DevOps Solution Lead
location_on United States
Member since 2 years
Specialises In (based on submitted proposals)
Richard Mills has more than 25 years of experience in software engineering with a concentration on pragmatic software process and tools. Rich has a specific focus in Agile development methods and is passionate about DevOps, Continuous Integration, and Continuous Delivery. As the Solution Lead for DevOps at Coveros, Rich is dedicated to helping customers build software better, faster and more securely by coaching and mentoring in Agile development methodologies, automating software delivery (builds, tests, and deployment) and integrating strong security measures into development techniques. He has spent his career working in the areas of static and dynamic software analysis tools, configuration management, and continuous integration. Rich currently works as a Technical Manager with Coveros and has been with the company since 2010, spending most of his time engaged with customers. He is an alumnus of Bucknell University where he earned a BSEG in Computer Engineering.
DevSecOps: essential pipeline tooling to enable continuous securityRichard MillsDevOps Solution LeadCoveros, Inc.
schedule 1 month agoSold Out!
As we embrace DevOps to optimize our Agility, we start pushing working code toward production releases more frequently. Whether we are doing true "Continuous Deployment" straight to production or not, we no longer have time for slow, manual, late-lifecycle security assessments to determine if our code is going to put us on the front page of the newspaper (for the wrong reasons). What we need is a way to know that our code is secure enough to pass muster every day. What we need is continuous security.
The DevSecOps movement is about exactly that: shifting security assessment left and integrating it into the daily and sprint-ly cycles that DevOps has made popular. It means finding those touchpoints in our continuous integration/continuous delivery (CI/CD) pipeline where security tools can be inserted and run continuously against the software changes as they are made. It means using static code analysis, dynamic security testing, secure composition analysis of third party components, and platform vulnerability scanning to look at all aspects of security everyday. It means breaking builds and rejecting changes when developers introduce new security vulnerabilities.
In this talk, I present my successes and challenges with integrating security into DevOps pipelines to provide continuous assessment of security posture. I focus on my latest experiences building delivery pipelines for a containerized microservice-based project where we integrated a broad set of open source and commercial tools to gather and present security data. Specifically, I highlight:
- Touchpoints in your pipeline to asses security during build, deployment, and testing
- Tool categories needed with examples of open-source and commercial options
- Considerations to align tools with "security controls" for compliance
- Data gathering, reporting, and dashboarding to get an easy view of security status
- Team structures to encourage collaboration of security engineers with developers
This talk is perfect for people struggling with ways to integrate application security assessment into their Agile development process.
DevOps Patterns to Enable Success with MicroservicesRichard MillsDevOps Solution LeadCoveros, Inc.
schedule 2 months agoSold Out!
DevOps can help you dig out of the problem you created for yourself: you spent your lunch period reading the interwebs, drank the kool-aid, and decided to embrace the utopia of microservices to solve all your fragile legacy monolithic code issues and allow you to release small independent changes into production. What you didn't realize is that you've translated an early-lifecycle code architecture problem into a late-lifecycle release management and quality assessment nightmare.
This microservice thing has not provided the nirvana you expected. You ended up with:
- a set of federated services that have hidden dependencies
- independent applications maintained by teams that don't talk to each other
- inability figure out which versions work together in your test environments, much less production
- the need to test that your still-monolithic system works in pieces and as a whole
You discover that this looks suspiciously like a DevOps problem and your pipeline is critical to your success.
Someone once said to me "if you are building microservices without DevOps, you've already failed." I've learned that the integration problems created by independent microservices require a high level of automation with a pipeline that works independently of each service and can detect changes that break other services. The pipeline needs to facilitate communication between teams and assess which changes and versions work with each other.
In this talk, I highlight the important things you need to succeed with microservices and avoid some of the common problems. Participants will leave with some new ideas on what they might be doing wrong in their current microservice-based project and/or anticipate what's going to go wrong if they are just getting started.
DevOpsing Your Greenfield: Cultivating New GrowthRichard MillsDevOps Solution LeadCoveros, Inc.
schedule 1 year agoSold Out!
You have a golden gem of an activity. There's a brand new project and your project sponsor says "I want to do some DevOps on our new Agile project!" Sigh. You respond with "Well, how about this? Let's BE Agile and adopt a DevOps approach to structuring our teams, designing our architecture, and leveraging automation to rapidly deliver value to our customers." There. At least we've set the mood.
Regardless, greenfield projects provide a unique opportunity for us as DevOps professionals. You don't have the established baggage of a legacy project. The project is probably open to modern tools and architectures. The project is trying to set up team structure that will have the right skill sets.
The problem is: where you do you actually start with greenfield projects? When we introduce DevOps to an existing project (brownfield) we have a unique set of challenges and we can prioritize where to start based on our biggest problems. What do you do when you have a blank page? "Do everything!" Well, what actually makes up "everything" and where do we start?
Putting a solid DevOps solution in place involves some key things. You can follow the religion of the "Three Ways of DevOps" (fast delivery, fast feedback, constant learning) made popular by Gene Kim, but you still have to start somewhere. In this talk, I'll provide a pragmatic formula to setting up well-integrated teams, establishing a DevOps platform, organically growing an initial DevOps pipeline with continuous integration and continuous delivery, establishing some (useful) standards, and guiding the system architecture to support rapid build, deployment, and testing.
Accelerating Agile with CI/CD Success Patterns in the Real WorldRichard MillsDevOps Solution LeadCoveros, Inc.
schedule 2 years agoSold Out!
I've worked with many customers over the years introducing various aspects of continuous integration and continuous delivery (CI/CD) into their Agile development processes. Everyone starts from a different place, sees different benefits, and ultimately follows a different journey. In this session, I'll talk about my experiences with a few recent troubled clients who gained significant benefits around quality and delivery speed with some less-than-obvious improvements.
You don't have to be perfect to see some of the benefits of modern DevOps practices. The guiding principles are around software delivery pipeline design and DevOps engineering. The software delivery pipeline is critical to delivering working software in any Agile development process and, as such, even small improvements can have marked impact on your ability to deliver software to your customers. Furthermore, the DevOps delivery pipeline must be engineered for success -- just like the software we produce with it. It's important to provide incremental DevOps capability, treat everything as code, account for usability of your pipeline, and use automation to incorporate assurance activities are far left in the process as possible.
By applying some proven success patterns in CI/CD and DevOps engineering, I'll show how we were able to improve team involvement with the entire delivery process, reduce defects, and improve the team's ability to rapidly deploy and test changes.
No more submissions exist.
No more submissions exist.