10. What went wrong?
• DevOps is
– AFAD
– Only about tooling
– A Product
– Only about Dev and Ops
– Same for all orgs
– Only continues integration/deployment
– New organizational unit
22. Assessment – Developer
• Development methodology
– agile, waterfall, SAFe, EP, Lean, or cowboy coding
• Development environments
• Task assignment/management / completion
• Collaboration with other (internal/external) teams
33. Process
• Establish a process to enable people to succeed
using the platform to develop Rugged
application
• Such that;
• Constant communication and visible to all
• Ensures that tasks are testable and
repeatable
• Frees up human experts to do challenging,
creative work
• Allows tasks to be performed with minimal
effort or cost
• Creates confidence in task success, after past
repetitions
• Faster deployment , frequent quality release
34. Platform
• Where people use process to build
rugged software
• Automated environment creation and
provisioning
• Automated infrastructure testing
• Parity between Development, QA, Staging,
and Production environments
• Sharing and versioning of environmental
configurations
• Collaborative environment between all
stakeholders
36. Culture
Process and
Practices
System and Architecture
Automation
and
Measurement
Rugged DevOps on
Security Culture
• Developer and OpSec
collaborate
• Developers and OpSec
support releases beyond
deployment
• Dev and OpSec have access to
stakeholders who understand
business and mission goals
Security Automation /
Measurement
• Automate repetitive and error-
prone tasks (e.g., build, testing, and
deployment maintain consistent
environments)
• Static and dynamic security analysis
automation
• Performance dashboards
Security in Process and
Practices
• Secure Pipeline streamlining
• Continuous-delivery practices (e.g.,
continuous integration; test
automation; script-driven, automated
deployment; virtualized, self-service
environments)
Secure System and
Architecture
• Architected to support test
automation and continuous-
integration goals
• Applications that support changes
without release (e.g., late binding)
• Scalable, secure, reliable, etc.