Fostering the Third Way - Your DevOps Dojo

In the DevOps Handbook, Gene Kim introduces the Third Way - The Technical Practices of Continual Learning. Enter the DevOps Dojo - an immersive environment where whole teams come together to learn and practice their skills while solving real business problems.

Joel Tosi and Dion Stewart say teams learn better in the immersive eco-system of Dojos than they do using traditional forms of training. They explain why and how Dojos help teams bond around product, foster rapid experimentation, and reframe small failures as learning.

In this session, we will frame the need for dojos. From there we will walk attendees through the dojo format, including things they need to think about when creating their own. We wrap up with simple calls to actions for people to take to bring learning forward.

Come to this session not only to learn about what works in creating a Dojo but also how Dojos help upskill your teams and support the cultural DevOps change.

 
2 favorite thumb_down thumb_up 0 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist
 

Outline/Structure of the Talk

10 minutes - What / Why Dojo

20 minutes - How the Dojo works

5 minutes - Organizational impact of a dojo

5 minutes - starting your own dojo

Learning Outcome

Familiarity with what the dojo is and why it works

Ability to start your own dojo (pretty big reach)

Target Audience

Team members, coaches, leaders looking to start a devops movement

Prerequisites for Attendees

None

schedule Submitted 4 weeks ago

Public Feedback

comment Suggest improvements to the Speaker

  • Liked Max Saperstone
    keyboard_arrow_down

    Max Saperstone - Building Confidence In Your Automated Tests

    45 Mins
    Keynote
    Beginner

    The growth of automation testing in today’s software development organizations is changing the the way we test applications. Software development practices have matured over the last 30 years, to include all forms of testing to verify software quality. In the last ten years, there has been a huge spike in the adoption of automated tests, effectively replacing some of these manual testing practices, and supplementing many traditional testing activities. Many parts of the software development industry, however, are wary of replacing manual testing with automated testing. Not only is there often a lack of confidence in the automation tests, many see automated testing as fragile, unmaintainable, and ultimately, something delivering a low return on investment. Max believes that by employing mature software development techniques, we can achieve robust, maintainable, tests, that deliver confidence of the application under test. In addition to discussing how to structure automated tests that are cleaner, more maintainable and efficient, developer testing, and deployment techniques can be used to programmatically verify test correctness. Drawing on his experiences building test automation, test frameworks and advising organizations to adopt test automation, Max will walk us through how to mature your test automation practices.

  • Liked Max Saperstone
    keyboard_arrow_down

    Max Saperstone - Getting to Continuous Testing

    45 Mins
    Case Study
    Beginner

    Max will tell the story of how a healthcare company striving to get to continuous releases built up their automation to secure confidence in regular releases. Initially, as no test automation existed, Max was able to take a greenfield test automation opportunity, and in the span of 12 months, develop over 2000 test cases. A testing pipeline was created to verify the integrity of the automated test cases, and to build docker containers for simple execution of the tests. These containers could then be simply re-used by developers and the DevOps team to verify the application. Max will walk through the feedback loop created, which allowed verification of the application go from hours to minutes.

    Max will discuss what processes and paths were taken to achieve continuous testing on this project. While he will cover the tools used and why they were chosen, the main focus will be on the HOW and WHY certain patterns and activities were performed. These choices were critical to achieving continuous testing, rather than just good testing coverage in CI or CD, even allowing a push left for performance and security. Additionally, some time will be spent on the organizational and culture changes that occured, and how he was able to accomplish this push for adoption in an organization that resisted automation, and had major quality problems.

  • Liked Thomas Stiehm
    keyboard_arrow_down

    Thomas Stiehm - Continuous Build and other DevOps anti-patterns, and how to overcome them

    Thomas Stiehm
    Thomas Stiehm
    CTO
    Coveros, Inc.
    schedule 3 weeks ago
    Sold Out!
    45 Mins
    Talk
    Beginner

    Continuous Build is an anti-pattern that I have often seen where a team will have what they call Continuous Integration (CI) in place but it only builds the code, there are no tests or static analysis run. Certainly, this is better not building but it leaves a lot of health check information on the table that is considered part of CI. Without this information, you can never really gain the confidence that your build is healthy. The whole goal of CI is to feel that your build is healthy so not tests and analysis means you aren’t going CI.

    Just like CI, other DevOps practices can be hard to understand, implement, and get right. Even with the best of intentions, we make mistakes or misinterpret the implementation of a technique. Learn how to spot common DevOps anti-patterns and how to correct them. These patterns include

    1. Continuous Build - CI without tests isn’t CI
    2. Turn the unit tests off to build the release
    3. Don’t automate that, it is my job
    4. Different build process for developers and high environments
    5. Different deployment process for developers, test environments and/or production
    6. Not having a production-like environment to test in before production
    7. Saving performance testing for the end of the release
    8. Saving security testing for the end of the release
    9. Never asking the users about the software
    10. Only automating build and deployment, not testing
    11. Not having retrospective
    12. Restricting retrospectives to only the development part of the process
    13. Running analysis and never looking at or acting on the findings
    14. Reduce coverage or static analysis gates to get a build to pass

    We have all experienced a time where we wanted to believe we could make an anti-pattern work but it never does. It is better to learn how to spot these and how to correct them than it is to try to keep tweaking a broken process hoping this time it will be better.

  • Liked Thomas Stiehm
    keyboard_arrow_down

    Thomas Stiehm - Nobody Cares about Security and What DevSecOps is doing about it

    Thomas Stiehm
    Thomas Stiehm
    CTO
    Coveros, Inc.
    schedule 3 weeks ago
    Sold Out!
    45 Mins
    Talk
    Beginner

    Application security is the poster child for third-class citizens in the software development world (behind Quality Assurance). DevSecOps is trying to turn that around and get more people, teams, and companies to care about security as our online and real-world lives become more intertwined.

    Application security has a bad reputation with many people. It comes into the development process late and demands a lot. Who wants to deal with that? We have actual business value to get out the door. “Those things” won’t happen anyway. And when “those things” do happen, it will just become an exercise in finger-pointing and blame. Security is an ugly affair that no one wants a part of.

    DevSecOps is a movement within the DevOps and Security worlds to reverse this decades-long drama by getting the people creating and updating software to build security practices into their process from the beginning, even before the code is written. This allows security professionals to become the evangelist of security practices where they can help the teams adopt practices and teach them how to use the tools to resolve issues themselves. No longer dependent on the specialists the teams can address security findings as they are found and make the workload manageable by spreading it across their implementation cycles-- proactively, not reactively.

    Attendees will leave with an understanding of how to map security concepts onto a delivery pipeline, how to “sell” security concepts to stakeholders, and how automation makes it easier to gather security data and act upon it. Learn what is needed to get started with DevSecOps so that you can start creating secure software today.

  • Liked Thomas Stiehm
    keyboard_arrow_down

    Thomas Stiehm - Shifting Security Left - The Innovation of DevSecOps

    Thomas Stiehm
    Thomas Stiehm
    CTO
    Coveros, Inc.
    schedule 3 weeks ago
    Sold Out!
    45 Mins
    Talk
    Beginner

    DevSecOps uses application security practices that have been around for a while. The innovation of DevSecOps is incorporating security into the daily workflow of the team rather than leaving them to the end of a release like many legacy processes do. Shifting security left is made possible by the ability to automate many aspects of security testing and verification. DevSecOps leverages DevOps practices to make application security a first-class citizen in the practices of modern software product development. DevSecOps starts with a culture change mindset of cross-functional teams creating software through collaboration and fast feedback cycles.

    The security in DevSecOps starts before the code is written by using techniques like threat modeling and risk analysis to help figure out who might want to attack you and how they might do that. This often ignored security practice can be enabled by following the DevSecOps practices of having a cross-functional team involved in the process from the beginning, including security professionals.

    Next, DevSecOps maps application security practices into the build pipeline for a project in order to provide quick feedback about the security posture for any change made to the software. By using automation to allow the team to move quickly while maintaining confidence in the health of the code base, DevSecOps extends that health check to include application security checks. While automation can be used to make security data collection easier it is important to understand what security practices still require a human being.

    This talk focuses on how, when, and where practices should be incorporated into a build pipeline to get the most value out of your security practices through automation. It explores what manual security work still needs to be done by a person and how to maximize value while minimizing the effort of human beings.

  • Liked Joel Tosi
    keyboard_arrow_down

    Joel Tosi - Metrics that Matter - Moving from Easy to Impactful

    Joel Tosi
    Joel Tosi
    Dojo & Co
    schedule 4 weeks ago
    Sold Out!
    45 Mins
    Talk
    Intermediate

    Metrics are the bane of many organizations, getting fascinated on measurements that don’t matter or can drive improper behaviours. In this session, we walk through a simple grouping for metrics where the groupings not only call out the metrics, but their limits, and help guide to better metrics.

  • Liked Jonathan Kauffman
    keyboard_arrow_down

    Jonathan Kauffman - Document Generation for Regulated Industries

    Jonathan Kauffman
    Jonathan Kauffman
    Consultant
    Coveros, Inc.
    schedule 1 month ago
    Sold Out!
    45 Mins
    Talk
    Intermediate

    One of the lines in the Agile Manifesto is "Working software over comprehensive documentation". This doesn't mean that no documentation is produced, but instead that only documentation that brings value to the team and the customer should be created. What do you do when you are working in a regulated industry and you need to produce extensive documentation to prove that the system works correctly? I recently worked with a company that produces FDA Class II medical devices and wanted to reduce the overhead of creating the documentation required by regulatory bodies. Their test team was spending a large amount of time each sprint on producing these documents, which took time away from verifying the system. We solved this problem by automating the generation of one type of document. We designed our solution such that all of the information that went into the Word document was pulled from JIRA -- this allowed the team to work within JIRA on a day-to-day basis and to use it as a source of truth. We describe the problem of document generation, how we approached solving the problem, and future work that we would like to do in this area.

  • Liked Max Saperstone
    keyboard_arrow_down

    Max Saperstone - Managing BDD: Test Case Management for BDD Automation

    45 Mins
    Case Study
    Beginner

    Behavior-driven development (BDD) has been around for a while and is here to stay. However, the added abstraction levels pose a technical problem for writing and managing tests. While BDD does a great job of marrying the non-technical aspect of test writing to the technical flow of an application under test, keeping this information under source control becomes problematic. Frameworks such as JBehave, Cucumber, or Robot give subject matter experts that additional ability to write tests, but they are often restricted access from them; because people treat test cases as code, they get stored in source control repositories. Additionally, these given-when-then steps soon can grow to an extent where they are difficult to manage without an IDE, and nontechnical people lose interest. Using management tools, Max Saperstone shows how to manage these nontechnical steps and keep them in sync with the automaton in tools such as Git. He shows how to link tests to requirements, stories to development, and the traceability with continuous integration support. He also shares experiences of developing an open source product to help manage tests, with proven workflows at an enterprise level, for full team buy-in on both nontechnical and technical aspects of test case development.

  • Liked Joel Tosi
    keyboard_arrow_down

    Joel Tosi - Growing a Learning Organization

    Joel Tosi
    Joel Tosi
    Dojo & Co
    schedule 4 weeks ago
    Sold Out!
    45 Mins
    Talk
    Intermediate

    How do you grow a continuously learning organization? If certifications and wikis were enough, organizations would be crushing it. In this session we look at how we learn in complex domains - focusing on tacit vs explicit knowledge; context learning; and growing coaches and teachers.

  • Liked Robin Foster
    keyboard_arrow_down

    Robin Foster - Maximizing Agile Benefits Through Understanding Learning Styles

    Robin Foster
    Robin Foster
    Consultant
    Coveros
    schedule 1 month ago
    Sold Out!
    45 Mins
    Talk
    Beginner

    The Agile Manifesto says we value people and interactions over processes and tools. Yet when we talk about the agile methods, we usually end up talking about processes. Agilists use timeboxing as a forcing function to draw out resolutions and decisions. What if we just needed a better way to describe our needs and issues? What if we could actually be more effective with our communication? Join Robin Foster as he explores the relationships between learning, memory, communication, teaching, and the agile framework. Discover the cognitive science behind the process of learning new information, strategies for using different learning styles to grow your brain and its mastery of concepts, and how to map these strategies to phases in the agile cycle to benefit the team's cohesion and ability to self-organize. Agile is not meant to be rigid, so why should we be rigid in the way we share information with our team members?