AGENDA DOTC 2019 IN MELBOURNE

Site Reliability Engineering and the DevOps movement share a similar set of challenges but addresses each in a different way. SRE got its start at Google in 2003 and according to Ben Treynor, VP of 24/7 Operations: «SRE is what happens when you ask a software engineer to design an operations team». In 2016, Google published a book about Site Reliability Engineering principles, practices and organizational constructs. The practice of Site Reliability Engineering at Google encompasses more than just managing production systems and responding to emergencies. Applying software engineering in a principled way to operations allows SRE to holistically address the reliability of software applications across the product lifecycle. Implementing SRE in an organisation requires a commitment to supporting some core principles and a fundamental culture shift SRE needs Service Level Objectives, with consequences. SREs have time to make tomorrow better than today. SRE teams have the ability to regulate their workload. SREs and the organisation's leaders remove the word «blame» from their vocabulary. This talk will highlight key SRE principles and how they map to recognized DevOps focus areas. We'll also discuss how any organisation can start practicing engineering the SRE way, and how our recent experience of working with our customers on adopting SRE practices has shown these principles will work across a range of organisations of different types and sizes.

The tectonic plates in DevOps are moving. Industry-shaping technology companies like Amazon, Microsoft and Google are making strategic decisions amidst sea changes in how connectivity and networking are being approached. Not one for baseless predictions, Shlomi Ben Haim, CEO of JFrog - one of the world’s most respected DevOps companies - will demystify the marketplace, using real data from public sources and usage statistics from over 5,000 unique companies. What will you see? You’ll see DevOps in 2020 - where Continuous Updates will transform the way software is delivered in a nearly-limitless marketplace.

Heard about serverless computing and want to understand more about what «going serverless» will really mean for your company? In this talk, Sam Kroonenburg — Founder & CEO of A Cloud Guru (https://acloud.guru), shares his experiences building one of the world’s first completely serverless companies, starting in 2015 using AWS Lambda, API Gateway, Google Firebase & more. 3 years into the experience, he shares insights on both the opportunities & challenges presented by this new operating model — and explains why he thinks serverless development & architectures will be the new norm in the future. This is a pragmatic look at the reality of implementing serverless architectures & technologies in your business today, minus the hype. He’ll even tell you why it’s OK to build a serverless monolith & not be afraid of tech debt!

Major outages, incident calls, war rooms, whatever you want to label them, can be stressful and frustrating experiences. In this talk, I will use the lessons of the book «The Four Agreements» by don Miguel Ruiz, to illustrate an easy-to-remember modality for effective and humane incident response. Don Miguel Ruiz’s book, «The Four Agreements» presents a code of personal conduct based on ancient Toltec wisdom to help remove self-limiting structures and beliefs. Each of the Four Agreements can help us understand a more mature, effective, and humane approach to incident response in our organizations. In this talk, I will address how the Agreements can be expressed as a modality for Incident Response. Using the Agreements, it is easier to understand modern approaches to resolving incidents as effectively as possible, and even help reduce burnout as well!

Digital transformation requires transformational talent. As more organizations move forward with DevOps, the principle of «shifting left» is opening up opportunities for developers, operational staff, security and others to supplement their core competencies with a broad set of general skills so as to migrate from an I-shaped specialist to multi-dimensional T-shaped professional. T-shaped practitioners are in the highest demand in the talent market today. Skilling is a human endeavor that supports both personal and organizational goals. For most IT professionals, it’s easy to identify the depth of knowledge that forms the stem of the T (e.g., developer). However, grooming the right skills for the right role at the top of the T (e.g., testing) can be more challenging. How does an individual know which skills to groom in order to grow their careers? How does an organization know which skills to hire in order to gain competitive advantage and provide ongoing value to their customers? Are technical skills enough to cross the digital divide or are soft skills and best practice frameworks part of the skills recipe as well? In this session, Jayne Groll will explore emerging trends in DevOps skills modernization by presenting the benchmarks, and insights from the first Upskilling: 2019 Enterprise DevOps Skills Report. The fact based report was fielded by the DevOps Institute and is based on a detailed global DevOps open community survey as well as interviews with several enterprise, industry and hiring leaders. Eveline Oehrlich, former Forrester vice president and research analyst brought her data science skills to the project. In addition to presenting the survey results, Ms. Groll will help attendees understand the characteristics of the T-shaped model and provide guidance for getting started in building personal and organizational learning paths. Slides

Kubernetes isn’t always the best tool for the job. It’s actually very complex, even when dished up as a managed service like GKE on Google Cloud. It has a steep learning curve, and requires really clever people to make it secure. Then there’s service mesh layers like Istio, Linkerd, Envoy and more for teams to also wrap their heads around. On the other hand, PaaS services allow average developers like myself look really smart because it’s so much easier and quicker to spin up solutions in the cloud. In this presentation, I’ll tell the story of how we rather decided to use containers in App Engine (Flex) instead of GKE to build a Twitter pipeline to analyse tweets using PubSub and BigQuery in real-time. Once we get the mandatory slides out of the way, we’ll deep dive into a live demo, write some code, and spin up the entire pipeline on GCP using nothing but PaaS and serverless tools. Finally, we’ll build and deploy it using Cloud Build, GCP’s native CI/CD tool. High five!

To facilitate building products at New Relic, we on the Core Data Platform team provide a real-time distributed data platform at scale. We receive billions of data points a minute, which we need to process reliably and quickly. I’ll discuss lessons learned about designing, building and deploying software applications while carrying the pager. Modern software development involves having knowledge about how to build observability into your system, and how to collaborate effectively with other teams. My goal is to provide practical takeaways on how to build and maintain modern software more effectively.

In this presentation, Nathen will define DevOps, look at some of the research into what makes DevOps work, survey some of the many capabilities required, and encourage everyone to participate in future research on the subject.

Preventing a company from becoming the newest data breach statistic can be a daunting prospect. Especially working within a company that employs hundreds of engineers pushing code to production daily, it often feels like everything is on fire and the holy grail of producing a security inspired product is but a dim light growing further and further away. The same feeling is true for security aware engineers being pushed to develop products quickly but also expected to consider quality assurance, operations, security and the reliability of their application or service. To help reduce the bleeding and build more security aware applications at scale, a balance of firefighting, preventative initiatives, automation and «JIT» education is required. So strap yourself in while we take you on a journey through 4 years of security successes and epic failures: «JIT» Education — Changing a companies security culture with RFC’s for security standards, security integrated PIR via bug bounty program reports, visibility through security maturity frameworks (BSIMM). Automation — Implementing a secure-by-default build system (Buildkite) that makes detecting vulnerable dependencies (Snyk), storing secrets (AWS Secrets Manager) and scanning Docker containers, an effortless process. Prevention — Eradicate several classes of bugs by selecting secure architectural patterns and using automated scripts to detect operational misconfigurations like dangling DNS entries, open S3 buckets, secrets checked into source code and repositories that have been made accidentally public.

Devops is now officially 10 years old. What have we learned? Although prescriptive practices like Lean, Agile, SAFE and even DevOps may be necessary for IT acceleration they are in most cases are not sufficient for long-term systemic improvement. In other words, you can’t Lean, Agile, SAFE or Devops your way around institutionalized organizational habits. Therefore, the key to long-term improvement lies in an understanding where human capital interconnects with technology. The following is a list of the «Seven Deadly Diseases»: Invisible Work Management System Toil Tribal Knowledge Misalignment of Incentives Incongruent Organizational Design Misunderstanding Complexity Security and Compliance Theater These seven diseases of organizational behavior must be uncovered with absence of prescriptive practice through a process of organizational fact-finding. In this presentation, we will look at the «Seven Deadly Diseases» of IT organization work and show examples of how to uncover these diseases through a process of organizational forensics (i.e., fact-finding).

In Mid 2017 ANZ put in motion a path to digitally transform the organisation, dubbed «New ways of working». Moving to a squad/chapter/tribe model has had implications in the way we do our work. In this talk we look into how by embracing the organisational design and target operating model, we can put in place the technology platforms and architectures that can unlock the speed of a startup at the scale of an enterprise.

Kubernetes had become a de facto platform to deploy and scale containerized workloads. But are there any best practices that can be followed when you design the ways to deploy Kubernetes clusters? This session will go over examples of actual Kubernetes clusters deployments done by Rancher users and customers, from the edge case where relatively small multiple clusters are deployed in remote locations to the use case where one big cluster is shared between multiple tenants. It will cover challenges that are specific for a certain Kubernetes cloud architectures, and the ways to address them, as well as the common best practices that can be applied to an any cluster.

Continuous Delivery is now the holy grail of IT organizations, but most companies are still struggling with the transition into shorter release cycles and faster, more frequent deployments. A key challenge that companies are facing in that transition lies around test automation, and in this talk we will cover these challenges in details and demonstrate how successful companies are addressing it.

New digital business models are forcing IT to change; technology has reduced the barrier to entry for competitors in many markets and industries. Tech companies have done a tremendous job in the DevOps space promoting the importance of automation and tools. Unfortunately, sometimes that gives the false perception that tooling alone is the answer to achieving DevOps success. The fact is many organizations are looking to transform themselves, the way they manage IT, their IT professionals and teams. Thus, tasked with trying to bring change to the way they manage IT, will need to set up cross-functional teams, made up of developers, testers, and operations professionals. Sounds easy right? Nope, it’s complicated, and definitely not a walk in the park. Moving from a traditional IT (Waterfall) to a DevOps (Agile / Lean) way of working is dependent on empowering cross-functional, high-performance teams made up of multi-skilled individuals. The early IT innovators and adopters have excelled by consistently meeting or exceeding the new IT performance metrics (deployment frequency, lead time, failure rate and time to recovery). Many existing companies are faced the daunting choice of trying to hire new talent, invest in upskilling expertise, and deal with the cultural implications of a change in their organizations. Join me to hear about how the DASA Competence Model is helping 1000’s of IT professionals and hundreds of organizations get the skills and knowledge required for DevOps.

When you bring together the Operations and Development teams, it’s important to review the tools you use for software development and their role in your stack with a new perspective. In this short presentation, we will look at two open source projects that DevOps teams can leverage and bring new measurable value to their organisation. Most importantly, these tools work well with multiple Cloud platforms, Windows and Linux and on-premise in data centres. In DevOps, code is King and therefore when you are bringing security into the picture in a DevSecOps scenario, you need a common way to define your companies audit and compliance rules in a format that can be checked into Git and pushed through a Continuous Delivery Pipeline. We will demonstrate this on a range of platforms using InSpec and show how this can be achieved with working software and real world examples. Managing applications in DevOps environments with fast deployment cycles is always a challenge, let alone using the same technique for multiple technologies and older applications. We will take a look at an open source project called Habitat where you can Build, Deploy and Manage your applications with speed and efficiency in a range of environments such as cloud, docker, kubernetes etc. Whether you are new to DevOps and its practices or looking for improvements that your teams can leverage, this talk will give you some great ideas to take back to the office

This time ten years ago, a movement was starting to coalesce to better align developers and operators. Looking back in the rear view mirror, we can say pretty clearly that movement was on to something. DevOps has transformed how organisations use technology and organise people to deliver value to their customers faster and more safely. But the landscape is changing. New challenges are coming into view, and leaders need to start preparing themselves for what comes next. What’s got us here won’t get us there. In this talk we’ll look at what organisational psychology, product design, and anthropology have to say about what skills we need when navigating uncertainty.

It’s easier than ever to add artificial intelligence to your apps. As a developer with no machine learning expertise, you can leverage off-the-shelf APIs or with a little extra effort, you can customise and train models already developed by data scientists. We’re going to have some fun with this one and look at how you can build the SeeFood (Not Hotdog) app from HBO’s Silicon Valley. We’ll create an image classifier and setup a DevOps pipeline to automate the development, training and testing of this classifier that incorporates into our overall application release pipeline.