DevSecOps and the DevOps Superpattern
29
www.ranger4.com optimising the flow from idea to value realisation DevSecOps and The DevOps Superpattern Helen Beal @helenranger4
-
Upload
ranger4-limited -
Category
Technology
-
view
222 -
download
0
Transcript of DevSecOps and the DevOps Superpattern
www.ranger4.comoptimising the flow from idea to value realisation
DevSecOps and The
DevOps SuperpatternHelen Beal
@helenranger4
www.ranger4.comoptimising the flow from idea to value realisation
A Short History of DevOps
2007
2008
2009 2013
Andrew ShaferAgile Conference, Toronto
Patrick Dubois
Agile System AdministratorGroup
DevOps Days Belgium#devops
John Allspaw &Paul HammondFlickR ‘Gartner Explores
DevOps’Cameron Haight
Mike Gualateri, Forrester– ‘NoOps’
Ronnie Colville of Gartner: ‘ARA is a Key to DevOps’
20142010
2011
2012
2015
2016
The Phoenix Project GAME
DevOps
2017
DevOps Days Belgium5 Year anniversary Ghent
www.ranger4.comoptimising the flow from idea to value realisation
“DevOps, in a sense, is about setting
up a value delivery factory – a
streamlined, waste-free pipeline
through which value can be delivered
to the business with a predictably fast
cycle time.”
Mark Schwartz
‘The Art of Business Value’
www.ranger4.comoptimising the flow from idea to value realisation
www.ranger4.comoptimising the flow from idea to value realisation
The Beal-Hedemark Golden Square
with DevOps you CAN have it all
COST £
DELIGHTQUALITY
TIME
www.ranger4.comoptimising the flow from idea to value realisation
RealisationIdeaValue Stream
www.ranger4.comoptimising the flow from idea to value realisation
Value Stream
RealisationIdea
www.ranger4.comoptimising the flow from idea to value realisation
Ideation
Integration
ValidationOperation
Realisation
DevO
ps
The DevOps LoopTM
www.ranger4.comoptimising the flow from idea to value realisation
ULTURE
UTOMATION
EASUREMENT
HARING
www.ranger4.comoptimising the flow from idea to value realisation
Is Security an Afterthought?
www.ranger4.comoptimising the flow from idea to value realisation
The Parts Unlimited Team
Lead Engineer
www.ranger4.comoptimising the flow from idea to value realisation
Leaning in over Always Saying “No”Data & Security Science over Fear, Uncertainty and Doubt
Open Contribution & Collaboration over Security-Only RequirementsConsumable Security Services with APIs over Mandated Security Controls & Paperwork
Business Driven Security Scores over Rubber Stamp SecurityRed & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities
24x7 Proactive Security Monitoring over Reacting after being Informed of an IncidentShared Threat Intelligence over Keeping Info to Ourselves
Compliance Operations over Clipboards & Checklists
www.ranger4.comoptimising the flow from idea to value realisation
www.ranger4.comoptimising the flow from idea to value realisation
The Emerging DevOps Superpattern
DevOps
Lean
Theory of Constraints
Safety CultureLearning
Organisation
Holacracy
ITSM
Agile
www.ranger4.comoptimising the flow from idea to value realisation
900 BC
1159 AD 1676 AD 2000
Standing on the Shoulders of Giants
Orion and Cedallion
Bernard of Chartres
Isaac NewtonNoel
Gallagher
www.ranger4.comoptimising the flow from idea to value realisation
Discipline Culture Automation Measurement Sharing
Agile The customer is elevated. Support and trust
are key. Teams self organise. The importance
of motivating individuals is recognised.
Behaviour is a adjusted as an output of
reflection.
The 1st principle of the Agile
Manifesto is the continuous
delivery of value. This is best
optimised through automation.
Focus on velocity via sprint
burndown charts. Also ideally
measuring value to the customer.
Working software is the primary
measure of progress.
Daily collaboration between
business and tech is emphasised.
Face to face interaction is
preferred. The team reflects
together.
www.ranger4.comoptimising the flow from idea to value realisation
Discipline Culture Automation Measurement Sharing
Agile The customer is elevated. Support and trust
are key. Teams self organise. The importance
of motivating individuals is recognised.
Behaviour is a adjusted as an output of
reflection.
The 1st principle of the Agile
Manifesto is the continuous
delivery of value. This is best
optimised through automation.
Focus on velocity via sprint
burndown charts. Also ideally
measuring value to the customer.
Working software is the primary
measure of progress.
Daily collaboration between
business and tech is emphasised.
Face to face interaction is
preferred. The team reflects
together.
Holacracy An Agile organisational management system
driven to distribute authority through self-
organising teams preferring coaching over
management. Focus on personal freedom and
responsibility.
Uses Glassfrog to manage circles
and GitHub.
Everyone’s a sensor. No sales
targets, no budgets.
Heavily focussed on using peer-
review processes. Has its
background in Agile thinking.
Relies on collective intelligence.
www.ranger4.comoptimising the flow from idea to value realisation
Discipline Culture Automation Measurement Sharing
Agile The customer is elevated. Support and trust
are key. Teams self organise. The importance
of motivating individuals is recognised.
Behaviour is a adjusted as an output of
reflection.
The 1st principle of the Agile
Manifesto is the continuous
delivery of value. This is best
optimised through automation.
Focus on velocity via sprint
burndown charts. Also ideally
measuring value to the customer.
Working software is the primary
measure of progress.
Daily collaboration between
business and tech is emphasised.
Face to face interaction is
preferred. The team reflects
together.
Holacracy An Agile organisational management system
driven to distribute authority through self-
organising teams preferring coaching over
management. Focus on personal freedom and
responsibility.
Uses Glassfrog to manage circles
and GitHub.
Everyone’s a sensor. No sales
targets, no budgets.
Heavily focussed on using peer-
review processes. Has its
background in Agile thinking.
Relies on collective intelligence.
ASM Just enough governance to deliver the best
service to the customer. Encourages a
continuous learning environment.
Using service desk tools and
monitoring to streamline
processes. Using Cloud and
release/environment
orchestration to deliver faster.
SLA driven – focus traditionally on
stability or uptime.
Promotes better collaboration by
cross‐pollinating vocabulary and
methods.
www.ranger4.comoptimising the flow from idea to value realisation
Discipline Culture Automation Measurement Sharing
Agile The customer is elevated. Support and trust
are key. Teams self organise. The importance
of motivating individuals is recognised.
Behaviour is a adjusted as an output of
reflection.
The 1st principle of the Agile
Manifesto is the continuous
delivery of value. This is best
optimised through automation.
Focus on velocity via sprint
burndown charts. Also ideally
measuring value to the customer.
Working software is the primary
measure of progress.
Daily collaboration between
business and tech is emphasised.
Face to face interaction is
preferred. The team reflects
together.
Holacracy An Agile organisational management system
driven to distribute authority through self-
organising teams preferring coaching over
management. Focus on personal freedom and
responsibility.
Uses Glassfrog to manage circles
and GitHub.
Everyone’s a sensor. No sales
targets, no budgets.
Heavily focussed on using peer-
review processes. Has its
background in Agile thinking.
Relies on collective intelligence.
ASM Just enough governance to deliver the best
service to the customer. Encourages a
continuous learning environment.
Using service desk tools and
monitoring to streamline
processes. Using Cloud and
release/environment
orchestration to deliver faster.
SLA driven – focus traditionally on
stability or uptime.
Promotes better collaboration by
cross‐pollinating vocabulary and
methods.
Lean Focus on delivering value to the customer
with minimal waste.
Types of waste Lean seeks to
eliminate are errors and
duplication – both of which
automation helps to tackle.
Use Kanban to measure velocity
and Value Stream Mapping to
expose waste and measure
improvement.
Use Value Stream Mapping to
understand the handoffs between
processes and human interactions.
www.ranger4.comoptimising the flow from idea to value realisation
Discipline Culture Automation Measurement Sharing
Agile The customer is elevated. Support and trust
are key. Teams self organise. The importance
of motivating individuals is recognised.
Behaviour is a adjusted as an output of
reflection.
The 1st principle of the Agile
Manifesto is the continuous
delivery of value. This is best
optimised through automation.
Focus on velocity via sprint
burndown charts. Also ideally
measuring value to the customer.
Working software is the primary
measure of progress.
Daily collaboration between
business and tech is emphasised.
Face to face interaction is
preferred. The team reflects
together.
Holacracy An Agile organisational management system
driven to distribute authority through self-
organising teams preferring coaching over
management. Focus on personal freedom and
responsibility.
Uses Glassfrog to manage circles
and GitHub.
Everyone’s a sensor. No sales
targets, no budgets.
Heavily focussed on using peer-
review processes. Has its
background in Agile thinking.
Relies on collective intelligence.
ASM Just enough governance to deliver the best
service to the customer. Encourages a
continuous learning environment.
Using service desk tools and
monitoring to streamline
processes. Using Cloud and
release/environment
orchestration to deliver faster.
SLA driven – focus traditionally on
stability or uptime.
Promotes better collaboration by
cross‐pollinating vocabulary and
methods.
Lean Focus on delivering value to the customer
with minimal waste.
Types of waste Lean seeks to
eliminate are errors and
duplication – both of which
automation helps to tackle.
Use Kanban to measure velocity
and Value Stream Mapping to
expose waste and measure
improvement.
Use Value Stream Mapping to
understand the handoffs between
processes and human interactions.
Learning
Organisation
Decentralising the role of leadership. Putting
long term sustainability ahead of short term
fixes – avoidance of cultural debt.
Automate rote tasks to release
time for learning and
experimentation. Use Knowledge
Management tools.
Exposing personal mental patterns
and thinking for inspection and
influence from others. Team
learning is one of the 5
disciplines. Shared vision of the
future.
www.ranger4.comoptimising the flow from idea to value realisation
Discipline Culture Automation Measurement Sharing
Agile The customer is elevated. Support and trust
are key. Teams self organise. The importance
of motivating individuals is recognised.
Behaviour is a adjusted as an output of
reflection.
The 1st principle of the Agile
Manifesto is the continuous
delivery of value. This is best
optimised through automation.
Focus on velocity via sprint
burndown charts. Also ideally
measuring value to the customer.
Working software is the primary
measure of progress.
Daily collaboration between
business and tech is emphasised.
Face to face interaction is
preferred. The team reflects
together.
Holacracy An Agile organisational management system
driven to distribute authority through self-
organising teams preferring coaching over
management. Focus on personal freedom and
responsibility.
Uses Glassfrog to manage circles
and GitHub.
Everyone’s a sensor. No sales
targets, no budgets.
Heavily focussed on using peer-
review processes. Has its
background in Agile thinking.
Relies on collective intelligence.
ASM Just enough governance to deliver the best
service to the customer. Encourages a
continuous learning environment.
Using service desk tools and
monitoring to streamline
processes. Using Cloud and
release/environment
orchestration to deliver faster.
SLA driven – focus traditionally on
stability or uptime.
Promotes better collaboration by
cross‐pollinating vocabulary and
methods.
Lean Focus on delivering value to the customer
with minimal waste.
Types of waste Lean seeks to
eliminate are errors and
duplication – both of which
automation helps to tackle.
Use Kanban to measure velocity
and Value Stream Mapping to
expose waste and measure
improvement.
Use Value Stream Mapping to
understand the handoffs between
processes and human interactions.
Learning
Organisation
Decentralising the role of leadership. Putting
long term sustainability ahead of short term
fixes – avoidance of cultural debt.
Automate rote tasks to release
time for learning and
experimentation. Use Knowledge
Management tools.
Exposing personal mental patterns
and thinking for inspection and
influence from others. Team
learning is one of the 5
disciplines. Shared vision of the
future.
Safety Culture It’s got culture in the name! In a highly
experimental, innovative environment, we
need to build safety in.
Fail safe, fast, smart – testing and
auditing early in the release cycle
and pre-emptive monitoring.
MTTR but measuring failure in
terms of real business value is
most effective.
Accountability is key and ensuring
all understand their role in
procedures.
www.ranger4.comoptimising the flow from idea to value realisation
Discipline Culture Automation Measurement Sharing
Agile The customer is elevated. Support and trust
are key. Teams self organise. The importance
of motivating individuals is recognised.
Behaviour is a adjusted as an output of
reflection.
The 1st principle of the Agile
Manifesto is the continuous
delivery of value. This is best
optimised through automation.
Focus on velocity via sprint
burndown charts. Also ideally
measuring value to the customer.
Working software is the primary
measure of progress.
Daily collaboration between
business and tech is emphasised.
Face to face interaction is
preferred. The team reflects
together.
Holacracy An Agile organisational management system
driven to distribute authority through self-
organising teams preferring coaching over
management. Focus on personal freedom and
responsibility.
Uses Glassfrog to manage circles
and GitHub.
Everyone’s a sensor. No sales
targets, no budgets.
Heavily focussed on using peer-
review processes. Has its
background in Agile thinking.
Relies on collective intelligence.
ASM Just enough governance to deliver the best
service to the customer. Encourages a
continuous learning environment.
Using service desk tools and
monitoring to streamline
processes. Using Cloud and
release/environment
orchestration to deliver faster.
SLA driven – focus traditionally on
stability or uptime.
Promotes better collaboration by
cross‐pollinating vocabulary and
methods.
Lean Focus on delivering value to the customer
with minimal waste.
Types of waste Lean seeks to
eliminate are errors and
duplication – both of which
automation helps to tackle.
Use Kanban to measure velocity
and Value Stream Mapping to
expose waste and measure
improvement.
Use Value Stream Mapping to
understand the handoffs between
processes and human interactions.
Learning
Organisation
Decentralising the role of leadership. Putting
long term sustainability ahead of short term
fixes – avoidance of cultural debt.
Automate rote tasks to release
time for learning and
experimentation. Use Knowledge
Management tools.
Exposing personal mental patterns
and thinking for inspection and
influence from others. Team
learning is one of the 5
disciplines. Shared vision of the
future.
Safety Culture It’s got culture in the name! In a highly
experimental, innovative environment, we
need to build safety in.
Fail safe, fast, smart – testing and
auditing early in the release cycle
and pre-emptive monitoring.
MTTR but measuring failure in
terms of real business value is
most effective.
Accountability is key and ensuring
all understand their role in
procedures.
Theory of
Constraints
Mental models held by people can cause
behaviour that becomes a constraint.
Automation can remove
constraints in manual processes.
Three measures: throughput,
operational expense, and
inventory.
Constraints are frequently poor
handoffs due to weak
collaboration.
www.ranger4.comoptimising the flow from idea to value realisation
ExperimentInnovate
Success
FailureLearning
www.ranger4.comoptimising the flow from idea to value realisation
“One way to enable market-oriented outcomes is for Operations to create a set of centralized platforms and tooling services that any Dev team can use to become more productive… a platform that provides a shared version control repository with pre-blessed security libraries, a deployment pipeline that automatically runs code quality and security scanning tools, which deploys our applications into known, good environments that already have production monitoring tools installed on them.”
The DevOps Handbook
www.ranger4.comoptimising the flow from idea to value realisation
Dev
Op
s
Learning Organisation
1970 1980 1990 2000 2010 2020
Holacracy
Agile
Lean
Theory of Constraints
Safety Culture
ITSM
1950 1960
www.ranger4.comoptimising the flow from idea to value realisation
The First Way:Flow
The Second Way:Feedback Loops
The Third Way:Experimentation & Learning
Agile
Holacracy
ASM
Lean
Learning
Organisation
Safety Culture
Theory of
Constraints
The Three Ways and the DevOps Superpattern
www.ranger4.comoptimising the flow from idea to value realisation
72 Hours of Reading
Time
www.ranger4.comoptimising the flow from idea to value realisation
www.ranger4.comoptimising the flow from idea to value realisation
Be DevOpstastic
