Archiv pro štítek: OWASP

How to Engage 4000 Developers in One Day

When Derek Weeks and I started All Day DevOps in 2016, we were unsure as to whether anyone would be interested.It's now four years later. Last week we had close to 37,000 people register for the event. We're still trying to wrap our head around the scale of something that generates a world wide audience in the tens of thousands for a 24 hour conference. One of the things that has grown organically from All Day DevOps is a concept called "Viewing Parties". It's an idea the community has created, not something planned by us. Over 170 organizations, meetups or user groups around the world setup a large screen and invited colleagues and friends over to share in the DevOps journeys that were being told throughout the day. Last year, we heard through the grapevine that State Farm had over 600 people show up to participate at their viewing party in Dallas. That's 600 people internally at State Farm. When I heard about it, I knew I had to speak with Kevin ODell, Technology Director and DevOps Advocate at State Farm, the person who coordinated the event. Our initial conversation was a fascinating view into how he pulled off such a large event, internally. We kept in touch throughout the year, leading up to 2019 All Day DevOps. Keeping track of the registrations for Kevin, he soon came to realize what he had created was now a viral event at State Farm. For 2019, State Farm had 4000 of their 6000 developers confirmed to attend All Day DevOps. To me, that's just remarkable. While at the DevOps Enterprise Summit last month, Kevin and I sat down to talk about how he created such an incredible event, the process for getting business buy-in, and how he measures the value of letting 4000 developers collectively watch videos for the day. Even if I wasn't one of the co-founders of All Day DevOps, I'd find this a fascinating story. Stay with us and I think you'll be impressed, too.

How to Engage 4000 Developers in One Day

When Derek Weeks and I started All Day DevOps in 2016, we were unsure as to whether anyone would be interested.It's now four years later. Last week we had close to 37,000 people register for the event. We're still trying to wrap our head around the scale of something that generates a world wide audience in the tens of thousands for a 24 hour conference. One of the things that has grown organically from All Day DevOps is a concept called "Viewing Parties". It's an idea the community has created, not something planned by us. Over 170 organizations, meetups or user groups around the world setup a large screen and invited colleagues and friends over to share in the DevOps journeys that were being told throughout the day. Last year, we heard through the grapevine that State Farm had over 600 people show up to participate at their viewing party in Dallas. That's 600 people internally at State Farm. When I heard about it, I knew I had to speak with Kevin ODell, Technology Director and DevOps Advocate at State Farm, the person who coordinated the event. Our initial conversation was a fascinating view into how he pulled off such a large event, internally. We kept in touch throughout the year, leading up to 2019 All Day DevOps. Keeping track of the registrations for Kevin, he soon came to realize what he had created was now a viral event at State Farm. For 2019, State Farm had 4000 of their 6000 developers confirmed to attend All Day DevOps. To me, that's just remarkable. While at the DevOps Enterprise Summit last month, Kevin and I sat down to talk about how he created such an incredible event, the process for getting business buy-in, and how he measures the value of letting 4000 developers collectively watch videos for the day. Even if I wasn't one of the co-founders of All Day DevOps, I'd find this a fascinating story. Stay with us and I think you'll be impressed, too.

Code Rush, DevOps and Google: Software in the Fast Lane

Shortly after watching the documentary, Code Rush, I met with Tara Hernandez, the hockey stick carrying lead of the Netscape project that was being documented. We sat down at the Jenkins World Conference in San Francisco to talk about the effect that project had on her career, what she has been doing since with her position at google, and what she hopes to be working on in the coming years. We started our conversation by exploring the relationship between the Netscape project in 1998 and the current state of DevOps. Would DevOps have made a difference... the answer might surprise you.

Code Rush, DevOps and Google: Software in the Fast Lane

Shortly after watching the documentary, Code Rush, I met with Tara Hernandez, the hockey stick carrying lead of the Netscape project that was being documented. We sat down at the Jenkins World Conference in San Francisco to talk about the effect that project had on her career, what she has been doing since with her position at google, and what she hopes to be working on in the coming years. We started our conversation by exploring the relationship between the Netscape project in 1998 and the current state of DevOps. Would DevOps have made a difference... the answer might surprise you.

The Unicorn Project w/ Gene Kim

Edwards Deming went to post-war Japan in the late 1940s to help with the census. While there, he built relationships with some of the main manufacturers in the region, helping them understand the value of building quality into a product as part of the production process, thus lowering time to market, eliminating rework and saving company resources. In his 1982 book, "Out of the Crisis", Deming explained in detail why Japan was ahead of the American manufacturing industry and what to do about. His "14 Points on Quality Management" helped revitalize American industry. Unknowingly, he laid the foundation for DevOps 40 years later. Eli Goldratt published "The Goal" in 1984, focusing on the "Theory of Constraints", the idea that a process can only go as fast as it's slowest part. In fictionalized novel form, Goldratt was able to reach a wide audience who would utilize the theory to help find bottlenecks, or constrainsts, within production that were holding back the entire system. Once again, the theories espoused in The Goal were a precursor to the DevOps movement 40 years later. In January 2013, 40 years after Deming and Goldratt reshaped the manufacturing processes in American, Gene Kim published "The Phoexnix Project". He used the same format as Goldratt, telling the story in a fictional novel format with characters who were easily identifiable within the software manufacturing process, from a manager's point of view. The Phoenix Project is now one of the most important books in the industry, and is used as a starting point for companies interested in participating in a DevOps transformation. It's now six years later, 2019. Gene's new book, The Unicorn Project, will be released at the upcoming DevOps Enterprise Summit in Las Vegas on October 28. This new book has an interesting premise: What was going on with the software development team in the Phoenix Project as the management team was flailing to get the project back on track. It's a novel approach to have parallel timelines in separate books, looking at the same project. In this broadcast, Gene and I talk about how the Unicorn Project aligns with the Phoenix Project, the overlap in storylines, and why he chose to speak for software developers in this iteration of the story. Do a quick review of the Phoenix Project, which is probably already on your bookshelf, and then listen in as we discuss using Deming, Goldratt and Kim as the foundation of the principles of the DevOps movement.

The Unicorn Project w/ Gene Kim

Edwards Deming went to post-war Japan in the late 1940s to help with the census. While there, he built relationships with some of the main manufacturers in the region, helping them understand the value of building quality into a product as part of the production process, thus lowering time to market, eliminating rework and saving company resources. In his 1982 book, "Out of the Crisis", Deming explained in detail why Japan was ahead of the American manufacturing industry and what to do about. His "14 Points on Quality Management" helped revitalize American industry. Unknowingly, he laid the foundation for DevOps 40 years later. Eli Goldratt published "The Goal" in 1984, focusing on the "Theory of Constraints", the idea that a process can only go as fast as it's slowest part. In fictionalized novel form, Goldratt was able to reach a wide audience who would utilize the theory to help find bottlenecks, or constrainsts, within production that were holding back the entire system. Once again, the theories espoused in The Goal were a precursor to the DevOps movement 40 years later. In January 2013, 40 years after Deming and Goldratt reshaped the manufacturing processes in American, Gene Kim published "The Phoexnix Project". He used the same format as Goldratt, telling the story in a fictional novel format with characters who were easily identifiable within the software manufacturing process, from a manager's point of view. The Phoenix Project is now one of the most important books in the industry, and is used as a starting point for companies interested in participating in a DevOps transformation. It's now six years later, 2019. Gene's new book, The Unicorn Project, will be released at the upcoming DevOps Enterprise Summit in Las Vegas on October 28. This new book has an interesting premise: What was going on with the software development team in the Phoenix Project as the management team was flailing to get the project back on track. It's a novel approach to have parallel timelines in separate books, looking at the same project. In this broadcast, Gene and I talk about how the Unicorn Project aligns with the Phoenix Project, the overlap in storylines, and why he chose to speak for software developers in this iteration of the story. Do a quick review of the Phoenix Project, which is probably already on your bookshelf, and then listen in as we discuss using Deming, Goldratt and Kim as the foundation of the principles of the DevOps movement.

DevOps, DevSecOps and the Year Ahead w/ Sacha Labourey

Once a year, Sacha Labourey and I sit down to discuss the past year and what the coming year looks like for DevOps and Jenkins. As CEO of CloudBees, Sacha has broad visibility into the progress of the DevOps/DevSecOps communities. We started our talk this year, commenting on the growth of the Jenkins World conference, with over 2000 attendees... what does Sacha attribute that to and does it coincide with the growth within the DevOps community. We continued our discussion by examining how cultural transformation within a company must align with the tools that are available to help with that transformation. Along the way we touched on where cultural transformation comes from within an enterprise, the question of whether DevOps has yet to jumped the chasm, the tipping point for a company's full acceptance of DevOps patterns, and what does Sacha hope to accomplish in the coming year All Day DevOps: A Supporter of DevSecOps Podcast If you're listening to this podcast, you've probably heard of All Day DevOps. This year, All Day DevOps has expanded to 150 sessions, including 9 sessions dedicated to OWASP projects such as Seba talking about DevOps Assurance with OWASP SAMMv2, the OWASP Security Knowledge Framework with Glen & Ricardo ten Cate, DevSecOps in Azure with OWASP DevSlop featuring Tanya Janca, and an overview of the OWASP Top 10 with Caroline Wong. Simon talking about the OWASP ZAP HUD project is another session not to be missed. All Day DevOps is a free, community event, sponsored and supported by hundreds of organizations like yours from around the world. Registration is free. Go to All Day DevOps dot com to register and start building your schedule. All Day DevOps. All live. All online. All free.

DevOps, DevSecOps and the Year Ahead w/ Sacha Labourey

Once a year, Sacha Labourey and I sit down to discuss the past year and what the coming year looks like for DevOps and Jenkins. As CEO of CloudBees, Sacha has broad visibility into the progress of the DevOps/DevSecOps communities. We started our talk this year, commenting on the growth of the Jenkins World conference, with over 2000 attendees... what does Sacha attribute that to and does it coincide with the growth within the DevOps community. We continued our discussion by examining how cultural transformation within a company must align with the tools that are available to help with that transformation. Along the way we touched on where cultural transformation comes from within an enterprise, the question of whether DevOps has yet to jumped the chasm, the tipping point for a company's full acceptance of DevOps patterns, and what does Sacha hope to accomplish in the coming year All Day DevOps: A Supporter of DevSecOps Podcast If you're listening to this podcast, you've probably heard of All Day DevOps. This year, All Day DevOps has expanded to 150 sessions, including 9 sessions dedicated to OWASP projects such as Seba talking about DevOps Assurance with OWASP SAMMv2, the OWASP Security Knowledge Framework with Glen & Ricardo ten Cate, DevSecOps in Azure with OWASP DevSlop featuring Tanya Janca, and an overview of the OWASP Top 10 with Caroline Wong. Simon talking about the OWASP ZAP HUD project is another session not to be missed. All Day DevOps is a free, community event, sponsored and supported by hundreds of organizations like yours from around the world. Registration is free. Go to All Day DevOps dot com to register and start building your schedule. All Day DevOps. All live. All online. All free.

Is it time to trust Equifax again? You decide.

I was affected by it. You were affected by it. We were all affected by the Equifax breach in September 2017. The truly interesting thing about it is, Equifax wasn't the only company hit by the struts 2 vulnerability that day. Many other companies were hit by it within that time period, but Equifax became the poster child for the main stream media. It was just too easy of a target because of consumer visibility. In the two years since the breach, Equifax has been working hard to restore its reputation, not just with consumer protection, but with the companies that depend upon credit data to make real business choices. I wanted to find out what Equifax is doing behind the scenes not just reputation wise, but technology wise when it comes to protecting data. Was it status quo as soon as the buzz died down? Did they pay their fine and go back to business as usual? Or are they making changes under the hood that will make a difference in how financial data is handled and what can be done with it. I met with Sean Davis, Chief Transformation Evangelist at Equifax, while at Jenkins World in August. It had been two years since the breach, and I wanted to hear what was happening internally, what changes have been made and why we should begin to trust Equifax again. I have to say I was surprised. When I sat down with Sean, I thought there would be hesitancy, some caution as to what could and couldn't be talked about. To my surprise, it was a transparent discussion. I asked him questions I wanted to know as a consumer, as well as the technical queries about what's going on under the hood at Equifax, what changes have been made to make my data more secure. Is it time to trust Equifax again? I'll let you decide.

Is it time to trust Equifax again? You decide.

I was affected by it. You were affected by it. We were all affected by the Equifax breach in September 2017. The truly interesting thing about it is, Equifax wasn't the only company hit by the struts 2 vulnerability that day. Many other companies were hit by it within that time period, but Equifax became the poster child for the main stream media. It was just too easy of a target because of consumer visibility. In the two years since the breach, Equifax has been working hard to restore its reputation, not just with consumer protection, but with the companies that depend upon credit data to make real business choices. I wanted to find out what Equifax is doing behind the scenes not just reputation wise, but technology wise when it comes to protecting data. Was it status quo as soon as the buzz died down? Did they pay their fine and go back to business as usual? Or are they making changes under the hood that will make a difference in how financial data is handled and what can be done with it. I met with Sean Davis, Chief Transformation Evangelist at Equifax, while at Jenkins World in August. It had been two years since the breach, and I wanted to hear what was happening internally, what changes have been made and why we should begin to trust Equifax again. I have to say I was surprised. When I sat down with Sean, I thought there would be hesitancy, some caution as to what could and couldn't be talked about. To my surprise, it was a transparent discussion. I asked him questions I wanted to know as a consumer, as well as the technical queries about what's going on under the hood at Equifax, what changes have been made to make my data more secure. Is it time to trust Equifax again? I'll let you decide.