Skip to main content

Posts

Showing posts with the label DevSecOps

Integrating ITSM and DevOps

As the pace of technological innovation increases and digital disruption becomes the norm, the need to adapt and accelerate IT service management (ITSM) processes is more critical than ever. It’s no longer a debate about whether ITSM and DevOps should interface; it’s time now for ITSM professionals to understand how the practices they use to co-create value can underpin (or undermine) the flow of work and pervasive use of automation in a DevOps environment. It’s easy to understand why ITSM professionals are skeptical about DevOps. ITSM performance metrics and service level agreements (SLAs) often revolve around the IT organization’s ability to mitigate risks, minimize impact, and “guarantee” availability. On the surface, these measures aren’t bad. It’s when we sacrifice speed, agility, and innovation in the process that the business starts to suffer. Even with the evolution to ITIL 4 , the what and why of ITSM haven’t changed. A customer-focused culture in which everyone understands

How to Move and SHIFT the CULTURE!

There are three core frameworks that can help us to shift the way we think, do work, and ultimately shape the behaviors and values that are the heartbeat of our organizations - CULTURE! Each of these models can be used to identify, analyze, and move an organization to new heights, new ways of collaborating and increasing speed and value for service consumers. Models for learning how to "Shift the Culture!” Erickson Model – Identifies the stages of psychosocial development  The Erickson Model helps as a starting point for “Where are we now?”. Westrum Model – Focus here is on the organizational types :  - Pathological  - Bureaucratic  - Generative  The Westrum Model helps providers get detail on the behaviors within their organization and teams.  Laloux’s Culture Model – Frederic Laloux’s model provides a clear picture of how culture may evolve in an organization. Laloux expands the concepts of the two previous models. The model comes f

ITIL® 4 vs. 'The Source'​

Part of ITIL 4 ’s value proposition is that it embraces newer ways of working, such as Agile, Lean and DevOps. I was recently asked whether there was a compelling argument for individuals to go to ITIL for information about these approaches, vs. going to ‘the source’. Here’s my answer and I’d love to hear yours. 3) What source? Yes. There is a massive amount of information available about these topics. There are many ‘definitive’ sources of knowledge. For lifelong learners such as myself, these sources are a joy. They can also be overwhelming and at times a challenge to apply. A search for information about Lean, for example, may take you down a manufacturing route which then requires translation. Looking to learn more about Agile? Which method? Scrum, SAFe, extreme programming … you get the point. 2) The source is evolving. As an example, DevOps practitioners often pride themselves in the fact that there is no definitive body of knowledge; rather, there is an evolving col

DevSecOps - Identity and Access Management

Testing starts with the first line of code!   It is NOT a downstream activity. DevOps testing has a critical role to play in a Continuous Delivery Pipeline. Without integrated testing DevOps simply will not work!   With the advent of DevOps and the movement to breakdown silos between developers, QA, security, and operations, it becomes critically important that all members of an IT team - regardless of what tools they use, or role they play - understand the essentials of testing. Every member of your development team should also integrate to ensure Compliance and Audit outcomes!   It is a new world.   In this new world we can leverage from existing but must be open to walking through new doors of opportunity. Understanding traditional test strategies is helpful but when and where, and most importantly how we proceed with our test strategy must shift.   Knowing how to code is not enough, Quality Assurance in and of itself is not enough.   We cannot afford to have our product

Why I am Excited to Attend the DevSecOps Engineering Class

The opportunity exists to reinvent security and to do this we must redefine the roles and practices of security engineering. Information is available faster than the speed of your connection and cybersecurity risk is everywhere!  Empowerment to change begins with getting level set on what DevSecOps (DSOE) really is and how to move fast to get there.  That is why I am excited to attend the  DevSecOps Engineering  class and to acquire the DevSecOps Engineer certification!  Digital Transformations are not only real, they are accelerating. IT systems and software literally drive the world and that makes every business a digital tech business. Along with that is a proliferation of apps, devices and opportunities. Those opportunities are not always honorable; hackers abound. DevSecOps is a mindset that “everyone is responsible for security” with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing

Skilling The Squad

Originally Published on the DevOps Institute Site One of the most interesting trends in DevOps adoption is the evolution of the IT silo into the cross-skilled squad. This is not just a semantical name change. Most IT teams today are comprised of like-skilled individuals such as a Scrum team of developers. The modern squad takes a slightly different approach, is more static than dynamic and is more product-focused than project based. Squads are built around T-shaped professionals –where each member has a specialty competency, but all members have a broad scope of skills across multiple disciplines. A high performing squad essentially has all of the skills needed for the product or feature to which it is assigned and is not generally constrained by the availability of an individual resource. There is enough breadth of knowledge inside and outside the squad to shift more activities to the left so as to allow them to move more quickly and with more agility. While the squad model ori

Security in a DevOps Environment

Integrating Development and Operation teams as well as other functions that have previously been silo’d is key to any development project for all service providers today.   We hear a lot about this in DevOps training and certification classes.   What about security?  You may have heard the term DevSecOps.  This idea and term was coined to ensure that architects and developers include into our requirements and code those things necessary for security. Design architects will also want to ensure that security is integrated throughout the value stream of development, deployment and operations and it is done in such a way so that the complexity is as transparent as possible to the functional teams involved.   How can we do this without impeding our flow of work?    How can we still be able to meet compliance for legislative, legal or regulatory requirements relating to security? This is where Automation comes in.  Collaboration and measurement are key values but automation is also