Agile2017 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

DevOps [clear filter]
Monday, August 7

10:45am EDT

As a whirlwind through the Microsoft DevOps Landscape (Jesse Houwing)
Limited Capacity seats available

In the last few years a lot has changed in the Microsoft ecosystem of development tools. Microsoft has embraced a wide range of community supported tools, contributed to open source projects and officially provides support for 3rd party tools that ship with their flagship development products.
With the latest releases of Visual Studio, Visual Studio Team Services and Team Foundation Server, Microsoft is continuing its a movement to bring more and more DevOps tools, collaboration, integration and feedback to the fingertips of the team. The Visual Studio Marketplace further opens up your options by adding support for other languages such as Python, Ruby, PHP as well as and other technologies such as Specification by Example, Powerful refactoring, and more.
In this session Jesse Houwing, Scrum.org trainer and Microsoft MVP DevOps, will present you with an independent view through the options, think of it as a whirlwind introduction to the Microsoft ecosystem and 3rd party tools that make it even better.

Learning Outcomes:
  • Understand the position of the Microsoft tools ecosystem
  • Piece together your own pipeline with all of the options available.
  • Understand the alternative options available and how they can be added in
  • Understand how all of these pieces together form a powerful end-to-end solution with traceability from inception to production.


avatar for Jesse Houwing

Jesse Houwing

Speaker, Techorama
Jesse is a passionate trainer and coach, helping teams improve their productivity and quality all the while trying to keep work fun. He is a Professional Scrum Trainer (PST) through Scrum.org for the Professional Scrum Foundations (PSF), Professional Scrum Master (PSM), Developer... Read More →

Monday August 7, 2017 10:45am - 12:00pm EDT
Wekiwa 6

10:45am EDT

DevOps Performance Measurement: A Foundational Element For Building High-Trust Cultures (Dennis Ehle)
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

One of the primary drivers, if not THE central driver, behind any Enterprise DevOps transformation is the organizations need to optimize the flow of business value (in the form of incremental software) between developers and end-users. Within many organizations, and particularly within larger enterprise organizations, lack of trust between organizational stakeholders tends to sub-optimize the flow of value.
This technology agnostic talk will explore how organizations such as Aflac, Boeing, BNSF Railways, Service Master and Fanatics were able to dramatically accelerate evolution from low-trust to high-trust cultures. The common thread between these organizations is how they leverage data-driven instrumentation to dispel myths, break down organizational/political barriers and guide trust-building transformation.
What is DevOps Performance Measurement?
  • Value Stream Performance vs Operational Performance - Precisely measuring the DevOps machine itself and not it’s outputs
  • How to describe DevOps performance using measures the entire organization truly cares about:
    • The Flow of Value
    • Delivery Risk
    • Process Compliance
    • Rework
Data is Truth: Why DevOps Performance Measurement is so critical to building trust across the enterprise?
  • How objective data can diffuse and ultimately eliminate the blame game
  • Removing corporate politics with the ultimate equal opportunity enabler
  • The relationship between Batch size and Trust
  • Leveraging objective performance insights to foster organizational creativity
  • Using metrics to create shared incentives and common agenda’s
  • Quantitative results speak best to executive leadership
It all starts with Value Stream Mapping
  • What is The DevOps Unit of Flow?
  • Phases, Activities and Controls - DevOps specific templates and guidelines to simplify value stream mapping
  • Manual vs automated activities
Top Ten DevOps Performance Metrics That Raise Organizational Trust (including…)
  • Activity duration and DevOps Wait-Time
  • Value Stream Bottleneck Analysis
  • Release Candidate and/or Feature Risk Analysis
  • Waste and Rework Metrics
  • Quality Assurance Effectivness Index
  • Measuring Code Stability/Complexity by Feature or Release
  • Real-time compliance measurement
Some Lessons Learned:
  • Choose Measures Wisely: Trust can only be gained when adopting DevOps performance metrics that are organizational strategic and highly valued by business stakeholders. Stay high level and business focused.
  • Operational metrics such as broken-build percentage, deployment frequency and test coverage can lead to sub-optimal behavior and a reduction in trust.
  • The initial performance baseline is not good or bad - it is the foundation for future improvement.
  • Warning: The data must guide investment in people, process and tools - adopting a course of investment despite the data can nullify the entire effort.
Note: This presentation is vender and technology independent. Our findings are based on direct experience gathered from over a dozen performance measurement engagements with enterprise sized customers.

Learning Outcomes:
  • How to effectively map value streams in the context of DevOps
  • How to distinguish between metrics and measures that build trust and those that erode trust
  • Technology agnostic approaches to tracking business value (in the form of incremental software capabilities) thru the delivery value stream
  • How performance metrics can help identify DevOps waste and sub-optimization
  • How to use common DevOps data to objectively measure delivery risk - before software is released


avatar for Dennis Ehle

Dennis Ehle

VP DevOps Strategy, VersionOne

Monday August 7, 2017 10:45am - 12:00pm EDT

2:00pm EDT

'Failure' As Success In An Agile World: The Mindset, The Methods & The Landmines (J. Paul Reed)
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

"Failing fast," "failing forward" and "Learning from failure" are all the rage in the tech industry right now. The DevOps company "unicorns" seem to talk endlessly about how they reframe "failure" into success. And yet, many of us are still required to design and implement backup system capabilities, redundancies, and controls into our software and operations processes. And when those fail, we cringe at the conversation with management that will ensue.
So is all this chatter of reframing "failure" as success within our organizations just that: talk? And what does "reframing failure" look like, anyway? And what does any of this have to do with aircraft carriers and nuclear power plants?! Join us as we explore shifting our mindset of failure, the history that mindset is rooted in, and effective methods to move your organization toward thinking of failure differently, plus some landmines to avoid along the way.

Learning Outcomes:
  • How "safety science" relates to software development and operations
  • Methods and strategies to facilitate your organization's embrace of failure, so you can effectively learn from it and improve
  • Various pitfalls to avoid when organizations attempt to tackle failure differently


avatar for J. Paul Reed

J. Paul Reed

Managing Partner, Release Engineering Approaches
J. Paul Reed has over fifteen years experience in the trenches as a build/release engineer, working with such storied companies as VMware, Mozilla, Postbox, Symantec, and Salesforce. In 2012, he founded Release Engineering Approaches, a consultancy incorporating a host of tools... Read More →

Monday August 7, 2017 2:00pm - 3:15pm EDT
Wekiwa 6

3:45pm EDT

AppSec from the Trenches: Practical Application Security for an Agile and DevOps world (Abhay Bhargav)
Limited Capacity seats available

DevOps practices have become the de-facto approach to deliver applications at rapid scale and unprecedented speed. However, any process is as fast as its biggest bottleneck and security is becoming the most pervasive bottleneck in most DevOps practices. Teams are unable to come up with security practices that integrate into the DevOps lifecycle and ensure continuous and smooth delivery of applications to customers. In fact, security failures in DevOps amplify security flaws in production as they are delivered at scale. If DevOps should not be at odds with security, then we must find ways to achieve the following on priority:
  • Integrate effective threat modeling into Agile development practices
  • Introduce Security Automation into Continuous Integration
  • Integrate Security Automation into Continuous Deployment While there are other elements like SAST and Monitoring that are important to SecDevOps, my talk will essentially focus on these three elements with a higher level of focus on Security Automation. In my talk, I will explore the following, with reference to the topic:
  • The talk will be replete with anecdotes from personal consulting and penetration testing experiences.
  • I will briefly discuss Threat Modeling and its impact on DevOps. I will use examples to demonstrate practical ways that one can use threat modeling effectively to break down obstacles and create security automation that reduces the security bottleneck in the later stages of the DevOps cycle.
  • I firmly believe that Automated Vulnerability Assessment (using scanners) no matter how tuned, can only produce 30-40% of the actual results as opposed to a manual application penetration test. I find that scanning tools fail to identify most vulnerabilities with modern Web Services (REST. I will discuss examples and demonstrate how one can leverage automated vulnerability scanners (like ZAP, through its Python API) and simulate manual testing using a custom security automation suite. In Application Penetration Testing, its impossible to have a one size-fits all, but there’s no reason why we can’t deliver custom security automation to simulate most of the manual penetration testing to combine them into a custom security automation suite that integrates with CI tools like Jenkins and Travis. I intend to demonstrate the use a custom security test suite (written in Python that integrates with Jenkins), against an intentionally vulnerable e-commerce app.
  • My talk will also detail automation to identify vulnerabilities in software libraries and components, integrated with CI tools.
  • Finally, I will (with the use of examples and demos) explain how one can use “Infrastructure as Code” practice to perform pre and post deployment security checks, using tools like Chef, Puppet and Ansible.

Learning Outcomes:
  • Insight into different processes of Application Security throughout the Agile Development Lifecycle, where Continuous Delivery of apps is the norm
  • Demos of Application Security Test Automation integrated into DevOps processes like Continuous Integration
  • Intro to Iterative Threat Modeling - for Agile


avatar for Abhay Bhargav

Abhay Bhargav

Founder, we45
"Abhay Bhargav is the Founder of we45, a focused Application Security Company. Abhay is a builder and breaker of applications. He is the Chief Architect of “Orchestron"", a leading Application Vulnerability Correlation and Orchestration Framework.  He has created some pioneering... Read More →

Monday August 7, 2017 3:45pm - 5:00pm EDT
Tuesday, August 8

9:00am EDT

Everything You Wanted to Know About DevOps But Were Afraid to Ask (Claire Moss)
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

As a career software tester, I've heard rumors DevOps culture will put me out of a job, so I took a job testing for a DevOps team. I'm new to DevOps, but aren't we all? What matters most is our teams' intentional decisions to grow our DevOps practices along with our development community.
Join me as I share my experiences blending disciplines, companies, levels of experience, and differing expectations as a member of efficient and effective delivery teams. I'll describe common cultural and interpersonal problems I experienced while transforming a cross-functional agile team dogfooding a DevOps implementation.
Whether you're into development, operations, testing, customer support, or product ownership, you'll leave with concrete strategies for improving your DevOps working relationships to keep the technology running smoothly. People factors strongly affect your DevOps technical outcomes, so optimizing your flow includes improving your people practices.
Don't feel afraid to ask about DevOps anymore!

Learning Outcomes:
  • The people factors that strongly affect your DevOps technical outcomes
  • How to blend teams from different companies
  • To sort through process and role differences
  • Apply the Agile mindset in support of DevOps


avatar for Claire Moss

Claire Moss

Developer, Agilist, Tester, ScrumMaster, Product Owner, Agile coach, aclairefication
Agilist working as part of product development teams to support and accelerate development through fast feedback. I help teams to craft more executable user stories. Product backlog creator and groomer with emphasis on progressive elaboration. Front-end Javascript development, back-end... Read More →

Tuesday August 8, 2017 9:00am - 10:15am EDT
Wekiwa 7&8

10:45am EDT

So You Want To Go Faster? (Daniel Davis)
Limited Capacity seats available

How frequently does a good agile team deploy to production? Not every team is capable of deploying "on every commit". What does it take for a team to even start deploying at the end of each sprint, or each week, or each day?
Most companies don't realize that deploying more frequently often requires both significant technical change as well as cultural change. In this talk, I'll guide you through what it takes to deploy more frequently, both from the technical side of setting up pipelines as well as the organizational side of removing red tape. I'll draw on the unique challenges that teams must overcome at each step of the way, from deploying once a month all the way down to full continuous delivery. If your team has been struggling to go faster, come see how you can change to get there. And if you already are at full continuous delivery, come see how to go even faster than that!

Learning Outcomes:
  • Attendees should leave the talk with a full understanding of the different challenges for deploying at these intervals:
  • - Once per sprint
  • - Every few days
  • - Daily
  • - On Every Commit
  • Attendees should be familiarized with common technical solutions to these problems, including:
  • - Automation through delivery pipelines in Jenkins (or some other CI tool)
  • - Feature toggles and their role in code
  • - The role of automated acceptance testing and smoke testing (especially when you go fast)
  • - Using configuration management tools to create consistency across environments
  • - Strategies for versioning and dealing with "in transition" states
  • Attendees should be able to answer to these common cultural questions:
  • - Does more frequent doesn't equate to more risk?
  • - How do you ensure quality without a dedicated QA team of manual testers?
  • - Who should be responsible for authorizing deployments to production?
  • - Do all deployments deliver functionality?
  • - Are bug counts the only way to measure quality?


avatar for Daniel Davis

Daniel Davis

Managing Consultant, Excella Consulting
I love testing, Agile and cats. If any of those things interest you, come find me. If any of those interests overlap (e.g. Agile cats), definitely come find me!

Tuesday August 8, 2017 10:45am - 12:00pm EDT

3:45pm EDT

DevOps the mass extinction of manual processes (Bill Roberts, James La Spada)
Limited Capacity seats available

This is the story of how Capital One used DevOps Culture and Kanban Principles to significantly increase the speed of feature delivery, while lowering risk. Large organizations can be filled with manual processes, and many people feel there is nothing they can do about them. Our team took the name “Meteor” inspired by the one that took out the dinosaurs, because we wanted to cause the mass extinction of these manual processes.
In this presentation, we will discuss the ‘old’ manual way that work was completed at Capital One and the inefficiencies that we saw as a result. We will discuss the transformation to the DevOps culture that we helped to push. With the elimination of component teams and proper application of Kanban principles, we have taught teams how to manage their own adoption of DevOps in an effort to move the organization to full continuous integration and continuous delivery.

Learning Outcomes:
  • Define "self-service DevOps culture" and show methods for implementing within large organizations.
  • Illustrate the core principles needed to coach development teams to embrace DevOps.
  • Create an effective pipeline to deliver features into production multiple times a day with zero downtime.
  • Use effective branching strategy for CICD.
  • Show the benefits of using component testing with Github Pull Request checks for code quality.
  • Understand how to use kanban methodologies to manage both the flow of work and team dependencies.
  • Understand the benefits of feature teams vs. component teams.


avatar for Bill Roberts

Bill Roberts

Sr. Manager, Scrum Master, Capital One
Bill Roberts had his first experiences in technology as the manager of financial planning and analysis for IT organizations at Bank One, ING DIRECT USA, and Capital One. In 2013 he transitioned to IT as backlog owner for five middleware teams developing APIs. He received his Master's... Read More →
avatar for James La Spada

James La Spada

Master Software Engineer, Capital One
James La Spada has been a technology professional for a little over 10 years. He received his B.S. in Information Sciences and Technology from Penn State University and started his career in application development before graduation. Since then he has been very passionate with learning... Read More →

Tuesday August 8, 2017 3:45pm - 5:00pm EDT
  DevOps, Talk
Wednesday, August 9

10:45am EDT

Time Theft - How Hidden & Unplanned Work Commit the Perfect Crime (Dominica DeGrandis)
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Invisible work competes with known work. Invisible work blindsides people, leaving teams unaware of mutually critical information. Married to this problem, is the question, how does one plan for, or allocate capacity for the invisible? It’s tough to analyze something you can’t see. Incognito work doesn’t show up well in metrics. Hidden work steals time away from important priorities. Hidden work also masks dependencies across siloed teams and increases total department work-in-progress, which lengthens cycle time.
The State of DevOps 2016 report considers the amount of unplanned work a measure of quality. Data shows that high performers spend 11% more time working on planned work vs. unplanned work -- because the more unplanned work, the less time exists to create and deliver value work. Bringing visibility to and measuring unplanned work is a necessary capability for any organization serious about implementing DevOps in order to reduce risk and improve performance.
Risk accumulates from work delivered late and started late. One solution is to expose the hidden work thieves that steal your time away from planned work. This talk exposes five thieves of time that prevent teams from delivering value quick, and provides actionable steps for how to see and how to measure unplanned work.

Learning Outcomes:
  • How to make unplanned work, dependencies, conflicting priorities and neglected work visible.
  • How to measure and report on planned work vs. unplanned work
  • How to collect and present important metrics that CIO's care about - How to reduce risk and increase predictability


avatar for Dominica DeGrandis

Dominica DeGrandis

Principal Flow Advisor, Tasktop
Dominica DeGrandis is Principal Flow Advisor at Tasktop, where she helps customers improve the flow of work across value streams. Responsible for introducing customers to flow-based aspects of digital transformation, she guides IT teams and business teams to understand and adopt new... Read More →

Wednesday August 9, 2017 10:45am - 12:00pm EDT

2:00pm EDT

From DevOps to DevSecOps - Application security for a Lean/Agile/DevOps environment (Larry Maccherone)
Limited Capacity seats available

The bad guys don't break in through the highly secure bank vault door; they attack the crumbly bricks and mortar of the vault walls. The same is true for application security. The vast majority of incidents don't target security features like encryption, authentication, and authorization... the bank vault door. Rather, they target vulnerabilities in the "boring", non-security parts of the code... the crumbly bricks and mortar of the vault walls.
The security function is still largely throw-it-over-the-wall at many organizations, but things are changing. There is growing awareness that you cannot prevent the vast majority of incidents with a bolt-on approach to security. You have to produce applications that are free of such vulnerabilities as they are being developed. In other words, you have to BUILD SECURITY IN.
Just like DevOps is a cultural transformation, to BUILD SECURITY IN we need a mindset shift and cultural change. We need DevSecOps.
This talk starts by introducing a DevSecOps manifesto and then a process model for achieving a "BUILD SECURITY IN" DevSecOps culture. The framework is designed to sit on top of any SDLC but it is particularly suited to Lean/Agile environments and even more so to a DevOps environment or in conjunction with an ongoing DevOps transformation.

Learning Outcomes:
  • The values identified in a DevSecOps manifesto
  • The key disciplines of security practice most relevant to development teams
  • A maturity scale for these disciplines that you can leverage to incrementally up your application security game
  • The key measures that will provide feedback for a data-driven and gamification approach to cultural change
  • Common objections from large organization inertia/ossification and how to overcome them
  • How to BUILD SECURITY IN rather than bolt it on



Wednesday August 9, 2017 2:00pm - 3:15pm EDT
  DevOps, Talk
Thursday, August 10

9:00am EDT

The pursuit of DevOps: 3 unique Microsoft journeys leading to a customer-focused path (Martina Hiemstra)
Limited Capacity seats available

Many ask how do Agile and DevOps fit together? Even more importantly, how do you get there? Three of Microsoft's largest divisions started with radically different approaches and have had very unique journeys. Ironically, they have come to very similar live-site, customer-based and Agile places. One of the Product Groups releases daily thanks to 36,000+ automated test cases. Another flights on demand daily and continues to see increases in quality and customer satisfaction. Microsoft IT is the newest on this journey and has succeeded in key service offering areas to attain early DevOps results.
This session will candidly share the unique approaches, challenges and learnings along the way for these massive organizations spanning 15,000+ employees. It will provide the opportunity to understand the key investments and changes these organizations had to make to help Microsoft accelerate its digital transformation. You will have the opportunity to ask questions on how this can be applied to your organizations. This interactive talk will be especially applicable to those change agents seeking to influence enterprise level transformation. This session will include real-time surveys with participants to spot check whether attendees are actively trying similar tactics and if they are working for them too.
Key learning goals for this session are to share the different strategies to get to DevOps at scale, their pros and cons from real world journeys. This presentation embraces the principle of Kaizen and the benefit of learning from others.

Learning Outcomes:
  • To learn from 3 different enterprise strategies to attain DevOps at scale including their pros and cons from real world journeys.
  • Key themes that will be emphasized as recommended practices are automate everything, accountability matters, scale requires support (i.e. Coaching) to scale with it, leadership support needs increase as you grow, Lean-Agile is a winning transformation combination, focus on leaning out the pipeline of activities, and engage your customers on multiple levels.
  • Specifics for tools and practices in each of the themes will be shared (i.e. proven testing techniques and tools to help with automation).


avatar for Martina Hiemstra

Martina Hiemstra

Principal Group Manager, Microsoft Corporation
I've been an Agile practitioner for over 10 years and love to deliver value that delights customers! I love the outdoors, playing music and growing organic vegetables...

Thursday August 10, 2017 9:00am - 10:15am EDT

2:00pm EDT

CD for DBs: Database Deployment Strategies (Chris Fulton)
Limited Capacity seats available

As organizations invest in DevOps to release more frequently, there’s a need to treat the database tier as an integral part of your automated delivery pipeline – to build, test and deploy database changes just like any other part of your application.
However, databases (particularly RDBMS) are different from source code, and pose unique challenges to Continuous Delivery - especially in the context of deployments.
Often, code changes require updating or migrating the database before the application can be deployed. A deployment method that works for installing a small database or a green-field application may not be suitable for industrial-scale databases. Updating the database can be more demanding than updating the app layer: database changes are more difficult to test, and rollbacks are harder. Furthermore, for organizations who strive to minimize service interruption to end users, database updates with no-downtime are a laborious operation.
Your DB stores the most mission-critical and sensitive data of your organization (transaction data, business data, user information, etc.). As you update your database, you’d want to ensure data integrity, ACID, data retention, and have a solid rollback strategy - in case things go wrong …
This talk covers strategies for database deployments and rollbacks.

Learning Outcomes:
  • • Patterns and best practices for reliably deploying databases as part of your CD pipeline
  • • Tips for deploying Relational databases (with/without schema changes) vs. NoSQL data stores
  • • How to safely rollback database code
  • • How to ensure data integrity
  • • Best practices for handling advanced scenarios and back-end processes, such as scheduled tasks, ETL routines, replication architecture, linked databases across distributed infrastructure, and more
  • • How to handle legacy database, alongside more modern data management solutions


Chris Fulton

Global Technical Account Manager, Electric Cloud

Thursday August 10, 2017 2:00pm - 3:15pm EDT

3:45pm EDT

Infrastructure Patterns for Continuous Delivery (Nicolas Paez)
Limited Capacity seats available

You have read about continuous delivery and decided it will benefit your organisation. You talked to your colleagues and management; everyone has bought into the idea and your team is ready to start working. The organisation embraced agile a while back and is excited to add continuous deployment. Unfortunately, the operations infrastructure seems to be very far from what you need based on what you have read about continuous delivery. Too much is done manually. Your organisation has audit controls and other bureaucratic policies can't be ignored. Well, nobody said it would be easy! In this session you will discover a set of patterns and practices that will help you to prepare your infrastructure for a continuous delivery implementation.

Learning Outcomes:
  • A set of patterns that will help you prepare your infrastructure for a continuous delivery implementation.


avatar for Nicolas Paez

Nicolas Paez

Professor, UBA & UNTREF
I am a software engineer with several years of experience in software development. I love teaching, I teach software engineering at the university. I work as an independent software engineer helping teams to adopt technical practices.I do believe that the main complexity in creating... Read More →

Thursday August 10, 2017 3:45pm - 5:00pm EDT