Live from All Day DevOps, here are some posts from our authors! Recently, a few of our authros covered talks and conversations live during All Day DevOps, and you can take a look at the articles below.
CI/CD for Serverless Applications on AWS
A serverless architecture combined with event-driven design can reduce response time and cost. As usage grows, this architecture allows your system to grow and scale with load. The main stages of the serverless development and CI process are the same as what you’d have in a microservices architecture. The difference lies mainly in the details. Phil Vuollet covers more about server less applications here.
ADDO 2019 Keynote Session: Crossing the River by Feeling the Stones
There’s No Nice Way to Say This: Your DevOps Has Gone Horribly Wrong
Upskilling DevOps
There are plenty of skills that are important to have if you want high-performing DevOps in your enterprise. To help us know what to those are, the DevOps Institute, and Jayne Groll are here to help. Here are insights from Mark Henke about the ADDO ‘19 presentation, Upskilling DevOps.
ADDO ‘19 Keynote Session: Hints & Glimmers Of Things To Come
Patrick Debois is the founder of DevOpsDays, another conference to support the growing DevOps movement. He does not know the future, but he sees patterns. And you can learn about some those patterns—like hints of what may lie beyond dev and ops. Mark Henke is here to fill you in.
Shifting Security Left: The Innovation of DevSecOps
What is DevSecOps? It involves taking all the practices of DevOps and pulling in security practices to improve security. Tom Stiehm explains the process. In DevSecOps, we want to shift security left. Shifting left brings security into the application process earlier instead of allowing it to be an afterthought. Learn more about it all from Sylvia Fronczak here.
Breaking Bad: DevOpsSec to DevSecOps
Sean Davis created a guide for DevSecOps from a holistic view, using the story of Breaking Bad as the basis for our exploration. So let’s keep an open mind while we kick things off. And get ready for some Breaking Bad spoilers! Sylvia Fronczak can fill you in on the key points here.
Observability Made Easy
When Christina Yakomin started her journey toward synthetic monitoring, she owned a platform for containerized applications and all of the underlying infrastructure. But she didn’t own the applications themselves that were deployed to that infrastructure. This consisted of some application servers, cache servers, and web servers. When she came onto the team, they had robust monitoring in place. Curious to find out more about her story? Erik Dietrich covered it here.
Damming a 97 Year Old Waterfall: Transforming to DevOps at State Farm
Jeremy Castle and Kevin O’Dell, DevOps leaders at State Farm Insurance, help teams understand a new way of working that creates high performing teams through a DevOps mindset. Mark Henke covered their journey through their DevOps transformation at State Farm. Find out more here.
Being Budget Conscious in a Continuously Automated World
One way to bring more business alignment with IT in DevOps is through continuous verification with things like security and budgets. Oftentimes these things are an afterthought until the last minute, but we can bring them into the pipeline and continuously think about them as we deliver software. Tim Davis cloud advocate, shared his thoughts, and you can hear all about them from Mark Henke here.
Holding the Industry Accountable
“Today we’re going to have a conversation about holding our feet to the fire,” said Chris Roberts. “We’re going to break down what’s going on in the industry and why we should care about it. Then we’ll talk about what we should change, as well as why we should change it.” Sounds enticing, right? Sylvia Fronczak can share the rest with you here.
Establishing an Open Source Program Office
It feels like we don’t have a strong understanding of open source itself. Some scars have come from working with open source in an environment filled with proprietary software. When the words “open” and “source” were brought together, there was a visceral reaction. People were skeptical of it. Some even despised it. There’s no one-size-fits-all way to bring open source into your ecosystem. But it does require a strong champion. That’s why Lee Calcote advocates for creating a specific office. Find out more from what Mark Henke covered here.
DevSecOps Journey in DoD Enterprise
The DoD depends on software, but it doesn’t always control development. Instead, they must maintain software written elsewhere. Difficulties arise when the entire lifecycle is out of their hands. The U.S. Department of Defense (DoD) has a unique DevSecOps journey, you can learn all about it thanks to a presentation by Hasan Yasar and Nicolas Chaillan. Sylvia Fronczak covered it all for you here.
The Intersection of Communication and Technology
What is our progress in DevOps? When the DevOps movement started, the world was doing weekly releases at best. But the speed of change in technology is much faster. Still, the real holdup is us—people as Emily Freeman explains. Find out more from what Phil Vuollet covered here.
ZeroTrustOps: Securing at Scale
With zero trust, you should assume everything on the network isn’t safe. How many of you are tired of hearing the term “zero trust”? And what does “zero trust” even mean? Wendy Nather explains in her 2019 All Day DevOps presentation. And you can catch it all here from Sylvia Fronczak.
OWASP Top 10 Overview
OWASP is a very cool community dedicated to helping organizations build software that can be trusted. It came online in 2001 and was established as a non-profit in April of 2004. Caroline Wong first learned about the OWASP Top 10 years ago while she worked at ebay, where she launched her infosec career. These days, she’s Chief Strategy Officer for Cobalt.io and teaches the subject on LinekdIn Learning. You can learn in much more detail about the OWASP Top 10 through her courses there. To teach this subject matter, Caroline makes use of memorable analogies, which is what Erik Dietrich covered all right here.
Kubernetes for Developers
What is Kubernetes and why do we care about it? It starts with containers, says Hossam Barakat. We used to run multiple applications directly on the host server. Then we started using virtual machines for isolation. Containers allow us to further isolate the application and its dependencies on the host server(s). We can run more containers on the same host with less overhead from the guest OS that comes with virtual machines. Kubernetes helps to automate deploying, scaling, and managing many containers. So if you’re curious to find out more, head over here and Phil Vuollet can catch you up.
The Future of Software Security and Conversations You’ll Need to Have
Why do the bad guys keep winning? Well, for starters, there are misconceptions about who the bad guys even are, says Kate Healy of Telstra. The public thinks a guy sitting in a basement with a hoodie on is a malicious hacker. But that’s inaccurate — they look like you, or me. Perhaps at one time, this vandalizing loner represented the biggest security threat. Back when hackers were people who, well, hacked, for the fun and thrill of it. But this isn’t how things are today. Why do we still have breaches, then? You can find out these answers from Erik Dietrich’s recap here.