to you by thoughtbot and produced and edited by Mandy Moore. Thanks for listening. See you next time. ANNOUNCER: This podcast is brought to you by thoughtbot, your expert strategy, design, development, and product management partner. We bring digital products from idea to success and teach you how because we care. Learn more at thoughtbot.com. Special Guest: Rishi Malik.

amazon founders internet state iphone bank target mvp engineering excel fintech shopify cs home depot aws github ticketmaster devops trello ids ssd fdic sql zelle rishi defcon liftoff mandy moore confluence fintechs sre ci cd tls gcp pii ctf giant robots varo sdlc backstop owasp top ctfs devops report semgrep will larry victoria you

EP116 SBOMs: A Step Towards a More Secure Software Supply Chain

Cloud Security Podcast by Google

Play Episode Listen Later Apr 10, 2023 29:50

Guest: Isaac Hepworth, PM focused on Software Supply Chain Security @ Google Cooked questions: Why is everyone talking about SBOMs all of a sudden? Why does this matter to a typical security leader? Some software vendors don't want SBOM, and this reminds us of the food safety rules debates in the past, how does this analogy work here? One interesting challenge in the world of SBOMs and unintended consequences is that large well resourced organizations may be better equipped to produce SBOMs than small independent and open source projects. Is that a risk? Is the SBOM requirement setting the government up to be overly reliant on megacorps and are we going to unintentionally ban open source from the government? What is the relationship between SBOM and software liability? Is SBOM a step to this? Won't software liability kill open source? How does Google prepare for EO internally; how do we use SBOM and other related tools? To come back to the food analogy, SBOMs are all well and good, but the goal is not that consumers know they're eating lead, but rather that our food becomes healthier. Where are we heading in the next five years to improve software supply chain "health and safety"? Resources: Full video of this episode (YouTube / LinkedIn) “Executive Order on Improving the Nation's Cybersecurity” “M-22-18 Memorandum For The Heads of Executive Departments and Agencies“ SLSA.dev “How to SLSA Part 3 - Putting it all together” Assured Open Source Software NIST Secure Software Development Framework (SSDF) “Linking Up The Pieces: Software Supply Chain Security at Google and Beyond” (ep24) “2022 Accelerate State of DevOps Report and Software Supply Chain Security” (ep100)

google putting software improving secure supply chains won eo sbom sboms software supply chain security devops report

Episode 15 | The State of DevOps Report 2023

Cloud Unplugged

Play Episode Listen Later Mar 22, 2023 32:13

Jon and Jay analyse the findings of Puppet's recent report on the state of DevOps and platform engineering. The pair discuss what they thought was lacking from the report, the difference between platform teams and platform engineering teams, and Jon finds an excuse to have a rant about the term 'cognitive load'.

cloud platform platforms puppets devops cloud computing cognitive load platform engineering devops report

EP111 How to Solve the Mystery of Application Security in the Cloud?

Cloud Security Podcast by Google

Play Episode Listen Later Mar 6, 2023 23:43

Guest: Brandon Evans, Infosec Consultant and Certified Instructor and Course Author at SANS Topics: What got you interested in security and motivated you to make this your area of focus? You came from a developer background, right? Occasionally, we hear the sentiment that “developers don't care about security,” how would you counter it (and would you?)? How do we encourage developers and operations to use the appropriate security controls and settings in the cloud? Is “encourage” the right word? Can we really do “secure by default” but for developers? What do you think are the main application security issues that developers need to deal with in the cloud? You mentioned software supply chain security, do you treat this as a part of application security? How important is this, realistically, for an average organization and its developers? Going to our favorite subject of threat detection, how do you think we can better encourage developers to supply the logs necessary for our detection and response teams to act upon? Resources: “Cloud Security: Making Cloud Environments a Safer Place” ebook by SANS SANS.org/cloud site “The Phoenix Project” book by Gene Kim et al “The Unicorn Project” book by Gene Kim “Next Special - Log4j Reflections, Software Dependencies and Open Source Security” (EP87) “2022 Accelerate State of DevOps Report and Software Supply Chain Security” (EP100) “Linking Up The Pieces: Software Supply Chain Security at Google and Beyond” (EP24)

google mystery cloud solve cloud security application security phoenix project gene kim certified instructor safer place devops report unicorn project

#161: State of DevOps 2022

Better ROI from Software Development

Play Episode Listen Later Jan 18, 2023 9:32

This episode, I wanted to take a quick look at the 2022 edition of the State of DevOps Report. I've talked a number of times about the State of DevOps report. I originally introduced it back in episode 13, and last year I devoted seven episodes, 120-126, to a deep-dive into the 2021 edition. ----- Find this episodes show notes at: https://red-folder.com/podcasts/161 Have an idea for an episode topic, or want to see what is coming up: https://red-folder.com/podcasts/roadmap

state devops devops report

456: Jeli.io with Laura Maguire

Giant Robots Smashing Into Other Giant Robots

Play Episode Listen Later Jan 5, 2023 46:37

Laura Maguire is a Researcher at Jeli.io, the first dedicated instant analysis platform that combines more comprehensive data to deliver more proactive solutions and identify problems. Victoria talks to Laura about incident management, giving companies a powerful tool to learn from their incidents, and what types of customers are ideal for taking on a platform like Jeli.io. Jeli.io (https://www.jeli.io/) Follow Jeli.io on Instagram (https://www.instagram.com/jeli_io/), Twitter (https://twitter.com/jeli_io) or LinkedIn (https://www.linkedin.com/company/jeli-inc/). Follow Laura Maguire on Twitter (https://twitter.com/LauraMDMaguire) or LinkedIn (https://www.linkedin.com/in/lauramaguire/). Follow thoughtbot on Twitter (https://twitter.com/thoughtbot) or LinkedIn (https://www.linkedin.com/company/150727/). Become a Sponsor (https://thoughtbot.com/sponsorship) of Giant Robots! Transcript: VICTORIA: This is the Giant Robots Smashing Into Other Giant Robots Podcast, where we explore the design, development, and business of great products. I'm your host, Victoria Guido. And with me today is Laura Maguire, Researcher at Jeli, the first dedicated instant analysis platform that combines more comprehensive data to deliver more proactive solutions and identify problems. Laura, thank you for joining me. LAURA: Thanks for having me, Victoria. VICTORIA: This might be a very introductory level question but just right off the bat, what is an incident? LAURA: What we find is a lot of companies define this very differently across the space, but typically, it's where they are seeing an impact, either a customer impact or a degradation of their service. This can be either formally, it kind of impacts their SLOs or their SLAs, or informally it's something that someone on the team notices or someone, you know, one of their users notice as being degraded performance or something not working as intended. VICTORIA: Gotcha. From my background being in IT operations, I'm familiar with incidents, and it's been a practice in IT for a long time. But what brought you to be a part of building this platform and creating a product around incidents? LAURA: I am a, let's say, recovering safety professional. VICTORIA: [chuckles] LAURA: I started my career in the safety and risk management realm within natural resource industries in the physical world. And so I worked with people who were at the sharp end in high-risk, high-consequence type work. And they were really navigating risk and navigating safety in the real world. And as I was working in this domain, I noticed that there was a delta between what was being said, created safety, and helped risk management and what I was actually seeing with the people that I was working with on the front lines. And so I started to pull the thread on this, and I thought, is work as done really the same as work as written or work as prescribed? And what I found was a whole field of research, a whole field of practice around thinking about safety and risk management in the world of cognitive work. And so this is how people think about risk, how they manage risk, and how do they interpret change and events in the world around them. And so as I started to do my master's degree in human factors and system safety and then later my Ph.D. in cognitive systems engineering, I realized that whether you are on the frontlines of a wildland fire or you're on the frontlines of responding to an incident in the software realm, the ways in which people detect, diagnose, and repair the issues that they're facing are quite similar in terms of the cognitive work. And so when I was starting my Ph.D. work, I was working with Dr. David Woods at the Cognitive Systems Engineering Lab at The Ohio State University. And I came into it, and I was thinking I'm going to work with astronauts, or with fighter pilots, or emergency room doctors, these really exciting domains. And he was like, "We're going to have you work with software engineers." And at first, I really failed to see the connection there, but as I started to learn more about site reliability engineering, about DevOps, about the continuous deployment, continuous integration world, I realized software engineers are really at the forefront of managing critical digital infrastructure. They're keeping up the systems that run society, both for recreation and pleasure in the sense of Netflix, for example, as well as the critical functions within society like our 911 call routing systems, our financial markets. And so the ability to study how software engineers detect outages, manage outages, and work together collaboratively across the team was really giving us a way to study this kind of work that could actually feed back into other types of domains like emergency response, like emergency rooms, and even back to the fighter pilots and astronauts. VICTORIA: Wow, that's so interesting. And so is your research that went into your Ph.D. did that help you help define the product strategy and kind of market fit for what you've been building at Jeli? LAURA: Yeah, absolutely. So Nora Jones, who is the founder and CEO of Jeli, reached out to me at a conference and told me a little bit about what she was thinking about, about how she wanted to support software engineers using a lot of this literature and a lot of the learnings from these other domains to build this product to help support incident management in software engineering. So we base a lot of our thinking around how to help support this cognitive work and how to help resilient performance in these very dynamic, these very changing large scale, you know, distributed software systems on this research, as well as the research that we do with our own users and with our own members from learning from incidents in software engineering Slack community that Nora and several other fairly prominent names within the software community started, Lorin Hochstein, John Allspaw Dr. Richard Cook, Jessica DeVita, Ryan Kitchens, and I may be missing someone else but...and myself, oh, Will Galego as well. Yeah, we based a lot of our understandings, really deep qualitative understandings of what is work like for software engineers when they're, you know, in continuous deployment type environments. And we've translated this into building a product that we think helps but not hinders by getting in the way of engineers while they're under time pressure and there's a lot of uncertainty. And there's often quite a bit of stress involved with responding to incidents. VICTORIA: Right. And you mentioned resilience engineering. And for those who don't know, David Woods, who you worked on with your Ph.D., wrote "Resilience Engineering: Concepts and Precepts." So maybe you could talk a little bit about resilience engineering and what that really means, not just in technology but in the people who were running the tools, right? LAURA: Yeah. So resilience engineering is different from how we think about protecting and defending our software systems. And it's different in the sense that we aren't just thinking about how do we prevent incidents from happening again, like, how do we fix things that have happened to us in the past? But how do we better understand the ways in which our systems operate under a wide variety of conditions? So that includes normal operating conditions as well as abnormal or anomalous operating conditions, such as an incident response. And so resilience engineering was kind of this way of thinking differently about predicting failure, about managing failure, and navigating these kinds of worlds. And one of the fundamental differences about it is it sees people as being the most adaptive component within the system of work. So we can have really good processes and practices around deploying code; we can institute things like cross-checking and peer review of code; we can have really good robust backup and failover systems, but ultimately, it's very likely that in these kinds of complex and adaptive always-changing systems that you're going to encounter problems that you weren't able to anticipate. And so this is where the resilience part comes in because if you're faced with a novel problem, if you're faced with an issue you've never seen before, or a hidden dependency within your system, or an unanticipated failure mode, you have to adapt. You have to be able to take all of the information that's available to you in the moment. You have to interpret that in real-time. You have to think of who else might have skills, knowledge, expertise, access to information, or access to certain kinds of systems or software components. And you have to bring all of those people together in real-time to be able to manage the problem at hand. And so this is really quite a different way of thinking about supporting this work than just let's keep the runbooks updated, and let's make sure that we can write prescriptive processes for everything that we're going to encounter. Because this really is the difference that I saw when I was talking about earlier about that work is done versus work is prescribed. The rules don't cover all of the situations. And so you have to think of how do you help people adapt? How do you help people access information in real-time to be able to handle unforeseen failures? VICTORIA: Right. That makes a lot of sense. It's an interesting evolution of site reliability engineering where you're thinking about the users' experience of your site. It's also thinking about the people who are running your site and what their experience is, and what freedom they have to be able to solve the problems that you wouldn't be able to predict, right? LAURA: Yeah, it's a really good point, actually, because there is sort of this double layer in the product that we are building. So, as you mentioned earlier, we are an incident analysis platform, and so what does that mean? Well, it means that we pull in data whenever there's been an incident, and we help you to look at it a little bit more deeply than you may if you're just following a template and sort of reconstructing a timeline. And so we pull in the actual Slack data that, you know, say, an ops channel or an incident channel that's been spun up following a report of a degraded performance or of an outage. And we look very closely at how did people talk to one another? Who did they bring into the incident? What kinds of things did they think were relevant and important at different points in time? And in doing this, it helps us to understand what information was available to people at different points in time. Because after the incident and after it's been resolved, people often look back and say, "Oh, there's nothing we can learn from that. We figured out what it was." But if we go back and we start looking at how people detected it, how they diagnosed it, who they brought into the event, we can start to unpack these patterns and these ways of understanding how do people work together? What information is useful at different points in time? Which helps us get a deeper understanding of how our systems actually work and how they actually fail. VICTORIA: Right. And I see there are a few different ways the platform does that: there's a narrative builder, a people view, and also a visual timeline. So, do you find that combining all those things together really gives companies a powerful tool to learn from their incidents? LAURA: Yeah. So let me talk a little bit about each of those different components. Our MVP of the product we started out with this understanding of the incident analyst and the incident investigator who, you know, was ready to dive in and ready to understand their incident and apply some qualitative analysis techniques to thinking about their incidents. And what we found was there are a number of these people who are really interested in this deep dive within the software industry. But there's a broader subset of folks that they work with who maybe only do these kinds of incident analysis every once in a while, and they're not as interested in going quite as deep. And so the narrative builder is really this kind of bridge between those two types of users. And what it does is helps construct a timeline which is typically what most companies do to help drive the discussion that they might have in a post-mortem or to drive their kind of findings in their summary report. And it helps them take this closer look at the interactions that happened in that slack transcript and raise questions about what kinds of uncertainties there were, point out who was involved, or interesting aspects of the event at that point in time. And it helps them to summarize what was happening. What did people think was happening at this point in time to create this story about the incident? And the story element is really important because we all learn from stories. It helps bring to life some of the details about what was hard, who was involved, how did they get brought in, what the sources of technical failure were, and whether those were easy or difficult to understand and to repair once the source of the failure was actually understood. And so that narrative builder helps reconstruct this timeline in a much richer way but also do it very efficiently. And as you mentioned, the visual timeline is something that we've created to help that lightweight user or that every once in a while user to go a little bit deeper on their analysis. And how we do that is because it lays out the progression of the event in a way that helps you see, oh, this maybe wasn't straightforward. We didn't detect it in the beginning, and then diagnose it, and then repair it at the end. What happened actually was the detection was intermittent. The signals about what was going wrong was intermittent, and so that was going on in parallel with the diagnosis. The diagnosis took a really long time, and that may have been because we can also see the repair was happening concurrently. And so it starts to show these kinds of characteristics about whether the incident was difficult, whether it was challenging and hard, or whether it was simple and straightforward. This helps lend a bit more depth to metrics like MTTR and TTD by saying, oh, there was a lot more going on in this incident than we initially thought. The last thing that you mentioned was the people view, and so that really sets our product apart from other products in that we look at the sociotechnical system. So it's not just about the software that broke; it is about who was involved in managing that system, in repairing that system, and in communicating about that system outwardly. And so the people view this kind of pulls in some HR data. It helps us to understand who was involved. How long have they been in their role? Were they on-call? Were they not on-call? And other kinds of irrelevant details that show us what was their engagement or their interaction with this event. And so when we start to bring in the socio part of the sociotechnical system, we can identify things like what knowledge do we have within the organization? Is that knowledge well-distributed, or is it just isolated in one or two people? And so those people are constantly getting pulled into incidents when they may be not on-call, which can start to show us whether or not these folks are in danger of burning out or whether their knowledge might need to be transferred more broadly throughout the organization. So this is kind of where the resilience piece comes in because it helps us to distribute knowledge. It helps us to identify who is relevant and useful and how do they partner and collaborate with other people, and their knowledge and skill sets to be able to manage some of the outages that they face? VICTORIA: That's wonderful because one of my follow-up questions would be, as a CEO, as a founder, what kind of insights or choices do you get to make now that you have this insight to help make your team more resilient? [laughs] LAURA: So if this is a manager, or a founder, or a CEO that is looking at their data in Jeli, they can start to understand how to resource their teams more appropriately, as I mentioned, how to spread that knowledge around. They can start to see what parts of their system are creating the most problems or what parts of their system do they have maybe less insight into how it works, how it interacts with other parts of the system, and what this actually means for their ability to meet their SLOs or their SLAs. So it gives you a more in-depth understanding of how your business is actually operating on both the technical side of things, as well as on the people side of things. VICTORIA: That makes a lot of sense. Thank you for that overview of the platform. There's the incident analysis platform, and you also have the bot, the response chatbot. Can you tell me a little bit more about that? LAURA: Yeah, absolutely. We think that incident management should be conducted wherever your work actually takes place, and so for most of our customers and a lot of folks that we know about in the industry, that's Slack. And so, if you are communicating in real-time with your team in Slack, we think that you should stay there. And so, we built this incident management bot that is free and will be free for the lifetime of the product. Because we think that this is really the fundamental basis for helping you manage your incidents more efficiently and more effectively. So it's a pretty lightweight bot. It gives kind of some guardrails or some guidance around collaboration by spinning up a new incident channel, helping you to bring the right kinds of responders into that, helping you to communicate to interested stakeholders by broadcasting to channels they might be in. It kind of nudges you to think about how to communicate about what's happening during different stages of the event progression. And so it's prompting you in a very lightweight way; hey, do you have a status update? Do you have a summary of what the current thinking is? What are the hypotheses about what's going on? Who's conducting what kinds of activities right now? So that if I'm a responder that's coming into the event after 20-30 minutes after it started, I can very quickly come up to speed, understand what's going on, who's doing what, and figure out what's useful for me to do to help step in and not disrupt the incident management that's underway right now. Our users can choose to use the bot independently of the incident analysis platform. But of course, being able to ingest that incident into Jeli it helps you understand who's been involved in the incident, if they've been involved in similar incidents in the past, and helps them start to see some patterns and some themes that emerge over time when you start to look at incidents across the organization. VICTORIA: That makes sense. And I love that it's free and that there's something for every type of organization to take advantage of there. And I wonder if at Jeli you have data about what type of customer is it who'd be targeted or really ideal to take on this kind of platform. LAURA: So most organizations...I was actually recently at SREcon EMEA, and there was a really interesting series of talks; one was SRE for Enterprise, and the next talk was SRE for Startups. And so it was a very thought-provoking discussion around is SRE for everyone, so site reliability engineering? Even smaller teams are starting to have to be responsible for reliability and responsible for running their service. And so we kind of have built our platform thinking about how do we help not just big enterprises or organizations that may have dedicated teams for this but also small startups to learn from their incidents. So internally, we actually call incidents opportunities as in they are learning opportunities for checking out how does your system actually work? How do your people work together? What things were difficult and challenging about the incident? And how do you talk about those things as a team to help create more resilient performance in future? So in terms of an ideal customer, it's really folks that are interested in conducting these sort of lightweight but in-depth looks at how their system actually works on both the people side of things and the technical side of things. Those who we found are most successful with our product are interested in not so much figuring out who did the thing and who can they blame for the incident itself but rather how do they learn from what happened? And would another engineer, or another product owner, another customer service representative, whoever the incident may be sort of focused around, would another person in their shoes have taken the same actions that they took or made the same decisions that they made? Which helps us understand from a systems level how do we repair or how do we adjust the system of work surrounding folks so that they are better supported when they're faced with uncertainty, or with that kind of time pressure, or that ambiguity about what's actually going on? VICTORIA: And I love that you said that because part of the reason [laughs] I invited you on to the podcast is that a lot of companies I have experience with don't think about incidents until it happens to them, and then it can be a scramble. It can impact their customer base. It can stress their team out. But if you go about creating...the term obviously you all use is psychological safety on your team, and maybe you use some of the free tools from Jeli like the Post-Incident Guide and the Incident Analysis 101 blog to set your team up for success from the beginning, then you can increase your customer loyalty and your team loyalty as well to the company. Is that your experience? LAURA: Yeah, absolutely. So one thing that I have learned throughout my career, you know, starting way back in forestry and looking at safety and risk in that domain, was as soon as there is an accident or even a serious near miss, right away, everybody gets sweaty palms. Everybody is concerned about, uh-oh, am I going to get blamed for this? Am I going to get fired? Am I going to get publicly shamed for the decisions that I made when I was in this situation? And what that response, that reaction does is it drives a lot of the communication and a lot of the understanding of the conditions that that person was in. It drives that underground. And it's important to allow people to talk about here's what I was seeing, here's what I was experiencing because, in these kinds of complex systems, information is not readily available to people. The signals are not always coming through loud and clear about what's going on or about what the appropriate actions to take are. Instead, it's messy; it's loud, it's noisy. There are usually multiple different demands on that person's attention and on their time, and they're often managing trade-offs: do I keep the system down so that I can gather more information about what's actually going on, or do I just try and bring it up as quickly as I can so that there's less impact to users? Those kinds of decisions are having to be made under pressure. So when we create these conditions of psychological safety, when we say you know what? This happened. We want to learn from it. We've already made this investment. Richard Cook mentioned in the very first SNAFU Catchers Report, which was a report that came out of Ohio State, that incidents are unplanned investments into understanding how your system works. And so you've already had the incident. You've already paid the price of that downtime or of that outage. So you might as well extract some learning from it so that you can help create a safer and more resilient system in the future. So by helping people to reconstruct what was actually happening in real-time, not what they were retrospectively saying, "Oh, I should have done this," well, you didn't do that. So let's understand why you thought at that moment in time that was the right way to respond because, more than likely, other people in that same position would have made that same choice. And so it helps us to think more broadly about ways that we can support decision-making and sense-making under conditions of stress and uncertainty. And ultimately, that helps your system be more resilient and be more reliable for your customers. VICTORIA: What a great reframing: unplanned investment. [laughs] And if you don't learn from it, then you're going to lose out on what you've already invested that time in resolving it, right? LAURA: Absolutely. MID-ROLL AD: Are you an entrepreneur or start-up founder looking to gain confidence in the way forward for your idea? At thoughtbot, we know you're tight on time and investment, which is why we've created targeted 1-hour remote workshops to help you develop a concrete plan for your product's next steps. Over four interactive sessions, we work with you on research, product design sprint, critical path, and presentation prep so that you and your team are better equipped with the skills and knowledge for success. Find out how we can help you move the needle at: tbot.io/entrepreneurs. VICTORIA: Getting more into that psychological safety and how to create that culture where people feel safe telling about what really happened, but how does that relate to...Jeli says that they are a people software. [laughs] Talk to me more about that. Like, what advice do you give founders and CEOs on how to create that psychological safety which makes them be more resilient in these types of incidents? LAURA: So you mentioned the Howie Guide that we published last year, and this is our guidance around how to do incident analysis, how to help your team start to learn from their incidents, and Howie stands for how we got here. And that's really important, that language because what it says is there's a history that led up to this incident. And most teams, when they've had an outage, they'll kind of look backwards from that outage, maybe an hour, maybe a day, maybe to the last deploy. But they don't think about how the decisions got made to use that piece of software in the first place. They don't think about how did engineers actually get on-boarded to being on-call. They don't necessarily think about what kinds of skills, and knowledge, and expertise when we're hiring a DevOps engineer, and I'm using air quotes here or an SRE. What kinds of skills and knowledge do they actually have? Those are very broad terms. And what it means to be a DevOps engineer or an SRE is quite underspecified. And so the knowledge behind the folks that you might hire into the company is going to necessarily be very diverse. It's going to be partial and incomplete in many ways because not everyone can know everything about the system. And so, we need to have multiple diverse perspectives about how the system works, how our customers use that system, what kinds of pressures and constraints exist within our company that allow us some possibilities over others. We need to bring all of those perspectives together to get a more reflective picture of what was actually happening before this incident took place and how we actually got here. This reframing helps a lot of people disarm that initial defensiveness response or that initial, oh, shoot; I'm going to get in trouble for this kind of response. And it says to them, "Hey, you're a part of this bigger system of work. You are only one piece of this puzzle. And what we want to try and do is understand what was happening within the company, not just what you did, what you said, and what you decided." So once people realize that you're not just trying to find fault or place blame, but you're really trying to understand their work, and you're trying to understand their work with other teams and other vendors, and trying to understand their work relative to the competing demands that were going on, so those are some of the things that help create psychological safety. About ten years ago, John Allspaw and the team at Etsy put out The Etsy Debriefing Facilitation Guide, which also poses a number of questions and helps to frame the post-incident learnings in a way that moves it from the individual and looks more collectively at the company as a whole. And so these things are helpful for founders or for CEOs to help bring forward more information about what's really going on, more information about what are the real risks and threats and opportunities within the company, and gives you an opportunity to step back and do what we call microlearning, which is sharing knowledge about how the system works, sharing understandings of what people think is going on, and what people know about the system. We don't typically talk about those things unless there's a reason to, and incidents kind of give us that reason because they're uncomfortable and they can be painful. They can be very public. They can be very disruptive to what we think about how resilient and reliable we actually are. And so if you can kind of step away from this defensiveness and step away from this need to place blame and instead try and understand the conditions, you will get a lot more learning and a lot more resilience and reliability out of your teams and out of your systems. VICTORIA: That makes sense to me. And I'd like to draw a connection between that and some other things you mentioned with The 2022 Accelerate State of DevOps Report that highlights that the people who are often responding to those incidents or in that high-stress situation tend to be historically underrepresented or historically excluded groups. And so do you see that having this insight into both who is actually taking on a lot of the work when these incidents happen and creating that psychological safety can make a better environment for diversity, equity, inclusion at a company as well? LAURA: Well, I think anytime you work to establish trust and transparency, and you focus on recognizing the skills that people do have, the knowledge that they do have, and not over assuming that someone knows something or that they have been involved in the discussions that may have been relevant to an incident, anytime you focus on that trust and transparency you are really signaling to people within your organization that you value their contributions and that you recognize that they've come to work and trying to do a good job. But they have multiple competing demands on their attention and on their time. And so we're not making assumptions about people being complacent, or people being reckless or being sloppy in their work. So that creates an environment where people feel more willing to speak up and to talk about some of the challenges that they might face, to talk about the ways in which it's not clear to them how certain parts of the system work or how certain teams actually operate. So you're just opening the channels for communication, which helps to share more knowledge. It helps to share more information about what teams are doing at different points in time. And this helps people to preemptively anticipate how a change that they might be making in their part of the system could be influencing up or downstream teams. And so this helps create more resilience because now you're thinking laterally about your system and about your involvement across teams and across boundary lines. And an example of this is if a marketing team...this is a story that Nora tells quite a bit; if a marketing team is, say, launching a Super Bowl commercial for their company but they don't actually tell the engineers on-call that that is about to happen, you can create all sorts of breakdowns when all of a sudden you have this surge of traffic to your website because people see the Super Bowl commercial and they want to go to the site. And then you have a single person who's trying to respond to that in real-time. So, instead, when you do start thinking about that trust and transparency, you're helping teams to help each other and to think more broadly about how their work is actually impacting other parts of the system. So from a diversity and inclusion and underrepresented groups perspective, this is creating the conditions for more people to be involved, more people to feel like their voice is going to be heard, and that their perspective actually matters. VICTORIA: That sounds really powerful, and I'm glad we were able to touch on that. Shifting gears a little bit, I wanted to talk about two different questions; so one is if you could travel back in time to when Jeli first started, what advice would you give yourself, your past self? LAURA: I would encourage myself to recognize that our ability to experiment is fundamental to our ability to learn. And learning is what helps us to iterate faster. Learning is what helps us to reflect on the tool that we're building or the feature that we're building and what this actually means to our users. I actually copped that advice to myself from CEO Zoran Perkov of the Long-Term Stock Exchange. They launched a whole new stock market during the pandemic with a fully remote team. And I had interviewed him for an article that I wrote about resilient leadership. And he said to me, like, "My job as a CEO is 100% about protecting our ability to experiment as a company because if we stop learning, we're not going to be able to iterate. We're not going to be able to adapt to the changes that we see in the market and in our users." So I think I would tell myself to continually experiment. One of the things that I talk to our customers about a lot because many of them are implementing new incident management programs or they're trying to level up their engineering teams around incident analysis, and I would say, "This doesn't have to be a fully-fleshed out program where you know all of the ways in which this is going to unfold." It's really about trying experiments, conduct some training, start small. Do one incident analysis on a really particularly spicy incident that you may have had or a really challenging incident where a lot of people were surprised by what happened. Bring together that group and say, "Hey, we're going to try something a little bit different here. We'll use some questions from the Howie Guide. We'll use the format and the structure from the Etsy Debriefing Guide. And we're just going to try and learn what we can about this event. We're not going to try and place blame. We're not going to try and generate corrective actions. We just want to see what we can learn from this." Then ask people that were involved, "How did this go? What did we learn from it? What should we do differently next time?" And continually iterate on those small, little experiments so that you can grow your product and grow your team's capacity. I think it took us a little bit of time to figure that out within the organization, but once we did, we were just able to collaborate more effectively work more effectively by integrating some of the feedback that we were getting from our users. And then the last piece of advice that I would give myself is to really invest in cross-discipline coordination and collaboration. Engineers, designers, researchers, CEOs they all have a different view of the product. They all have a different understanding of what the goals and priorities are. And those mental models of the product and of what the right thing to do is are constantly changing. And they all have different language that they use to talk about the product and to talk about their processes for integrating this understanding of the changing conditions and the changing user into the product. And so I would say invest in establishing common ground across the different disciplines within your team to be able to talk about what people are seeing, to be able to stop and identify when we're making assumptions about what other people know or what other people's orientation towards the problem or towards the product are. And spend a little bit of time saying, "When I say this is important, I'm saying it's important because of XYZ, not just this is important." So spending a little bit of time elaborating on what your mental model is and where you're drawing from can help the teams work more effectively together across those disciplines. VICTORIA: That's pretty powerful advice. You're iterating and experimenting at Jeli. What's on the horizon that you are...what new experiments are you excited about? LAURA: One of the things that has been front and center for us since we started is this idea of cross-incident analysis. And so we've kind of built out a number of different features within the product, being able to help tag the incident with the relevant services and technologies that were involved, being able to identify which teams were involved, and also being able to identify different kinds of themes or patterns that emerge from individual incidents. So all of this data that we can get from mostly just from the ingested incident itself or from the incident that you bring into Jeli but also from the analysis that you do on it this helps us start to be able to see across incidents what's happening not just with the technical side of things. So is it always Travis that is causing a problem? Are there components that work together that kind of have these really hidden and strange interdependencies that are really hard for the team to actually cope with? What kinds of themes are emerging across your suite of opportunities, your suite of incidents that you've ingested? Some of the things that we're starting to see from those experiments is an ability to look at where are your knowledge islands within your organization? Do you have an engineer who, if they were to leave, would take the majority of your systems knowledge about your database, or about your users, or about some critical aspect of your system that would disappear with all of that tacit knowledge? Or are there engineers that work really effectively together during really difficult incidents? And so you can start to unpack what are these characteristics of these people, and of these teams, and of these technologies that offer both opportunities or threats to your organization? So basically, what we're doing is we're helping you to see how your system performs under different kinds of conditions, which I think as a safety and risk professional working in a variety of different domains for the last 15 years, I think this is really where the rubber hits the road in helping teams be more reliable, and be more resilient, and more proactive about where investments in maintenance, or training, or headcount are going to have the biggest bang for your buck. VICTORIA: That makes a lot of sense. In my experience, sometimes those decisions are made more on intuition or on limited data so having a more full picture to rely on probably produces better results. [laughs] LAURA: Yeah, and I think that we all want to be data-driven, thinking about not only the quantitative data is how many incidents do we have around certain parts of the system, or certain teams, or certain services? But also, the qualitative side of things is what does this actually mean? And what does this mean to our ability to grow and change over time and to scale? The partnership of that quantitative data and qualitative data means we're being data-driven on a whole other level. VICTORIA: Wonderful. And it seems like we're getting close to the end of our time here. Is there anything else you want to give as a final takeaway to our listeners? LAURA: Yeah. So I think that we are, you know, as a domain, as a field, software engineering is increasingly becoming responsible for not only critical infrastructure within society, but we have a responsibility to our users and to each other within our companies to help make work better, help make our services more reliable and more resilient over time. And there's a variety of lessons that we can learn from other domains. As I mentioned before, aviation, healthcare, nuclear power all of those kinds of domains have been thinking about supporting cognitive work and supporting frontline operators. And we can learn from this history and this literature that exists out there. There is a GitHub repo that Lorin Hochstein has curated with a number of other folks with the industry that points to some of these resources. And as well, we'll be hosting the first Learning From Incidents in Software Engineering Conference in Denver in February, February 15 and 16th. And one feature of this conference that I'm super excited about is affectionately called CasesConf. And it is going to be an opportunity for software engineers from a variety of organizations to tell real stories about incidents that they had, how they handled them, what was challenging, what went surprisingly well, and just what is actually going on within their organizations. And this is kind of a new thing for the software industry to be talking very publicly about failures and sharing the messy details of our incidents. This won't be a recorded part of the conference. It is going to be conducted under the Chatham House Rule, which is participants who are in the room while these stories are being told can share some of the stories but not any identifying details about the company or the engineers that were involved. And so this kind of real-world situations helps us to, as I talked about before, with that psychological safety, helps us to say this is the reality of operating complex systems. They're going to fail. We're going to have to learn from them. And the more that we can talk at an industry level about what's going on and about what kinds of things are creating problems or opportunities for each other, the more we're going to be able to lift the bar for the industry as a whole. So you can check out register.learningfromincidents.io for more information about the conference. And we can link Lorin's resilience engineering GitHub repo in the notes as well. VICTORIA: Wonderful. Well, I was looking for an excuse to come to Denver in February anyways. LAURA: We would love to have ya. VICTORIA: Thank you. And thank you so much for taking time to share with us today, Laura. You can subscribe to the show and find notes along with a complete transcript for this episode at giantrobots.fm. If you have questions or comments, email us at hosts@giantrobots.fm. And you can find me on Twitter @victori_ousg. This podcast is brought to you by thoughtbot and produced and edited by Mandy Moore. Thanks for listening. See you next time. ANNOUNCER: This podcast was brought to you by thoughtbot. thoughtbot is your expert design and development partner. Let's make your product and team a success. Special Guest: Laura Maguire.

ceo netflix learning talk super bowl startups mvp ceos shifting engineers researchers enterprise etsy ohio state slack ohio state university github devops howie maguire xyz mandy moore sre precepts lorin giant robots slas david woods ttd slos jeli richard cook devops report john allspaw laura yeah laura so

Holiday Replay Edition - Inside the Mind of a DevOps Novelist with Gene Kim

Cloud Security Podcast by Google

Play Episode Listen Later Dec 29, 2022 30:49

About GeneGene Kim is a multiple award-winning CTO, researcher and author, and has been studying high-performing technology organizations since 1999. He was founder and CTO of Tripwire for 13 years. He has written six books, including The Unicorn Project (2019), The Phoenix Project (2013), The DevOps Handbook (2016), the Shingo Publication Award winning Accelerate (2018), and The Visible Ops Handbook (2004-2006) series. Since 2014, he has been the founder and organizer of DevOps Enterprise Summit, studying the technology transformations of large, complex organizations.Links: The Phoenix Project: https://www.amazon.com/Phoenix-Project-DevOps-Helping-Business/dp/1942788290/ The Unicorn Project: https://www.amazon.com/Unicorn-Project-Developers-Disruption-Thriving/dp/B0812C82T9 The DevOps Enterprise Summit: https://events.itrevolution.com/ @RealGeneKim TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Cloud Economist Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: If you asked me to rank which cloud provider has the best developer experience, I'd be hard-pressed to choose a platform that isn't Google Cloud. Their developer experience is unparalleled and, in the early stages of building something great, that translates directly into velocity. Try it yourself with the Google for Startups Cloud Program over at cloud.google.com/startup. It'll give you up to $100k a year for each of the first two years in Google Cloud credits for companies that range from bootstrapped all the way on up to Series A. Go build something, and then tell me about it. My thanks to Google Cloud for sponsoring this ridiculous podcast.Corey: This episode is brought to us by our friends at Pinecone. They believe that all anyone really wants is to be understood, and that includes your users. AI models combined with the Pinecone vector database let your applications understand and act on what your users want… without making them spell it out. Make your search application find results by meaning instead of just keywords, your personalization system make picks based on relevance instead of just tags, and your security applications match threats by resemblance instead of just regular expressions. Pinecone provides the cloud infrastructure that makes this easy, fast, and scalable. Thanks to my friends at Pinecone for sponsoring this episode. Visit Pinecone.io to understand more.Corey Quinn: Welcome to Screaming in the Cloud. I'm Corey Quinn. I'm joined this week by a man who needs no introduction but gets one anyway. Gene Kim, most famously known for writing The Phoenix Project, but now the Wall Street Journal best-selling author of The Unicorn Project, six years later. Gene, welcome to the show.Gene Kim: Corey so great to be on. I was just mentioning before how delightful it is to be on the other side of the podcast. And it's so much smaller in here than I had thought it would be.Corey Quinn: Excellent. It's always nice to wind up finally meeting people whose work was seminal and foundational. Once upon a time, when I was a young, angry Unix systems administrator—because it's not like there's a second type of Unix administrator—[laughing] The Phoenix Project was one of those texts that was transformational, as far as changing the way I tended to view a lot of what I was working on and gave a glimpse into what could have been a realistic outcome for the world, or the company I was at, but somehow was simultaneously uplifting and incredibly depressing all at the same time. Now, The Unicorn Project does that exact same thing only aimed at developers instead of traditional crusty ops folks.Gene Kim: [laughing] Yeah, yeah. Very much so. Yeah, The Phoenix Project was very much aimed at ops leadership. So, Bill Palmer, the protagonist of that book was the VP of Operations at Parts Unlimited, and the protagonist in The Unicorn Project is Maxine Chambers, Senior Architect, and Developer, and I love the fact that it's told in the same timeline as The Phoenix Project, and in the first scene, she is unfairly blamed for causing the payroll outage and is exiled to The Phoenix Project, where she recoils in existential horror and then finds that she can't do anything herself. She can't do a build, she can't run her own tests. She can't, God forbid, do her own deploys. And I just love the opening third of the book where it really does paint that tundra that many developers find themselves in where they're just caught in decades of built-up technical debt, unable to do even the simplest things independently, let alone be able to independently develop tests or create value for customers. So, it was fun, very much fun, to revisit the Parts Unlimited universe.Corey Quinn: What I found that was fun about—there are few things in there I want to unpack. The first is that it really was the, shall we say, retelling of the same story in, quote/unquote, “the same timeframe”, but these books were written six years apart.Gene Kim: Yeah, and by the way, I want to first acknowledge all the help that you gave me during the editing process. Some of your comments are just so spot on with exactly the feedback I needed at the time and led to the most significant lift to jam a whole bunch of changes in it right before it got turned over to production. Yeah, so The Phoenix Project is told, quote, “in the present day,” and in the same way, The Unicorn Project is also told—takes place in the present day. In fact, they even start, plus or minus, on the same day. And there is a little bit of suspension of disbelief needed, just because there are certain things that are in the common vernacular, very much in zeitgeist now, that weren't six years ago, like “digital disruption”, even things like Uber and Lyft that feature prominently in the book that were just never mentioned in The Phoenix Project, but yeah, I think it was the story very much told in the same vein as like Ender's Shadow, where it takes place in the same timeline, but from a different perspective.Corey Quinn: So, something else that—again, I understand it's an allegory, and trying to tell an allegorical story while also working it into the form of a fictional work is incredibly complicated. That's something that I don't think people can really appreciate until they've tried to do something like it. But I still found myself, at various times, reading through the book and wondering, asking myself questions that, I guess, say more about me than they do about anyone else. But it's, “Wow, she's at a company that is pretty much scapegoating her and blaming her for all of us. Why isn't she quitting? Why isn't she screaming at people? Why isn't she punching the boss right in their stupid, condescending face and storming out of the office?” And I'm wondering how much of that is my own challenges as far as how life goes, as well as how much of it is just there for, I guess, narrative devices. It needed to wind up being someone who would not storm out when push came to shove.Gene Kim: But yeah, I think she actually does the last of the third thing that you mentioned where she does slam the sheet of paper down and say, “Man, you said the outage is caused by a technical failure and a human error, and now you're telling me I'm the human error?” And just cannot believe that she's been put in that position. Yeah, so thanks to your feedback and the others, she actually does shop her resume around. And starts putting out feelers, because this is no longer feeling like the great place to work that attracted her, eight years prior. The reality is for most people, is that it's sometimes difficult to get a new job overnight, even if you want to. But I think that Maxine stays because she believes in the mission. She takes a great deal of pride of what she's created over the years, and I think like most great brands, they do create a sense of mission and there's a deep sense of the customers they serve. And, there's something very satisfying about the work to her. And yeah, I think she is very much, for a couple of weeks, very much always thinking about, she won't be here for long, one way or another, but by the time she stumbles into the rebellion, the crazy group of misfits, the ragtag bunch of misfits, who are trying to find better ways of working and willing to break whatever rules it takes to take over the very ancient powerful order, she falls in love with a group. She found a group of kindred spirits who very much, like her, believe that developer productivity is one of the most important things that we can do as an organization. So, by the time that she looks up with that group, I mean, I think she's all thoughts of leaving are gone.Corey Quinn: Right. And the idea of, if you stick around, you can theoretically change things for the better is extraordinarily compelling. The challenge I've seen is that as I navigate the world, I've met a number of very gifted employees who, frankly wind up demonstrating that same level of loyalty and same kind of loyalty to companies that are absolutely not worthy of them. So my question has always been, when do I stick around versus when do I leave? I'm very far on the bailout as early as humanly possible side of that spectrum. It's why I'm a great consultant but an absolutely terrible employee.Gene Kim: [laughing] Well, so we were honored to have you at the DevOps Enterprise Summit. And you've probably seen that The Unicorn Project book is really dedicated to the achievements of the DevOps Enterprise community. It's certainly inspired by and dedicated to their efforts. And I think what was so inspirational to me were all these courageous leaders who are—they know what the mission is. I mean, they viscerally understand what the mission is and understand that the ways of working aren't working so well and are doing whatever they can to create better ways of working that are safer, faster, and happier. And I think what is so magnificent about so many of their journeys is that their organization in response says, “Thank you. That's amazing. Can we put you in a position of even more authority that will allow you to even make a more material, more impactful contribution to the organization?” And so it's been my observation, having run the conference for, now, six years, going on seven years is that this is a population that is being out promoted—has been promoted at a rate far higher than the population at large. And so for me, that's just an incredible story of grit and determination. And so yeah, where does grit and determination becomes sort of blind loyalty? That's ultimately self-punishing? That's a deep question that I've never really studied. But I certainly do understand that there is a time when no amount of perseverance and grit will get from here to there, and that's a fact.Corey Quinn: I think that it's a really interesting narrative, just to see it, how it tends to evolve, but also, I guess, for lack of a better term, and please don't hold this against me, it seems in many ways to speak to a very academic perspective, and I don't mean that as an insult. Now, the real interesting question is why I would think, well—why would accusing someone of being academic ever be considered as an insult, but my academic career was fascinating. It feels like it aligns very well with The Five Ideals, which is something that you have been talking about significantly for a long time. And in an academic setting that seems to make sense, but I don't see it thought of or spoken of in the same way on the ground. So first, can you start off by giving us an intro to what The Five Ideals are, and I guess maybe disambiguate the theory from the practice?Gene Kim: Oh for sure, yeah. So The Five Ideals are— oh, let's go back one step. So The Phoenix Project had The Three Ways, which were the principles for which you can derive all the observed DevOps practices from and The Four Types of Work. And so in The Five Ideals I used the concept of The Five Ideals and they are—the first—Corey Quinn: And the next version of The Nine whatever you call them at that point, I'm sure. It's a geometric progression.Gene Kim: Right or actually, isn't it the pri—oh, no. four isn't, four isn't prime. Yeah, yeah, I don't know. So, The Five Ideals is a nice small number and it was just really meant to verbalize things that I thought were very important, things I just gravitate towards. One is Locality and Simplicity. And briefly, that's just, to what degree can teams do what they need to do independently without having to coordinate, communicate, prioritize, sequence, marshal, deconflict, with scores of other teams. The Second Ideal is what I think the outcomes are when you have that, which is Focus, Flow and Joy. And so, Dr. Mihaly Csikszentmihalyi, he describes flow as a state when we are so engrossed in the work we love that we lose track of time and even sense of self. And that's been very much my experience, coding ever since I learned Clojure, this functional programming language. Third Ideal is Improvement of Daily Work, which shows up in The Phoenix Project to say that improvement daily work is even more important than daily work itself. Fourth Ideal is Psychological Safety, which shows up in the State of DevOps Report, but showed up prominently in Google's Project Oxygen, and even in the Toyota production process where clearly it has to be—in order for someone to pull the andon cord that potentially stops the assembly line, you have to have an environment where it's psychologically safe to do so. And then Fifth Ideal is Customer Focus, really focus on core competencies that create enduring, durable business value that customers are willing to pay for, versus context, which is everything else. And yeah, to answer your question, Where did it come from? Why do I think it is important? Why do I focus on that? For me, it's really coming from the State of DevOps Report, that I did with Dr. Nicole Forsgren and Jez Humble. And so, beyond all the numbers and the metrics and the technical practices and the architectural practices and the cultural norms, for me, what that really tells the story of is of The Five Ideals, as to what one of them is very much a need for architecture that allows teams to work independently, having a higher predictor of even, continuous delivery. I love that. And that from the individual perspective, the ideal being, that allows us to focus on the work we want to do to help achieve the mission with a sense of flow and joy. And then really elevating the notion that greatness isn't free, we need to improve daily work, we have to make it psychologically safe to talk about problems. And then the last one really being, can we really unflinchingly look at the work we do on an everyday basis and ask, what the customers care about it? And if customers don't care about it, can we question whether that work really should be done or not. So that's where for me, it's really meant to speak to some more visceral emotions that were concretized and validated through the State of DevOps Report. But these notions I am just very attracted to.Corey Quinn: I like the idea of it. The question, of course, is always how to put these into daily practice. How do you take these from an idealized—well, let's not call it a textbook, but something very similar to that—and apply it to the I guess, uncontrolled chaos that is the day-to-day life of an awful lot of people in their daily jobs.Gene Kim: Yeah. Right. So, the protagonist is Maxine and her role in the story, in the beginning, is just to recognize what not great looks like. She's lived and created greatness for all of her career. And then she gets exiled to this terrible Phoenix project that chews up developers and spits them out and they leave these husks of people they used to be. And so, she's not doing a lot of problem-solving. Instead, it's this recoiling from the inability for people to do builds or do their own tests or be able to do work without having to open up 20 different tickets or not being able to do their own deploys. She just recoil from this spending five days watching people do code merges, and for me, I'm hoping that what this will do, and after people read the book, will see this all around them, hopefully, will have a similar kind of recoiling reaction where they say, “Oh my gosh, this is terrible. I should feel as bad about this as Maxine does, and then maybe even find my fellow rebels and see if we can create a pocket of greatness that can become like the sublimation event in Dr. Thomas Kuhn's book, The Structure of Scientific Revolutions.” Create that kernel of greatness, of which then greatness then finds itself surrounded by even more greatness.Corey Quinn: What I always found to be fascinating about your work is how you wind up tying so many different concepts together in ways you wouldn't necessarily expect. For example, when I was reviewing one of your manuscripts before this went to print, you did reject one of my suggestions, which was just, retitle the entire thing. Instead of calling it The Unicorn Project. Instead, call it Gene Kim's Love Letter to Functional Programming. So what is up with that?Gene Kim: Yeah, to put that into context, for 25 years or more, I've self-identified as an ops person. The Phoenix Project was really an ops book. And that was despite getting my graduate degree in compiler design and high-speed networking in 1995. And the reason why I gravitated towards ops, because that was my observation, that that's where the saves were made. It was ops who saved the customer from horrendous, terrible developers who just kept on putting things into production that would then blow up and take everyone with it. It was ops protecting us from the bad adversaries who were trying to steal data because security people were so ineffective. But four years ago, I learned a functional programming language called Clojure and, without a doubt, it reintroduced the joy of coding back into my life and now, in a good month, I spend half the time—in the ideal—writing, half the time hanging out with the best in the game, of which I would consider this to be a part of, and then 20% of time coding. And I find for the first time in my career, in over 30 years of coding, I can write something for years on end, without it collapsing in on itself, like a house of cards. And that is an amazing feeling, to say that maybe it wasn't my inability, or my lack of experience, or my lack of sensibilities, but maybe it was just that I was sort of using the wrong tool to think with. That comes from the French philosopher Claude Lévi-Strauss. He said of certain things, “Is it a good tool to think with?” And I just find functional programming is such a better tool to think with, that notions like composability, like immutability, what I find so exciting is that these things aren't just for programming languages. And some other programming languages that follow the same vein are, OCaml, Lisp, ML, Elixir, Haskell. These all languages that are sort of popularizing functional programming, but what I find so exciting is that we see it in infrastructure and operations, too. So Docker is fundamentally immutable. So if you want to change a container, we have to make a new one. Kubernetes composes these containers together at the level of system of systems. Kafka is amazing because it usually reveals the desire to have this immutable data model where you can't change the past. Version control is immutable. So, I think it's no surprise that as our systems get more and more complex and distributed, we're relying on things like immutability, just to make it so that we can reason about them. So, it is something I love addressing in the book, and it's something I decided to double down on after you mentioned it. I'm just saying, all kidding aside is this a book for—Corey Quinn: Oh good, I got to make it worse. Always excited when that happens.Gene Kim: Yeah, I mean, your suggestion really brought to the forefront a very critical decision, which was, is this a book for technology leaders, or even business leaders, or is this a book developers? And, after a lot of soul searching, I decided no, this is a book for developers, because I think the sensibilities that we need to instill and the awareness we need to create these things around are the developers and then you just hope and pray that the book will be good enough that if enough engineers like it, then engineering leaders will like it. And if enough engineering leaders like it, then maybe some business leaders will read it as well. So that's something I'm eagerly seeing what will happen as the weeks, months, and years go by. Corey Quinn: This episode is sponsored in part by DataStax. The NoSQL event of the year is DataStax Accelerate in San Diego this May from the 11th through the 13th. I've given a talk previously called the myth of multi-cloud, and it's time for me to revisit that with... A sequel! Which is funny given that it's a NoSQL conference, but there you have it. To learn more, visit datastax.com that's D-A-T-A-S-T-A-X.com and I hope to see you in San Diego. This May.Corey Quinn: One thing that I always admired about your writing is that you can start off trying to make a point about one particular aspect of things. And along the way you tie in so many different things, and the functional programming is just one aspect of this. At some point, by the end of it, I half expected you to just pick a fight over vi versus Emacs, just for the sheer joy you get in effectively drawing interesting and, I guess, shall we say, the right level of conflict into it, where it seems very clear that what you're talking about is something thing that has the potential to be transformative and by throwing things like that in you're, on some level, roping people in who otherwise wouldn't weigh in at all. But it's really neat to watch once you have people's attention, just almost in spite of what they want, you teach them something. I don't know if that's a fair accusation or not, but it's very much I'm left with the sense that what you're doing has definite impact and reverberations throughout larger industries.Gene Kim: Yeah, I hope so. In fact, just to reveal this kind of insecurity is, there's an author I've read a lot of and she actually read this blog post that she wrote about the worst novel to write, and she called it The Yeomans Tour of the Starship Enterprise. And she says, “The book begins like this: it's a Yeoman on the Starship Enterprise, and all he does is admire the dilithium crystals, and the phaser, and talk about the specifications of the engine room.” And I sometimes worry that that's what I've done in The Unicorn Project, but hopefully—I did want to have that technical detail there and share some things that I love about technology and the things I hate about technology, like YAML files, and integrate that into the narrative because I think it is important. And I would like to think that people reading it appreciate things like our mutual distaste of YAML files, that we've all struggled trying to escape spaces and file names inside of make files. I mean, these are the things that are puzzles we have to solve, but they're so far removed from the business problem we're trying to solve that really, the purpose of that was trying to show the mistake of solving puzzles in our daily work instead of solving real problems.Corey Quinn: One thing that I found was really a one-two punch, for me at least, was first I read and give feedback on the book and then relatively quickly thereafter, I found myself at my first DevOps Enterprise Summit, and I feel like on some level, I may have been misinterpreted when I was doing my live-tweeting/shitposting-with-style during a lot of the opening keynotes, and the rest, where I was focusing on how different of a conference it was. Unlike a typical DevOps Days or big cloud event, it wasn't a whole bunch of relatively recent software startups. There were serious institutions coming out to have conversations. We're talking USAA, we're talking to US Air Force, we're talking large banks, we're talking companies that have a 200-year history, where you don't get to just throw everything away and start over. These are companies that by and large, have, in many ways, felt excluded to some extent, from the modern discussions of, well, we're going to write some stuff late at night, and by the following morning, it's in production. You don't get to do that when you're a 200-year-old insurance company. And I feel like that was on some level interpreted as me making fun of startups for quote/unquote, “not being serious,” which was never my intention. It's just this was a different conversation series for a different audience who has vastly different constraints. And I found it incredibly compelling and I intend to go back.Gene Kim: Well, that's wonderful. And, in fact, we have plans for you, Mr. Quinn.Corey Quinn: Uh-oh.Gene Kim: Yeah. I think when I say I admire the DevOps Enterprise community. I mean that I'm just so many different dimensions. The fact that these, leaders and—it's not leaders just in terms of seniority on the organization chart—these are people who are leading technology efforts to survive and win in the marketplace. In organizations that have been around sometimes for centuries, Barclays Bank was founded in the year 1634. That predates the invention of paper cash. HMRC, the UK version of the IRS was founded in the year 1200. And, so there's probably no code that goes that far back, but there's certainly values and—Corey Quinn: Well, you'd like to hope not. Gene Kim: Yeah, right. You never know. But there are certainly values and traditions and maybe even processes that go back centuries. And so that's what's helped these organizations be successful. And here are a next generation of leaders, trying to make sure that these organizations see another century of greatness. So I think that's, in my mind, deeply admirable.Corey Quinn: Very much so. And my only concern was, I was just hoping that people didn't misinterpret my snark and sarcasm as aimed at, “Oh, look at these crappy—these companies are real companies and all those crappy SAS companies are just flashes in the pan.” No, I don't believe that members of the Fortune 500 are flash in the pan companies, with a couple notable exceptions who I will not name now, because I might want some of them on this podcast someday. The concern that I have is that everyone's work is valuable. Everyone's work is important. And what I'm seeing historically, and something that you've nailed, is a certain lack of stories that apply to some of those organizations that are, for lack of a better term, ossified into their current process model, where they there's no clear path for them to break into, quote/unquote, “doing the DevOps.”Gene Kim: Yeah. And the business frame and the imperative for it is incredible. Tesla is now offering auto insurance bundled into the car. Banks are now having to compete with Apple. I mean, it is just breathtaking to see how competitive the marketplaces and the need to understand the customer and deliver value to them quickly and to be able to experiment and innovate and out-innovate the competition. I don't think there's any business leader on the planet who doesn't understand that software is eating the world and they have to that any level of investment they do involves software at some level. And so the question is, for them, is how do they get educated enough to invest and manage and lead competently? So, to me it really is like the sleeping giant awakening. And it's my genuine belief is that the next 50 years, as much value as the tech giants have created: Facebook, Amazon, Netflix, Google, Microsoft, they've generated trillions of dollars of economic value. When we can get eighteen million developers, as productive as an engineer at a tech giant is, that will generate tens of trillions of dollars of economic value per year. And so, when you generate that much economic activity, all problems become solvable, you look at climate change, you take a look at the disparity between rich and poor. All things can be fixed when you significantly change the economic economy in this way. So, I'm extremely hopeful and I know that the need for things like DevOps are urgent and important.Corey Quinn: I guess that that's probably the best way of framing this. So you wrote one version that was aimed at operators back in 2013, this one was aimed at developers, and effectively retails and clarifies an awful lot of the same points. As a historical ops person, I didn't feel left behind by The Unicorn Project, despite not being its target market. So I guess the question on everyone's mind, are you planning on doing a third iteration, and if so, for what demographic?Gene Kim: Yeah, nothing at this point, but there is one thing that I'm interested in which is the role of business leaders. And Sarah is an interesting villain. One of my favorite pieces of feedback during the review process was, “I didn't think I could ever hate Sarah more. And yet, I did find her even to be more loathsome than before.” She's actually based on a real person, someone that I worked with.Corey Quinn: That's the best part, is these characters are relatable enough that everyone can map people they know onto various aspects of them, but can't ever disclose the entire list in public because that apparently has career consequences.Gene Kim: That's right. Yes, I will not say who the character is based on but there's, in the last scene of the book that went to print, Sarah has an interesting interaction with Maxine, where they meet for lunch. And, I think the line was, “And it wasn't what Maxine had thought, and she's actually looking forward to the next meeting.” I think that leaves room for it. So one of the things I want to do with some friends and colleagues is just understand, why does Sarah act the way she does? I think we've all worked with someone like her. And there are some that are genuinely bad actors, but I think a lot of them are doing something, based on genuine, real motives. And it would be fun, I thought, to do something with Elizabeth Henderson, who we decided to start having a conversation like, what does she read? What is her background? What is she good at? What does her resume look like? And what caused her to—who in technology treated her so badly that she treats technology so badly? And why does she behave the way she does? And so I think she reads a lot of strategy books. I think she is not a great people manager, I think she maybe has come from the mergers and acquisition route that viewed people as fungible. And yeah, I think she is definitely a creature of economics, was lured by an external investor, about how good it can be if you can extract value out of the company, squeeze every bit of—sweat every asset and sell the company for parts. So I would just love to have a better understanding of, when people say they work with someone like a Sarah, is there a commonality to that? And can we better understand Sarah so that we can both work with her and also, compete better against her, in our own organizations?Corey Quinn: I think that's probably a question best left for people to figure out on their own, in a circumstance where I can't possibly be blamed for it.Gene Kim: [laughing].That can be arranged, Mr. Quinn.Corey Quinn: All right. Well, if people want to learn more about your thoughts, ideas, feelings around these things, or of course to buy the book, where can they find you?Gene Kim: If you're interested in the ideas that are in The Unicorn Project, I would point you to all of the freely available videos on YouTube. Just Google DevOps Enterprise Summit and anything that's on the plenary stage are specifically chosen stories that very much informed The Unicorn Project. And the best way to reach me is probably on Twitter. I'm @RealGeneKim on Twitter, and feel free to just @ mention me, or DM me. Happy to be reached out in whatever way you can find me. Corey Quinn: You know where the hate mail goes then. Gene, thank you so much for taking the time to speak with me, I appreciate it.Gene Kim: And Corey, likewise, and again, thank you so much for your unflinching feedback on the book and I hope you see your fingerprints all over it and I'm just so delighted with the way it came out. So thanks to you, Corey. Corey Quinn: As soon as my signed copy shows up, you'll be the first to know.Gene Kim: Consider it done. Corey Quinn: Excellent, excellent. That's the trick, is to ask people for something in a scenario in which they cannot possibly say no. Gene Kim, multiple award-winning CTO, researcher, and author. Pick up his new book, The Wall Street Journal best-selling The Unicorn Project. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on Apple Podcasts. If you hated this podcast, please leave a five-star review on Apple Podcasts and leave a compelling comment.Announcer: This has been this week's episode of Screaming in the Cloud. You can also find more Corey at ScreamingintheCloud.com or wherever fine snark is sold.This has been a HumblePod production. Stay humble.

god amazon netflix google uk ai apple man work state french holiday microsoft focus dm san diego fortune uber shadow tesla wall street journal operations cloud banks structure developers cto irs simplicity toyota lyft love letters house of cards accelerate screaming ml aws us air force sas novelists three ways devops strauss kafka inside the mind google cloud psychological safety ender elixir kubernetes haskell unix four types mihaly csikszentmihalyi usaa hmrc scientific revolution nosql tripwire claude l lisp starship enterprise barclays bank yeoman thomas kuhn phoenix project functional programming gene kim clojure customer focus yaml locality emacs pinecone datastax daily work corey quinn senior architect devopsdays jez humble ocaml nicole forsgren devops report unicorn project phoenix project devops helping business bill palmer elizabeth henderson last week in aws humblepod

EP100 2022 Accelerate State of DevOps Report and Software Supply Chain Security

Play Episode Listen Later Dec 5, 2022 33:06

Guests: John Speed Meyers, Security Data Scientist, Chainguard Todd Kulesza, User Experience Researcher, Google Topics: How did you get involved with this year's Accelerate State of DevOps Report (DORA report)? So what is DORA and why did you decide to focus on supply chain security for the 2022 report? What are the big learnings from this year's report? What's the difference between SLSA and SSDF? Is one spicy and the other savory? How're companies adopting these and how is adoption going? Are there other areas that DevOps can be a contributor in the overall security landscape? How can CISOs rope DevOps fully into their security gang? Operationally, how should security and developers and DevOps come together to keep vulnerabilities out in the first place? How should security and developers and DevOps come together to respond quickly to vulnerabilities when they're discovered? How do security and developers and DevOps come together to prove to their auditors and customers that they're doing a good job of the above? Resources: 2022 Accelerate State of DevOps Report "New insights for defending the software supply chain" blog (and new report) SLSA.dev site Secure Software Development Framework at NIST “Linking Up The Pieces: Software Supply Chain Security at Google and Beyond” (ep24) “Sharing The Mic In Cyber with STMIC Hosts Lauren and Christina: Representation, Psychological Safety, Security” (ep92) Go vulncheck tool “Reflections on Trusting Trust” paper (1984)

google reflections security software supply chains accelerate devops psychological safety cisos supply chain security operationally software supply chain security devops report user experience researcher trusting trust

2022 State of DevOps Report with Nathen Harvey

accelerate pos nasze devops report

Play Episode Listen Later Nov 22, 2022 43:20

Nathen Harvey needs little introduction in DevOps community. He is Developer Advocate at Google, co-author of State of DevOps Report and co-author of a great book called “97 Things Every Cloud Engineer Should Know”. We talked about insights and surprises from this year's State of DevOps Report. And Nathen shared his view on recent hot takes that “DevOps is dead”

google state devops developer advocate nathen devops report dave farley nathen harvey

2022 Accelerate State of DevOps Report

Patoarchitekci

Play Episode Listen Later Oct 21, 2022 30:59

2022 Accelerate State of DevOps Report – Patoarchitekci sprawdzają, w jaką stronę może się zmienić raport, który rok temu był czysto techniczny. Posłuchaj i dowiedz się, jaki jest teraz.Nasze sociale i linki -> https://linktr.ee/patoarchitekciMateriały do odcinka znajdziesz na: https://patoarchitekci.io/47

The Best Developer Conference, Platform Engineering, FinOps

Cloud Native in 15 Minutes

Play Episode Listen Later Oct 11, 2022 39:20

This week we give a little previous of what will be at the SpringOne conference, then cover some recent conferences. We then discuss the sudden emergence of "platform engineering" as a thing, and finish out by discussing what the kids are calling "FinOps," getting a handle on how much you're spending on cloud stuff. As always, with your pals @egrigson, @benbravo73, & @cote. Check out the livestream video if you like that kind of thing. Show Notes SpringOne Dec 6th and 8th. Check out the workshops and sessions. Escaping the Legacy Trap - Coté's talk with Marc. You can get the legacy trap booklet when you register for the webinar we did on the topic - also, watch the recording! Use the code COTE200 to get $200 off registration. News Conferences: Hashiconf announcements - RedMonk round-up. eBPF summit sessions are now online (it was 28th/29th Sept). Kong Summit. Platform Engineering Corner: boy, that's a thing now! Charity Major's piece. There was a whole conference. Paula has a good updated overview. Istio has joined the CNCF as incubating. Google published their 2022 Accelerate State of DevOps Report with lots of focus on security and platform-think. Surveys: Sysdig Threat Report. Buoyant's Service Mesh survey results. Cloud costs corner - Wan cloud report, PDF. Ben's new video “Deploy Your Python Apps To Production In Seconds”

google cloud developers escaping wan buoyant cncf finops platform engineering istio ebpf developer conference redmonk devops report

The Best Developer Conference, Platform Engineering, FinOps

Cloud & Culture

Play Episode Listen Later Oct 11, 2022 39:20

google cloud developers escaping wan buoyant cncf finops platform engineering istio ebpf developer conference redmonk devops report

Episode 380: No Free Lunches or Haircuts

Kubernetes Podcast from Google

Play Episode Listen Later Oct 7, 2022 53:54

This week we discuss why Google abandons products, the 2022 State of DevOps Report and Elon's texts. Plus, some thoughts on glasses… Watch the YouTube Live Recording of Episode 380. (https://www.youtube.com/watch?v=4N8MwCBPgWY) Runner-up Titles Leave it all in Brighttalk Let's talk about it and I'll read it later Killed by Google Wins Again Tell that to the WeWork founder Buy somebody who's already on the Moon Anyone from software thinks they can do anything Lots of learnings. I hate DNS, but I've never seen a domain name I didn't buy. A good Brandon issue Rundown Google's Incentives Google is shutting down Stadia (https://www.theregister.com/2022/09/29/google_shuts_down_stadia/) Stadia shutdown shows Google's struggle to innovate (https://www.axios.com/newsletters/axios-login-555c72e1-380a-4a69-affe-e8260ae5734e.html?chunk=0&utm_term=emshare#story0) Google insiders explain why Google launches many products and then abandons them. (https://twitter.com/petergyang/status/1576985038511448064) 2022 State of DevOps Report (https://cloud.google.com/blog/products/devops-sre/dora-2022-accelerate-state-of-devops-report-now-out) Elon Musk's Texts Shatter the Myth of the Tech Genius (https://newsletters.theatlantic.com/galaxy-brain/email/1f916f2d-db1b-43a8-85c1-46a56ab97e19/) Relevant to your Interests GitLab beats expectations with impressive revenue growth, but its stock falls anyway (https://siliconangle.com/2022/09/06/gitlab-beats-expectations-impressive-revenue-growth-stock-falls-anyway/) Two Former eBay Executives Sentenced to Prison for Cyberstalking (https://www.justice.gov/usao-ma/pr/two-former-ebay-executives-sentenced-prison-cyberstalking) We're excited to announce that the transaction to combine Citrix and TIBCO (https://buff.ly/3fzCIBL) Can a Zebra Change Its Stripes? (https://www.newcomer.co/p/can-a-zebra-change-its-stripes) VR & AR headset designers should consider how their customers look like when wearing them (https://twitter.com/werner/status/1576625132675936256?s=46&t=setZxlR2Skv0eAetpRREYw) CEO Tim Cook says Apple avoids the word 'metaverse' (https://twitter.com/ballmatthew/status/1576732541435854848) DALL·E Now Available Without Waitlist (https://openai.com/blog/dall-e-now-available-without-waitlist) Introducing Make-A-Video: An AI system that generates videos from text (https://ai.facebook.com/blog/generative-ai-text-to-video/?utm_content=null) The Thorny Problem of Keeping the Internet's Time (https://www.newyorker.com/tech/annals-of-technology/the-thorny-problem-of-keeping-the-internets-time?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Postgres WASM by Snaplet and Supabase (https://twitter.com/supabase/status/1576943402687631365) Linux 6.0 arrives with support for newer chips, core fixes, and oddities (https://arstechnica.com/gadgets/2022/10/linux-6-0-arrives-with-support-for-newer-chips-core-fixes-and-oddities/) The Most Visited Website in Every Country (That Isn't A Search Engine) (https://www.hostinger.com/tutorials/the-most-visited-website-in-every-country) Bridgewater Founder Ray Dalio Hands Over Control of Firm (https://www.wsj.com/articles/bridgewater-founder-ray-dalio-hands-over-control-of-firm-11664902335) World's First Laptop with RISC-V Processor Now Available (https://www.tomshardware.com/news/risc-v-laptop-world-first) ‎CoRecursive: Coding Stories: Android's Unlikely Success on Apple Podcasts (https://podcasts.apple.com/gb/podcast/corecursive-coding-stories/id1330329512?i=1000581376850) Database 2x2 (https://twitter.com/jaminball/status/1577699834965786624?s=46&t=-tpbK02723C_6-I9GeLdGQ) Pat Gelsinger came back to turn Intel around (https://www.theverge.com/2022/10/4/23385652/pat-gelsinger-intel-chips-act-ohio-manufacturing-chip-shortage) State Of Developer Relations (https://www.stateofdeveloperrelations.com/) Red Hat Storage strategy update (https://www.redhat.com/en/blog/red-hat-storage-strategy-update) IBM Redefines Hybrid Cloud Application and Data Storage Adding Red Hat Storage to IBM Offerings (https://newsroom.ibm.com/2022-10-04-IBM-Redefines-Hybrid-Cloud-Application-and-Data-Storage-Adding-Red-Hat-Storage-to-IBM-Offerings) IBM + Red Hat: Doubling Down on Hybrid Cloud Storage (https://www.ibm.com/cloud/blog/announcements/ibm-red-hat-doubling-down-on-hybrid-cloud-storage) DevOps Is Dead. Embrace Platform Engineering (https://thenewstack.io/devops-is-dead-embrace-platform-engineering/) Nonsense Kim Kardashian pays over $1 million to settle SEC charges linked to a crypto promo on her Instagram (https://www.cnbc.com/2022/10/03/kim-kardashian-settles-sec-charges-instagram-crypto-promotion.html) Test drive new McLaren Formula 1 themes in your Chrome browser (https://blog.google/products/chrome/test-drive-new-mclaren-formula-1-themes-in-your-chrome-browser/) Tacos Are a Staple in Austin. How Is Inflation Impacting Taco Spots? (https://austin.eater.com/2022/9/30/23353698/inflation-austin-taco-restaurants-2022) Google Japan's latest version of it's new keyboard, G-Board (https://www.youtube.com/watch?v=9G3DWHf1xX0) "The Re-Org Rag (I'm My Own VP)" (https://twitter.com/forrestbrazeal/status/1577298602371809281?s=20&t=J0Sf49X9mn4QazmqXin3tQ) Conferences Sydney Cloud FinOps Meetup (https://events.finops.org/events/details/finops-sydney-cloud-finops-presents-sydney-cloud-finops-meetup/), online, Oct 13, 2022 Matt's presenting KubeCon North America (https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/), Detroit, Oct 24 – 28, 2022 SpringOne Platform (https://springone.io/?utm_source=cote&utm_medium=podcast&utm_content=sdt), SF, December 6–8, 2022 THAT Conference Texas Call For Counselors (https://that.us/call-for-counselors/tx/2023/) Jan 16-19, 2023 CloudNativeSecurityCon North America (https://events.linuxfoundation.org/cloudnativesecuritycon-north-america/), Seattle, Feb 1 – 2, 2023 Sponsors Teleport — The easiest, most secure way to access infrastructure. (https://goteleport.com/?utm_campaign=eg&utm_medium=partner&utm_source=sdt) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Get a SDT Sticker! Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), LinkedIn (https://www.linkedin.com/company/software-defined-talk/) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Use the code SDT to get $20 off Coté's book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: Why the Voice Inside Your Head Can Sound Like a Jerk (https://www.theringer.com/2022/9/20/23363052/voice-inside-head-sound-jerk-emotion-regulation-self-talk) ****(Podcast) The Chatter Toolbox (https://www.ethankross.com/wp-content/uploads/sites/14/2021/02/Chatter-Toolbox-by-Ethan-Kross.pdf) (PDF) Matt: Keyboard.io Model 100 (https://www.indiegogo.com/projects/the-keyboardio-model-100--4/) Coté: classic microplane (https://amzn.to/3Mkcu2o). Photo Credits Glasses Banner (https://unsplash.com/photos/qmnpqDwla_E)

Fresh Pivot, with Dan Stein

Play Episode Listen Later Oct 5, 2022 49:28

Dan Stein is an engineering manager at General Bioinformatics. Dan Stein is also DJ Fresh, a multi-million selling artist with two UK number one records. Learn about the surprising overlap between these two careers. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod and @craigbox Chatter of the week Trevor Noah stepping down as host of Daily Show Follow @craigbox to learn what’s next News of the week Google Cloud adds GPU support to Autopilot Pricing CVE-2021-36782 in Rancher State of DevOps Report for 2022 Congratulations to the 27 Summer LFX Program CNCF interns Reviewing the 2019 Kubernetes security audit Links from the interview DJ Fresh Atari 800 and Atari ST Pong Atari BASIC Commodore Amiga OctaMED Fatboy Slim and the Atari ST Dogs on Acid music forum Taylor Hawkins Tribute Concerts Abolishing the high tax rate in the UK, or not Breakbeat Kaos Hold Your Colour by Pendulum Kryptonite by DJ Fresh Gold Dust Subsequent hits: Louder Hot Right Now Kyma (sound design language) and Max/MSP We Got Coders General Bioinformatics NGS gene sequencing Ensembl Hasura GraphQL Playground NCBI - National Center for Biotechnology Information Max Martin How Music Works by John Powell Learning: Treehouse Udemy 3Blue1Brown Codeacademy DJ Fresh’s new single, Higher DJ Fresh on Facebook Dan Stein on Twitter

google uk fresh pivot acid gpu containers kubernetes community management cloud native dj fresh k8s istio dan stein devops report

2022 State of DevOps Survey with Nathen Harvey and Derek DeBellis

state adoption puppets accelerating devops kersten episode summaryin devops report glenn wilson

Play Episode Listen Later Oct 5, 2022 44:07

On the show this week, we're talking updated DevOps practices for 2022 with hosts Stephanie Wong and Chloe Condon and our guests Nathen Harvey and Derek DeBellis. Nathen and Derek start the show with a thorough discussion of DORA, the research program dedicated to helping organizations improve software delivery and operations, and the state of DevOps report that Google publishes every year. This year, the DevOps research team strengthened their focus on security and discovered that one of the biggest predictors in security practice adoption is company culture. Open, communicative, and trustful company cultures are some of the best for accepting and implementing optimized security practices. Derek tells us how company cultures are measured and scored for this purpose and Nathen talks about team and individual burnout and its affects on culture. Low, medium, high, and elite teams are another indicator of culture, and Nathen explains how teams earn their label through four keys of software delivery performance. Each year, they let the data show these four clusters of team performance. But this year there were only three, and Derek talks more about this phenomenon and why the elite cluster seems to have disappeared. When operational performance analysis was added, the four clusters reemerged and were renamed to better suit the new analysis metrics. Nathen details these four new clusters: starting, which performs neither well nor poorly and may be just starting out; flowing, teams that are performing well across throughput, stability, and operational performance; slowing teams, which don't have high throughput but excel in other areas; and retiring teams, which are reliable but not actively developing projects. We discuss how companies may shift from one cluster to another and how much context can affect this shift. We talk about key findings in the 2022 DevOps report, especially in the security space. Some of the most notable include the adoption of DevOps security practices and the decreased incidence of burnout on teams who leverage security practices. Nathen and Derek elaborate on how this year's research changed from last year and what remained the same. Nathen Harvey Nathen works with teams helping them learn about and apply the findings of our research into high performing teams. He's been involved in the DevOps community for more than a decade. Derek DeBellis Derek is a Quantitative User Experience Researcher at Google, where Derek focuses on survey research, logs analysis, and figuring out ways to measure concepts central to product development. Derek has published on Human-AI interaction, the impact of Covid-19's onset on smoking cessation, designing for NLP errors and the role of UX in ensuring privacy. Cool things of the week Try out Cloud Spanner databases at no cost with new free trial instances blog Chipotle Is Testing More Artificial Intelligence Solutions To Improve Operations article Gyfted uses Google Cloud AI/ML tools to match tech workers with the best jobs blog Interview 2022 Accelerate State of DevOps Report blog DevOps site 2022 State of the DevOps Report Report site DORA site DORA Community site SLSA site Security Software Development Framework site Westrum organizational culture site Google finds culture, not tech, is the biggest predictor of DevOps security outcomes article GCP Podcast Episode 205: DevOps with Nathen Harvey and Jez Humble podcast GCP Podcast Episode 284: State of DevOps Report 2021 with Nathen Harvey and Dustin Smith podcast GCP Podcast Episode 290: Resiliency at Shopify with Camilo Lopez and Tai Dickerson podcast What's something cool you're working on? Steph is working on talks for DevFest Nantes and a Google Cloud dev conference in London. She'll be talking about subsea fiber optics and Google Cloud networking products. Chloe is a Noogler, so she's been working on learning as much as she can! She is excited to make her podcast debut this week! Hosts Stephanie Wong and Chloe Condon

covid-19 google interview state open survey nlp shopify ux resiliency devops google cloud human ai dustin smith nathen jez humble westrum devops report stephanie wong chloe condon nathen harvey cloud spanner

DevOps Research and Assessment (DORA) Metrics with Dave Mangot - DevOps 120

Adventures in DevOps

Play Episode Listen Later Jul 4, 2022

Google Cloud's DevOps Research and Assessment (DORA) team operationalize the Accelerate State of DevOps Report, surveying over 32,000 professionals worldwide in the DevOps industry. Dave Mangot joins the show today to share how he leverages these metrics to improve companies within their technology organizations. In this episode… DORA metrics Speed and quality Monoliths vs. microservices Uptime and failure rates Mean time to recover Deployment frequencies Production monitoring Sponsors Top End Devs Coaching | Top End Devs Links Mangoteque - Get good at delivering software℠ The DevOps Handbook: How to Create World-Class Agility, Reliability, & Security in Technology Organizations DevOps Solutions | Google Cloud Picks Dave- An incomplete list of skills senior engineers need, beyond coding Jillian- Twitter: @PayGapApp Jonathan - Toothpowder is better than toothpaste

security metrics devops reliability google cloud devops report dora metrics devops research

DevOps Research and Assessment (DORA) Metrics with Dave Mangot - DevOps 120

Adventures in DevOps

Play Episode Listen Later Jul 4, 2022 51:37

security metrics devops reliability google cloud devops report dora metrics devops research

It's all here: inside the 2021 “Accelerate State of DevOps” report

On Cloud

Play Episode Listen Later Feb 9, 2022 26:53

The 2021 “Accelerate State of DevOps” report from Google is out! In this episode, Mike Kavis talks with Google's Nathen Harvey and Deloitte's Manoj Mishra about the report's most compelling findings. Among them: DevOps and SRE are complementary; successful SRE equals knowing your customer; documentation is critical, but it should be organic; and there's a newly-announced “Reliability” metric. The group also discusses customer satisfaction and the new “Release Management” role in DevOps/SRE.

google cloud consulting deloitte accelerate devops reliability sre devops report nathen harvey mike kavis

S2Ep1 - Nigel Kersten: Accelerating DevOps Adoption

DSO Overflow

Play Episode Listen Later Jan 31, 2022 40:25

Episode SummaryIn this episode, Nigel gives his views on the current state of DevOps adoption, the role of security in DevOps, and gives us some clues from the State of DevOps Report 2021 that will help organisations accelerate their DevOps journey.Nigel's BioNigel is a Field CTO at Puppet where he is responsible for bringing product knowledge and a senior technical operations perspective to Puppet field teams and customers, working on services strategy and representing the customer back into the product organization. He works with many of Puppet's largest customers on the cultural and organizational changes necessary for large scale DevOps implementations. He has been deeply involved in Puppet's DevOps initiatives, and regularly speaks around the world about the adoption of DevOps in the enterprise and IT organizational transformation.Episode LinksState of DevOps Reports: https://puppet.com/resources/?refinementList%5Btype%5D%5B0%5D=Report&page=1&configure%5BhitsPerPage%5D=18Nigel's LinkedIn: linkedin.com/in/nigelkerstenNigel's Twitter: @nigelkerstenThis podcast is brought to you by our sponsors: Prisma Cloud and DynaminetYour HostsSteve Giguere: https://www.linkedin.com/in/stevegiguere/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website https://dsolg.com

2021 Year End Wrap Up

Play Episode Listen Later Dec 15, 2021 43:16

We're finishing out 2021 with a celebration of our favorite episodes and topics from the year! From new tools for Cost Optimization in GKE and advances in AI to tips for improving feelings of imposter syndrome, Carter Morgan, Stephanie Wong, and Mark Mirchandani share memorable moments from 2021 and look forward to future episodes. Carter Morgan Carter Morgan is Developer Advocate for Google Cloud, where he creates and hosts content on Google's Youtube channel, co-hosts several Google Cloud podcasts, and designs courses like the Udacity course “Scalable Microservices with Kubernetes” he co-created with Kelsey Hightower. Carter Morgan is an international standup comedian, who's approach of creating unique moments with the audience in front of him has seen him perform all over the world, including in Paris, London, the Melbourne International Comedy Festival with Joe White. And in 2019, and the 2019 Edinburgh Fringe Festival. Previously, he was a programmer for the USAF and Microsoft. Stephanie Wong Stephanie Wong is a Developer Advocate focusing on online content across all Google Cloud products. She's a host of the GCP Podcast and the Where the Internet Lives podcast, along with many GCP Youtube video series. She is the winner of a 2021 Webby Award for her content about data centers. Previously she was a Customer Engineer at Google and at Oracle. Outside of her tech life she is a former pageant queen and hip hop dancer and has an unhealthy obsession with dogs. Mark Mirchandani Mark Mirchandani is a developer advocate for Google Cloud, occasional host of the Google Cloud Platform podcast, and helps create content for users. Cool things of the week Anthos Multi-Cloud v2 is generally available docs Machine learning, Google Kubernetes Engine, and more: 10 free training offers to take advantage of before 2022 blog The past, present, and future of Kubernetes with Eric Brewer blog GCP Podcast Episode 124: VP of Infrastructure Eric Brewer podcast Our Favorite Episodes of 2021 Mark's Favorites GCP Podcast Episode 252: GKE Cost Optimization with Kaslin Fields and Anthony Bushong podcast GCP Podcast Episode 267: Cloud Firestore for Users who are new to Firestore podcast GKE Essentials videos Beyond Your Bill vidoes Stephanie's Favorites GCP Podcast Episode 270: Traditional vs. Service Networking with Ryan Przybyl podcast GCP Podcast Episode 271: The Future of Service Networking with Ryan Przybyl podcast GCP Podcast Episode 279: MLB with Perry Pierce and JoAnn Brereton podcast Carter's Favorites GCP Podcast Episode 284: State of DevOps Report 2021 with Nathen Harvey and Dustin Smith podcast GCP Podcast Episode 287: Imposter Syndrome with Carter Morgan podcast Most Popular Episodes of 2021 GCP Podcast Episode Episode 264: SRE III with Steve McGhee and Yuri Grinshtey podcast GCP Podcast Episode 258: The Power of Serverless with Aparna Sinha and Philip Beevers podcast GCP Podcast Episode 253: Data Governance with Jessi Ashdown and Uri Gilad podcast GCP Podcast Episode 263: SAP + Apigee: The Power of APIs with Benjamin Schuler and Dave Feuer podcast GCP Podcast Episode 271: The Future of Service Networking with Ryan Przybyl podcast Sound Effects Attribution “Dun Dun Duuun” by Divenorth of Freesound.org “Cash Register” by Kiddpark of Freesound.org “Jingles and Pings” by BristolStories of HDInteractive.com “Time – Inception Theme” Composed by Hanz Zimmer (super-low-budget midi version) Hosts Stephanie Wong, Carter Morgan and Mark Mirchandani

#68 - 2021 Accelerate State of DevOps Report - Nathen Harvey

Tech Lead Journal

Play Episode Listen Later Dec 13, 2021 47:55

“Many organizations think in order to be safe, they have to be slow. But the data shows us that the best performers are getting both. And in fact, as speed increases, so too does stability." Nathen Harvey is the co-author of 2021 Accelerate State of DevOps Report and a Developer Advocate at Google. In this episode, we discussed in-depth the latest release of the State of DevOps Report. Nathen started by describing what the report is all about, how it got started, and explained the five key metrics suggested by the report to measure the software delivery and operational performance. Nathen then explained how the report categorizes different performers based on their performance against the key metrics and how the elite performers outperform the others in terms of speed, stability, and reliability. Next, we dived into several new key findings that came out of the 2021 report that relate to documentation, secure software supply chain, and burnout. Towards the end, Nathen gave great tips on how we can use the findings from the reports to get started and improve our software delivery and operational performance, that ultimately will improve our organizational performance. Listen out for: Career Journey - [00:05:28] State of DevOps Report - [00:09:32] The Five Key Metrics - [00:13:55] Speed, Safety, and Reliability - [00:19:58] Performers Categories - [00:23:26] 2021 New Key Findings - [00:28:01] New Finding: Documentation - [00:30:44] New Finding: Secure Software Supply Chain - [00:34:58] New Finding: Burnout - [00:37:22] How to Start Improving - [00:39:36] 3 Tech Lead Wisdom - [00:43:55] _____ Nathen Harvey's Bio Nathen Harvey, Developer Relations Engineer at Google, has built a career on helping teams realize their potential while aligning technology to business outcomes. Nathen has had the privilege of working with some of the best teams and open source communities, helping them apply the principles and practices of DevOps and SRE. He is part of the Google Cloud DORA research team and a co-author of the 2021 Accelerate State of DevOps Report. Nathen was an editor for 97 Things Every Cloud Engineer Should Know, published by O'Reilly in 2020. Follow Nathen: Twitter – @nathenharvey LinkedIn – https://linkedin.com/in/nathen Github – https://github.com/nathenharvey Our Sponsor Are you looking for a new cool swag? Tech Lead Journal now offers you some swags that you can purchase online. These swags are printed on-demand based on your preference, and will be delivered safely to you all over the world where shipping is available. Check out all the cool swags by visiting https://techleadjournal.dev/shop. Like this episode? Subscribe on your favorite podcast app and submit your feedback. Follow @techleadjournal on LinkedIn, Twitter, and Instagram. Pledge your support by becoming a patron. For more info about the episode (including quotes and transcript), visit techleadjournal.dev/episodes/68.

google state safety speed accelerate pledge github devops reliability career journey sre developer advocate nathen devops report developer relations engineer nathen harvey

State of DevOps Report 2021 with Nathen Harvey and Dustin Smith

service state databases kubernetes dreamworks animation bhavin devops report

Play Episode Listen Later Nov 10, 2021 45:40

This week, Stephanie Wong and Carter Morgan are talking about the recently released State of DevOps Report. Guests Dustin Smith and Nathen Harvey tell us all about DORA, the research group working to study DevOps, and the findings of their years-long study aimed at improving workplace environments, fostering sustainable increased productivity, and ensuring quality output across industries. During their years of research, the DORA team has developed ways to measure team results and workplace culture. Our guests tell us about the five measures they use, including deployment frequency and reliability. The shared responsibility and collaboration of teams at a company to optimize these five metrics is what makes good DevOps performance. Through a real-life example, we hear how the coordination of goals and incentives across departments can improve results of the DevOps metrics, thus improving the speed and stability of finished products. Once businesses identify problems, they need realistic expectations of the time and energy required to solve these issues. Learning from each change made and growing during the process is an important part of optimization, and our guests talk about the best practices their research has identified for facilitating smoother transitions. High quality documentation is a vital part of optimizing DevOps, and this year’s report examined internal documentation for the first time. Nathan describes what makes good documentation, like clear ownership of the documents and docs that are regularly updated for easy sharing and scaling of up-to-date material across the company. Dustin elaborates, explaining other factors that make quality, reliable documents. Later, we talk SRE and how companies can measure and optimize Site Reliability Engineering. A supportive team culture and ensuring a secure product and supply chain are some important factors in optimal SRE, the DORA study found. Our guests offer advice for companies looking to get started with DevOps practices. Nathen Harvey Nathen Harvey is a developer relations engineer at Google who has built a career on helping teams realize their potential while aligning technology to business outcomes. Nathen has had the privilege of working with some of the best teams and open source communities, helping them apply the principles and practices of DevOps and SRE. Dustin Smith Dustin Smith is a UX Research Manager and the DORA research lead. He studies the factors that influence a team’s ability to deliver software quickly and reliably. Cool things of the week Email is 50 years old, and still where it's @ blog Make the most of hybrid work with Google Workspace blog We analyzed 80 million ransomware samples – here's what we learned blog Interview DevOps site DORA site SRE site 2021 Accelerate State of DevOps report addresses burnout, team performance report

learning google interview state security devops sre google workspace site reliability engineering dustin smith nathen devops report stephanie wong nathen harvey ux research manager

Databases on Kubernetes, Why Database-as-a-Service matters

Kubernetes Bytes

Play Episode Listen Later Sep 29, 2021 47:18

In this episode, Bhavin and Ryan interview Umair Mufti, the product owner of Portworx Data Services; the new database as a service for Kubernetes. They discuss Umair's experience at Dreamworks Animation creating a database as a service platform as well as why he felt is was necessary to build it and some of the lessons learned along the way. Show links https://softwareengineeringdaily.com/2019/01/11/why-is-storage-on-kubernetes-is-so-hard/ https://www.dataversity.net/data-container-architecture-answers-and-challenges/ https://www.youtube.com/watch?v=5n_Jz4VO_Tg (Chris Adkins) Arc Enabled DS's https://thenewstack.io/maintaining-data-resiliency-in-the-age-of-kubernetes/ State of DevOps Report: https://services.google.com/fh/files/misc/state-of-devops-2021.pdf https://cloud.google.com/blog/products/storage-data-transfer/google-cloud-launches-backups-for-gke https://portworx.com/products/portworx-data-services/ https://blogs.vmware.com/virtualblocks/2021/09/28/announcing-vsan-7-update-3/

2021 State of DevOps Report with Nigel Kersten

state puppets devops kersten devops report

Play Episode Listen Later Sep 25, 2021 43:41

Nigel Kersten is Field CTO at Puppet and one of the authors of the 2021 State of DevOps Report. I talked to Nigel about the 10th anniversary of the Report, the latest insights, and how come some enterprises are stuck on their DevOps journey. It was also interesting to hear what happens behind the curtains to produce the Report that we all sometimes take for granted. Do. Not. Miss.Subscribe to 0800-DEVOPS newsletter here.Show notes:This interview is featured in 0800-DEVOPS #29 - 2021 State of DevOps Report with Nigel Kersten.

DevOps Trends report - mid-year review with Kalle Mäkelä and Marc Dillon

Eficode

Play Episode Listen Later Aug 24, 2021 64:17

We earlier wrote a fact sheet summarizing what we believe to be the significant topics in 2021: psychological safety, scaling, platforms and design systems, SaaS, edge cloud, 5G, and data challenges. In this podcast, Kalle Mäkelä and Marc Dillon are doing a so-called "mid-year review" to evaluate whether our crystal ball was properly calibrated. Kalle, Marc, the floor is yours! Puppet state of DevOps Report 2021: https://puppet.com/resources/report/2021-state-of-devops-report/ GitLab: Upskilling enterprise DevOps report: https://page.gitlab.com/2021-DevOps-Skills-Report.html Eficode's DevOps trends 2021 fact sheet: https://hubs.li/H0W0v5d0 DevOps - An infinite mindset: hubs.ly/H0xNxGs0 Agile vs. DevOps: the grand debate: hubs.ly/H0xNCfJ0 Kalle Mäkelä Lead DevOps Architect https://www.linkedin.com/in/kallemakela/ Marc Dillon Lead Consultant, Eficode www.linkedin.com/in/marc-dillon-70709137/

5g saas puppets midyear devops kalle trends report devops report kalle m

Episode 312: Crossing The Brown Horizon

Play Episode Listen Later Jul 23, 2021 57:56

This week we discuss Netflix getting into games and review the latest State of DevOps Report. Plus, what do you call a domicile in Amsterdam? Rundown Why Netflix is getting into games (https://www.vox.com/recode/2021/7/20/22586084/netflix-gaming-strategy-earnings-explained) State of DevOps Report 2021 (https://puppet.com/resources/report/2021-state-of-devops-report/) Relevant to your interests Twitter Is Shutting Down Fleets, Its Vanishing-Post Format, After Less Than a Year (https://variety.com/2021/digital/news/twitter-fleets-shutting-down-1235019174/) Morgan Stanley‘s CIO survey shows a significant moderation in expectations for the migration of workloads to the public cloud. (https://twitter.com/Atreidesmgmt/status/1414945521026875393) Say hi to Microsoft's own Linux: CBL-Mariner (https://www.zdnet.com/article/say-hi-to-microsofts-own-linux-cbl-mariner/) Austin sees pay-off from pandemic-era tech reshuffling (https://www.axios.com/austin-pandemic-reshuffling-tech-entrepreneurs-investors-11669cb1-edf5-4d00-8043-036c49215fe6.html) Report: Spyware used to target journalists, activists and world leaders (https://www.axios.com/pegasus-spyware-journalists-activists-report-5af14a4f-dce1-454d-b0e2-dc2b043b2b0e.html?utm_source=twitter&utm_medium=social&utm_campaign=onhrs) IBM Insight — Can IBM Deliver? (https://blog.newagealpha.com/can-ibm-deliver) The end of open source? (https://techcrunch.com/2021/07/18/the-end-of-open-source/) DevRev: Former Nutanix execs look to lure in dev startups with new Business Infrastructure-as-a-Service firm – Blocks and Files (https://blocksandfiles.com/2021/07/16/devrev-genius-nutanix-pair-envisage-massive-new-saas-opportunity/) Where on Gartner's Hype Cycle is Gartner's Hype Cycle? (https://www.theregister.com/2021/07/19/gartner_hype_cycle/) Rapid7 + IntSights: Own Your Entire Attack Surface, Internally and Externally (https://www.rapid7.com/rapid7-acquires-intsights/) Apple to delay office returns to October - Bloomberg News (https://www.reuters.com/technology/apple-delay-office-returns-october-bloomberg-news-2021-07-20/) Amazon Shuts Down NSO Group Infrastructure (https://www.vice.com/en/article/xgx5bw/amazon-aws-shuts-down-nso-group-infrastructure) Apple's AirPods did ~$16B in 2020 (https://twitter.com/trungtphan/status/1417500092395753472?s=21) You're not imagining it. Amazon and AWS want to hire all your friends, enemies, and everyone in between (https://www.theregister.com/2021/07/21/amazon_aws_recruitment/) Briton arrested over high-profile Twitter account hacks (https://www.theguardian.com/technology/2021/jul/21/briton-arrested-over-high-profile-twitter-account-hacks) Report: Spyware used to target journalists, activists and world leaders (https://www.axios.com/pegasus-spyware-journalists-activists-report-5af14a4f-dce1-454d-b0e2-dc2b043b2b0e.html?utm_source=twitter&utm_medium=social&utm_campaign=onhrs) IBM Insight — Can IBM Deliver? (https://blog.newagealpha.com/can-ibm-deliver) IBM shows strongest revenue growth in three years (https://www.cnbc.com/2021/07/19/ibm-earnings-q2-2021.html) What Ever Happened to IBM's Watson? (https://www.nytimes.com/2021/07/16/technology/what-happened-ibm-watson.html) Why Zoom bought Five9 for $14.7 billion: Enterprise wallet share and a big customer engagement play (https://www.zdnet.com/article/why-zoom-bought-five9-for-14-7-billion-enterprise-wallet-share-and-a-big-customer-engagement-play/) Zoom is buying cloud contact center provider Five9 for $14.7 billion (https://www.cnbc.com/2021/07/19/zoom-is-buying-cloud-contact-center-provider-five9-for-14point7-billion.html?utm_term=Autofeed&utm_medium=Social&utm_content=Main&utm_source=Twitter#Echobox=1626659760) Zoom acquires an AI company building real-time translation (https://www.theverge.com/2021/6/29/22556500/zoom-kites-acquisition-machine-translation-real-time-captions) Zoom will now let you add third-party apps to your calls (https://www.theverge.com/2021/7/21/22585980/zoom-apps-events-launch-onzoom) (https://twitter.com/Atreidesmgmt/status/1414945521026875393)## Nonsense Well, now it is. It's Pregnancy Test Doom! (https://twitter.com/Foone/status/1302820468819288066) Noise cancellation neither helps productivity nor perceived performance (https://twitter.com/rakyll/status/1416764559159742469) World's First 3-D-Printed Steel Bridge Debuts in Amsterdam (https://www.smithsonianmag.com/smart-news/worlds-first-3-d-printed-steel-bridge-debuts-amsterdam-180978228/) Sponsors strongDM — Manage and audit remote access to infrastructure. Start your free 14-day trial today at strongdm.com/SDT (http://strongdm.com/SDT) CBT Nuggets — Training available for IT Pros anytime, anywhere. Start your 7-day Free Trial today at cbtnuggets.com/sdt (https://cbtnuggets.com/sdt) Listener Feedback Sent stickers to Craig in Fort Worth. Craig bought the Doc Martin's recommended in episode 82. See the pictures. (https://www.instagram.com/p/CRnMmSGL6m5/) Conferences THAT Conference, (https://that.us/activities/call-for-counselors/wi/2021) July 26-29 SpringOne (https://springone.io), Sep 1-2 DevOps Loop | October 4, 2021 (https://devopsloop.io/?utm_campaign=Global_P6_TS_Q322_Event_DevOpsLoop_at_VMworld&utm_source=twitter&utm_medium=social) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) and LinkedIn (https://www.linkedin.com/company/software-defined-talk/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté's book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: Dark Sky (https://darksky.net/app) Matt: BOM Weather (https://play.google.com/store/apps/details?id=au.gov.bom.metview) Coté: 8ball newsletter (https://www.8ball.report); Buienradar (https://www.buienradar.nl/) in the Netherlands. Image Credit (https://unsplash.com/photos/M_eB1UjE0do) Image Credit (https://unsplash.com/photos/By-tZImt0Ms)

Innovations and the Changing DevOps Tides of Tech with Nigel Kersten

AlchemistX: Innovators Inside

Play Episode Listen Later Jul 22, 2021 41:12

About NigelNigel Kersten's day job is Field CTO at Puppet where he leads a group of engineers who work with Puppet's largest customers on cultural and organizational changes necessary for large-scale DevOps implementations - among other things. He's a co-author of the industry-leading State Of DevOps Report and likes to evenly talk about what went right with DevOps and what went wrong based on this research and his experience in the field. He's held multiple positions at Puppet across product and engineering and came to Puppet from the Google SRE organization, where he was responsible for one of the largest Puppet deployments in the world. Nigel is passionate about behavioral economics, electronic music, synthesizers, and Test cricket. Ask him about late-stage capitalism, and shoes.Links: Puppet: https://puppet.com 2020 State of DevOps Report: https://puppet.com/resources/report/2020-state-of-devops-report/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by LaunchDarkly. Take a look at what it takes to get your code into production. I'm going to just guess that it's awful because it's always awful. No one loves their deployment process. What if launching new features didn't require you to do a full-on code and possibly infrastructure deploy? What if you could test on a small subset of users and then roll it back immediately if results aren't what you expect? LaunchDarkly does exactly this. To learn more, visit launchdarkly.com and tell them Corey sent you, and watch for the wince.Corey: Your company might be stuck in the middle of a DevOps revolution without even realizing it. Lucky you! Does your company culture discourage risk? Are you willing to admit it? Does your team have clear responsibilities? Depends on who you ask. Are you struggling to get buy in on DevOps practices? Well, download the 2021 State of DevOps report brought to you annually by Puppet since 2011 to explore the trends and blockers keeping evolution firms stuck in the middle of their DevOps evolution. Because they fail to evolve or die like dinosaurs. The significance of organizational buy in, and oh it is significant indeed, and why team identities and interaction models matter. Not to mention weither the use of automation and the cloud translate to DevOps success. All that and more awaits you. Visit: www.puppet.com to download your copy of the report now!Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted episode is sponsored by a long time… I wouldn't even say friends so much as antagonist slash protagonist slash symbiotic company with things I have done as I have staggered through the ecosystem. There's a lot of fingers of blame that I can point throughout the course of my career at different instances, different companies, different clients, et cetera, et cetera, that have shaped me into the monstrosity than I am today. But far and away, the company that has the most impact on the way that I speak publicly, is Puppet.Here to accept the recrimination for what I become and how it's played out is Nigel Kersten, a field CTO at Puppet—or the field CTO; I don't know how many of them they have. Nigel, welcome to the show, and how unique are you?Nigel: Thank you, Corey. Well, I—you know, reasonably unique. I think that you get used to being one of the few Australians living in Portland who's decided to move away from the sunny beaches and live in the gray wilderness of the Pacific Northwest.Corey: So, to give a little context into that ridiculous intro, I was a traveling contract trainer for the Puppet fundamentals course for an entire summer back in I want to say 2014, but don't hold me to it. And it turns out that when you're teaching a whole bunch of students who have paid in many cases, a couple thousand dollars out of pocket to learn a new software where, in some cases, they feel like it's taking their job away because they view their job, rightly or wrongly, is writing the same script again and again. And then the demo breaks and people are angry, and if you don't get a good enough rating, you're not invited to continue, and then the company you're contracting through hits you with a stick, it teaches you to improvise super quickly. So, I wasn't kidding when I said that Puppet was in many ways responsible for the way that I give talks now. So, what do you have to say for yourself?Nigel: Well, I have to say, congratulations for surviving, opinionated defensive nerds who think not only you but your entire product you're demoing could be replaced by a shell script. It's a tough crowd.Corey: It was an experience. And some of these were community-based, and some of them were internal to a specific company. And if people have heard more than one episode of this show, I'm sure they can imagine how that went. I gave a training at Comcast once and set a personal challenge for myself of how many times could I use the word ‘comcastic' in a three-day training. And I would work it in and talk about things like the schedule parameter in Puppet where it doesn't guarantee something's going to execute in a time window; it's the only time it may happen.If it doesn't fire off, and then it isn't going to happen. It's like a Comcast service appointment. And then they just all kind of stared at me for a while and, credit where due, that was the best user rating I ever got from people sitting through one of my training. So, thanks for teaching me how to improve at, basically, could have been a very expensive mistake on Puppet's part. It accidentally worked out for everyone.Nigel: Brilliant, brilliant. Yes, you would have survived teaching the spaceship operator to that sort of a crowd.Corey: Oh, I mostly avoided that thing. That was an advanced Puppet-ism, and this was Puppet fundamentals because I just need to be topically good at things, not deep-dive good at things. But let's dig into that a little bit. For those who have not had the pleasure of working with Puppet, what is it?Nigel: Sure? So, Puppet is a pretty simple DSL. You know, DSLs aren't necessarily in favor these days.Corey: Domain-specific language, for those who have not—Nigel: Yep.Corey: —caught up on that acronym. Yes.Nigel: So, a programming language designed for a specific task. And, you know, instead, we've decided that the world will rest on YAML. And we've absorbed a fair bit of YAML into our ecosystem, but there are things that I will still stand by are just better to do in a programming language. ‘if x then y,' for example, it's just easier to express when you have actual syntax around you and you're not, sort of, forcing everything to be in a data specification language. So, Puppet's pretty simple in that it's a language that lets you describe the state that infrastructure should be.And you can do this in a modular and composable way. So, I can build a little chunk of automation code; hand it to Corey; Corey can build something slightly bigger with it; hand it to someone else. And really, this sort of collaboration is one of the reasons why Puppet's, sort of, being at the center of the DevOps movement, which at its core is not really about tools. It's about reducing friction between different groups.Corey: Back when I was doing my traveling training shtick, I found that I had to figure out a way to describe what Puppet did to folks who were not deep in the space, and the analogy that I came up with that I was particularly partial to was, imagine you get a brand new laptop. Well, what do you do with it? You install your user account and go through the setup; you install the programs that you use, some which have licenses on it; you copy your data onto it; you make sure that certain programs always run on startup because that's the way that you work with these things; you install Firefox because that's the browser of choice that you go with, et cetera, et cetera. Now, imagine having to do that for, instead of one computer, a thousand of them, and instead of a laptop, they're servers. And that is directionally what Puppet does.Nigel: Absolutely. This is the one I use for my mother as well. Like, I was working around Puppet for years before—and the way I explained it was, “You know when you get a new iPad, you've got to set up your Facebook account and your email. Imagine you had ten thousand of these.” And she was like—I was like, “You know, companies like Google, company like big banks, they all have lots and lots and lots of computers.” And she was like, “They run all those things on iPads.” And I was like, “This is not really where my analogy was going.” But.Corey: Right. And increasingly, though, it seems like the world has shifted in some direction where, when you explain that to your mother and she comes back with, “Well, wouldn't they just put the application into Docker and be done with it?” Oh, dear. But that seems to be in many ways that the direction that the zeitgeist has moved in, whether or not that is the reality in many environments, where when you're just deploying containers everywhere—through the miracle of Kubernetes—if you'll pardon the dismissive scorn there, that you just package up your application, shove into a container, and then hurl it from the application team over the operations team, like a dead dog cast into your neighbor's yard for him to worry about. And then it sort of takes up the space of you don't have to manage state anymore because everything is mostly stateless in theory. How have you seen it play out in practice in the last five years?Nigel: I mean, that's a real trend. And, you know, the size of a container should be [laugh] smaller than an operating system. And the reality is, I'm a sysadmin; I love operating systems, I nerded out on operating systems. They're a necessary evil, they're terrible, terrible things: registry keys, config files, they're a pain in the neck to deal with. And if you look at, I think what a lot of operations folks missed about Docker when it started was that it didn't make their life better. It was worse.It was, like, this actual, sort of, terrible toolchain where you sort of tied together all these different things. But really importantly, what it did is it put control into the hands of the developers, and it was the developers who were trying to do stuff who were trying to shift into applications. And I think Docker was a really great technology, in the sense of, you know, developers could ship value on their own. And that was the huge, huge leveling up. It wasn't the interface, it wasn't the user experience, it wasn't all these things, it was just that the control got taken away from the IT trolls in their basement going, “No, don't touch my servers,” and instead given straight to the developers. And that's huge because it let us ship things faster. And that's ultimately the whole goal of things.Corey: The thing that really struck me the most from conducting the trainings that I did was meeting a whole bunch of people across the country, in different technological areas of specialty, in different states of their evolution as technologists, and something that struck me was just how much people wound up identifying with the technology that they worked on. When someone is the AIX admin, and the AIX machines are getting replaced with Linux boxes, there's this tendency to fight against that and rebel, rather than learning Linux. And I get it; I'm as subject to this as anyone is. And in many cases, that was the actual pushback that I saw against adopting something like Puppet. If I identify my job as being the person that runs all these carefully curated scripts that I've spent five years building, and now that all gets replaced with something that is more of a global solution to my local problem, then it feels like a thing that made me special is eroding.And we see that with the migration to cloud as well. When you're the storage admin, and it just becomes an API call to S3, that's kind of a scary thing. And when you're one of the server hugger types—and again, as guilty as anyone of this—and you start to see cloud coming in as, like, a rising tide that eats up what it was that you became known for, it's scary and it becomes a foundational shift in how you view yourself. What I really had a lot of sympathy for was the folks who've been doing this for 20 years. They were, in some cases, a few years away from retirement, and they've been doing basically the same set of tasks every year for 25 years.It's one year of experience repeated 25 times. And they don't have that much time left in their career, intentionally, so they want to retire, but they also don't really want to learn a whole bunch of new technologies just to get through those last few years. I feel for them. But at the same time—Nigel: No, me too, totally. But what are you going to do? But without sounding too dismissive there, I think it's a natural tendency for us to identify with the technology if that's what you're around all the time. You know, mechanics do this, truck drivers with brands of trucks, people, like, to build attachments to the technology they work with because we fit them into this bigger techno-social system. But I have a lot of empathy for the people in enterprise jobs who are being asked to change radically because the cycle of progress is speeding up faster and faster.And as you say, they might be a few years away from retirement. I think I used to feel more differently about this when I was really hot-headed and much more of a tech enthusiast, and that's what I identified with. In terms of, it's okay for a job to just be a job for people. It's okay for someone to be doing a job because they get good health care and good benefits and it's feeding their family. That's an important thing. You can't expect everyone to always be incredibly passionate about technology choices in the same way that I think many of us who live on Twitter and hanging out in this space are.Corey: Oh, I have no problem whatsoever with people who want to show up for 40 hours a week-ish, work on their job, and then go home and have lives and not think about computers at all. There's this dark mass of developers out there that basically never show up on Twitter, they aren't on IRC, they don't go to conferences, and that's fine. I have no problem with that, and I hope I don't come across as being overly dismissive of those folks. I honestly wish I could be content like that. I just don't hold still very well.Nigel: [laugh]. Yeah, so I think you touched on a few interesting things there. And some of those we sort of cover in the State of DevOps Report, which is coming out in the next few weeks.Corey: Indeed, and the State of DevOps Report started off at Puppet, and they've now done it for, what, 10 years?Nigel: This is the 10th year, which is completely crazy. So, I was looking at the stats as I was writing it, and it's 10 years of State of DevOps Reports; I think it's 11 years of DevOps Weekly, Gareth Rushgrove's newsletter; it's 12 or 13 years of DevOpsDays that have been going on. This is longer than I spent in primary and high school put together. It's kind of crazy that the DevOps movement is still, kind of, chugging along, even if it's not necessarily the coolest kid on the block, now that GitOps, SRE flavor of the month, various kinds of permutations of how we work with technology, have perhaps got a little bit cooler. But it's still very, very relevant to a lot of enterprises out there.Corey: Yeah. As I frequently say, legacy is a condescending engineering term for ‘it makes money,' and there's an awful lot of that out there. Forget cloud, there are still companies wrestling with do we explore this virtualization thing? And that was something I was very against back in 2006, let's be very honest. I am very bad at predicting the future of technology.And, “I can see this for small niche edge workload cases, where you have a bunch of idle servers, but for the most part, who's really going to use this in production?” Well, basically everyone because that, in turn, is what the cloud runs on. Yeah, I think we can safely say I got that one hilariously wrong. But hey, if you're aren't going to make predictions, then what's it matter?Nigel: But the industry pushes you in these directions. So, there was this massive bank in Asia who I've been working with for a long time and they were always resistant to adopting virtualization. And then it was only four or five years ago that I visited them; they're like, “Right. Okay. It's time. We're rolling out VMware.” And I was like, “So, I'm really curious. What exactly changed in the last year or two in, like, 2014, 2015 that you decided virtualization was the key?” And I'm like—Corey: Oh, there was this jackwagon who conducted this training? Yeah, no, no, sorry. I can't take credit for that one.Nigel: They couldn't order one rack unit servers with CD drives anymore because their whole process was actually provisioning with CDs before that point.Corey: Welcome to the brave new world of PXE booting, which is kind of hard, so yeah, virtualization is easier. You know, sometimes people have to be dragged into various ways of technological advancement. Which gets to the real thing I want to cover, since this is a promoted episode, where you're talking about the State of DevOps Report, I'm almost less interested in what this year's has to say specifically, than what you've seen over the last decade. What's changed? What was true 10 years ago that is very much not true now? Bonus points if you can answer that without using the word Kubernetes more than twice.Nigel: So, I think one of the big things was the—we've definitely passed peak DevOps team, if you may remember, there was a lot of arguments and there's still regular, is DevOps a job title? Is it a team title? Is it a [crosstalk 00:14:33]—Corey: Oh, I was much on the no side until I saw how much more I would get paid as a DevOps engineer instead of a systems administrator for the exact same job. So, you know, I shut up and I took the money. I figured that the semantic arguments are great, but yeah.Nigel: And that's exactly what we've written in the report. And I think it's great. The sysadmins, we were unloved. You know, we were in the basement, we weren't paid as much as programmers. The running joke used to be for developers, DevOps meant, “I don't need ops anymore.” But for ops people, it was, “I can get paid like a developer.”Corey: In many cases, “Oh, well, systems administrators don't want to learn how to code.” It's, yeah, you're remembering a relatively narrow slice of time between the modern era, where systems administrator types need to be able to write in the lingua franca of everything—which is, of course, YAML, as far as programming languages go—and before that, to be a competent systems administrator, you needed to have a functional grasp of C. And—Nigel: Yeah.Corey: —there is only a limited window in which a bunch of bash scripts and maybe a smidgen of Perl would have carried you through. But the deeper understanding is absolutely necessary, and I would argue, always has been.Nigel: And this is great because you've just linked up with one of the things we found really interesting about the report is that you know when we talk about legacy we don't actually mean the oldest shit. Because the oldest shit is the mainframes; it's a lot of bare metal applications. A lot of that in big enterprises—Corey: We're still waiting for an AWS/400 to replace some of that.Nigel: Well, it's administered by real systems engineers, you know, like, the people who wrote C, who wrote kernel extensions, who could debug things. What we actually mean by legacy is we mean late '90s to late 2000s, early 2010s. Stuff that was put together by kids who, like me, happened to get a job because you grew up with a computer, and then the dotcom explosion happened. You weren't necessarily particularly skilled, and a lot of people, they didn't go through the apprenticeships that mainframe folks and systems engineers actually went through. And everyone just held this stuff together with, you know, duct tape and dental floss. And then now we're paying the price of it all, like, way back down the track. So, the legacy is really just a certain slice of rapid growth in applications and infrastructure, that's sort of an unmanageable mess now.Corey: Oh, here in San Francisco, legacy is anything prior to last night's nightly build. It's turned into something a little ridiculous. I feel like the real power move as a developer now is to get a job, go in on day one, rebase everything in the Git repository to a single commit with a message, ‘legacy code' and then force push it to the main branch. And that's the power move, and that's how it works, and that's also the attitude we wind up encountering in a lot of places. And I don't think it serves anyone particularly well to tie themselves so tightly to that particular vision.Nigel: Yep, absolutely. This is a real problem in this space. And one of the things we found in the State of DevOps Report is that—let me back up a little and give a little bit of methodology of what we actually do. We survey people about their performance metrics, you know, like how quickly can you do deploys? What's your mean time to recovery? Those sorts of things, and what practices do you actually employ?And we essentially go through and do statistical analysis on this, and everyone tends to end up in three cohorts, they separate pretty easily, of low, medium, and high evolution. And so one of the things we found is that everyone at the low level has all sorts of problems. They have issues with what does my team do? What does the team next to me do? How do I talk to the team next to me?How do I actually share anything? How do I even know what my goals are? Like, fundamental company problems. But everyone at all levels of evolution is stuck on two big things: not being able to find enough people with the right skills for what they need, and their legacy infrastructure holding them back.Corey: The thing that I find the most compelling is the idea of not being able to find enough people with the skills that they need. And I'm going to break my own rule and mentioned Kubernetes as a prime example of this. If you are effective at managing Kubernetes in production, you will make a very comfortable living in any geographical location on the planet because it is incredibly complex. And every time we've seen this in previous trends, where you need to get more and more complexity, and more and more expertise just to run something, it looks like a sawtooth curve, where at some point that complexity, it gets abstracted away and compressed down into something that is basically a single line somewhere, or it happens below the surface level of awareness. My argument has been that Kubernetes is something no one's going to care about in roughly three years from now, not because we're not using it anymore, but because it's below the level of awareness that we have to think about, in the same way that there aren't a whole lot of people on the planet these days who have to think about the Linux virtual memory management subsystem. It's there and a few people really care about it, but for the rest of us, we don't have to think about that. That is the infrastructure underneath our infrastructure.Nigel: Absolutely. I used to make a living—and it's ridiculous looking back at this—for a year or two, doing high-performance custom compiled Apaches for people. Like, I was really really good at this.Corey: Well yeah, Apache is a great example of this, where back in the '90s, to get a web server up and running you needed to have three days to spare, an in-depth knowledge of GCC compiler flags, and hope for the best. And then RPM came out and then, okay, then YUM or other things like that—Nigel: Exactly.Corey: —on top of it. And then things like Puppet started showing up, and we saw, all right now, [unintelligible 00:20:01] installed. Great. And then we had—it took a step beyond that, and it was, “Oh, now it's just a Docker-run whatever it is,” and these days, yeah, it's a checkbox in S3.Nigel: So, let me get your Kubernetes prediction down, right. So, you're predicting Kubernetes is going to go away like Apache and highly successful things. It's not an OpenStack failure state; it's Apache invisibility state?Corey: Absolutely. My timeline is a bit questionable, let's be fair, but—it's a little on the aggressive side, but yeah, I think that Kubernetes is inherently too complex for most people to have to wind up thinking about it in that way. And we're not talking small companies; we're talking big ones where you're not in a position, if you're a giant blue-chip Fortune 50, to hire 2000 people who all know Kubernetes super well, and you shouldn't have to. There needs to be some flattening of all of that high level of complexity. Without the management tools, though, with things like Puppet and the things that came before and a bunch of different ways, we would all not be able to get anything done because we'd be too busy writing in assembly. There's always going to be those abstractions on top abstractions on top abstractions, and very few people understand how it works all the way down. But that's, in many cases, okay.Nigel: That's civilization, you know? Do you understand what happens when you plug in something to your electricity socket? I don't want to know; I just want light.Corey: And more to the point, whenever you flip the switch, you don't have that doubt in your mind that the light is going to come on. So, if it doesn't, that's notable, and your first thought is, “Oh, the light bulb is out,” not, “The utility company is down.” And we talk about the cloud being utility computing.Nigel: Has someone put a Kubernetes operator in this light switch that may break this process?Corey: Well, okay, IoT does throw a little bit of a crimp into those works. But yeah. So, let's talk more about the State of DevOps Report. What notable findings were there this year?Nigel: So, one of the big things that we've seen for the last couple of years has been that most companies are stuck in the middle of the evolutionary progress. And anyone who deals with large enterprises knows this is true. Whatever they've adopted in terms of technology, in terms of working methods, you know, agile, various different things, most companies don't tend to advance to the high levels; most places stay mired in mediocrity. So, we wanted to dive into that and try and work out why most companies actually stuck like this when they hit a certain size. And it turns out, the problems aren't technology or DevOps, they really fundamental problems like, “We don't have clear goals. I don't understand what the teams next to me do.”We did a bunch of qualitative interviews as well as the quantitative work in the survey with this report, and we talked to one group of folks at a pretty large financial services company who are like, “Our teams have all been renamed so many times, if I need to go and ask someone for something, I literally page up and down through ServiceNow, trying to find out where to put the change request.” And they're like, “How do I know where to put a network port opening request for this particular service when there are 20 different teams that might be named the right thing, and some are obsolete, and I get no feedback whether I've sent it off to the right thing or to a black hole of enterprise despair?”Corey: I really love installing, upgrading, and fixing security agents in my cloud estate! Why do I say that? Because I sell things, because I sell things for a company that deploys an agent, there's no other reason. Because let's face it. Agents can be a real headache. Well, now Orca Security gives you a single tool that detects basically every risk in your cloud environment -- and that's as easy to install and maintain as a smartphone app. It is agentless, or my intro would've gotten me into trouble here, but it can still see deep into your AWS workloads, while guaranteeing 100% coverage. With Orca Security, there are no overlooked assets, no DevOps headaches, and believe me you will hear from those people if you cause them headaches. and no performance hits on live environments. Connect your first cloud account in minutes and see for yourself at orca.security. Thats “Orca” as in whale, “dot” security as in that things you company claims to care about but doesn't until right after it really should have.Corey: That doesn't get better with a lot of modernization. I mean, I feel like half of my job—and I'm not exaggerating—is introducing Amazonians to one another. Corporate communication between departments and different groups is very far from a solved problem. I think the tooling can help but I've never been a big believer in solving political problems with technology. It doesn't work. People don't work that way.Nigel: Absolutely. One of my earliest times working at Puppet doing, sort of, higher-level sales and services and support, huge national telco walk in there; we've got the development team, the QA team, the infrastructure team. In the course of this conversation, one of them makes a comment about using apt-get, and the others were like, “What do you mean? We're on RHEL.” And it turned out, production was running on RHEL, the QA team running on CentOS and the developers were all building everything on Ubuntu. And because it was Java wraps, they almost didn't have to care. But write once, debug everywhere.Corey: History doesn't repeat, but it rhymes; before Docker, so much of development in startup-land was how do I make my MacBook Pro look a lot more like an EC2 Linux instance? And it turns out that there's an awful lot of work that goes into that maybe isn't the best use of people's time. And we start to see these breakthroughs and these revelations in a bunch of different ways. I have to ask. This is the tenth year that you've done the State of DevOps Report. At this point, why keep doing it? Is it inertia? Are you still discovering new insights every year on top of it? Or is it one of those things where well someone in marketing says we have to do it, so here we are?Nigel: No, actually, it's not that at all. So definitely, we're going to take stock after this year because ten years feels like a really good point to, sort of—it's a nice round number in certain kind of number system. Mainly the reason is, a lot of my job is going and helping big enterprises just get better at using technology. And it's funny how often I just get folks going, “Oh, I read this thing,” like people who aren't on the bleeding edge, constantly discussing these things on Twitter or whatever, but the State of DevOps Report makes its way to them, and they're like, “Oh, I read a thing there about how much better it is if we standardized on one operating system. And that made a really huge difference to what we were actually doing because you had all this data in there showing that that is better.”And honestly, that's the biggest reason why I ended up doing it. It's the fact that it seems to be a tool that has made its way through to very hard to penetrate enterprise folks. And they'll read it and managers will read things that are like, “If you set clear goals for your team and get them to focus on optimizing the legacy environment, you will see returns on it.” And I'm being a little bit facetious in the tone that I'm saying because a lot of this stuff does feel obvious if you're constantly swimming in this stuff day-to-day, but it's not just the practitioners who it's just a job for in a lot of big companies. It's true, a lot of the management chain as well. They're not necessarily going out and reading up on modern agile IT management practices day-to-day, for fun; they go home and do something else.Corey: One of my favorite conferences is Gene Kim's DevOps Enterprise Summit, and the specific reason behind that is, these are very large companies that go beyond companies, in some cases, to institutions, where you have the US Air Force as a presenter one year and very large banks that are 200 years old. And every other conference, it seems, more or less involves people getting on stage, deliver conference-ware and tell stories that make people at those companies feel bad about themselves. Where it's, “We're Twitter for Pets, and this is how we deploy software,” or the ever-popular, “This is how Netflix does stuff.” Yeah, Netflix has basically no budget constraints as far as hiring engineering folks go, and lest we forget, their failure mode is someone can't watch a movie right now. It's not exactly the same thing as the ATM starts spitting out the wrong balance in the streets.And I think that there's an awful lot of discussion where people look at the stories people tell on conference stages and come away feeling bad from it. Very often, I'll see someone from a notable tech companies talk about how they do things. And, “Wow, I wish my group did things like that.” And the person next to me says, “Yeah, me too.” And I check and they work at the same company.And the stories we tell are not necessarily the stories that we live. And it's very easy to come away discouraged from these things. And that goes triply so for large enterprises that are regulated, that have significant downside risk if the technology fails them. And I love watching people getting a chance to tell those stories.Nigel: Let me jump in on that really quickly because—Corey: Please, by all means.Nigel: —one is, you know, having done four years at Google, things are a shitshow internally there, too—Corey: You're talking about it like it's prison. I like it.Nigel: —you know. [laugh]. People get horrified when they turn up and they're like, “Oh, what it's not all gleaming, perfect software artifacts, delivered from the hand of Urs.” But I think what Gene has done with DevOps Enterprise Summit is fantastic in how people share more openly their failure states, but even there—and this is an interesting result we found from a few years ago, State of DevOps Report—even those executives are being more optimistic because it's so beaten into you as the senior executive; you're putting on a public face, and even when they're trying to share the warts-and-all story, they can't help but put a little bit of a positive spin on it. Because I've had exactly the same experience there where someone's up there telling a war story, and then I look, turn to the person next to me, and they work at that same 300-year-old bank, and they're like, “Actually, it's much, much worse than this, and we didn't fix it quite as well as that.” So, I think the big tech companies have terrible inside unless they're Netflix, and the big enterprises are also terrible. But they're also—Corey: No, no, I've talked to Netflix people, too. They do terrible things internally there, too. No one talks about the fact that their internal environments are always tire fires, and there are two stories: the stories we tell publicly, and the reality. And if you don't believe me on that, look at any company in the world's billing system. As much as we all talk about agile and various implementations thereof when it comes to things that charge customers money, we're all doing waterfall.Nigel: Absolutely. [laugh].Corey: Because mistakes show when you triple-charge someone's credit card for the cost of a small country's GDP. It's a problem. I want to normalize those sorts of things more. I'm looking forward to reading this year's report, just because it's interesting to see how folks who are in environments that differ from the ones that I get to see experience in this stuff and how they talk about it.Nigel: Yeah. And so one of the big results I think there for big companies that's really interesting is that one of the, sort of, anti-patterns is having lots of different types of teams. And I kind of touched on this before about having confusing team titles being a real problem. And not being able to cross organizational boundaries quickly is really, really—you know, it's a huge inhibitor and cause, source of friction. But turns out the pattern that is actually really great is one that the Team Topologies guys have discovered.If you've been following what Matthew Skelton and Manuel Pais have been doing for a while, they've basically been documenting a pattern in software organizations of a small number of team types, of a platform team, value stream teams, complicated subtest system teams, and enabling teams. And so we worked with Manuel and Matt on this year's report and asked a whole bunch of questions to try and validate the Team Topologies model, and the results came back and they were just incredibly strong. Because I think this speaks to some of the stuff you mentioned before that no one can afford to hire an army of Kubernetes developers, and whatever the hottest technology is in five years, most big companies can't hire an army of those people either. And so the way you get scale internally before those things become commoditized is you build a small team and create the situation where they can have outsized leverage inside their organization, like get rid of all the blockers to fast flow and make their focus self-service to other people. Because if you're making all of your developers learn distributed systems operations arcane knowledge, that's not a good use of their time, either.Corey: It's really not. And I think that's something that gets lost a lot is, I've never yet seen a company beyond the very early startup stage, where the AWS bill exceeded the cost of the people working on the AWS bill. Payroll is always a larger expense than infrastructure unless you're doing something incredibly strange. And, oh, I want to save some money on the cloud bill is very often offset by the sheer amount of time that you're going to have to pay people to work on that because, contrary to what we believe as engineering hobbyists, people's time is very far from free. And it's also the opportunity cost of if you're going to work on this thing instead of something else, well, is that really the best choice? It comes down to contextualizing what technology is doing as well as with what's happening over in the world of business strategy. And without having a bridge between those, it doesn't seem to work very well.Nigel: Absolutely. It's insane. It's literally insane that, as an industry, we will optimize 5%, 3% of our infrastructure bill or application workload and yet not actually reexamine business processes that are causing your people to spend 10% of their time in synchronous meetings. You can save so much more money and achieve so much more by actually optimizing for fast flow, and getting out of the way of the people who cost lots of money.Corey: So, one last topic that I want to cover before we call it an episode. You talk to an awful lot of folks, and it's easy to point at the aspirational stories of folks doing things the right way. But let's dish for a minute. What are you seeing in terms of people not using the cloud properly? I feel like you might have a story or two on that one.Nigel: I do have a few stories. So, in this year's report, one of the things we wanted to find out of, like, are people using the cloud in the way we think of cloud; you know, elastic, consumption-based, all of these sorts of things. We use the NIST metrics, which I recognize can be a little controversial, but I think you've got to start somewhere as a certain foundation. It turns out just about everyone is using the public cloud. And when I say cloud, I'm not really talking about people's internal VMware that they rebadged as cloud; I'm talking about the public cloud providers.Everyone's using it, but almost no one is taking advantage of the functionality of the cloud. They're instead treating it like an on-premise VMware installation from the mid-2000s, they're taking six weeks to provision instances, they're importing all of their existing processes, they keep these things running for a long time if they fall over, one person is tasked with, “Hey, do you know how pet number 45 is actually doing here?” They're not really treating any of these things in the way that they're actually meant to. And I think we forget about this a lot of the time when we talk about cloud because we jump straight to cloud-native, you know, the sort of bleeding edge of folks in serverless, highly orchestrated containers. I think if you look at the actual numbers, the vast majority of cloud usage, it's still things like EC2 instances on AWS. And there's a reason: because it's a familiar paradigm for people. We're definitely going to progress past there, but I think it's easy to leave the people in the middle behind when we're talking about cloud and how to improve the ecosystem that they all operate in.Corey: Part of the problem, too, is that whenever we look at how folks are misusing cloud, it's easy to lose sight of context. People don't generally wake up and decide I'm going to do a terrible job today unless they work in, you know, Facebook's ethics department or something. Instead, it's very much a people are shaped by the constraints they're laboring under from a bunch of different angles, and they're trying to do the best with what they have. Very often, the reason that a practice or a policy exists is because, once upon a time, there was a constraint that may or may not still be there, and going forward the way that they have seemed like the best option at the time. I found that the default assumption that people are generally smart and doing the right thing with the information they have carries you a lot further, in many respects than what I did is a terrible junior consultant, which is, “Oh, what moron built this?” Invariably to said moron, and then the rest of the engagement rapidly goes downhill from there. Try and assume good faith, and if you see something that makes no sense, ask, “Why is it like this?” Rather than, “Why is it like this?” Tone counts for a lot.Nigel: It's the fundamental attribution bias. It's why we think all other drivers on the road are terrible, but we actually had a good reason for swerving into that lane.Corey: “This isn't how I would have built it. So, it's awful.”Nigel: Yeah, exactly.Corey: Yeah. And in some cases, though, there are choices that are objectively bad, but I tried to understand where they came from there. Company policy, historically, around things like data centers, trying to map one-to-one to cloud often miss some nuances. But hey, there's a reason it's called the digital transformation, not a project that we did.Nigel: [laugh]. And I think you've got to always have empathy for the people on the ground. I quite often have talked to folks who've got, like, a terrible cloud architecture with the deployment and I'm like, “Well, what happened here?” And they went, “Well, we were prepared to deploy this whole thing on AWS, but then Microsoft's salespeople got to the CTO and we got told at the last minute we're redeploying everything on Azure.” And so these people were often—you know, you're given a week or two to pivot around the decision that doesn't necessarily make any sense to them.And there may have been a perfectly good reason for the CTO to do this: they got given really good kickbacks in terms of bonuses for, like, how much they were spending on the infrastructure—I mean, discounts—but people on the ground are generally doing the best with what they can do. If they end up building crap, it's because our system, society, capitalism, everything else is at fault.Corey: [laugh]. I have to say, I'm really looking forward to seeing the observations that you wound up putting into this report as soon as it drops. I'm hoping that I get a chance to speak with you again about the findings, and then I can belligerently tell you to justify yourself. Those are my favorite follow-ups.Nigel: [unintelligible 00:37:05].Corey: If people want to get a copy of the report for themselves or learn more about you, where can they find you?Nigel: Just head straight to puppet.com, and it will be on the banner on the front of the site.Corey: Excellent. And will, of course, put a link to that in the show notes, if people can't remember puppet.com. Thank you so much for taking the time to speak with me. I really appreciate it.Nigel: Awesome. No worries. It was good to catch up.Corey: Nigel Kersten, field CTO at Puppet. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice as well as an insulting comment telling me that ‘comcastic' isn't a funny word, and tell me where you work, though we already know.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

amazon netflix google state san francisco tech australian innovation microsoft fortune portland corporate cloud cd ipads pets cto pacific northwest tone cds gdp iot api puppets screaming atm aws linux java comcast us air force qa devops azure tides apache payroll macbook pro ubuntu yum firefox vmware s3 docker kubernetes git rpm aix nist irc servicenow sre gcc dsl urs kersten invariably apaches openstack gene kim ec2 yaml centos gitops launchdarkly corey quinn amazonians rhel team topologies devopsdays dsls devops report manuel pais duckbill group orca security pxe chief cloud economist last week in aws humblepod

E. 13 - Jez Humble: Continuous Innovation

Play Episode Listen Later Jul 1, 2021 34:07

Who is Jez Humble? Jez works in Site Reliability Engineering at Google and teaches at UC Berkeley. He previously co-founded the amazingly influential DevOps Research and Assessment, DORA. And co-conducted the annual State of DevOps Report. Before that was stints at 18F, the legendary Obama-era federal agency that modernized several digital services and thought works. Get ready to meet Jez!

google state innovation barack obama uc berkeley continuous jez site reliability engineering 18f jez humble devops report devops research

State of DevOps Report 2021 & DORA

The Pipeline: All Things CD & DevOps Podcast by The CD Foundation

Play Episode Play 35 sec Highlight Listen Later Jun 4, 2021 16:29

Guest Speakers: Nikhil Kaul & Dustin Smith Google joins us to discuss what the State of DevOps Report is and focus areas of research for this year's survey. Tune in to learn more. Support the show

state devops report

Driving State-of-the-Art DevOps with Nathen Harvey

The Pipeline: All Things CD & DevOps Podcast by The CD Foundation

Play Episode Listen Later May 20, 2021 33:42

About NathenNathen Harvey, Cloud Developer Advocate at Google, helps the community understand and apply DevOps and SRE practices in the cloud. Nathen formerly led the Chef community, co-hosted the Food Fight Show, and managed operations and infrastructure for a diverse range of web applications. Links: cloud.google.com/devops: https://cloud.google.com/devops 97 Things every Cloud Engineer Should Know: https://shop.aer.io/oreilly/p/97-things-every/9781492076735-9149 Twitter: https://twitter.com/nathenharvey TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It’s an awesome approach. I’ve used something similar for years. Check them out. But wait, there’s more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It’s awesome. If you don’t do something like this, you’re likely to find out that you’ve gotten breached, the hard way. Take a look at this. It’s one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That’s canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I’m a big fan of this. More from them in the coming weeks.Corey: This episode is sponsored in part by our friends at Lumigo. If you've built anything from serverless, you know that if there's one thing that can be said universally about these applications, it's that it turns every outage into a murder mystery. Lumigo helps make sense of all of the various functions that wind up tying together to build applications.It offers one-click distributed tracing so you can effortlessly find and fix issues in your serverless and microservices environment. You've created more problems for yourself. Make one of them go away. To learn more, visit lumigo.io.Corey: Welcome to Screaming in the Cloud. I’m Corey Quinn. I’m joined this week by Nathen Harvey, a cloud developer advocate at a small startup called Google. Nathen, thank you for joining me.Nathen: Hey, Corey. It’s really great to be here.Corey: We’ll get to the Google bits in a little, but first, I want to start back in the beginning with your origin story. It turns out, for example, that you were at a lot of places, and the first thing going through your history that I really recognized was way back at the end of 2009, where you were the web operations manager at Custom Ink. They’re a t-shirt company—and other apparel—that I’ve been using for three years now for the charity t-shirt drive here, as well as other sundry things. Longtime listeners of the show might remember we had Ken Collins on to talk about Ruby in Lambda and other horrifying things, before it was cool.Nathen: Yes, indeed, I was at Custom Ink. And, you know, you talk about them being a t-shirt company, and I don’t know… maybe I’m still a shill for Custom Ink, but I really look at them as an experience company. And you’ve recognized that yourself. They produce and help people, really encourage that group and experiences, and really drive what does it mean to connect with other humans, and how can you do that through custom apparel? To me, that’s what Custom Ink has always been about. They’re not selling t-shirts; they are selling an experience.Corey: In my case, I view them as a t-shirt company because, let’s be fair here, I wind up doing charity t-shirt drives, and they’ve always been extremely supportive of—well, there’s really no other way to put this—my ridiculous nonsense. The year I had linked campaigns of the ‘AMI has three syllables’ shirt that was on sale, and then for the Amazonians, ‘ah-mi’ is how it’s pronounced instead and that one was $10 more because there’s a price to being wrong. And all proceeds, of course, went to benefit the charity of the year. And that was a fun thing. And I talked to a number of other folks on this, and they look at me very strangely, and Custom Ink didn’t even blink.Nathen: Right, right. Absolutely. Absolutely.Corey: And yes, they said lots of other apparel, but for whatever reason, it seems that sending out complicated multiple options of things that need each hit minimum order quantities to print during a fundraiser, and the fact that I don’t have to deal with the money because they just wind up sending it over directly. It’s just easier. It’s one of those things where back when I was a single person who was doing this stuff, I didn’t have to worry about it. Now that I’ve grown and my needs have multiplied, I still like doing business with them. Great folks.Nathen: Absolutely. And that’s exactly what I mean by—like, they’ve sold you on that experience. That’s why you continue to do business with them. It’s not just because of the t-shirts. It’s the whole package that goes along with it.Corey: And then in 2012, the world didn’t end. But yours kind of did because you stopped working at Custom Ink and went to another company called Chef. You were there for a little over six years. You started off as a community director and then became the VP of Community Development. And I think you did an amazing job, but first tell me about that, then I will give my hot take.Nathen: All right, great. I’m always up for the hot takes. So listen, Chef was an amazing community of people. Oh, it was also a company. And so I really fell in love with—while I was at Custom Ink, actually, we were using Chef, and I fell in love with the community.And I was doing a lot of community support, running my own podcast, or participating with some co-hosts on a podcast called the Food Fight Show back in the day—it was all about Chef—running meetups and so forth. And at one point I decided, you know, what I should do maybe is stop being on call and start supporting this community full time. And that’s exactly what I did. I went to Chef and yes, as you mentioned, spent just over six years there, or just about six years there, and it was really, really an incredible time. Lots of hugs to be given, and just a great community in the DevOps space.Corey: I took a somewhat, I guess, agreeing or disagreeing position. I was on the Puppet side of the configuration management debate, and it was challenging. And then, ah, I was one of the very early developers behind SaltStack because clearly, the problem with all of these things was that no one had written it correctly, and we were going to fix that. And it turns out no, no, the problem was customers the whole time. But that’s a separate debate.So, I was never in the Chef ecosystem. That was the one system I never really touched in anger. And it’s easy to turn this into a, “Oh, you folks were the competition,” despite the fact I’ve never actually worked directly for either of those companies. But it was never like that because our real enemies were people configuring things by hand, for one because that’s unnecessary toil; don’t do it, and it was also just such an uplifting sense of community. Some of the best people I knew were in the Chef ecosystem, in the Chef orbit.For a while, they’re, on some level—and this is something I’d love to get your thoughts on—it seems that a failure mode that Chef exhibited was hiring directly from its community, where if someone was a big fan of Chef, start a stopwatch, they’re going to be working there before the month is out.Nathen: I think that Chef, the company definitely pulled a lot of community members into the organization. And frankly, when the company started, that was really, really great because it was an early startup. And as the company grew, it was still wonderful, of course, to pull in people from the community to really help drive the future direction, how our customers are using it. But like you said, there is a little bit of a challenge or concern when you start pulling too many of your most vocal supporters out of the community and putting them into the company, sometimes in places or roles where they didn’t have the opportunity to be as vocal, as big a champions for the product, for the services.Corey: I think at some level, it was—again, it helps to have people who are passionate about the product working there, but on the other, it felt like over time, it wound up weakening the community in some respects, just because everyone who worked there eventually found themselves in a scenario of well, I work here, it’s what we do, and now I have to say nice things. It winds up weakening the grassroot story.Nathen: Mmm. There’s definitely some truth to that, but I think there’s also some truths to just the evolution of community as you went from a community in the early days where there were a lot of contributors to over time—gratefully so—the community that—or sort of the proportion of the community that were consumers of Chef versus contributors to Chef, that balance changed. And so you had a lot more customers using the product. So, I don’t disagree with you, but I do think that it’s part of the natural evolution of community as well.Corey: And all things must end. And of course, Chef got acquired, I believe, after you left. So, I mean, at that point, you left, they were rudderless and what else were they to do? And you went to Google. And that is always an interesting story because Google’s community interaction before the time you wound up there, and after—I don’t know that you were necessarily the proximate cause, but I’m going to hang that around your neck because it’s all been a positive change since then—look radically different.Nathen: Yeah. Well, thank you. It is definitely not something that I should wear or carry alone, but going to Google was an interesting choice for me and I recognize that. And, you know, honestly, Corey, one of the things that drove me to Google was a good friend of mine, Seth Vargo. And just to kind of tie the complete throughline here, Seth and I worked together at Custom Ink, we’ve worked together at Chef, he left Chef and went to Hashi, and then went to Google. And the day after I knew that he was going to Google, I called him up and I said, “Seth, come on. Google’s so big. Why? Why? And how? I don’t understand. I don’t understand the move.”Corey: I asked him many of the same questions back in episode three of this show. He was a very early guest when I was scared speechless having conversations. It’s improved since then, a couple hundred in. But yeah, very friendly; very open; very warm.Nathen: Yeah. And, you know—Corey: “Why are you at Google?” was sort of the next follow-on question there in that era.Nathen: [laugh]. Yes, indeed. And I do think that Google, and specifically Google Cloud, has really taken to heart this idea that there’s a lot that we can learn from each other. And I don’t mean from each other within Google. Although, of course, we can learn a lot from each other.But we can also learn a lot from our community, from our customer base. How are they using Google Cloud? How are they using technology to drive their business forward? These are all things that we can learn. It turns out, not every company has Google, and that’s a good thing.Not every company should be Google or Google-sized, and certainly don’t have Google customers. And I think that it’s really important that we recognize that when we work with a customer, they’re the experts in their customers, and in their systems, and so forth.Corey: A lot has changed with Google’s approach to, well, basically everything. It turns out that when you’re a company that is, what, 26 years old now—27, something like that—starting with humble beginnings and then becoming a trillion-dollar entity, things change. Culture change, your community changes, what you do changes, and that becomes something that I think is not necessarily fully appreciated or fully understood in some corners. But then 2018 hit. You went to Google; what did you do then?Because it is such a large company that it is very difficult to know what any individual is up to there, and the primary means that I engage in the DevRel community space—specifically via aggressively shitposting on Twitter—isn’t really your means of interacting with the community. So, from that particular point of view, it’s, “Oh, yeah, he went to Google, and no one ever heard from him again.” What is it you say it is you do there?Nathen: Yeah. So, for sure. What I do here as a cloud advocate, is I really focus in on kind of two areas, I would say: DevOps—and I recognize that is a terrible, terrible word because when I say it, we all think of different things, but I definitely focus on the DevOps—and then SRE practices as well, or Site Reliability Engineering. And specifically what I work on is how do we bring the principles and practices of DevOps, of SRE, into our customer base and into the community at large? How do we drive what is the state of the art?How do we approach these particular topics? And so that’s really what I’ve been focused on since joining Google. Well, frankly, I was focused on that while at Chef, as well, maybe without the SRE bend so much, but certainly at Google SRE comes in, but it’s always—for the past decade for me—been about DevOps and how do we use technology to align the humans and work towards the business outcomes that we’re driving for?Corey: And business outcomes become an interesting story in the world of cloud because it distills down, for a cloud service provider is, we would like people to use our cloud, more of it, in perpetuity. It is not a complicated business model—if I can be direct—because business models inherently are not. “Whatever it is your company does, we would like you to do it here.” And that turns into a bunch of differentiated services across the spectrum, in some cases hilariously so, when it turns into basically pick an English word, and there’s a 50/50 shot that’s part of a service name somewhere. But a lot of it distills down to baseline distinct primitives.You’re talking about the DevOps aspect of it, which is—we talk about, is it culture? Is it tools? No, it’s a means to sell conferences, and books, and things like that. But what is it in the context of a cloud service provider? Specifically, Google because let’s be clear here, DevOps apparently for other providers is Azure DevOps. That’s right. It’s a service name, and DevOps Guru on the AWS side because everything is terrible.Nathen: Absolutely. Look, I think that I used to snark that the only DevOps tool was the manager of DevOps. But the truth is that DevOps is… it is tooling, and it is culture, and to separate the two is really a fool’s errand. I think that your tooling amplifies your culture, your culture amplifies your tooling. Together, this is how we make progress.Now, when it comes to Google, what do we mean when we say DevOps? Well, one of the good things is, shortly after I joined Google Cloud, Google Cloud acquired DORA, the DevOps Research and Assessment Organization.Corey: Jez Humble, and Dr. Nicole Forsgren. And then, for all intents and purposes, they googled it. Relatively shortly thereafter, by which I mean, we never really heard from DORA again. In 2020, the “State of DevOps Report” didn’t exist, which was what they were famous for doing. And it was, “Oh, yep. That’s a Google acquisition all right.” Is that what happened? Did I miss some nuance there?Nathen: Yeah. Let’s talk about that. So first, you’re right, it was Dr. Nicole Forsgren, who founded DORA. So, when the acquisition happened, she came along to Google Cloud, Jez Humble came along through that acquisition as well. And frankly, what happened in 2020? Well, Corey, I don’t know if you noticed, but there was a lot happening in 2020, much of it not very good. I think when we look at the global scale, like, 2020 was not a great year for us—Corey: It was a rebuilding year.Nathen: Oh, all right, fair enough. Fair enough. [laugh]. A rebuilding year. But so here’s what happened with DORA, quite frankly. We—Google Cloud—continue to invest in that research program. And really, in a sense, 2020 was a rebuilding year, in that our focus was really about how do we help our customers and our community apply the lessons of DORA?And so one of the things that we’ve done is we’ve released much of the research under cloud.google.com/devops, including right there, a DevOps quick check where, as a team you can go in and, using the metrics and the research program from DORA, you can assess, are you a low, medium, high, or elite performer?And then beyond that assessment, actually use the research to help you identify which capabilities should my team invest in improving. So, those capabilities might be technical capabilities, things like continuous integration; it might be process or measurement capabilities, or in fact, cultural capabilities. So, all of these capabilities come together to help you improve your overall software delivery and operations performance. And so in 2020, the big thing that we did was release and continue to update this Quick Check, release the research, make it fully available. We’ve also spent some time internally on the program that, you know, is not super interesting to talk about on the podcast.But the other thing that we did in 2020 with the DORA research program was update the ROI research, the return on investment research. This is something that maybe your listeners don’t care about, but their managers might care about, their CIOs, CTOs, CFOs might care about. How do we get money back on this transformation thing? And the research paper really digs into exactly that. How do we measure that? What returns can we expect? And so forth. So, that was released in 2020.Corey: I have a whole bunch of angry thoughts about a lot of takes in that space, but this is neither the time nor the place for me to begin ranting incoherently for an hour and a half. But yeah, I get that it was a year that was off, and now you’re doing it again, apparently, in 2021. And the one thing I never really saw historically because I don’t know if I’m playing in the wrong environments, or I’m certainly not the target [laugh] audience now, if I ever really was, but most years, I missed the release of the survey of where people can go to fill in these questions. I would be interested to know where that is now. And then I would be interested to know, how have you been socializing in that in the past? In other words, where are you finding these people?Nathen: Yeah, for sure. So, the place you go to find the survey right now is cloud.google.com/devops, you’ll find a button on the page that says something like, “Take the survey,” or, “Take the 2021 survey.”And what we’ve done in the past, and really what DORA has done in the past is use a number of different ways to get out information about the survey, when the survey is open, and so forth. Primarily Twitter, but also we have partners, and DORA historically has used partners as well to help share that the survey itself is open. So, I would absolutely recommend that you go and check out the survey because I’ll tell you what, one of the things that’s really interesting, Corey, over the years, I’ve talked to a bunch of people that have taken the survey, and that have read the State of DevOps Report that comes out each year, and some of the consistent feedback I’ve heard from folks is that simply taking the survey and considering the questions that are asked as part of the survey gives great insight immediately into how their team can improve. What things, what capabilities are they lacking? Or what capabilities are they doing really well with and they don’t need to make investments on? They can immediately see that just by answering and carefully considering the questions that are part of the survey.Corey: This episode is sponsored by ExtraHop. ExtraHop provides threat detection and response for the Enterprise (not the starship). On-prem security doesn’t translate well to cloud or multi-cloud environments, and that’s not even counting IoT. ExtraHop automatically discovers everything inside the perimeter, including your cloud workloads and IoT devices, detects these threats up to 35 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS today at extrahop.com/trial.Corey: Very often, in some cases looking at things like maturity models and the like, the actual report is less valuable than the exercise of filling it out and going through the process. I mean, compliance reports, audit framework, et cetera, often lead to the same outcomes. The question is, are you taking it seriously, or are you one of those folks who is filling out a survey because do this and you’ll be entered to win a $25 gift card somewhere? Probably Blockbuster because it no longer exists. I get those in my email constantly of, “Yeah, give half an hour of your time in return for some paltry chance to win something.”No, I have a job to do. And I worry if at that level of that approach, who are you actually getting that’s going to sit down and fill this thing out? That said, the State of DevOps Reports have been for a long time, sort of the gold standard in this space and I would encourage people listening to this to absolutely take the time to fill that out. cloud.google.com/devops.I’m looking forward to seeing what comes out of it. And I love it because of the casual shade you can use to throw at other companies, too. Like, “Are you an elite team?” With the implicit baked-in sentiment being, no, you’re not, but I want to hear you say it.Nathen: Yeah, one of the things that really sets DORA apart, also, I think, is just the—well, two of the things I guess I would say. One is the length of time that the research program has been running. It’s going on seven years now that this research program has been running, and so given that, you have tens of thousands of IT professionals that have taken the survey and provided insights into sort of what’s the state of our industry today, and where are we heading, but it’s also an academically rigorous survey. The survey and the research itself has always and continues to be completely platform and program agnostic. This is not a survey about Google Cloud.This is not a survey where we’re trying to help understand exactly what products on Google Cloud should you use in order to be an elite performer. No. That’s not what this is about. It is about, truly, capabilities that your team needs in order to improve their software delivery and operations performance. And I think that’s really, really important.Dr. Nicole Forsgren who founded DORA, she didn’t come up with all of these ideas: “Hey, I think that you get better by doing this.” No. Instead, she researched all of these ideas. She got this input from across organizations of all sizes, organizations in every industry, and that, I think, really sets it apart.And our ability to really stay committed to that academic rigor, and the platform-agnostic approach to capturing and investigating these capabilities, I think is so important to this research. And again, this is why you should participate in the survey because you truly are going to help us move the state of the art of our industry.Corey: No, historically, there’s been a challenge where the mantle of thought leadership in conjunction with Google have intersected because there’s a common trope—historical—and I think that it is no longer accurately true. It’s an easy cheap shot, but I don’t think it holds water like it once did. Where, “Oh, Googler. It’s another word for condescending.” And there is an element of “Oh, this is how DevOps should be; this is how we’re moving things forward.” How do you distance it from being Google says you should do it like this?Nathen: Yeah. This comes up a lot. And frankly, I get in conversations with customers asking, “How does Google do this? How does Google do that?” And my answer always is, “You know, I can tell you how Google does something, and that might be interesting, but the fact is, it’s not much more than that, much more than interesting. Because what really matters is how are you going to do this? How are you going to improve your outcomes, whether that’s you’re delivering faster, you’re delivering more reliable, you’re running more reliable services? You’re the experts. As I mentioned earlier, you’re the experts in your teams, in your technology, and your customers. So, I’m here to learn right along with you. How are you going to do this? How are you going to improve?” Knowing how Google does it, eh, it’s interesting, but it’s not the path that you will follow.Corey: I think that’s one of those statements that can’t ever be outright stated on a marketing website, somewhere; it’s one of those shifts that you have to live. And I think that Google’s done a pretty decent job of that. The condescending Googler jokes are dated at this point, and it’s not because there was ever an ad campaign about, we’re not condescending anymore. It was a very subtle shift in the way that Google spoke to its customers, spoke about themselves. I no longer feel the need to stand up in a blinding white rage in the Q&A portion of conference talks given by Google employees.A lot has changed, and it’s not one thing that I can point to, it’s a bunch of different things that all add up to dramatically shifted credibility models. Realistically, I feel like that is a microcosm of a DevOps transformation. It’s not a tool; it’s not a single person being hired; it’s not, we’re taking an agile class for three days for all of engineering, and now things will be better. It’s a whole bunch of sustained work with a whole bunch of thought, and effort put into making it an actual transformation, which is such a toxically overloaded term, I dare not use it.Nathen: Indeed. And there’s no maturity model that shows, are you there yet? And it is something that you don’t flip on or flip off like a switch, right? It doesn’t happen overnight. It takes iteration and iterative change across the entire organization.And just like every change that you have across an organization, there are places where it’s going better than other places. And how do you learn from that? I think that’s really, really important. And to recognize and to bring some of that humility to the table is so important.Corey: So, what’s interesting about folks that I talk to on this show—well, there are many interesting things, but one of the interesting things is, is that they have a higher rate than the general population of having at one point in their careers, written a book of some form, and you are, of course, no exception. You and Emily Freeman co-authored recently, a book entitled 97 Things every Cloud Engineer Should Know. And it’s interesting because it only has one nine in the title. Okay, that is at least an attempt at being available. I know it’s available wherever most books are sold. Tell me more.Nathen: Yeah, so first, let’s start with the 97. Why 97? Corey, I don’t know if this or not, but 100% is the wrong reliability target for just about everything. So, 97. That feels achievable.Corey: It also feels like three people said they would do it and then backed out at the last minute, but that’s my cynicism speaking.Nathen: Well, for better or worse, O’Reilly. Has a whole 97 Things series and this is part of it. So, it is, in fact, 97 things. The other thing that I think is really important about the book: you mentioned that Emily and I wrote it, and the beauty is, for a long time, I’ve wanted to have written a book, and I have never wanted to be writing a book.Corey: That is what every author has ever said. It’s, no one wants to write a book; they want to have written one. And then you get a couple of beers into people and ask them, “So, I’m debating writing a book. Should I?” The response is, “No. Absolutely not. No.” And at some point, when you calmed them down again, and they stop screaming, they tell you the horrifying stories, and you realize, “Oh, wow, I really never want to write a book.”Nathen: [laugh]. Yes. Well, the beauty of 97 Things and this book in particular, or the whole series, really, is its subtitle is Collective Wisdom from the Experts. So, in fact, we had over 80 different contributors sharing things that other cloud engineers should know. And I think this is also really, really important because having 80-plus contributors to this book gave us, not 97 things that Emily and Nathen think every cloud engineer should know, but instead, a wide variety of experience levels, a wide variety of perspectives, and so I think that is the thing that makes the book really powerful.It also means that those 80-some folks that contributed to the book, had to write a very short article. So, of course, with 80 authors and 97 Things, the book is not—it doesn’t weigh 27 pounds, right? It’s less than 300 pages long, where you get these 97 tidbits. But really, the hope and the intent behind the book is to give you an idea about what should you explore deeper and, just as importantly, who are some people that you can, maybe, reach out to and talk to about a particular topic, a particular thing that a cloud engineer should know. Here are 80 people that are here, helping you and really cheering you on as you take this journey into cloud engineering.Corey: I think there’s something to be said from having the stories for this is what we do, this is how we do it. But the lessons learned stories, those are the great ones, and it’s harder to get people on stage to talk about that without turning into, “And that’s how we snagged victory from the jaws of defeat.” No one ever gets on stage and says and that’s why the entire project was a boondoggle and four years later, we’re still struggling to recover. Especially, you know, publicly traded companies tend not to say those things. But it’s true.You wind up with people getting on stage and talking instead about these high-level amazing things that they’ve done in the project went flawlessly, and you turn to the person next to you and say, “Yeah, I wish I could work in a place like that.” And they say, “Yeah, me too.” And you check, and they work at the same place as the presenter. Because it’s conference-ware; it’s never a real story. I’m hoping that these stories go a bit more in-depth into the nitty-gritty of what worked, what didn’t work, and it’s not always ‘author as hero protagonist.’Nathen: Oh, you will definitely find that in this book. These are true stories. These are stories of pain, of heartache, of victory and success, and learnings along the way. Absolutely. And frankly, in the DevOps space, we do an okay job of talking openly about our failures.We often talk about things that we tried that went wrong, or epic failures in our systems, and then how we recovered from them. And yes, oftentimes, those stories have a great sort of storybook ending to them, but there’s a lot of truth in a lot of those stories as well because we all know that no organization is uniformly good at everything. That may be the stories that they want to share most, but, you know, there’s some truth in those stories that hopefully we can find. And certainly, in this book, you will find the good, the bad, the ugly, the learnings, and all of the lessons there.Corey: Where can people find it if they want to buy it?Nathen: Oh, you know, you can find it wherever you buy books. There are of course, ebooks, O’Reilly’s website, you know with the—Corey: Wherever fine books are pirated. Yes, yes.Nathen: That’s a good place to go for books, yeah. For sure.Corey: And we will, of course, throw a link to the book in the [show notes 00:29:12]. Thank you so much for taking the time to speak with me. If people want to learn more about the rest of what you’re up to, how you’re thinking about it, what wise wisdom you have for the rest of us, okay can they find you, other than the book?Nathen: Yeah, a great place to reach out to me is on Twitter. I am at @nathenharvey. But I should warn you, my father misspelled my name. So, it’s N-A-T-H-E-N-H-A-R-V-E-Y. So, you can find me on Twitter; reach out to me there.Corey: And we will of course include links to all of that in the [show notes 00:29:43] as well. Thank you so much for speaking to me today. I really appreciate it.Nathen: Thank you, Corey. It’s been a pleasure.Corey: Nathen Harvey, cloud developer advocate at Google. I’m Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you’ve enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you’ve hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment telling me that I’m completely wrong. You can instantly get DevOps in your environment if I only purchase whatever crap it is your company sells.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

amazon culture english google state chefs driving cloud roi enterprise longtime iot puppets screaming cios aws devops community development google cloud cfos o'reilly lambda sre googlers ctos quickcheck devrel collective wisdom hashi azure devops site reliability engineering nathen corey quinn amazonians emily freeman jez humble nmap saltstack extrahop nicole forsgren devops report ken collins duckbill group thinkst cloud developer advocate nathen harvey devops research chief cloud economist seth vargo last week in aws humblepod

The State of DevOps Survey & The Need for Change Management

Play Episode Play 52 sec Highlight Listen Later Apr 16, 2021 26:29

Guest Speaker: Nigel KerstenNow in its tenth year, Puppet has opened its annual State of DevOps Report and we would like to invite listeners to take part. Nigel Kersten has been the primary author over the years and he joins us today to unpack what a decade of research has uncovered. Take the Survey: https://survey-d.dynata.com/survey/selfserve/53b/2103608?list=4&sponsor=6#? Support the show (https://cd.foundation/podcast/podcast-submission-form/)

state survey puppets change management devops devops report

5. Accelerate

texta.fm

Play Episode Listen Later Mar 30, 2021 72:42

技術顧問の和田卓人さんと、LeanとDevOpsの科学（原題: Accelerate）について話しました。 Show Notes: ピクスタ技術ブログ「てくすた」パーフェクトRuby on Rails【増補改訂版】 LeanとDevOpsの科学 Accelerate Nicole Forsgren Jez Humble（「Continuous Delivery」「The DevOps Handbook」などの著者） Gene Kim（「The DevOps Handbook」などの著者） The Lean Startup ヘロヘロScrum Jolt Awards Jolt Awards の 22年（受賞本リスト） Dr. Dobb's Journal ITエンジニア本大賞2021 DORA joins Google Cloud 2020 State of DevOps Report ajitofm 42: You must unlearn what you have learned 質とスピード（2020秋100分拡大版）組織にテストを書く文化を根付かせる戦略と戦術（2020秋版）ブランド・エクイティ Agile & Lean Metrics: Cycle Time d/d/d DevOps tech: Trunk-based development Feature toggle フロー効率性とリソース効率性について XP祭り2017で発表してきた #xpjug 稼働率100%をねらってはいけない Mob Programming – A Whole Team Approach by Woody Zuill Inner source Why Software Is Eating the World CTOとして招聘されて1年でDX Criteriaを大幅改善するために追求した唯一の成果指標 DX Criteria

state feature agile accelerate devops trunk google cloud xp dobb devops report

2020 State of DevOps with Alanna Brown

state sr puppets devops director marketing devops report

Play Episode Listen Later Mar 28, 2021 43:53

Alanna Brown is Sr. Director Marketing at Puppet and a person standing behind the State of DevOps report from the very beginning. I talked with Alanna about key insights from the latest 2020 State of DevOps but we also touched upon the past and how the report came to life, a story that few people are familiar with.Subscribe to 0800-DEVOPS newsletter here.Show notes:This interview is featured in 0800-DEVOPS #20 - 2020 State of DevOps Report.2020 State of DevOps is available here.

Life after the State of DevOps Report - Scaling DevOps

Puppet Podcast

Play Episode Listen Later Mar 17, 2021 30:41

Hear about the behind-the-scenes process of creating the 2020 State of DevOps Report. Nigel Kersten and Michael Stahnke dive deep into the data that drives the narrative of the report and take us on a journey dissecting numerous conversations with IT DevOps practitioners and decision makers alike in this episode. Learn moreDownload the 2020 State of DevOps Report.Read the 2020 DevOps Salary Report to discover how salaries changed during the pandemic.

state scaling puppets devops devops report

State of DevOps Report

The Pipeline: All Things CD & DevOps Podcast by The CD Foundation

Play Episode Play 29 sec Highlight Listen Later Feb 26, 2021 23:40

In episode 7 of season 2 of The Pipeline: All Things CD & DevOps I sit down with two community members, CircleCI & Puppet, to talk about the State of DevOps Report 2020. First, we dive into how our guests started their journey into DevOps and then key findings of the 2020 report. Tune in to listen to Alanna Brown & Michael Stahnke to learn more about the State of DevOps Report 2020. Support the show

state puppets devops circleci devops report

Episode 273: Look at my iPad

Play Episode Listen Later Nov 27, 2020 56:19

The week we preview AWS re:Invent, breakdown the latest CNCF Survey and discuss container adoption. Plus, a review of banking apps, Google Pay and an update on Coté’s quest to achieve the iPad Lifestyle. The Rundown AWS RE:invent (https://virtual.awsevents.com/agenda) CNCF survey (https://www.cncf.io/wp-content/uploads/2020/11/CNCF_Survey_Report_2020.pdf) Datadog Report 11 facts about real world container use (https://www.datadoghq.com/container-report/) Relevant to your Interests Apple’s biggest App Store critics are not impressed with its new fee cut for small developers (https://www.theverge.com/2020/11/18/21573109/epic-tim-sweeney-apple-app-store-fee-cut-reduction-criticize) Cloud gaming services use iPhone's web browser door (https://www.axios.com/newsletters/axios-login-765269c9-3841-4958-aa1d-839cb1e51e04.html?chunk=3&utm_term=emshare#story3) Roblox IPO (https://www.axios.com/newsletters/axios-pro-rata-be45e818-9f5c-4fd5-a285-5f00beef25e3.html?chunk=1&utm_term=emshare#story1) 2020 State of DevOps Report | presented by Puppet, & CircleCi (https://puppet.com/resources/report/2020-state-of-devops-report/?mkt_tok=eyJpIjoiWldSbVpUbGtaVEZtWVRFMiIsInQiOiJhYWtBcEcxQ3Z2TitXcCtkbXJDZTBIbVcrb25qMEtTR1VvWXZNaDV2QmZEXC96ekJxZGxIRmxcL0JwaHdjN1FVYWMrUm9rRG8rYTE3QmozRlo4QU9IdFhvRWt3WUNvdDVvZWJSVmpLaFEzZnhNMllocGZNZUlUS0RmcVwvTDVZSEh3RSJ9) FireEye acquires Respond Software for $186M, announces $400M investment – TechCrunch (https://techcrunch.com/2020/11/19/fireeye-acquires-respond-software-for-186m-announces-400m-investment/) Rewritten in Rust: Modern Alternatives of Command-Line Tools (https://zaiste.net/posts/shell-commands-rust/) CIA Awards Secret Multibillion-Dollar Cloud Contract (https://www.nextgov.com/it-modernization/2020/11/exclusive-cia-awards-secret-multibillion-dollar-cloud-contract/170227/) The Substackerati (https://www.congress.gov/bill/116th-congress/senate-bill/2904) Act against Deep fakes (https://www.congress.gov/bill/116th-congress/senate-bill/2904) Designed to Deceive: Do These People Look Real to You? (https://www.nytimes.com/interactive/2020/11/21/science/artificial-intelligence-fake-people-faces.html) Nonsense The Ultimate Texas Tacopedia — Texas Monthly (https://apple.news/Am6Utkw2LT3ef1xCA3R4Q7A) Professor Cold Takes 2: Freeze Harder (https://twitter.com/vcbrags/status/1330510704441503744?s=21) Kubernetes Services explained (https://twitter.com/rpkatz/status/1330511026849275909?s=21) Apple’s biggest App Store critics are not impressed with its new fee cut for small developers (https://www.theverge.com/2020/11/18/21573109/epic-tim-sweeney-apple-app-store-fee-cut-reduction-criticize) (https://twitter.com/rpkatz/status/1330511026849275909?s=21) Sponsors strongDM — Manage and audit remote access to infrastructure. Start your free 14-day trial today at: strongdm.com/SDT (http://strongdm.com/SDT) Teleport provides consolidated access to all computing resources such as servers, Kubernetes clusters or internal applications across all environments. Watch a demo, download the free version, or sign up for cloud at goteleport.com (https://goteleport.com/) Twilio is the platform developers trust to build communications experiences with phone calls, text messages, video calls, and more. Visit twilio.com (https://www.twilio.com/) to learn more. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) and LinkedIn (https://www.linkedin.com/company/software-defined-talk/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté’s book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Matt: Shot: Build a DIY screen out of recycled parts for cheap (https://www.youtube.com/watch?v=CfirQC99xPc) Brandon: Chefman 1.8 Liter Electric Glass Kettle With Removable Tea Infuser (https://www.costco.com/chefman-1.8-liter-electric-glass-kettle-with-removable-tea-infuser.product.100412554.html) Coté: PDF Expert (https://pdfexpert.com/ios). Dithering (https://dithering.fm) podcast is still good. Photo Credit (https://www.cncf.io/wp-content/uploads/2020/11/CNCF_Survey_Report_2020.pdf) Photo Credit (https://unsplash.com/photos/unRkg2jH1j0)

Episode 272: This time we’re doing it in green

state data puppets gareth devops devsecops product director snyk synk alyssa miller devops report

Play Episode Listen Later Nov 20, 2020 64:32

This week we discuss IBM buying Instana, highlights from Kubecon and the rise of Substack. Plus, Coté updates us on his quest to live the iPad lifestyle. The Rundown IBM To Acquire Instana For Undisclosed Terms (https://www.nasdaq.com/articles/ibm-to-acquire-instana-for-undisclosed-terms-quick-facts-2020-11-18) Instana Crunch Base Overview (https://www.crunchbase.com/organization/instana) KubeCon Review Envoy Mobile Joins the CNCF (https://medium.com/@mike.schore/99aee4bdb32e) Open Source Web Engine Servo to be Hosted at Linux Foundation - The Linux Foundation (https://www.linuxfoundation.org/press-release/2020/11/open-source-web-engine-servo-to-be-hosted-at-linux-foundation/) Relevant to your Interests The Evolution of Cloud (https://greylock.com/jerry-chen-the-evolution-of-cloud/) 2020 State of DevOps Report | presented by Puppet, & CircleCi (https://puppet.com/resources/report/2020-state-of-devops-report/?mkt_tok=eyJpIjoiWldSbVpUbGtaVEZtWVRFMiIsInQiOiJhYWtBcEcxQ3Z2TitXcCtkbXJDZTBIbVcrb25qMEtTR1VvWXZNaDV2QmZEXC96ekJxZGxIRmxcL0JwaHdjN1FVYWMrUm9rRG8rYTE3QmozRlo4QU9IdFhvRWt3WUNvdDVvZWJSVmpLaFEzZnhNMllocGZNZUlUS0RmcVwvTDVZSEh3RSJ9) Amazon's Inferentia AI Chip Is Ready For Prime Time, Now Powers the Alexa Service (https://www.fool.com/investing/2020/11/12/amazons-inferentia-ai-chip-is-ready-for-prime-time/) FinOps Foundation launches Kubernetes Whitepaper with CNCF, adds vendor members, Densify, SoftwareOne, Virtasant and more... (https://www.finops.org/blog/finops-foundation-launches-kubernetes-whitepaper-with-cncf-adds-vendor-members-cloudcmx-densify-softwareone-and-virtasant/) Google Pay reimagined: pay, save, manage expenses and more (https://blog.google/products/google-pay/reimagined-pay-save-manage-expenses-and-more/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) New Zoom feature can alert room owners of possible Zoombombing disruptions (https://www.zdnet.com/article/new-zoom-feature-can-alert-room-owners-of-possible-zoombombing-disruptions/) Fast Facts Your Pa$$word doesn't matter (https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984) 11 facts about real world container use (https://www.datadoghq.com/container-report/) Half of all containers are now managed by cloud provider and third-party registries (https://www.datadoghq.com/container-report/#10) Apple Apple to lower commissions for small businesses on App Store (https://www.axios.com/apple-to-lower-commissions-for-small-businesses-on-app-store-a385a49b-9558-411d-bd1b-6cb57f2d44cc.html) Safely open apps on your Mac (https://support.apple.com/en-us/HT202491?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Yeah, Apple’s M1 MacBook Pro is powerful, but it’s the battery life that will blow you away (https://techcrunch.com/2020/11/17/yeah-apples-m1-macbook-pro-is-powerful-but-its-the-battery-life-that-will-blow-you-away/) Mac users couldn’t launch apps this afternoon after Apple verification server issue (https://www.theverge.com/2020/11/12/21563092/apple-mac-apps-load-slow-big-sur-downloads-outage-down-issues) Nonsense Welcome to Slow Boring (https://www.slowboring.com/p/welcome-to-slow-boring) Zoom Is Temporarily Removing Its 40 Minute Limit on Video Calls for Thanksgiving Day (https://www.news18.com/news/tech/zoom-is-temporarily-removing-its-40-minute-limit-on-video-calls-for-thanksgiving-day-3083945.html) Sponsors strongDM — Manage and audit remote access to infrastructure. Start your free 14-day trial today at: strongdm.com/SDT (http://strongdm.com/SDT) Teleport provides consolidated access to all computing resources such as servers, Kubernetes clusters or internal applications across all environments. Watch a demo, download the free version, or sign up for cloud at goteleport.com (https://goteleport.com/) Listener Feedback Little Snitch (http://Little Snitch 4) from Jordy Mac users couldn’t launch apps this afternoon after Apple verification server issue (https://www.theverge.com/2020/11/12/21563092/apple-mac-apps-load-slow-big-sur-downloads-outage-down-issues) Conferences Mykel Alvis All Day DevOps Talk (https://youtu.be/cttjekzVEqU?t=1945) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) and LinkedIn (https://www.linkedin.com/company/software-defined-talk/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté’s book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Matt: Rewatching Veep (https://www.imdb.com/title/tt1759761/). Brandon: The Undoing (https://www.hbo.com/the-undoing?camp=GOOGLE%7cHTS_SEM%7cPID_p56310902692&keyword=the+undoing+hbo+show&utm_id=sa%7c71700000070858786%7c58700006239587173%7cp56310902692&utm_content=tun&gclid=Cj0KCQiA48j9BRC-ARIsAMQu3WSxjOpeoiBA6i3bBzeC-IL0JpPrwhoPrBOmtfTcNA37YokcAcnFo54aAtPnEALw_wcB&gclsrc=aw.ds) on HBO (https://www.hbo.com/the-undoing?camp=GOOGLE%7cHTS_SEM%7cPID_p56310902692&keyword=the+undoing+hbo+show&utm_id=sa%7c71700000070858786%7c58700006239587173%7cp56310902692&utm_content=tun&gclid=Cj0KCQiA48j9BRC-ARIsAMQu3WSxjOpeoiBA6i3bBzeC-IL0JpPrwhoPrBOmtfTcNA37YokcAcnFo54aAtPnEALw_wcB&gclsrc=aw.ds) and Serverless Data APIs (https://www.thecloudcast.net/2020/11/serverless-data-apis.html) from the Cloudcast Coté: Dithering (https://dithering.fm/)) podcast (https://dithering.fm/)) (https://dithering.fm/ (https://dithering.fm/)); Ted Laso. (https://tv.apple.com/show/umc.cmc.vtoh0mn0xn7t3c643xqonfzy?itscg=MC_20000&itsct=atvp_brand_omd&mttn3pid=a_google_adwords&mttnagencyid=1625&mttncc=US&mttnsiteid=143238&mttnsubad=OUS2019863_1-469980364686-c&mttnsubkw=106182847425_kwd-937070194980_rdMG7cVq_&mttnsubplmnt=) Photo Credit from Red Hat Container Coloring Book (https://developers.redhat.com/books/container-coloring-book-whos-afraid-big-bad-wolf) Photo Credit (https://unsplash.com/photos/wBzam0EPbXU)

Ep. #75, DevSecOps Data with Alanna Brown, Gareth Rushgrove, and Alyssa Miller

The Secure Developer

Play Episode Listen Later Sep 4, 2020 44:40

On The Secure Developer, we often hear a lot of opinions and experiences from people who are working in development, so today we're turning to the data, to figure out what works and what doesn't in the world of DevOps and SecDevOps. Joining us for a panel discussion on the topic is Alanna Brown, Senior Marketing Director at Puppet and mastermind behind the State of DevOps Report, Gareth Rushgrove, Product Director at Snyk and curator of Devops Weekly, and Alyssa Miller, Application Security Advocate, also at Synk. In this show, we get a lay of the land and take a look at the state of where things stand. In this section of the discussion, we hear about vulnerabilities and the mixed bag of data that our panelists have seen around remediation. While there are some positive developments in the space, there are also some areas, like on the container side, where there is great room for improvement. The conversation then moves to security practices and which security controls are effectively deployed and which are not. We gain great insights into the role that integration plays in the efficacy of controls. While it's not all sunshine and roses, there are encouraging shifts happening around security thinking. From there, we move onto talking about infrastructure as code security and shared responsibility. Again, the panelists present their varied data findings, which paints an interesting picture. Finally, we wrap the show up with consolidating the discussion, where the panelists highlight what they think is key going forward. To hear more from this fascinating, data-rich discussion, tune in today!

Architecture as the Organizing Logic for Components, and the Means for their Construction

The Idealcast with Gene Kim by IT Revolution

Play Episode Listen Later Aug 13, 2020 93:39

In the latest episode of The Idealcast, Gene Kim is joined by Michael Nygard, a senior vice president at Sabre and author of the bestselling Release It! Nygard has helped businesses and technology leaders in their transformation journeys over his long career and was even one of the inspirations behind The Unicorn Project’s protagonist, Maxine. In their discussion, Kim and Nygard explore how we can enable thousands or even tens of thousands of engineers to work together toward common objectives, including the structure and dynamics required to achieve it. They also examine what truly great architecture looks like and the continuing importance and relevance of Conway’s Law. Bio: Michael Nygard strives to raise the bar and ease the pain for developers around the world. He shares his passion and energy for improvement with everyone he meets, sometimes even with their permission. Living with systems in production taught Michael about the importance of operations and writing production-ready software. Highly-available, highly-scalable commerce systems are his forte. Michael has written and co-authored several books, including 97 Things Every Software Architect Should Know and the bestseller Release It!, a book about building software that survives the real world. He is a highly sought speaker who addresses developers, architects, and technology leaders around the world. Michael is currently Senior Vice President, Travel Solutions Platform Development Enterprise Architecture, for Sabre, the company reimagining the business of travel. Twitter: @mtnygard LinkedIn: https://www.linkedin.com/in/mtnygard/ Website: https://www.michaelnygard.com/ You’ll Learn About: How to build great architecture for large teams. The real implications of Conway’s Law. Architecture as an organizing logic and means of software construction. Real-life stories of technology leaders’ transformation journeys. Decentralized economic decision making. The fear cycle and predictability. The after effects of the Yegge memo. A great definition of what great architecture is. Leadership and the relationship between the business’ architecture and the technology architecture of the business. RESOURCES Release It!: Design and Deploy Production-Ready Software (Pragmatic Programmers) by Michael T. Nygard Clojure programming language Transaction Processing Facility (TPF) operating system Totality Corporation The Principles of Product Development Flow: Second Generation Lean Product Development by Donald G. Reinertsen MCDP1: Warfighting Conway's law Team of Teams: New Rules of Engagement for a Complex World by General Stanley McChrystal with Tantum Collins, David Silverman and Chris Fussell The Fear Cycle by Michael T. Nygard State of DevOps Report DevOps Enterprise Summit 2020 Coherence Penalty for Humans by Michael T. Nygard Michael Nygard on Cognicast podcast TIMESTAMPS [00:07] Intro [02:12] Meet Mike Nygard [04:36] What is TPF operating system? [05:40] Finding the perspective to write Release It! [11:07] Totality Corporation [13:54] Moving large teams towards common objective [18:37] Decentralized economic decision making [19:52] The Principles of Product Development Flow [23:38] Tale of two outages [27:27] Distance incentive supply [32:00] Architecture is one top predictors of performance [35:05] Other attributes of good architecture [39:19] The Fear Cycle [43:40] An amazing finding in State of DevOps Report [45:02] Amazon replatforming example [50:35] The universal takeaways [53:07] DevOps Enterprise Summit 2020 [54:55] Characteristics of reorganizations and structural changes [1:00:00] Self-contained systems [1:02:40] Mike’s definition of architecture [1:07:13] Coherence Penalty for Humans [1:10:10] Leadership’s responsibility to the architecture

amazon leadership moving law state real living design tale humans engagement principles construction architecture senior vice president logic distance characteristics organizing conway components decentralized sabre complex world stanley mcchrystal david silverman gene kim nygard teams new rules tpf devops report release it product development flow michael nygard learn about how michael t nygard

#5 - Enterprise Communities of Practice

Ways of Working

Play Episode Listen Later Apr 29, 2020 18:31

In this episode I explore building enterprise communities of practice.What is a community of practice, why they're important and how they're a catalyst for digital transformations.Tune in now!Credits:2019 Accelerate State of DevOps Report written by Dr. Nicole Forsgren, Dr. Dustin Smith, Jez Humble and Jessie Frazelle.

practice communities enterprise credits dustin smith jez humble nicole forsgren devops report jessie frazelle

Andi Mann Talks SecOps and The 2019 State of DevOps Report

Ship Happens: A DevOps Podcast

Play Episode Listen Later Mar 23, 2020 47:39

In episode 5 of Ship Happens, Andi Mann joins Benton to talk about the 2019 State of DevOps Report and the importance of security operations and QA, and how you can mitigate negative effects on CI/CD pipelines. You'll hear what's happening with DevOps today, as well as actionable tips for getting organizational buy-in for SecOps practices while simultaneously tightening cross-functional communication between engineering teams and disciplines.

state software cd qa devops sre ci cd security operations on call appsec secops it operations it ops devops report andi mann

Ep. #49, Five Ideals for Better DevOps and Security with Gene Kim of the The Unicorn Project.

The Secure Developer

Play Episode Listen Later Mar 10, 2020 36:14

Unsurprisingly, many high performing organizations in the DevOps space are simultaneously the best in security and in operations too. In this episode, we sit down to talk with Gene Kim about his work on the saves that get made by organizations who have great operations, and how this fits into their security. Gene Kim is the founder of Tripwire, author of The Unicorn Project and The Phoenix Project and has also co-authored The DevOps Handbook and the State of DevOps Report amongst other texts. He has been studying high performing technology organizations for much of his life and has a rich history in both the security and the DevOps sides. Today we get the change to talk to Gene about the five ideals for optimizing performance in the DevOps space that can be found in The Unicorn Project, particularly from the lens of security.We also chat to Gene about the four hypotheses that the DevOps report he co-authored rested on, and some of the interesting and unexpected conclusions that he and his collaborators came to. This conversation spans many key aspects of the DevOps industry and how locality, flow, daily improvement, psychological safety, and customer focus have the power to augment huge changes for the better, so make sure you don't miss it!Show notes and transcript can be found here

project security unicorns devops ideals tripwire gene kim devops report unicorn project

Looking Toward the State of Security in DevOps in 2020

The New Stack Podcast

Play Episode Listen Later Jan 20, 2020 40:48

If there's a sign something in IT has moved past the hype, it's not that digital organizations continue to adopt it, it's that they continue to see better and better results. Both the most traditional and the most forward-thinking, DevOps organizations are seeing continually improved outcomes. This is especially true for so-called DevSecOps orgs. You know, the ones that bake security right into their people, processes, pipelines and code. In this episode of The New Stack Makers, publisher Alex Williams sits down with Alanna Brown, director of product marketing at Puppet, and Charles Betz, an analyst with Forrester, to talk about the current state of security in DevOps. Brown is the co-author of 2019 State of DevOps Report — and of the previous six reports — while Betz is co-author of Top 10 Trends That Will Shape Modern Infrastructure And Operations In 2020.

state security puppets devops forrester devsecops betz alex williams looking toward devops report new stack makers

DevOps with Nathen Harvey and Jez Humble

europe reports sauna devops continuous delivery devopsdays devops report

Play Episode Listen Later Nov 26, 2019 34:34

Happy Thanksgiving! This week, Aja and Brian are talking DevOps with Nathen Harvey and Jez Humble. Our guests thoroughly explain what DevOps is and why it’s important. DevOps purposely has no official definition but can be thought of as a community of practice that aims to make large-scale systems reliable and secure. It’s also a way to get developers and operations to work together to focus on the needs of the customer. Nathen later tells us all about DevOpsDays, a series of locally organized conferences occurring in cities around the world. The main goal is to bring a cross-functional group of people together to talk about how they can improve IT, DevOps, business strategy, and consider cultural changes the organization might benefit from. DevOpsDays supports this by only planning content for half the conference, then turning over the other half to attendees via Open Spaces. At this time, conference-goers are welcome to propose a topic and start a conversation. Jez then describes the Accelerate State of DevOps Report, how it came to be, and why it’s so useful. It includes items like building security into the software, testing continuously, ideal management practices, product development practices, and more. With the help of the DevOps Quick Check, you can discover the places your company could use some help and then refer back to the report for suggestions of improvements in those areas. Nathen Harvey Nathen Harvey helps the community understand and apply DevOps and SRE practices in the cloud. He is part of the global organizing committee for the DevOpsDays conferences and was a technical reviewer for the 2019 Accelerate State of DevOps Report. Jez Humble Jez Humble is co-author of several books on software including Shingo Publication Award winner “Accelerate” and Jolt Award winner “Continuous Delivery”. He has spent his career tinkering with code, infrastructure, and product development in companies of varying sizes across three continents. He works for Google Cloud as a technology advocate and teaches at UC Berkeley. Cool things of the week It’s a wrap: Key announcements from Next ‘19 UK blog Explainable AI site Hand-drawn Graphviz diagrams blog Add one line to plot in XKCD comic sketchy style site Interview DevOps insights from Google site DevOps Quick Check site DevOpsDays site Agile Alliance site Velocity Conference site DevOps Enterprise Summit site Question of the week Why do you need the Cloud SQL Proxy? Where can you find us next? DevOpsDays has events coming up across the globe, including Galway, Warsaw, Berlin, and Tel Aviv. Nathen and Jez will be at Delivery Conf. Aja will be home drinking tea! Brian will also be home drinking tea!

google interview united kingdom berlin happy thanksgiving uc berkeley tel aviv accelerate warsaw devops galway google cloud aja open space sre jez continuous delivery xkcd explainable ai nathen devopsdays jez humble agile alliance devops report nathen harvey velocity conference jolt award

2019 State of DevOps Report chat: Security is boring when it's working

Puppet Podcast

Play Episode Listen Later Oct 23, 2019 24:05

Puppet’s Nigel Kersten and CircleCI’s Mike Stahnke go behind-the-scenes of the 2019 report to talk about the shift to a security-focused report and where they see these challenges heading and evolving. Learn more• Download the 2019 State of DevOps Report• Listen to: Doing the DevOps with Yasmin Rajabi and Nick Maludy

state security boring puppets devops circleci devops report sodor yasmin rajabi

DevOps Sauna Episode 5: 2019 State of DevOps Reports with Johan Abildskov

Eficode

Play Episode Listen Later Oct 17, 2019 38:30

Get up to speed on the 2019 Accelerate State of DevOps Report and this year’s Puppet State of DevOps Report in an episode featuring Johan Abildskov, a Continuous Delivery and DevOps consultant and teacher who’s spoken at multiple DevOpsDays around Europe. The discussion covers cloud, change approval processes, security, and then some.

#13: State of DevOps report 2019

Better ROI from Software Development

Play Episode Listen Later Oct 15, 2019 11:24

Back in episode 10, I briefly mentioned the State of DevOps reports as part of the introduction to DevOps. In this episode I want to spend more time reviewing the 2019 report

state devops devops report

2019 Accelerate Report with Dr. Nicole Forsgren

DevOps Chat

Play Episode Listen Later Oct 6, 2019 27:12

There are many interviews you do as part of the role as editor in chief of DevOps.com. Then there are some that make it all worthwhile. Anytime I have the pleasure of speaking with Dr Nicole Forsgren, it makes all of the other things I do worthwhile. She has a clarity of vision borne from the foundation of verifiable metrics she has measured and surveyed over the last six years. Just about every DevOps presentation you will see has some reference to her Accelerate: State of DevOps Report. And for good reason. It has become the "authority" on DevOps metrics. We sat down with Nicole to go over what she thinks are some of the key findings in this years report. Have a listen and enjoy.

accelerate devops nicole forsgren devops report

Five Characteristics That Define the Cloud with Nicole Forsgren, PhD

platform azure romp cot nicole forsgren devops report

Play Episode Listen Later Oct 2, 2019 39:28

Nicole Forsgren grew up in a small farm town in Idaho. After working as a programmer, a software engineer, and a systems administrator at IBM, she went back to school to get her PhD in Management Information Systems. Now, she leads research and strategy at Google and oversees the production of the annual State of DevOps Report. Join Corey and Nicole as they discuss what the cloud is, how people define it and why we need a common definition for it, which organizations benefit from the cloud, why it’s largely time to ditch in-house tools, and more.

amazon google state phd cloud define idaho ibm aws devops management information systems five characteristics nicole forsgren devops report last week in aws

Episode 150: Richard & Coté's SpringOne Platform Pre-Romp

Pivotal Insights

Play Episode Listen Later Sep 30, 2019 47:09

SpringOne Platform is in just one week! Richard and Coté talk about the conference, some of their highlights, and some quick food recommendations (burgers!). Perhaps too quick! We also cover some recent news in .Net, serverless, and Azure security. Richard discusses a DevOps Report webinar he did with Dr. Nicole Forsgren, and Coté gives an overview of the new book he's working on (The Business Bottleneck) and preview of a two part webinar on the topic (part one, part two). There's still time to register for SpringOne Platform. It's Oct 7th to 10th in Austin, Texas - Coté's home town! Use the code S1P200_Cote to get $200 off.

This episode is brought to you by KingswaySoft. Nick and Colin are joined by special guest Eugene Van Staden. Eugene, Colin and Nick discuss building a set of ALM/DevOps tools for PowerApps Portals deployments. Learn about the importance of healthy ALM, the available open-source tools and the challenges of applying automated DevOps to Portal projects. Show Notes and Links: Eugene's contact info: eugenevs@outlook.com https://github.com/hmdvs - Eugene will eventually post some of his templates and companion app samples there. 2019 State of DevOps Report https://puppet.com/resources/whitepaper/state-of-devops-report Andrew Vogel's tools: https://www.powershellgallery.com/packages/Microsoft.Xrm.DevOps.Data.PowerShell/1.3.0 https://github.com/abvogel/Microsoft.Xrm.DevOps.Data Scott Durow's Task Runner https://github.com/scottdurow/SparkleXrm/wiki/spkl Microsoft Doc's Configuration Data Migration Tool https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/migrate-portal-configuration Music: www.purple-planet.com

music state data microsoft portal portals devops alm powershell powerapps devops report xrm

Power Apps Portals ALM

Refresh the Cache

Play Episode Listen Later Sep 27, 2019 46:28

This episode is brought to you by KingswaySoft. Nick and Colin are joined by special guest Eugene Van Staden. Eugene, Colin and Nick discuss building a set of ALM/DevOps tools for PowerApps Portals deployments. Learn about the importance of healthy ALM, the available open-source tools and the challenges of applying automated DevOps to Portal projects. Show Notes and Links: Eugene’s contact info: eugenevs@outlook.com https://github.com/hmdvs - Eugene will eventually post some of his templates and companion app samples there. 2019 State of DevOps Report https://puppet.com/resources/whitepaper/state-of-devops-report Andrew Vogel’s tools: https://www.powershellgallery.com/packages/Microsoft.Xrm.DevOps.Data.PowerShell/1.3.0 https://github.com/abvogel/Microsoft.Xrm.DevOps.Data Scott Durow’s Task Runner https://github.com/scottdurow/SparkleXrm/wiki/spkl Microsoft Doc’s Configuration Data Migration Tool https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/migrate-portal-configuration Music: www.purple-planet.com

music state data microsoft portal portals devops alm powershell powerapps devops report xrm

Episode 195: Elite isn’t Elite enough

Play Episode Listen Later Sep 6, 2019 57:03

Searched Guard stole some code, lots of “elites” in the State of DevOps Report and should we really cry for Docker? Plus, we talk Australia Punters invading American Football and why Yahoo! will always be a necessity to football fans. Buy Coté’s book dirt cheap (https://leanpub.com/digitalwtf/c/sdt)! And check out his other book that this guy likes (https://www.linkedin.com/feed/update/urn:li:activity:6559881947412340736/). Relevant to your interests State of DevOps Report (https://cloud.google.com/devops/state-of-devops/#gated-form) with Coté’s notes (https://cote.io/2019/08/26/devops-report-2019/) “The proportion of our elite performers has almost tripled, showing that excellence is possible—it just requires execution.” OSS Dear Searched Guard Users (https://www.elastic.co/blog/dear-search-guard-users) Why doesn't anyone weep for Docker? (https://www.techrepublic.com/article/why-doesnt-anyone-weep-for-docker/) Troubles with the Open Source Gig Economy and Sustainability Tip Jar (https://www.aniszczyk.org/2019/03/25/troubles-with-the-open-source-gig-economy-and-sustainability-tip-jar/) More Security XKCD has been pwned (https://haveibeenpwned.com/PwnedWebsites#XKCD) Twitter temporarily shuts down ability to tweet via SMS (https://www.cnet.com/news/twitter-temporarily-shuts-down-ability-to-tweet-via-sms/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) More VMware With Heptio and Pivotal, VMware Doubles Down on Kubernetes - The New Stack (https://thenewstack.io/with-heptio-and-pivotal-vmware-doubles-down-on-kubernetes/) Introducing VMware Tanzu Mission Control to Bring Order to Cluster Chaos - Cloud Native Apps Blog (https://blogs.vmware.com/cloudnative/2019/08/26/vmware-tanzu-mission-control/) VMware Welcomes Estranged Sibling Pivotal Back Home (https://go.forrester.com/blogs/vmware-welcomes-estranged-sibling-pivotal-back-home/) VMworld 2019 US Day 1 General Session (https://www.youtube.com/watch?v=wJy4D6ANOv4&feature=youtu.be) VMworld 2019 US Day 2 General Session (https://www.youtube.com/watch?v=MECTRZza7VQ&feature=youtu.be) VMware And IBM Go Full Circle To Dominate The Cloud-Native Ecosystem (https://www.forbes.com/sites/udinachmany/2019/08/28/vmware-and-ibm-go-full-circle-to-dominate-the-cloud-native-ecosystem/#2197d67af5e8) What Cloud Vendors Really Want From Their Customers - UpperEdge (https://upperedge.com/cloud/what-cloud-vendors-really-want-from-their-customers/) Modern applications at AWS (https://www.allthingsdistributed.com/2019/08/modern-applications-at-aws.html) Airlines ban all MacBook Pros from checked luggage (https://www.cnet.com/news/some-airlines-ban-all-macbook-pros-from-checked-luggage/) NetNewsWire 5.0 RSS Reader Rebuilt from Scratch, Now Free and Open Source (https://wptavern.com/netnewswire-5-0-rss-reader-rebuilt-from-scratch-now-free-and-open-source) Vienna (https://www.vienna-rss.com/about) One Toolchain to Manage All the Development: A CI/CD-Vendor Obsession (https://thenewstack.io/one-toolchain-to-manage-all-the-development-a-ci-cd-vendor-obsession/) Nonsense 16-bit RISC-V processor made with carbon nanotubes (https://arstechnica.com/science/2019/08/16-bit-risc-v-processor-made-with-carbon-nanutubes/) Costco has a ‘grate’ deal on a 72-pound wheel of Parmigiano-Reggiano cheese (https://wgntv.com/2019/09/02/costco-has-a-grate-deal-on-a-72-pound-wheel-of-parmigiano-reggiano-cheese/) Sponsors To learn more or to try SolarWinds Papertrail for free, go to papertrailapp.com/sdt (https://papertrailapp.com/?utm_source=podcast&utm_medium=direct-link&utm_campaign=sdt) and make troubleshooting fun again. Conferences, et. al. Agile Scotland CF Summit EU (https://www.cloudfoundry.org/event/summit/), Sep 11th to 12th. Sep 26th to 27th - DevOpsDays London (https://devopsdays.org/events/2019-london/welcome/) - Coté at the Pivotal table, come get free shit. Oct 7th to 10th - SpringOne Platform, Oct 7th to 10th, Austin Texas (https://springoneplatform.io/) - get $200 off registration before August 20th, and $200 more if you use the code S1P200_Cote. Come to the EMEA party (https://connect.pivotal.io/EMEA-Cocktail-Reception-S1P-2019.html) if you’re in EMEA. Oct 9th to 10th - Cloud Expo Asia (https://www.cloudexpoasia.com/) Singapore, Oct 9th and 10th Oct 10th to 11th - DevOpsDays Sydney 2019 (http://devopsdays.org/events/2019-sydney/), October 10th and 11th Nov 2nd - EmacsConf (https://emacsconf.org/2019/) 2019 December - 2019, a city near you: The 2019 SpringOne Tours are posted (http://springonetour.io/): Toronto Dec 2nd and 3rd (https://springonetour.io/2019/toronto), São Paulo Dec 11th and 12th (https://springonetour.io/2019/sao-paulo). December 12-13 2019 - Kubernetes Summit Sydney (https://events.linuxfoundation.org/events/kubernetes-summit-sydney-2019/) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) or LinkedIn (https://www.linkedin.com/company/software-defined-talk/) Listen to the Software Defined Interviews Podcast (https://www.softwaredefinedinterviews.com/). Check out the back catalog (http://cote.coffee/howtotech/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté’s book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Recommendations Brandon: Short article on Uber Values (https://mikeisaac.substack.com/p/presenting-super-pumped-the-battle) Podcast Interview: “The epic battle for Uber, with Mike Isaac from the New York Times” (https://overcast.fm/+QL2dR0JX4) Audiobook Super Pumped (https://www.audible.com/pd/Super-Pumped-Audiobook/B07RV4JLHJ) Matt: Anti-pick: Sports downloads Cover Art: Image credit (https://www.sbnation.com/college-football-recruiting/2019/2/6/18213493/louis-hedley-miami-punter-australia)

Episode 194: Datadog's S1, Ping, vKubernates

On-Call Nightmares Podcast

Play Episode Listen Later Aug 29, 2019 51:15

This week, the title says it all. Mood board: Jandels and togs That’s why they call it The Lucky Country. Decoding “Fly-Wheel.” 1 part synergy and 10 parts how business is done. Unlocking value. It’s always fun to see value created. I bet they got RBAC. The Funny Name Startup Strategy to Success. Brandon looks at The Business End. The Platform of the Future. Brisket for the last Fortune 500. It’s too complicated. You could put a million containers on this one box. I bet the Oracle field has some really cool spreadsheets. Bespoke nachos. Knowing stuff is dangerous. He’s going to Roko’s Basilisk me for his inheritance. Buy Coté’s book dirt cheap (https://leanpub.com/digitalwtf/c/sdt)! And check out his other book that this guy likes (https://www.linkedin.com/feed/update/urn:li:activity:6559881947412340736/). Relevant to your interests State of DevOps Report (https://cloud.google.com/devops/state-of-devops/#gated-form) - Coté’s notes (https://cote.io/2019/08/26/devops-report-2019/). VMware VMware acquires application security startup Intrinsic (https://www.crn.com.au/news/vmware-acquires-application-security-startup-intrinsic-530009). VMware Adds Containers to Its Cloud Provider Platform (https://www.sdxcentral.com/articles/news/vmware-adds-containers-to-its-cloud-provider-platform/2019/08/?utm_source=feedblitz&utm_medium=FeedBlitzRss&utm_campaign=sdxcentral). VMware is bringing VMs and containers together, taking advantage of Heptio acquisition (https://techcrunch.com/2019/08/26/vmware-is-bringing-vms-and-containers-together-taking-advantage-of-heptio-acquisition/). VMware plan elevates Kubernetes to star enterprise status (https://www.networkworld.com/article/3434063/vmware-plan-elevates-kubernetes-to-star-enterprise-status.html#tk.rss_all) “VMware says that from 2018 to 2023 – with new tools/platforms, more developers, agile methods, and lots of code reuse – 500 million new logical apps will be created serving the needs of many application types and spanning all types of environments.” Project Pacific - Technical Overview (https://blogs.vmware.com/vsphere/2019/08/project-pacific-technical-overview.html). VMware Tanzu (https://blogs.vmware.com/cloudnative/2019/08/26/vmware-completes-approach-to-modern-applications/) Introducing VMware Tanz (https://www.youtube.com/watch?v=rYO4WrPKWI8)u (https://twitter.com/tetrateio/status/1165025986527793153?s=21) Helm (https://twitter.com/tetrateio/status/1165025986527793153?s=21). VMware gets new CTO in Greg Lavender (https://www.zdnet.com/article/vmware-gets-new-cto-in-greg-lavender/). IPO’s Ping Identity files for $100M IPO on Nasdaq under the ticker ‘Ping’ (https://techcrunch.com/2019/08/23/ping-identity-files-for-100m-ipo/) Datadog S1 (https://www.sec.gov/Archives/edgar/data/1561550/000119312519227783/d745413ds1.htm) Datadog IPO | S-1 Breakdown (https://medium.com/@alexfclayton/datadog-ipo-s-1-breakdown-52551e0d8735) Corey Quinn on Monitoring (http://ttps://twitter.com/quinnypig/status/1164966830185668609?s=21) Service Mesh Red Hat Creates Service Mesh for OpenShift (https://thenewstack.io/red-hat-creates-service-mesh-for-openshift/) Starter Istio from Salesforce.com Engineering (https://twitter.com/tetrateio/status/1165025986527793153?s=21) Oracle Oracle customers cause a Dyn over withdrawal of lifetime licenses (https://www.theinquirer.net/inquirer/news/3080845/oracle-withdraws-dyn-lifetime-licences) Oracle directors: Shareholders can go ahead with billion-dollar... (https://www.reuters.com/article/otc-oracle-idUSKCN1V91UJ) Platform9 Raises $25 Million D-Round (https://platform9.com/press/platform9-raises-25-million-to-power-cloud-native-infrastructure-managed-kubernetes-and-hybrid-cloud-environments-across-the-globe/) Popular JavaScript library starts showing ads in its terminal (https://www.zdnet.com/article/popular-javascript-library-starts-showing-ads-in-its-terminal/) Google and Dell team up to take on Microsoft with Chromebook Enterprise laptops (https://www.theverge.com/2019/8/26/20832925/google-chromebook-enterprise-dell-laptops-microsoft-windows-challenge-businesses) ## Nonsense Apple warns new credit card users over risks of it touching wallets and pockets (https://www.theguardian.com/technology/2019/aug/22/apple-card-wallet-pocket-warning) Tiny Go (http://tinygo-org/tinygo) Mobile Phone Markets in a GIF (https://twitter.com/pontecorvoste/status/1165142913455706113?s=21) Apple reportedly shelves 'walkie talkie' iPhone feature (https://www.engadget.com/2019/08/26/apple-iphone-walkie-talkie-on-hold/) Costco shuts early on first day in China due to overcrowding (https://www.ft.com/content/61e3f260-c89f-11e9-a1f4-3669401ba76f) Sponsors This episode is sponsored by SolarWinds ® and one of their APM tools: Loggly . To try it FREE for 14 days just go to https://loggly.com/sdt. Conferences, et. al. Coté will be at #AgileScotland this Friday (https://www.agilescotland.com/august?_lrsc=11a500fa-c38a-436f-b394-4a0eade204e7&utm_source=employee-social&utm_medium=twitter&utm_campaign=employee_advocacy) giving a 90 minute overview of how large orgs. scale THE DIGITALTRANSFORMATION. There's still a handful of tickets left, use the code AS-SPEAKER-MICHAEL for a discount. CF Summit EU (https://www.cloudfoundry.org/event/summit/), Sep 11th to 12th. Sep 26th to 27th - DevOpsDays London (https://devopsdays.org/events/2019-london/welcome/) - Coté at the Pivotal table, come get free shit. Oct 7th to 10th - SpringOne Platform, Oct 7th to 10th, Austin Texas (https://springoneplatform.io/) - get $200 off registration before August 20th, and $200 more if you use the code S1P200_Cote. Come to the EMEA party (https://connect.pivotal.io/EMEA-Cocktail-Reception-S1P-2019.html) if you’re in EMEA. Oct 9th to 10th - Cloud Expo Asia (https://www.cloudexpoasia.com/) Singapore, Oct 9th and 10th Oct 10th to 11th - DevOpsDays Sydney 2019 (http://devopsdays.org/events/2019-sydney/), October 10th and 11th Nov 2nd - EmacsConf (https://emacsconf.org/2019/) 2019 December - 2019, a city near you: The 2019 SpringOne Tours are posted (http://springonetour.io/): Toronto Dec 2nd and 3rd (https://springonetour.io/2019/toronto), São Paulo Dec 11th and 12th (https://springonetour.io/2019/sao-paulo). December 12-13 2019 - Kubernetes Summit Sydney (https://events.linuxfoundation.org/events/kubernetes-summit-sydney-2019/) Listen to Brandon’s interview (https://www.thecloudcast.net/2019/08/2019-mid-year-update.html) on the Cloudcast (https://www.thecloudcast.net/) with Brian Gracely (https://twitter.com/bgracely?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) or LinkedIn (https://www.linkedin.com/company/software-defined-talk/) Listen to the Software Defined Interviews Podcast (https://www.softwaredefinedinterviews.com/). Check out the back catalog (http://cote.coffee/howtotech/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté’s book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Recommendations Brandon: Free Solo (https://www.nationalgeographic.com/films/free-solo/); GoNFCEast Podcast (https://www.gonfceast.com/7); listen to Brandon’s interview (https://www.thecloudcast.net/2019/08/2019-mid-year-update.html) on the Cloudcast (https://www.thecloudcast.net/) with Brian Gracely (https://twitter.com/bgracely?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Matt: Empire State of Mind (https://www.wnycstudios.org/story/on-the-media-empire-state-mind-1), (https://www.wnycstudios.org/story/on-the-media-empire-state-mind-1) On The Media (https://www.wnycstudios.org/story/on-the-media-empire-state-mind-1). Cote: Wilhelmina mints, Limoncello.

Episode 36 - Michael Stahnke - CircleCI

Play Episode Listen Later Aug 29, 2019 30:39

Live from DevOpsDays Chicago! I meet up with Ops Veteran, Michael Stahnke as we discuss his career in technology. From the weird days of AIX systems all the way till his time now at CricleCI, Michael has plenty of great stories. Special cameos by Jason Yee and Joshua Zimmerman (our laugh track). Michael Stahnke is VP of Platform Engineering at CircleCI. Prior to this role, he was at Puppet running engineering for Puppet Enterprise, Puppet Open source, and SRE. He is an author for State of DevOps Report in 2018 and 2019. Michael also helped get the Extra Packages for Enterprise Linux (EPEL) repository off the ground in 2005, is the author of Pro OpenSSH (Apress, 2005), is an organizer of Devopsdays Madison. You can find reach him @stahnma on nearly any service online. Transcript: https://aka.ms/AA5yha2 https://twitter.com/stahnma

live state puppets aix sre circleci platform engineering devops report stahnke joshua zimmerman

How to Grade DevOps Teams with Nicole Forsgren, PhD

state microsoft testing devops azure palermo data collection sql server net core devops report

Play Episode Listen Later Aug 28, 2019 39:26

Nicole Forsgren grew up in a small farm town in Idaho. After working as a programmer, a software engineer, and a systems administrator at IBM, she went back to school to get her PhD in Management Information Systems. Now, she leads research and strategy at Google and oversees the production of the annual State of DevOps Report. Join Corey and Nicole as they discuss what it’s like to put together said reports, why people are so passionate about their DevOps team’s unique approach, the four metrics you can use to grade DevOps teams, how to scale DevOps teams, and more.

amazon google state phd cloud idaho ibm grade aws devops management information systems nicole forsgren devops report last week in aws

Jeffrey Palermo on .NET DevOps for Azure - Episode 35

Azure DevOps Podcast

Play Episode Listen Later May 6, 2019 29:05

This week is a special solo-edition episode with your host, Jeffrey Palermo! Recently, Jeffrey published his fourth book, .NET DevOps for Azure, on April 26th, 2019. This book has been a long-time coming for Jeffrey and his hopes for it are to address some really big issues in the current industry. Almost fifteen years ago, Jeffrey gained a passion for helping developers succeed, for making the complex simple, and for finding rules of thumb that would work for 80% of teams and situations out there. With too many options in the software world and too many answers of “it depends,” the industry has been starved for the ability to do something “by the book.” .NET DevOps for Azure seeks to provide that text where a .Net developer can say: “I’m doing DevOps with .NET and Azure by the book.” If you are a .NET developer or a Microsoft shop using .NET Core or SQL Server and you’re looking ahead to Azure, then this book is for you. Join Jeffrey this episode to further explore the topics in his upcoming book and to learn more! Topics of Discussion: [:53] About today’s episode. [2:37] Jeffrey reads a couple sections from his book, .NET DevOps for Azure. [4:31] What Jeffrey's book sets out to solve & the scope that it covers. [10:34] Who this book is for! [12:40] A word from the sponsor: Clear Measure. [13:05] More details about the book and the upcoming versions to be released. [13:41] Jeffrey gives a preview of one of the techniques (from the book) on operations. [16:42] They key differences between the often-used (and overused) glyph of DevOps vs. Jeffrey’s version, and how Jeffrey’s version helps increase productivity and cycle time. [22:04] The other key features of Jeffrey’s book that help further illustrate his ideas and techniques. [24:06] How to follow the guidance in this book. [27:50] How to get a hold of the book! Mentioned in this Episode: Azure DevOps Clear Measure (Sponsor) Microsoft Build Conference Microsoft Build Conference Sessions Microsoft Ignite .NET DevOps for Azure, by Jeffrey Palermo Jeffrey Palermo’s Other Books Dev.Azure.com/ClearMeasureLabs/Onion-DevOps-Architecture The Azure DevOps Podcast Ep. 03 - “Sam Guckenheimer on Testing, Data Collection, and the State of DevOps Report” Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.

Accelerate, The State of DevOps Report w Dr. Nicole Forsgren

DevOps Chat

Play Episode Listen Later Apr 18, 2019 20:12

Accelerate - The State of DevOps Report by Dr. Nicole Forsgren and the folks at Dora (now part of Google)is far and away the most widely cited research in the DevOps field. Dr Nicole and her team have brought scientific rigor to the survey over these past 6 years and the results show it. Here is your chance to shape the future of the DevOps market by taking 25 minutes of your time and take this years State of DevOps Survey. These reports are only as good as the info they gather. So have a listen to our conversation and then please go take the survey! https://bit.ly/2UzLMH2

google state accelerate devops nicole forsgren devops report

The Science Behind DevOps with Dr. Nicole Forsgren

Real World DevOps

Play Episode Listen Later Apr 11, 2019 42:29

Dr. Nicole Forsgren, whom you may know from her incredible book Accelerate: Building and Scaling High Performing Technology Operations, and The State of DevOps Report, joins me to talk about academic rigor and why the State of DevOps Report is so much more than most industry surveys floating around. We dig into what goes into the Report, why it matters to all of us, and some of her favorite findings from it.

state infrastructure science behind devops sre sysadmin nicole forsgren devops report

Creating the State of DevOps Report 2019 with Nicole Forsgren

RunAs Radio

Play Episode Listen Later Apr 3, 2019 36:12

The next DevOps Report Survey is out, and Nicole Forsgren needs your help! Richard chats with Nicole about the changes at DORA (now part of Google) - but the work to understand how to make high performing teams continues! Nicole discusses her now expanded team of researchers getting to the heart of what it takes to make great software in your organization. Its never one simple thing, but many aspects that work together so that everyone involved in the creation and operation of software can be as effective as possible - take the survey today and contribute to the effort!

google nicole forsgren devops report

Exploring the SaaS Business Model

The Cloudcast

Play Episode Listen Later Mar 20, 2019 31:06

SHOW: 390DESCRIPTION: Brian talks with Aneel Lakhani (@aneel, Go To Market Consultant and Advisor) about the difference between traditional Enterprise software and B2B SaaS offerings, how the sales and marketing models work, and how development and operations is significantly changed with SaaS.SHOW SPONSOR LINKS:Datadog Homepage - Modern Monitoring and AnalyticsTry Datadog yourself by starting a free, 14-day trial today. Listeners of this podcast will also receive a free Datadog T-shirtCLOUD NEWS OF THE WEEK:Amazon is introducing private investors to high-risk start-ups in a new pilot program - https://www.cnbc.com/2019/03/15/aws-pilots-pro-rata-program-to-connect-investors-with-start-ups.htmlThe top 25 VCs investing in SaaS right now - https://growthlist.co/blog/saas-vcThe State of DevOps Report survey is now open - https://google.qualtrics.com/jfe/form/SV_0v2VZMeA2Eha365?sp=8SHOW INTERVIEW LINKS:Aneel’s Background: From engineering and product roles at IBM to marketing and go to market roles at Cisco and a number of SaaS startups, with a brief stint as a Research Director at Gartner. Has been a frequent speaker at events like Velocity and been on many podcasts, including this one, Andreessen Horowitz’s, and Microsoft’s Open Source Show.GTM Fit Summit - Go To Market Fit - https://www.youtube.com/watch?v=IsuZzi-Hm3Marketing 102 for Engineers - Roughing Out a Funnel - https://hackernoon.com/marketing-102-for-engineers-ddf3b7fa61e6SHOW NOTES:Topic 1 - Welcome to the show. We’ve known each other for quite a while, but tell our audience about your last 10 years in gaining a ton of experience around startups and SaaS-based businesses. Topic 2 - A few weeks ago, in the middle of a Twitter conversation, you said “SaaS changes everything”. Let’s start with the most basic things. How is a SaaS-delivered business different than a traditional software business? (development, go-to-market, marketing, profitability (or loss) models)Topic 3 - Digging into the sales and marketing funnel, walk us through what typically happens from awareness to sign-up to early/free trial to actual customer engagement, and how a SaaS company is measuring along the way.Topic 4 - Help us understand the economics of product development in a SaaS business. Not only do you have the normal costs/challenges of building the software, but you have the ongoing costs of running the SaaS operations. Topic 5 - What are some of the critical metrics and measurements that the SaaS company and their VCs are typically looking at? Topic 6 - What is the thought process of SaaS companies about their service eventually becoming an AWS service at the next re:Invent? FEEDBACK?Email: show at thecloudcast dot netTwitter: @thecloudcastnet and @ServerlessCast

Episode 40: Dr. Nicole Forsgren – The State of DevOps is Looking Cloudy

DevOps Radio

Play Episode Listen Later Dec 20, 2018 12:06

Host Andre Pino returns to the DevOps Radio mic to talk to Dr. Nicole Forsgren, CEO and Chief Scientist at DevOps Research and Assessment (DORA), during DevOps World | Jenkins World. Nicole brings strong developer content and amazing energy to the latest episode as she shares key stats from the 2018 State of DevOps Report.

ceo state development software cloud devops chief scientist cloudy nicole forsgren devops report devops research

Podcast 106 - Brant Burnett on CI/CD for Microservices

Cross Cutting Concerns Podcast

Play Episode Listen Later Nov 4, 2018 18:35

Brant Burnett is continuously integrating and deploying microservices. This episode is sponsored by Smartsheet. Show Notes: Previous microservice episodes: Chase Aucoin on the Microservices Manifesto Richard Rodger on Microservices SOA (Service Oriented Architectures), first defined in a Gartner paper from 1996: "Service Oriented" Architectures, Part 1 CI tools mentioned: Jenkins TeamCity Travis CI AppVeyor DEB and RPM files were mentioned. DEB - Video: Anatomy of a Debian Package RPM - rpm.org Chocolatey is a similar offering for Windows s3 is a cloud storage service from AWS (Amazon) Spinnaker Blue/Green Deployment and Red/Black Deployment Canary Release Monitoring tools mentioned: Prometheus and Data Dog Linq2Couchbase is a Linq provider for Couchbase (NoSQL database). For more about Linq, check out this video featuring Ander Hejlsberg State of DevOps Report 2018 by Puppet (and Splunk) Book: Accelerate : The Science of Lean Software and DevOps by Nicole Forsgren, Jez Humble, Gene Kim LaunchDarkly Brant Burnett is on Twitter. Want to be on the next episode? You can! All you need is the willingness to talk about something technical. Music is by Joe Ferg, check out more music on JoeFerg.com!

music science technology state software computers anatomy windows lightning programming previous talks jenkins monitoring puppets blogs accelerate prometheus devops gartner burnett brant rpm splunk ci cd microservices datadog gene kim smartsheet linq launchdarkly spinnaker chocolatey jez humble travis ci nicole forsgren lean software devops report teamcity aws amazon richard rodger service oriented architectures chase aucoin

026 - State of DevOps Report 2018

10deploys

Play Episode Listen Later Oct 4, 2018 79:15

O State of DevOps Report de 2018 está disponível. Organizações de elite, software delivery and organizational performance (SDO performance) e outros destaques são discutidos nesse episódio. Referências e mais detalhes em: https://www.10deploys.com/episodios/026-state-devops-report-2018

refer organiza sdo devops report

Accelerate: State of DevOps Report w/ Jez Humble

DevOps Chat

Play Episode Listen Later Oct 2, 2018 18:45

The Accelerate State of DevOps Report(https://cloudplatformonline.com/2018-state-of-devops.html) has become the go to source for the definitive word on DevOps adoption and metrics. Building on 6 years of research with sound academic process, the State of DevOps reports are peer review class research into the state of DevOps. We sit down with DORA co-founder and well known DevOps author and practitioner, Jez Humble to discuss this years report and its key findings.

state building accelerate devops jez humble devops report

E032 – 2018 State of DevOps Report

For the Love of Data

Play Episode Listen Later Sep 29, 2018 45:52

Intro Greg’s Background Intro to DevOps Tools you’ve used Intro to the report & this year vs. previous years Feels more general and high-level than some of the previous reports (no MTTR mentioned for instance) Who took the survey? Surveyed over 30,000 people in 7 years (~4,300 / yr) Technology is overrepresented – 38% of […]

technology surveyed devops report

Sam Guckenheimer on Testing, Data Collection, and the State of DevOps Report - Episode 003

Azure DevOps Podcast

Play Episode Listen Later Sep 23, 2018 41:53

This episode, Jeffrey Palermo welcomes his guest Sam Guckenheimer, to the podcast! Sam is the Product Owner for the Azure DevOps product line at Microsoft, and has been with the Microsoft team for the last 15 years. He has 30 years of experience as an architect, developer, tester, product Manager, project manager, and general manager in the software industry worldwide. His first book, Software Engineering with Microsoft Visual Studio Team System, was translated into 7 languages and recognized as a de facto guide for teams adopting Agile practices. He’s also a frequent speaker at industry conferences. Sam explains the exciting new offer around Azure Pipelines for open source teams, changes he has seen in the industry from his many years of working at Microsoft, and some of the biggest changes in how users work with Azure DevOps. He also provides tons of key insights into the findings and research around predicting the impact Microsoft’s changes will make on user interactions, good practices around gathering live site telemetry and data collection, architectural (or design decisions or patterns) that help or hurt the live site supportability of a complex system, and key takeaways from his own internal learnings and the State of DevOps Report. Topics of Discussion: [:50] About today’s topic and guest. [2:00] What is Sam focusing on now? [3:11] With many years at Microsoft, IBM, and Rational Software, what changes stand out in the industry in Sam’s mind? [5:51] What’s the most exciting part of the Azure DevOps release for Sam? The open source capabilities of course! [9:29] Why Sam loves open source frameworks. [11:05] What makes Azure DevOps so successful? And the biggest changes in how engineers work with it. [15:15] A word from Azure DevOps sponsor: Clear Measure. [15:43] The findings and research around predicting the impact Microsoft’s changes will make on user interactions, their feedback cycle, and applying the “rule of thirds” to make data-informed decisions. [19:42] Good practices around gathering live site telemetry and data collection through Azure Log Analytics and Azure Application Insights. [22:42] Other internal learnings: the notion of a production first mindset, designated responsible individual (DRI), and repair items. [26:56] Has Sam found any architectural or design decisions or patterns that help or hurt the live site supportability of a complex system? [30:42] Sam’s take on APM software and traditional monitoring tools. [32:36] Sam speaks about the State of DevOps Report and why it is so important. [36:39] Key takeaways from Sam on the State of DevOps Report and his own internal learnings. Mentioned in this Episode: Azure DevOps Software Engineering with Microsoft Visual Studio Team System, by Juan J. Perez and Sam Guckenheimer Azure Pipelines Agile Github Git Node Golang .NET Framework 4 Clear Measure (Sponsor) Azure Log Analytics Azure Application Insights AKA.MS/DevOps Buck Hodges APM Tools The State of DevOps Report Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes. Follow Up with Our Guest: Sam Guckenheimer’s LinkedIn Sam Guckenheimer’s Amazon Book Page

state microsoft testing ibm perez agile software engineering data collection product owners apm dri azure devops devops report azure pipelines rational software

Episode 146: The 2018 State of DevOps Report, a gander

Play Episode Listen Later Sep 6, 2018 59:34

This year’s DevOps Report, as always, great. The new sections on culture and a peek at finance are dandy. We discuss it. Relevant to your interests 2018 State of DevOps Report (https://cloudplatformonline.com/2018-state-of-devops.html), DORA edition: Coté’s notes (https://paper.dropbox.com/doc/DevOps-Report-2018-notes--AMFAauySL95JbMXriSwp5EzSAg-jcQAlt7wo7TqgpgeYj5RB). Effective DevOps (http://shop.oreilly.com/product/0636920039846.do). “Thread.” (https://twitter.com/cote/status/1036966455215095808) (I thought if you do a Twitter thread you get 20,000 followers instantly. That’s obviously a lie!) VMworld 2018 Recap (http://www.virtubytes.com/2018/09/03/vmworld-2018-recap/). VMware's vision - your multi-cloud substrate for enterprise applications (https://diginomica.com/2018/09/03/vmwares-vision-your-multi-cloud-substrate-for-enterprise-applications/). Atlassian launches Jira Ops to fix the fragmented incident response world (https://thenextweb.com/dd/2018/09/04/atlassian-launches-jira-ops-to-fix-the-fragmented-incident-response-world/). Elastic S-1 (https://www.sec.gov/Archives/edgar/data/1707753/000119312518266861/d588632ds1.htm). Some actually useful summary/commentary on HN (https://news.ycombinator.com/item?id=17921878). H-E-B Plans New Tech Facility, Innovation Lab In Austin (http://www.texastechpulse.com/h_e_b_plans_new_tech_facility_innovation_lab_in_austin/s-0075909.html). Hopefully Buddy will crush it. https://twitter.com/hhoover/status/1037485524972457990 Sponsored by DataDog This episode is sponsored by our great friends at DataDog. This week DataDog wants you to know about Logging without Limits. Logging without Limits lets you cost-effectively process and archive all of your logs, and decide on the fly which logs to index, visualize, and retain for analytics in Datadog. Now you can collect every single log produced by your applications and infrastructure, without having to decide ahead of time which logs will be most valuable for monitoring, analytics, and troubleshooting. Sign up for a free trial (https://www.datadog.com/softwaredefinedtalk) today at https://www.datadog.com/softwaredefinedtalk and tell them your friends at Software Defined Talk sent you. Conferences, et. al. Sep 24th to 27th - SpringOne Platform (https://springoneplatform.io/), in DC/Maryland (crabs!) get $200 off registration with the code S1P200_Cote. Also, check out the Spring One Tour - coming to a city near you (https://springonetour.io/)! DevOpsDays Berlin (https://www.devopsdays.org/events/2018-berlin/welcome/), September 12th to 13th - Coté at a table. New Relic (aka “Not Datadog”) FutureStack London (https://newrelic.com/futurestack/london), Oct 1st and 2nd - Coté on a partner panel, also, come see The Governor. Later that night, Oct 2nd, Coté speaking at a meetup, topic TBD. ITQ Transform (https://itq.nl/transform/#transform_4), Oct 4th, Utrecht - Coté talking. DevOpsDays Paris (https://www.devopsdays.org/events/2018-paris/welcome/), October 16th - Coté at a table. Pivotal will have a raffle. JDriven Managers summit (https://www.jdriven.com/events/), Oct 17th, near Amsterdam - Coté talking. Cloud Expo Asia October 10-11 (https://www.cloudexpoasia.com/cloud-asia-2018). Matt’s presenting! DevOps Days Singapore October 11-12 (https://www.devopsdays.org/events/2018-singapore/). Matt’s presenting! DevOps Days Newcastle October 24-25 (https://devopsdaysnewy.org/). Matt’s presenting! Devoxx Belgium (https://devoxx.be/), Antwerp, November 12th to 16th. Coté’s presenting. SpringOne Tour (https://springonetour.io/) - all over the earth! Coté will be MC’ing Beijing Nov 3rd, Tokyo Nov 6th, and Singapore Nov 12th (https://springonetour.io/2018/singapore). Also, Toronto, Dec 12th to 13th (http://springonetour.io/2018/toronto). Listener Feedback Rob from slack tells how to pronounce Galway (https://www.youtube.com/watch?v=DjLWj1J3e3o&feature=youtu.be). Bryan wants you to know about DevOps Days Galway (https://www.devopsdays.org/events/2018-galway/welcome/) November 18-20th We are working on the Google Chrome Security thing. Actually, Fireside.fm is working on it. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Subscribe to Software Defined Interviews Podcast (http://www.softwaredefinedinterviews.com/) - Cote on Tech Evangelism (http://www.softwaredefinedinterviews.com/75) CashedOut.coffee podcast (http://www.cashedout.coffee/). Buy some t-shirts (https://fsgprints.myshopify.com/collections/software-defined-talk)! DISCOUNT CODE: SDTFSG (40% off) — T-SHIRTS GONE IN SEPTEMBER Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you a sticker. Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Recommendations Brandon: Ozark (https://www.netflix.com/title/80117552) Season 2 (https://www.netflix.com/title/80117552). Matt: StarCraft 2 (https://starcraft2.com/en-us/), free to play! (Not to be confused with StarControl.) Coté: Embedded Netflix, in your TV. Also: Sharp Objects (https://en.wikipedia.org/wiki/Sharp_Objects_(miniseries)) - like all great shows, the end is a massive disappointment of Chekhovian-ease (https://en.wikipedia.org/wiki/Chekhov%27s_gun), but the rest is great. Anti-recommendation: whatever reasons make it so I have three remotes.

Episode 145: Redis be like “I just stepped into a big pile of…SaaSy!”

refer discutimos devops report

Play Episode Listen Later Aug 31, 2018 59:56

Related image https://media1.tenor.com/images/e83b2b5aef8c8af0dd36a0d33d3046a4/tenor.gif?itemid=5038124 This week, we discuss Redis’ license changing move, open source business models in general (of course), SUSE revenue, and some VMworld selections. Relevant to your interests Istio Aims To Be The Mesh Plumbing For Containerized Microservices (https://www.nextplatform.com/2018/08/15/istio-aims-to-be-the-mesh-plumbing-for-containerized-microservices/) Michael Cot (https://soundcloud.com/infoq-engineering-culture/michael-cote-from-pivotal-on-programming-the-business)é (https://soundcloud.com/infoq-engineering-culture/michael-cote-from-pivotal-on-programming-the-business) from Pivotal on Programming the Business by Engineering Culture by InfoQ (https://soundcloud.com/infoq-engineering-culture/michael-cote-from-pivotal-on-programming-the-business) Mobile App Development Services | Web Development services - The NineHertz (https://theninehertz.com/blog/becoming-an-iot-developer/) Has Bezos Become More Powerful in D.C. Than Trump? (https://www.vanityfair.com/news/2018/08/has-bezos-become-more-powerful-in-dc-than-trump) What Will Be the Real Impact From Knative? (https://www.sdxcentral.com/articles/news/what-will-be-the-real-impact-from-knative/2018/08/) Google just gave control over data center cooling to an AI (https://www.technologyreview.com/s/611902/google-just-gave-control-over-data-center-cooling-to-an-ai/) O11yCon 2018: Notes and Observations (https://dev.to/dangolant/o11ycon-2018-notes-and-observations-4nbf) Slack just raised a whopping $427 million to become a $7.1 billion company. Now, it has to defeat Microsoft. (https://www.businessinsider.com/slack-funding-valuation-microsoft-teams-2018-8) Apple Pay Now Accepted at All Costco Warehouses in United States (https://www.macrumors.com/2018/08/20/costco-now-widely-accepts-apple-pay/). 10 AWS Lambda Use Cases to Start Your Serverless Journey (https://www.simform.com/serverless-examples-aws-lambda-use-cases/). Announcing resource-based pricing for Google Compute Engine (https://cloudplatform.googleblog.com/2018/07/announcing-resource-based-pricing-for-google-compute-engine.html). DevOps Report 2018 released (https://www.prnewswire.com/news-releases/devops-research-and-assessment-dora-announces-the-2018-accelerate-state-of-devops-report-300703837.html). Will talk about it next week. Until then, enjoy 78 pages of landscape PDF glory. Spoiler alert: elite high performers are elite high performers. Pivotal has a webinar on Oct 11th (https://content.pivotal.io/webinars/oct-11-the-accelerate-state-of-devops-report-webinar) about it. Community management is a career cul-de-sac (https://thenewstack.io/why-community-manager-is-a-dead-end-job-and-what-to-do-about-it/). See interview next week (http://www.softwaredefinedinterviews.com/). Good example of corpdev thinking, in the US (legal) drugs market (https://contrarianedge.com/2018/08/28/investors-have-misdiagnosed-amazons-push-into-the-pharmacy-business/). “Google today announced that it is providing the Cloud Native Computing Foundation (CNCF) with $9 million in Google Cloud credits (https://techcrunch.com/2018/08/29/google-steps-back-from-running-the-kubernetes-infrastructure/) to help further its work on the Kubernetes container orchestrator and that it is handing over operational control of the project to the community.” Armory lands $10M Series A to bring continuous delivery to enterprise masses (https://techcrunch.com/2018/08/23/armory-lands-10m-series-a-to-bring-continuous-delivery-to-enterprise-masses/). VMworld NA 2018 VMware acquires CloudHealth Technologies for multi-cloud management (https://techcrunch.com/2018/08/27/vmware-acquires-cloudhealth-technologies-for-multi-cloud-management/) - Carl@451 (https://clients.451research.com/reportaction/95582/Toc?ref=Email%3Amis): “Primarily a cost management and analysis platform, it has roughly 3,500 users and has also grown to cover automation, security and governance with a broad, API-based management platform for the major public clouds: AWS, Azure and GCP. CloudHealth mainly operates in the US, meaning VMware will have to square overseas operations and data management with other jurisdictions – primarily the EU GDPR regulations – going forward.” Est. $500m valuation. They monitor your cloud costs. Cf. Dr. Cloud Pricing Guy at 451 (https://twitter.com/owenrog/status/970708698879406080). Still that MoM in the Clouds vision. “With CloudHealth, VMware not only gets the multi-cloud management solution, it gains its 3000 customers which include Yelp, Dow Jones, Zendesk and Pinterest.” VMware CEO: A Virtual Machine Is Still the Best Place to Run Kubernetes (https://thenewstack.io/vmware-ceo-a-virtual-machine-is-still-the-best-place-to-run-kubernetes/). Cameo (https://twitter.com/camhaight/status/1034101496332279810) from the Hill Country’s favorite systems management (former) analyst (https://twitter.com/camhaight). VMware's Software-Defined Vision (https://www.actualtech.io/vmwares-software-defined-vision/). Coté remember when he met with Kit Colbert at DockerCon EU 2014 (https://blog.docker.com/2015/01/dockercon-europe-the-future-of-micro-services/), and Coté had no idea what this “cloud native” stuff was. Now, it seems like it’s slowly moving to be the new word for PaaS, but more like the under-girding of PaaS. Also, went back to the NEMO recently. They no longer have the closet of dead things (https://www.flickr.com/photos/cote/shares/R61a89), sadly. Project Dimension (https://blogs.vmware.com/vsphere/2018/08/introducing-project-dimension.html) - on-demand private clouds, driven by SDDC stuff. Pat’s Pillars (https://www.linkedin.com/pulse/next-step-forward-capturing-full-potential-tech-pat-gelsinger/): ‘“Superpowers” that are unlocking game-changing opportunities on a global scale – Cloud, Mobile, Artificial Intelligence and the Internet of Things.’ Redis stinkup - the mysteries of making money by actually selling something Coté: now, what’s the deal here? They closed source some stuff that maybe others had contributed to, taking advantage of good will, and/or they’re just now charging for what used to be free? (Are there other open source scandal scenarios?) Joab and Lawrence at (https://thenewstack.io/redis-pulls-back-on-open-source-licensing-citing-stingy-cloud-services/) The New Stack (https://thenewstack.io/redis-pulls-back-on-open-source-licensing-citing-stingy-cloud-services/): “While the core of Redis itself remains under the permissive BSD license, the company has reworded the licensing for some of its add-on modules, in effect blocking their use by third parties offering commercial Redis-based services — most notably cloud providers. Redis Labs was able to make this change because it retains the copyright to the open source code.” Commons Clause (https://redislabs.com/community/commons-clause/), (https://redislabs.com/community/commons-clause/) Redis Labs (https://redislabs.com/community/commons-clause/). Adam Jacob Twitter thread on commons clause (https://twitter.com/adamhjk/status/1032285457978208257). SUSE Revenue Watch SUSE is all like “PE Mane, call me!” https://usatftw.files.wordpress.com/2016/11/mcgregor-cash.jpg?w=1000&h=600&crop=1 Somehow, this has become a bit in the show. Blame Coté. Something like ~$360m based on trailing 6 months runrat’ed to 12 trailing. Also, likely non-GAAP reporting (not clear if it’s ACV vs. TCV), but whatever. Grind and stack: “EBITDA for that period was $56 million, nearly 23 percent year-over-year growth.” So: ~$112m profit, ~31% margins. That’s the kind of stable (they claim to run 70% of SAP apps), growing cash-throw-off that should make PE people drool on their Patagonia puffy vests: “Following last week's shareholder approval of Micro Focus' proposed sale of SUSE to EQT Partners for $2.535 billion, the transaction is expected to complete in the first quarter of calendar 2019, subject to customary regulatory approvals.” If my math (https://docs.google.com/spreadsheets/d/1tq65HkucftfmO7YUDpfAWEK7Eq3vb9DYfwYeuNqLQ1U/edit#gid=0) is right (it’s established that I don’t know how numbers work), clawing in all profits would pay that $2.5bn off by 2026: 8 or 10 years of holding growth and profit %. Of course, you’d sell it off before that. Conferences, et. al. Sep 24th to 27th - SpringOne Platform (https://springoneplatform.io/), in DC/Maryland (crabs!) get $200 off registration with the code S1P200_Cote. Also, check out the Spring One Tour - coming to a city near you (https://springonetour.io/)! DevOpsDays Berlin (https://www.devopsdays.org/events/2018-berlin/welcome/), September 12th to 13th. DevOpsDays Paris (https://www.devopsdays.org/events/2018-paris/welcome/), October 16th. Cloud Expo Asia October 10-11 (https://www.cloudexpoasia.com/cloud-asia-2018). Matt’s presenting! DevOps Days Singapore October 11-12 (https://www.devopsdays.org/events/2018-singapore/). Matt’s presenting! DevOps Days Newcastle October 24-25 (https://devopsdaysnewy.org/). DevOps Days Wellington November 5-6 (https://www.devopsdays.org/events/2018-wellington/). Devoxx Belgium (https://devoxx.be/), Antwerp, November 12th to 16th. SpringOne Tour (https://springonetour.io/) - all over the earth! Listener Feedback Bryan wants you to know about DevOps Days Galway (https://www.devopsdays.org/events/2018-galway/welcome/) November 18-20th DevOps Days Singapore (https://www.devopsdays.org/events/2018-singapore/) wanted us to let folks know it’s October 11-12! Camille sent us some feedback and really liked Matt’s Red Atlas recommendation (https://www.amazon.com/dp/022638957X/ref=asc_df_022638957X5555077?tag=shopz0d-20&ascsubtag=shopzilla_mp_1475-20;15350415381076093153510070301008005&creative=395261&creativeASIN=022638957X&linkCode=asn) because she lives near a missile site. Joshua built a service that creates an RSS feed of podcasts based on keywords. Here’s an example: https://prod.mypod.online/feed?q=kubernetes Try it out. Soon to be Honey Ninja subscribes to SDT (https://twitter.com/michaelwilde/status/1035392934110273536), citing host “wit” as driver. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Subscribe to Software Defined Interviews Podcast (http://www.softwaredefinedinterviews.com/) Dustin on Linux and Google Cloud (http://www.softwaredefinedinterviews.com/73) Rachel Stephens from RedMonk on Numbers (http://www.softwaredefinedinterviews.com/74) Buy some t-shirts (https://fsgprints.myshopify.com/collections/software-defined-talk)! DISCOUNT CODE: SDTFSG (40% off) Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you a sticker. Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Recommendations Brandon: Acquired Podcast (http://www.acquired.fm/). Matt: Blindsight (http://www.rifters.com/real/Blindsight.htm) by Peter Watts; The Good Fight (https://www.imdb.com/title/tt5853176/). Coté: Friendly Fire (http://www.maximumfun.org/shows/friendly-fire) podcast (http://www.maximumfun.org/shows/friendly-fire), the intros. Ikea knives.

united states community google business ai internet spoilers microsoft mom numbers artificial intelligence cloud mobile pinterest superpowers pe ikea pillars programming relevant grind slack clouds api conferences observations internet of things yelp cameo sap patagonia aws linux pile good fight azure pivotal nemo cf vmware dow jones best place google cloud stepped kubernetes antwerp ebitda toc zendesk armory joab paas gcp hill country acv cot suse redis bsd gaap blindsight vmworld peter watts sdt tcv infoq new stack engineering culture eu gdpr redmonk redis labs devops report what will be rachel stephens sddc dc maryland cloudhealth eqt partners commons clause cloudhealth technologies

007 - State of DevOps Report 2017

10deploys

Play Episode Listen Later Aug 26, 2018 57:03

O State of DevOps Report de 2017 está disponível e traz números e descobertas importantes. Discutimos esses números e outros destaques do estudo. Referências e mais detalhes em: https://www.10deploys.com/episodios/007-state-devops-report-2017

Episode 129: Amazon’s serverless strategy: what happens next will shock you!