DevOps Chat: Recent Episodes
DevOps.com
DevOps.com for the best chats on DevOps, Cyber, Cloud Native & Digital Transformation.
DevOps Chats is brought you by MediaOps https://mediaops.io, the people behind DevOps.com, Security Boulevard, Container Journal, Digital Anarchist and more. Featuring CEO, editor in chief, Alan Shimel, talking with leading lights of the industry
In this episode of DevOps Chats, Alan speaks with Patrick Debois, the man who coined the term DevOps to talk about his new passion AI NativeDev. Beyond giving it a name, Patrick has always been one of the leading lights of the community. After 12+ years in DevOps thought, Patrick’s enthusiasm was starting to wane. AI has reignited that and his creative juices are flowing freely. He has joined in the new AI NativeDev community that is really catching fire. Here what they are about and what has Patrick so excited in this episode
After a brief podcast hiatus, Mitch and Alan discuss why it isn't a DevOps versus platform engineering debate. Rather, platform engineering helps scale DevOps, among PE's many, many benefits. They discuss the launch of platformengineering.com and its new podcast. They also delve into the debate about AI's impact on software development.
Mitch and Alan discuss what's required to take a holistic approach to software supply chain security and how DevOps has not only survived, but thrived as it's adapted over the years and helped for new XOps variations and platform engineering.
In this episode of DevOps Chats, Alan Shimel and Mitch Ashley discuss the rapid integration of AI co-pilots in software tools, emphasizing the need for a unified AI interface to streamline user experience. They explore the evolving concept of DevSecOps, advocating for a holistic approach that includes both software development and underlying toolchain security. The chat also teases upcoming research reports on DevOps trends and AI's role in the industry.
In this episode of DevOps Chats, Alan Schimel and Mitch Ashley discuss the rapid integration of AI co-pilots in software tools, emphasizing the need for a unified AI interface to streamline user experience. They explore the evolving concept of DevSecOps, advocating for a holistic approach that includes both software development and underlying toolchain security. The chat also teases upcoming research reports on DevOps trends and AI's role in the industry.
After being on the conference circuit for weeks, Alan and Mitch explore whether GPT-4o might show the way for new web and mobile experiences, the upheaval happening in open source and what happens when business models and financial interests force business licensing changes and move away from the spirit of open source.
Alan and Mitch discuss several AI and DevOps topics, including the debate of whether DevOps failed us or if platform engineering is ignoring history; Tabnine is a Microsoft copilot alternative to generate code; and does your Gen AI get mentally stuck on one path of thinking.Links Referenced in Podcast: https://devops.com/tabnine-extends-gen-ai-platform-for-writing-code-to-multiple-llmshttps://devops.com/your-ai-might-be-lying-to-you
Alan and Mitch discuss several AI and DevOps topics, including the debate of whether DevOps failed us or if platform engineering is ignoring history; Tabnine is a Microsoft copilot alternative to generate code ; and does your Gen AI get mentally stuck on one path of thinking.Reference Links: Tabnine:https://devops.com/tabnine-extends-gen-ai-platform-for-writing-code-to-multiple-llmsAI:https://devops.com/your-ai-might-be-lying-to-you
Alan and Mitch discuss whether platform engineering will be "the game changer" some predict will happen in 2024, the evolution of CI/CD frameworks (ArgoCD, Tekton), and Mitch's interview with Cole Kennedy, TestifySec CEO, about securing software from source to production.Links Referenced in Podcast:https://devops.com/platform-engineering-the-2024-game-changer-in-techhttps://devops.com/driving-the-devops-evolution-argocd-tekton-and-seamless-migrations https://techstrong.tv/videos/interviews/securing-source-to-production-with-testifysecs-cole-kennedy
Alan and Mitch debate whether AI can make "no shift" vs. shift left a viable future testing software in production, the "five great DevOps job opportunities" series on DevOps.com, TabNine generative AI testing platform now adds your code into the LLM to generate tests and whether DevOps should be open-ended or have an end goal.Links Referenced in Podcast:https://devops.com/forget-shift-left-why-no-shift-is-the-future-of-software-innovation/https://devops.com/five-great-devops-job-opportunities-77/https://devops.com/tabnine-extends-generative-ai-testing-platform-by-embracing-rag/https://devops.com/devops-whats-the-end-goal/
In this episode of DevOps Chats, Alan and Mitch dive deep into the heart of DevOps. After 12 years of DevOps evolution, we're asking the big question: How has our investment in DevOps paved the way for organizational success in the years to come? This segment promises a thought-provoking look at the achievements, challenges, and road ahead for DevOps enthusiasts. They discuss DevOps insights expected to be part of the upcoming Techstrong Research "DevOps Next" report. They also share Mitch's interview with Ben Potter, Head of Product at Coder, where he sheds light on the game-changing world of cloud development environments.Whether you're a DevOps veteran or new to the scene, this episode has insights and stories that will enrich your understanding and spark your imagination. Join us as we explore the cutting edge of DevOps and cloud development only on DevOps Chats.Links Referenced in Podcast: https://techstrong.tv/videos/interviews/cloud-dev-environments-coder-ben-potter
Mitch and Alan discuss Dagger's Solomon Hyke interview on modernizing DevOps pipelines the current realities of open source, the growth in software supply chain attacks and the value of doing smaller code reviews.Links Referenced in Podcast:https://devclass.com/2024/02/12/from-docker-to-dagger-solomon-hykes-on-modernisation-of-the-devops-pipeline/https://devops.com/the-practicalities-of-open-sourcinghttps://devops.com/survey-cyberattacks-aimed-at-software-supply-chains-are-pervasivehttps://devops.com/improve-efficiency-with-smaller-code-reviews
From Boston, Alan and Mitch discuss their views on the state of the DevOps industry while on the road in 2024. They discuss several topics from DevOps.com, including Does Using AI Assistants Lead to Lower Code Quality?" by Bill Doerrfeld, who asks if we see code quality drop from the use of AI-assisted and generated code, "How to Get Platform Engineering Just Right" by Benjamin Brial with his recommendations for bringing platform engineering into an organization and reorganizations and layoff announcements at companies like Dell. They wrap up with Alan's interview "Advancing Vision Intelligence Filters" with Kit Merker in his new CEO role at Plainsight.Links Referenced: https://devops.com/does-using-ai-assistants-lead-to-lower-code-qualityhttps://devops.com/how-to-get-platform-engineering-just-righthttps://techstrong.tv/videos/interviews/advancing-vision-intelligence-filters-plainsight-kit-merker
Description for Podcast page: Mitchell Ashley and Alan Shimel are once again hosting the Devops.com podcast. In this episode they discuss "the good news of DevOps". Gene Kim weighs in on why he changed the name of DOES. Also how Jenkins is still relevant if not dominant today and what we can expect to see there. Of course we had to discuss GenAI and DevOps, well because AI.Links Referenced in Podcast:https://devops.com/the-future-of-jenkins-in-2024/https://devops.com/jenkins-and-jenkinsx-in-2024/https://devops.com/using-llms-to-automate-pipeline-conversions-from-legacy-to-tekton/https://techstrong.tv/videos/interviews/wiring-the-winning-organization-with-gene-kim
Stacey English, Theta Lake Director of Market Intelligence, shares the results of a report showing the usage of modern communications tools and video communications tools like Microsoft Teams, Cisco WebEx and Zoom has accelerated at a breakneck speed in recent years, and it shows no sign of slowing down.
https://thetalake.com
John Worrall, ZeroNorth CEO, expands on the "why" of DevSecOps, focusing on the business benefit, gain and measurement of what we seek to accomplish through DevSecOps. John advocates we concentrate on the process and data enabling us to assess risk, prioritize the most beneficial security work. Learn more about ZeroNorth athttps://www.zeronorth.io.
Colby Dyess, Director of Cloud Product Management at Tufin, joins Mitch Ashley, CEO of Accelerated Strategies Group, to discuss security policy management across hybrid cloud, multi-cloud and cloud-native security. Colby shares experiences from working with customers during the rapid migration to the cloud in 2020.
Learn more about security policy management and hybrid clouds at Tufin (https://tufin.com)
Observability and Accessibility are two keys to successful app development and deployment. They are also square within the sweet spot for DevOps teams to consider as part of delivering better applications better and faster.
In this episode 7 of DevOps Unbound we are joined Sean Kelly of Trcentis, Paul Pinkney of Swisslog Healthcare and Paula Goyanes of LaunchDarkly to discuss accessibility and usability design in DevOps.
Home » Blogs » DevOps Unbound » DevOps Unbound: How to Lead a DevOps Transformation
DevOps Unbound: How to Lead a DevOps Transformation DevOps Unbound: How to Lead a DevOps Transformation BY ALAN SHIMEL ON NOVEMBER 27, 2020 1 COMMENT (EDIT)
Is C-level support required to have a successful digital transformation? In the sixth episode of DevOps Unbound streaming broadcast on TechStrong TV and DevOps.com’s sister site Digital Anarchist, Mitchell Ashley of ASG and Alan Shimel are joined by Eveline Oehrlich of the DevOps Institute, Louise McCarthy of Bain & Company and Mark Settle, author of “Truth from the Valley, A Practical Primer on IT Management for the Next Decade,” to discuss DevOps and digital transformation at the C level.
Mitchell Ashley of ASG and Alan Shimel are joined by Ming Gong of UST Global, Chris Rolls of TTC and Robina Laughlin of Guardian Life for a discussion on outsourcing DevOps.
Some say you really can't outsource DevOps, others say of course you can. Have a listen and decide for yourself
Mark Smalley of Smalley.IT, and Lead Editor with Axelos of the ITIL 4 High Velocity, IT joins ASG CEO Mitch Ashley to discuss his work creating this new contribution to ITIL 4. Mark shares the 5 value investments important for organizations seeking to operate at high velocity and some of the insights gained from himself and others covered in this ITIL 4 module.
Akshay Anand, ITSM product ambassador at AXELOS, and David Crouch, senior advisor at Beyond20, join ASG CEO Mitch Ashley to share best practices and learnings from introducing and adopting Agile and DevOps in large organizations. Akshay and David discuss overcoming change management challenges and obstacles to increase adoption.
Software teams are rapidly adopting microservices, containers and container management to promote innovation and boost digital transformation. With any newly adopted technology comes questions about data and overall security.
Accelerated Strategies Group conducted research into the security of data within containers, specifically, Kubernetes. ASG Analyst Charles Kolodgy, lead analyst on this research, joins ASG CEO Mitch Ashley and Zettaset CEO Tim Reilly dig into the results of this research and relate it to today's implementations using kubernetes.
This research was commissioned by Zettaset. The full analyst report is available at https://accelst.com/report-kubernetes-data-protection/.
ITIL is well established as the process, certification and information resource library for service management across many IT organizations globally. With the recent updates comprising to ITIL 4, influences from Agile and DevOps are helping ITIL to expand and adapt to changes in how create software and build operations into the delivery process.
Akshay Anand, Product Ambassador with AXELOS Global Best Practice, and Jon Stevens-Hall, Principal Product Manager at BMC Software, join Accelerated Strategies Group CEO Mitch Ashley to discuss the new innovations in ITIL 4. As major contributors to ITIL 4, Akshay and Jon share the approach they took with ITIL 4, incorporating ideas from the world of Agile and DevOps.
App Modernization and the state of mainframe DevOps was the topic of episode 4 of DevOps Unbound. Our panel included Rosalind Radcliffe of IBM, Sam Knutson of Compuware and BMC and Gerta Sheganaku of Tricentis, joining MItchell Ashley and Alan Shimel.
It was a lively conversation about real life scenarios that enterprises face everyday. Join us and be sure to follow DevOps Unbound at https://devopsunbound.com
DevOps has not only reached mainframe groups in the enterprise but also to large applications such as SAP. Organizations are moving away from waterfall methods and mega releases that take many months to deliver. What's needed are many more rapid release cycles and deployments that support the accelerating pace necessary to do business.
David Lees, CTO of Basis Technologies, joins MediaOps CEO Alan Shimel to explore how organizations implement DevOps into their SAP integration and deployment cycles. Having lived through this transition, David shares his unique perspectives on the necessity to break through bottlenecks and make changes in supply chains, finance and many other business processes needed to support the business.
The assumption that large, established enterprises — from insurance companies to government agencies— can’t adopt Agile processes or DevOps is based on the falsehood that legacy technology stacks won’t allow for it; that existing traditional mainframe applications or legacy applications that large enterprises are built on are incapable of adapting to these approaches.
Accelerated Strategies Group recently released the new research report 5 Crucial DevOps Strategies For Cloud and Mainframe 2020, sponsored by ASG Technologies. In this episode of DevOps Chats, Jeff Cherrington and Anna Murray with ASG Technologies joins Mitch Ashley (CEO, Accelerated Strategies Group) to explore how mainframe app teams embrace DevOps, processes and tools to equip software teams, so mainframe apps continue to provide businesses with vital systems and capabilities far into the future.
Download the report at https://library.devops.com/5-crucial-devops-strategies-for-cloud-and-mainframes
DevOps Unbound episode 3 is about open source and DevOps. We have a great cast of Tracy Miranda, ED of the Continuous Delivery Foundation, Alon Girmonsky, found of UP9 and Kevin Dunne of Tricentis.
DevOps Unbound is an every other week video series about topics related to all aspects of Devops. It is available at https://digitalanarchist.com
In this episode, Mitchell Ashley and Alan Shimel are joined by Caroline Wong, CSO at Cobalt.io (https://cobalt.io), Andrew Van Der Stock, executive director at OWASP, and Dr. Grigori Melnik, CPO at Tricentis, to discuss DevSecOps and AppSec.
This is the first episode of DevOps Unbound. A new video/audio series produced by us here at MediaOps, sponsored by Tricentis. Episodes will run every other week. Once a month there will be a roundtable open to the public as well. In this episode, two respected leaders in the testing space, Dr. Girgori Melnick and James Bach join us to look at the history of testing. How has it enabled DevOps and accelerated software deployment. We look at automation and continuous testing and more. Great discussion. The video edition of this is available on https://digitalanarchist.com
Accelerated Strategies Group has just delivered their State of Software Delivery Management Report, commissioned by CloudBees. In this DevOps Chat we speak with Mitchell Ashley, CEO, founder of ASG about the report and why it is important for everyone managing software delivery today
The whole Data/DataOps space is becoming very hot. For StorPool it is more of a case of the rest of the world catching up to what they have been doing for a while now. They are the leading distributed block storage provider globally.
In this DevOps chat we speak with Boyan Krosnov, founder product at StorPool. Boyan gives us the background on StorPool as well as a good look at the state of the distributed storage/data market.
strongDM wasn't founded to help with remote workers forced out of the office by COVID19. They have been around for 5 years now. But they do excel at allowing you to manage and audit remote access to all of your assets including DBs, servers and clusters (as well as apps and services) anywhere from anywhere.
In this DevOps Chat we speak with strongDM Justin McCarthy, CTO & Co-Founder about how the company's technology works and how it is helping companies move to remote access given current conditions.
Get more information at https://www.strongdm.com/
When the cloud first caught on there was a problem with Shadow IT. Developers spinning up instances in AWS without the IT team knowing they existed. Now with the ease of CI/DC automated deployments, the problem of Shadow Code has arisen. Code being added to apps that did not go through the entire team process.
In this DevOps Chat we speak with Elad Koren, VP of Product at Perimeter X about the Shadow Code issue and how his company can help.
DevOps World/Jenkins World has long established itself as a leading venue for DevOps practitioners to learn, share their knowledge, build a top-notch community. But what about leaders, people in leadership roles at companies who utilize DevOps as a vital part of there business and technology strategies?
Sam Fell, CloudBees Area Vice President Enterprise Markets, joins DevOps Chats to discuss the newly announced Software Delivery Leadership Forum. DevOps World 2020 is expanding its focus and content by bringing leaders together with content specifically tailored for business and technology leaders. Accelerated Strategies Group, where Mitch Ashley is CEO, is leading the programming of the DevOps World 2020 Software Delivery Leadership Forum.
The current situation with so many working from home has shined a spotlight on potential security issues with many of our collaboration solutions. Adeya, says they have the answer, offering Swiss, Simple collaboration on a military grade scale. I sat down with Francois Rodriguez of Adeya's exec team to discuss what makes Adeya both simple and secure, as well as what the offering is all about. This is more than video conferencing by the way. This is a well developed and tested collaboration suite that has been in use by the Swiss military and others for years. Have a listen and check out Adeya
With so many working from home (WFH), security is being tested perhaps like it never has before. The good folks at SpecOps have made their password auditor product free during this trying time.
We spoke with Darren James of SpecSoft about this release and some other tools they have released to help people through the rough spots. Darren had some good insights he shared and we discussed. Have a listen
Daniel "Spoons" Spoonhower made a bit of a name for himself while he was at Google, as did his two co-founders. They were there at the birth of the microservices wave that has swept through the software world. They left Google and started LightStep to help all developers build better, more scalable applications. With their new release they have pushed the bar higher. In this podcast here from Spoons as to what they are doing and where he sees things moving.
In this DevOps Chat we chat with Kirsten Newcomer,Senior Principal Product Manager, Red Hat. It is a great discussion on the state of DevSecOps and how the Red Hat Open Shift team is trying to make it easier for devs, DevOps and cyber folks to work together to create more secure applications.
Many companies are responding to the large number of people working from home as a result of the public health situation. Today Qualys rolled out a totally free 60 day version of their cloud-based security and compliance solution at no charge.
We spoke with Sumedh Thakar about the free release and how Qualys is helping enterprises with their remote workforce.
WhiteSource one of the leaders in the Software Composition Analysis space recently released their annual report on "The State of Open Source Security Vulnerabilities". It is chock full of good data and findings on what is the current state of open source security and how things are trending.
I had a chance to sit down with Rhys Arkins, Director, Product at WhiteSource to see what some of the highlights were. Rhys was happy to share and show us some of things you should be mindful of.
Gaining real insights, often unique insights can catapult companies ahead of the competition, but that's easier said than done. Splunk recently released its new report, "What Is Your Data Really Worth?" which produced some very compelling results.
Leading-edge data innovators use data to raise gross profits by 12.5%. 97% of this top tier meet or beat their customer retention targets. Mature organizations are almost 10 times more likely to draw more than 20% of their revenue from new, innovative products and services. A select group of companies, categorized as Data Innovators, achieved impressive and measurable results.
Andi Mann, Splunk Chief Technology Advocate, joins Mitch Ashley on DevOps Chats to share some of the key insights in the report and discuss how companies are utilizing their data to achieve higher revenue growth, improved customer experiences and gain cost savings. The full report is available to download at https://www.splunk.com/en_us/form/whats-your-data-really-worth.html.
Contrast Security has released the first "Route Intelligence" functionality in the latest version of their next generation security platform. https://www.contrastsecurity.com/contrast-news
In this DevOps Chat we speak with Contrast's CTO/co-founder, Jeff Williams, about what route intelligence is and why you should have a look at it.
Contrast continues to set the bar in DevSecOps, pushing beyond vulnerability scanning to enable more security software.
Datical has been a leader in the DevOps for databases since even before the term was used. What many may not realize was that the open source Liquibase project was a major contributor to Datical's success. So it should be no surprise then that in filling the open President's seat, they would tap an open source veteran.
Dion Cornett, has open source credibility from his time at Red Hat and MariaDB. In his new role he is responsible for marketing, sales and product. He is determined to see the same kind of success with open source business models he has been part of before, succeed at Datical.
In this discussion we hear from Dion on his plans and views.
SauceCon 2020 (https://saucecon.com/) by the good folks at Sauce Labs is just about a month and half away (April 27). As part of our lead up to the show and our coverage including live broadcasting on Digital Anarchist, we caught up with newly minted, Chief Product Officer, Matt Wyman.
Matt discusses how continuous testing, automation and DevOps has led to better testing. With that though we are more complex and sophisticated than ever in how, what and when we test. Can't we just keep it simple? Do we want to keep it simple? Have a listen to what Matt has to say, as well as why he is so excited about this coming event.
If you are interested in testing at all, do check out the great lineup for SauceCon and hope to see you there.
Sumo Logic has been one of the pioneers in DevSecOps and log analysis for many years now. In this DevOps Chat we speak with Founding VP of Product & Strategy, Bruno Kuric about the Sumo Continuous Intelligence Platform and how it is taking security into the next era. Have a listen as Bruno explains how Sumo is trying to meet the challenges of keeping up with the speed of business, today.
A new company announced their launch and Series A funding. Esper (https://esper.io)is building a platform for android device deployment and application management. Not just for Android phones either. The Esper founders are betting that Android will be the dominant form for embedded devices in both headless and IoT deployments.
The CEO/co-founder of Esper, Yadhu Gopalan knows a little something about this, as he was one of the key people behind Microsoft's Windows CE embedded program. Yadhu was also a leader of Amazon's Go Store program prior to Esper.
We had a chance to sit down with Yadhu and talk about what raising their $7.5m series A means for Esper and where they are going.
Rancher Labs is a great example of a start up that was smart enough to sense the way the market was moving and adopted a strategy to capitalize on it. But if you know Rancher co-founder, CEO Sheng Liang, you should not be surprised. Sheng has been seeing the market and staying one step ahead for a long time.
In this DevOps chat we sat down with Sheng and spoke about the recent momentum at Rancher. We also spoke a lot about Kubernetes becoming the industry standard for compute.
It is always a good learning experience speaking with Sheng and this conversation is no different. Have a listen.
Tufin Technologies announced Secure Cloud https://www.businesswire.com/news/home/20200211005174/en/Tufin-SecureCloud-Enables-Companies-Secure-Hybrid-Cloud. The product combines and builds on Tufin Orca and Tufin Iris to offer one product for comprehensive cloud security policy.
We had a chance to catch up with Tufin CTO and co-founder, Reuven Harrison to chat about this and the state of the market before the upcoming RSA Conference.
How do you know if your cyber team is up to snuff? Like any good team, they need training and practice to stay on top of their game. The concept of cyber ranges for red and blue teams has been in use for a few years now. Gov and military organizations have been some of the big leaders in this space.
Rangeforce comes out of Estonia where NATO teams used the idea of a cyber range to train up their teams.They are taking this concept to the commercial space and will be at RSAC this year.
I sat down with Gordon Lawson, President of Rangeforce to discuss the technology behind Rangeforce and the use cases. Have a listen and be sure to check them out at RSAC this year!
Ask any tech person what is involved in evaluating and purchasing tech tools and their eyes will often roll into their heads. While open source and free versions have made it easier to get the tools into people's hands, evaluating them to choose what is the best fit for your organization is still more art than science.
In this podcast we sit down with two security industry veterans to talk about what is the best strategy to evaluate and pick the right security products.
Les Correia and Migo Kedem are two industry veterans who have written the book on this. Have a listen
Brian Gracely has been helping to shape the Red Hat OpenShift product line for over 4 years. Brian is a key person in the product team there. In this podcast Brian gives us an update on the latest innovation at OpenShift. Much of what he is talking about will be visible or announced by KubeCon in Amsterdamn. So if you want to get an early look at the latest in Openshift, have a listen to what Brian has to see.
WhiteHat Security is one of the pioneers in AppSec. As such they were an early advocate for DevSecOps. They have been doing annual surveys of the security and developer space for several years. In this years survey the good news is that we are seeing real progress in DevSecOps adoption by developers and security teams. But all is not roses. Some of the same old issues are still there, including how long it takes us to fix vulnerabilities and security issues.
In this DevOps Chats we speak with Eric Sheridan, Chief Scientist of WhiteHat about the survey results and what they mean. Have a listen to find out Eric's take on the foundings.
Jenkins founder Kohsuke Kawaguchi (KK) and respected DevOps veteran, Harpreet Singh have launched a new company called Launchable https://launchableinc.com
Launchable aims to help you improve your delivery velocity by prioritizing and applying some ML and intelligence to testing. There is still much work to be done but with these two industry luminaries behind it, the expectations are high for something impactful.
The VC community and a blue chip list of investors are already on board.
Yes this means KK is no longer at CloudBees (several CloudBees execs are investors in Launchable)and Jenkins, while he is still an advisory. But with Jenkins now in the capable hands of the CDF and Linux Foundation and CloudBees well established, he felt this was a good time to pursue an issue he thinks needs to be solved.
Hear from KK and Harpreet themselves in this great podcast.
Walkme recently announced a funding round of 90 million dollars bringing their total raise to over $300 million. But according to Rephael Sweary, that is great but the real measure of Walkme's success is their annual reoccurring revenue being over a $100m (which it is) and whether or not that company is helping their customers.
In the case of Walkme, that are business's undergoing digital transformations and are looking to accelerate their digital platform adoption.
Walkme has been a tremendous success no matter what yardstick you use. Listen to Rephael to understand better his view of the world and what is important for the coming times ahead.
DevSecOps has become a real thing over the last few years. The big shift has been making security tools that developers can use. ShiftLeft has been one of the leaders in this movement, recognizing that security had to shift left (hence the name).
I had a chance to sit down right before the holidays with ShiftLeft CEO Manish Gupta about how the shift to developers using security tools is helping to make applications more secure.
Ken Rutsky is on a mission. In addition to being a master cybersecurity marketing ninja, Ken is also the founder of the Cybersecurity Go To Market Dojo. It is the hub of a community of cybersecurity marketers who seek to up their game and bring even more professionalism to cybersec marketing.
Frankly, cybersecurity marketers get a bad wrap. Many of them have great technical chops. Just because they have marketing in their title don't assume they are not technical.
Ken and the group are again putting on a great together on the Sunday of RSAC week. Also they will be doing a Cyber Marketer of the Year awards as well. Alan Shimel is one of the judges. You can find out more at https://www.gotomarketdojo.com/events/rsa2020-marketers-prefresher-happy-hour-the-marketer-of-the-year-awards
The Eclipse Foundation recently launched a new working group for Edge Native (https://edgenative.eclipse.org/). The mission is to deliver open source edge platforms now.
I had a chance to sit down with the guests highlighted below to discuss. Enjoy.
Mike Milinkovich, Executive Director, Eclipse Foundation
Mike serves as the executive editor for the Eclipse Foundation. An influential voice in the open source and Java communities, Mike has worked tirelessly over the last two decades to help establish the open source model for software development. Outside of work, Mike's passions are his family, the family cottage and hockey (as a coach, player and fan) in pretty much that order. When he's not working, or traveling for work, you will probably find him involved in one of those three things.
Kilton Hopkins, CEO and co-founder, Edgeworx
Kilton started programming computers when he was 8 years old. That was 1986. He started a software company a few years later. The world is very different than it was back then, but Kilton is still bringing new tech companies to life.
He currently serves as the Co-Founder and Chief Executive Officer of Edgeworx, which provides the world with an open-source universal edge computing platform called Eclipse ioFog.
Kilton lives in Berkeley, California. He received his MBA from The University of Chicago Booth School of Business in 2010. He likes to meditate, make music, and read about everything scientific.
Sometimes the best way to accomplish something is to choose a path requiring the least friction, or amount of change.
Qualys customers now have that path available to them in bring vulnerability scanning into Google Cloud Platform. Qualys' recent announcement means a one-click configuration change enables vulnerability scans in GCP with the results appearing in both Qualys Cloud Center and GCP Security Command Center.
Join me on this DevOps Chats to explore this announcement with Sumedh Thakar, Qualys President and Chief Product Officer. We discuss Qualys' and Google's collaboration and how this benefits DevOps teams.
The increasing breadth and complexity of the environments we manage are nothing short of breathtaking. Understanding the security risks and applying policies across the cloud, multi-cloud, private clouds, and a plethora of software technologies is a challenge faced by every enterprise.
vArmour recently announced version 5 of the vArmour Application Controller, which opens more significant access to vast amounts of information the Security Graph represents and organizes through its Security Graph and SDK. By streaming cloud, network, and agent information into the Security Graph, enterprises now have a centralized understanding of application relationships across their multi-cloud infrastructure, enabling centralized risk and policy management that is simple, accurate, and secure.
Marc Woolward, vArmour CTO and CISO, and I discuss establishing abd assessing policies becomes more manageable through expanded access to information about software infrastructure, systems, environments across the organization. I hope you'll join Marc and me in this fascinating conversation.
Application security is top of mind now more than ever. For more than a decade, Veracode examined increasing amounts of code as it passes through their source code vulnerability scanning service. During this period, automation is increasingly prevalent, making it easier to run scans more frequently and regularly. But has automation helped?. Is the software we create more secure? We gain key insights about this in Veracode's The State of Software Security Report X (10th edition).
Chris Eng, Chief Research Officer at Veracode, joins us on DevOps Chats. We talk about many insights uncovered in the latest report, such as 50% of applications are accruing security debt over time, the regularity of scanning correlates to vulnerability fix times, and that scanning frequency directly impacts security debt.
There is a wealth of information in the report, and you can get a jump on the key findings on this podcast episode with Chris. Download the full report at https://www.veracode.com/state-of-software-security-report.
Data Privacy is the new front in the compliance wars. For many organizations Data Privacy is a dreaded subject with a maze of governance and compliance issues. Osano wants to make it easy. Led by serial entrepreneur Arlo Gilbert, it is catching fire as enterprises learn that complying with Data Privacy laws is possible and even affordable. Have a listen as Arlo and Alan Shimel discuss this important topic.
Ci/CD has changed the way we do software. From architecting it, to coding it, storing it, testing it, deploying it. GitLab has been a leader in this revolution. I spoke with Darby Frey of GitLab's CI/CD team about this and what the future has in store. Have a listen and hope you enjoy!
While at times it seemed the adoption of DevSecOps was like pushing rope uphill, the market has embraced the premise that DevSecOps is real and is much needed in bringing a higher level of quality to software.
StackHawk is a new company out of Boulder, Co that is seeking to allow developers to better secure their code and increase quality. I spoke to two of the co-founders of the company, Ryan Severns and Scott Gerlach while I was out in Boulder recently.
Have a listen to what they see as the game changing solutions they want to bring to market.
In this episode of DevOps Chats we talk with Donald Lutz, Principal Software Architect, specializing in systems integration and creating large, scalable cloud applications. Occasionally DevOps Chats is fortunate to spotlight DevOps and cloud native developers doing trailblazing work in contemporary software architectures. Donald fits that bill to a "t.", as an entrepreneur and employee at startups like Faction, BoldTech Systems, and his own company Technetronic Solutions, and established companies including Via West.
Our discussion focuses on creating cloud native applications in startups and large enterprise IT. Donald's currently working with one of the world's largest financial institutions to move from legacy applications directly to cloud native apps, bypassing any interim lift-n-shift moves. His work spans many Microsoft technologies, including .NET Core, runtime framework Dapper for RDBMS mapping, Service Fabric, and Azure, and opensource Kubernetes, Terraform, and Puppet (and Enterprise).
During our discussion, we cover the challenges of architecting and scaling very large cloud native applications, implementing DevOps in less mature software organizations, how established software patterns benefit DevOps and cloud app developers, and the importance of giving back by hosting meetups to share knowledge and mentor others. Donald also gives back as an active leader and mentor of the FIRST Robotics Team 1410 since 2005. Join in on our conversation as we explore the complex and sophisticated inter-workings of a cloud native software architect.
Application performance company AppDynamics recently released its 2019 edition of the App Attention Index Report. The 2019 report is subtitled The Era of Digital Reflex. Whoa, that sounds heavy!! Joining me on this episode of DevOps Chats is Steve Long, AppDynamics Regional CTO, and Technology Strategy. Cisco acquired AppDynamics in 2017.
Digital connections are a near-constant. Interacting with our world through digital apps and transactions are omnipresent: making a restaurant reservation using OpenTable, making payments using an app or our smartphone digital wallet, and checking our smartphones to plan and move through our day. Thus the name of the report "The Era of Digital Reflex."
In addition to insights from the report, Steve and I talk about measuring the customer's experience, tieing performance back to the desired business outcoming, strategies for finding problems, and reducing the time it takes to fix problems. Join us on this compelling discussion about application performance, customer experience, and business outcomes.
Test automation and CI/CD are evolving very rapidly to achieve great speed and impactful results by DevOps teams and Agile organizations. Our DevOps Chat guest, Tricentis Chief Product Officer Wolfgang Platz, contributes his experiences to the state of the art with his newly released book Enterprise Continuous Testing.
Automating software testing just for the sake of automation, is "doing the mess for less." What is the business value of each software element you are testing, and what is the right strategy for testing these software implemented functions? Automation certainly brings with it speed, but are we ultimately making incremental improvements to testing which doesn't tap into the full power and benefits of automated software testing.
Our discussion with Wolfgang focuses on the need for expanding dev-testing with higher-level integration, system, and end-to-end user experience testing, which are often performed well by shared testing and operations teams. Now, think Shift Right. While Agile and dev teams often focus on the progression of creating new and exciting capabilities for the business and our customers, we still require that regression mindset that consistently validates unit tests, valuable business functionality, system integrity, performance, and operational needs.
Pulumi is bringing a new open source tool and approach for modern infrastructure as code. We spoke to Pulumi CEO, co-founder Joe Duffy about it and the SaaS version that they are bringing to market.
Pulumi is an up and coming player in this market and you should watch what they are doing going forward.
RSA Conference (#RSAC) besides being the worlds largest cybersecurity conference has also become the place to see the latest innovation in the world of cyber. The woman who drives the innovation programs at RSAC is Cecilia Marinier.
We spoke with Cecilia last year for RSA 2019. The program was great last year. 2020 promises to be even better. Listen to Cecilia give us the scoop on on what is in store for 2020.
You can find out more about RSAC https://www.rsaconference.com/rsac-programs/innovation-sandbox
Spinnaker Summit 2019 Preview: As you use an opensource tool like Spinnaker, the more you develop best practices and learnings. These are useful to share with others internal to the enterprise and other opensource users.
Jing Vergara, Principal Software Engineer at Salesforce, joins DevOps Chats to share a preview of her upcoming talk "Demystifying Spinnaker VM Image Baking and Deployment". Jing shares with us what to include and not to include (like secrets), when baking a VM image, how to avoid configuration drift, and how to deploy to multiple cloud providers using cloud init files. Jing also shares how to use opensource Packer templates with Ansible, Chef, and Docker, and how to build your own packer templates.
Jing Vergara's talk is on Sunday, Nov 17th at 10:45 AM PT. Spinnaker Summit 2019 is San Diego on November 15-17.
Robotic Process Automation (RPA) has garnered a great deal of attention as organizations pursue automation routine tasks through automation software. RPA automates tasks integrated into digital business process automation.
Wayne Ariola, Tricentis General Manager of RPA, joins DevOps Chats to discuss how Tricentis brings its strengths and heritage in software testing automation into the world of RPA. The expansion into RPA makes a lot of sense when you consider testing technologies that operate on UX domain and data models, avoiding the pitfalls of brittle screen scraping approaches.
Together, Wayne and I explore how business process automation using RPA intersects with DevOps tools, processes, and teams, and how RPA benefits from the experiences gained in the DevOps community. Join us on this episode of DevOps Chats as we explore Robotic Process Automation and DevOps.
Spinnaker Summit 2019 Preview: Debugging production issues in any environment can be challenging, and Spinnaker has its production learning curve. Problems aren't always replicable in a smaller environment, and DEBUG messages can be verbose and confusing to triage what's happening.
Our DevOps Chat guest Chuck Lane, Salesforce Lead Software Engineer, is giving a talk on "Debugging & Profiling Spinnaker Applications Live" at the Spinnaker Summit 2019. In Chuck's talk, you'll learn skills like remote JVM debugging, custom profiling builds, and the magic of figuring out what's going on with a multithreaded microservice using htop!
Chuck's talk is on Saturday, November 16, at 3;40 PM PT. Spinnaker Summit 2019 is November 15-19 in San Deigo.
Spinnaker Summit 2019 Preview: Canary deploys give us a window into how new code deploys perform in production on a limited basis. The technology holds great promise in helping us learn the positive or negative effects of deploys without putting the more extensive set of microservices, application functions, and beyond at risk.
How do you route traffic? How do you apply a virtual service manifest? Is there a quick way to perform a smoke test to find server errors? When comparing metrics from new code to old, how do you know which results are good or bad? There is a lot to know and learn how to deploy and use Canarys.
Our DevOps Chat guest Omar Al-Hayderi (Engineering Manager and Principal Engineer at Autodesk) is giving a talk on "Canary Deploys with Istio: Lessons Learned" at the Spinnaker Summit 2019. His talk is on Sunday, November 17, at 1:30 PM PT.
Spinnaker Summit 2019 is November 15-19 in San Deigo.
Spinnaker Summit 2019 Preview: Secrets Management is vital to any vibrant DevOps and GitOps toolchain. As part of its opensource maturation and thanks to the contribution of our DevOps Chat guest, Spinnaker now has a secure secrets management capability enabling GitOps, taking non-application secrets out of plaintext in Hal config files. (Always a good idea!)
Cameron Motevasselani, Software Engineer at Armory, is giving his talk "Spinnaker Plugins: Extending Spinnaker for the Enterprise" on Sunday, November 17, at 10:45 AM PT.
In addition to his contributions to Spinnaker's new secrets management facility, Cameron shares the work in progress to create an extensible Spinnaker plugin system. The current work is an early MVP to be followed by the implementation of PF4J and concrete extension points as part of Spinnaker stages.
Spinnaker Summit 2019 is November 15-19 in San Deigo.
Spinnaker Summit 2019 Preview: Most open source software isn’t one size fits all, and Spinnaker is no different. While it captures the most general use cases of software delivery, most organizations find that it lacks some features they need to automate their entire delivery pipeline such as integrations with internal tooling or compliance systems.
Out of the box (figuratively), Spinnaker provides Run Job and Webhook stages that teams can use to build custom integrations to help fill any void and enable adoption by a wide range of users.
Ethan Rogers, Staff Software Engineer with Armory, joins us on DevOps Chat to share a preview of his Spinnaker Summit 2019 talk on Spinnaker extensibility. Ethan shares how Run Job and Webhook stages are used to build custom stages to capture any number of use cases with no code and simple configuration. He also covers situations when it's necessary to write code.
Ethan's talk, “Making Spinnaker Your Own”, is Saturday, November 16, 3:45 PM, at Spinnaker Summit 2019 in San Diego. Separately, Ethan appears on the "State of the Kubernetes V2 Provider..." panel Friday, November 15, 2:30 PM.
Spinnaker Summit 2019 Preview: Never underestimate an entrepreneur looking to solve a real-world problem. Aerobotics is bringing drones, imagery, mapping, containers, Kubernetes, Spinnaker, data pipeline processing, and machine learning to agriculture. Sounds interesting, right?
Aerobotics uses aerial drones and sophisticated image processing to help growers manage yield, pest & disease in their farms through Artificial Intelligence.
Speaking at the upcoming Spinnaker Summit in San Diego, Aerobotics’ head of software Nick Coles, shares with us how his company evolved from making drones to map orchards into a software company using raw image data to create high resolution, georeferenced maps of orchards. Aerobotics technology is comprised of a map engine and tree engine. It's both a fascinating problem space and exciting application of cloud-native technologies, including Spinnaker.
This episode of DevOps Chats features a preview of Nick's talk; “The Future of Farming with Aerobotics”. Nick's talk is on Sunday, November 17 12:30 PM, at Spinnaker Summit 2019 in San Diego.
In the traditional datacenter world, security was (or is) very network-centric. Firewalls, IDS, Network Access Control, focus on the aggregation of all traffic traversing in, out, and across the network. Cloud-native applications rely upon different constructs and methods of building applications. It's not just the software and technology stack that requires different security in the cloud-native era.
We can't just surround cloud-native applications with security; we must build in security. And to do that requires you understand how container and microservices applications are made using DevOps. You must think about how DevOps works to build in security properly. Enter Lacework, a platform built for DevOps teams to build security into cloud-native applications.
Vikram Kapoor, Lacework Co-Founder and CTO, joins DevOps Chat to explore API-centric applications and infrastructure-as-code. We discuss how to build security into cloud-native applications through the DevOps-based software creation process, and not only rely on runtime security technologies. Vikram also discusses some of the planned uses for the recent $42m round of funding.
Spinnaker Summit 2019 Preview: Airbnb is rapidly moving from a monolith Ruby on Rails application to a distributed SOA/Kubernetes architecture in Kubernetes. The new architecture uses self-service codified pipelines and easy webhook integrations scale adoption and collaboration across the company. Even though continuous integration isn't new to Airbnb, every team now needs to be able to scale CI across 100's of containerized services in AWS EC2.
Software Engineer Brian Wolfe co-led the decision to move to Spinnaker and build in more automation. At one year into the project, Airbnb has 40 services in production with many more to follow.
This episode of DevOps Chats features a preview of Brian's talk; “Scaling a Migration to Continuous Delivery (Aribnb)”. Brian's talk is on Saturday, November 16 11:00 am, at Spinnaker Summit 2019 in San Diego.
The life of an acquired company can be an exciting one full of unexpected twists and turns, and that’s been true of Automic software. Scott Willson, a repeat podcast guest and long-standing member of the DevOps community, joins us again on DevOps Chat. He describes his acquisition journey as being akin to a “barracuda, eaten by a great white shark, eaten by a whale." Scott is Product Marketing Director - Release Automation at CA Technologies, a Broadcom company. (The new proper name of Automic + CA + Broadcom).
Scott shares what it’s like being a software DevOps company inside Broadcom, whose strong roots come from the chip manufacturing business. While software has its many differences from chips, of course, Scott shares how many of the DevOps principles and heritage from lean manufacturing made the transition easier. There are valuable lessons here for all of us.
Amid all the change, Automic shifted its products to the freemium model. Automic Continuous Delivery Director is now free to use for up to 10 active releases. We talk about the upcoming releases which also includes machine learning. Join us as we bob and weave through the acquisition story into the world of continuous automated delivery. And look for Scott at the DevOps Enterprise Summit the end of October.
We can’t seem to generate enough data. And as they say, you haven’t seen anything yet! Cloud-based managed services are a natural solution to ingest, store, and access large amounts of data from a variety of sources across private and cloud locations. An enterprise solution hosted in the cloud is good, but a developer-friendly, API -based solution, with non-enterprise usage-based pricing, reaches an even broader audience.
Enter InfluxDB Cloud 2.0. The name just about says it all. InfluxData VP Products Tim Hall joins DevOps Chats to discuss their new cloud-based time-series database offering.
InfluxDB Cloud 2.0 represents that shift to a cloud-based, developer-friendly offering with much greater accessibility. We discuss their use cases, the free and usage-based pricing, the new FLUX language for querying, analytics, and data processing, common APIs, and that TICK stack. TICK stands for Telegraf, InfluxDB, Choronograf, and Kapacitor. It is a feature-rich conversation, so join us.
Also, check out InfluxData's October 16th webinar; Optimizing Time Series Performance in the Real World. https://webinars.devops.com/optimizing-time-series-performance-in-the-real-world
Spinnaker Summit 2019 Preview: Software Engineer Rainie Li played an essential role in implementing Spinnaker as part of Pinterest's CI/CD pipeline. The results moved Pinterest from two scheduled deployments per day to continuous deployments, greater than 15 during business hours.
This episode of DevOps Chats features a preview of Rainie's talk; “How we introduced CI/CD for Pinterest’s largest monolith services (API and Web) to improve developer velocity, quality & reliability (Pinterest)”. Topics including how Spinnaker was selected, important metrics, Pinterest's future CI/CD platform Hermez, Canary analysis, and lessons learned from the journey are shared.
Rainie's talk is on Sunday, November 17th, 1:30 pm PT, at Spinnaker Summit 2019 in San Diego. Joining Rainie on the talk is Jasmine Qin, Software Engineer with Pinterest. https://www.spinnakersummit.com
At the speed of DevOps, automated testing is essential for QA to maintain pace with that of software creation. Automated testing is ripe for innovation too. How do we know we are performing the most relevant tests, that new functions in the software aren’t being missed or overlooked, or that highly dynamic applications aren’t outpacing static test cases and logic?
Functionize aims to bring innovation to achieve autonomous testing, making testing, the creation, and maintenance of tests more efficient. Founder and CEO Tamas Cser joins us on this episode of DevOps Chat to share several innovations his company brings to DevOps teams.
Join us as we discuss how writing test cases in English help capture intent and result in less brittle tests over time, and about the ability to reach into Functionize during run time and programmatically change object models and internals. Learn how AI improves visual detection of web pages and changes in web page behavior. And how AI can root out test cases that may no longer be valid as software functionality changes.
Dr Mik Kersten always brings a fresh perspective on what is happening in the world of DevOps and value stream management. He is beyond bright, but explains things in a way that everyone can understand.
I had a chance to catch up with Mik and find out what was the latest with Tasktop. Have a listen to this great interview
On a project to move one of Google’s Fortune 500 customers to Google Cloud, Google Kubernetes Engine (GKE), and Spinnaker open source, our DevOps Chat guest ran into the message “hang tight". No scripts or documentation. Not to be delayed, Miles Matthias, Google Cloud Consultant with Container Heroes, filled the gap and contributed his work back to the Spinnaker community.
This episode of DevOps Chats features a preview of Mile’s talk, “Monitoring Spinnaker with Prometheus Operator on GKE” he is is giving on Saturday, November 16th, 3:45 pm PT, at Spinnaker Summit 2019. Miles also talks quite a bit about Canary testing in this episode.
ZeroNorth has from its founding been focused on bringing a DevSecOps solution to market that was unique and effective. They have brought on industry veteran, John Worrall as the CEO to join Chairman and Founder, Ernest DiGiambattista and the rest of the team to help organizations with DevSecOps. They have also recently raised $10m in funding to help the cause.
In this DevOps Chat we sit down with Ernest and John and talk about the new course that ZeroNorth is charting
Many organizations want to implement the latest DevOps/SRE practices, but many struggle with transforming the existing processes over to new streamlined processes. How does an organization transform from 0 automated deploys to 100s/1000s a month? Most importantly, how do you show the value of Spinnaker to your business as a whole?
November’s Spinnaker Summit 2019 in San Diego allows us an opportunity to hear and learn from DevOps engineers, developers, and partitioners using Spinnaker open source software. Joel Vasallo, Manager, Cloud DevOps at Redbox, shares with us a preview of his talk where he shares his experience about using Spinnaker open source to increase the number of deploys into production. Joel found Spinnaker so useful because it is very extensible, covers AWS well, strong support for Kubernetes, different deployment types, and has the automation to create the software delivery platform that fits the need.
Joel's talk, Transforming Software Delivery using Spinnaker, is on November 17, 12:30 pm PT at Spinnaker Summit 2019 in San Diego.
After Akamai acquired his company, Haseeb Budhani decided to take on his next challenge and start Rafay. Rafay, focuses on the complexity and repetitive aspects of deploying and managing Kubernetes applications. Rafay addresses complexity by providing application abstraction, cluster blueprinting, and enterprise-ready integration, making Rafay a great candidate for multi-region, multi-cloud, hybrid, and edge/MEC adoption.
Join us on this episode of DevOps Chats where Haseeb shares some of the experiences and challenges that led him to found Rafay, and how to accelerate your path to Kubernetes and multi-cloud applications.
There are many interviews you do as part of the role as editor in chief of DevOps.com. Then there are some that make it all worthwhile. Anytime I have the pleasure of speaking with Dr Nicole Forsgren, it makes all of the other things I do worthwhile. She has a clarity of vision borne from the foundation of verifiable metrics she has measured and surveyed over the last six years.
Just about every DevOps presentation you will see has some reference to her Accelerate: State of DevOps Report. And for good reason. It has become the "authority" on DevOps metrics.
We sat down with Nicole to go over what she thinks are some of the key findings in this years report. Have a listen and enjoy.
As application functions get smaller, are containerized, become microservices, combine into service meshes, a new set of challenges crop up. What functions does each service perform? What state constitutes services in trouble? What are the dependencies between services across a complex service mesh? How can we instrument observability, tracing, between the service interactions?
Constance Caramanolis, Software Engineer at Omnition, joined us on DevOps Chats, recorded just before Splunk's acquisition announcement. After working a Microsoft, Constance joined Lyft, in part to work with Envoy, open source created by Lyft that brings upstream and downstream tracing across a service mesh. Constance recently joined Omnition, while still in stealth, to help "flip tracing on its head."
It's genuinely a fascination conversation and gives us a window into the challenges and solutions to managing a service mesh at scale. Listeners should also check out our DevOps Chats episode talking about the Splunk's acquisition of Omnition with Rick Fitz, SVP and GM of Splunk's IT Markets Group. https://devops.com/devops-chat-splunk-moves-into-microservices-with-omnition-buy/
With claims of Internet traffic encryption levels at 95% and cloud communications up to 100%, it's increasingly difficult to see malicious activities happening on our networks. Encryption is a good thing, of course, until it hides nefarious network traffic and payloads. Then we want to know about it, be able to diagnose it, and take appropriate action. Encryption can be a double-edged sword.
Steve Perkins, CMO of Nubeva, joins us on DevOps Chats to talk about Nubeva's solution for out-of-band decryption of next-generation TLS communications. It makes sense that cybersecurity teams desire this new level of visibility, and DevOps teams working with APIs and cloud encrypted communications also want the option of taking an "outside-in" view for troubleshooting, addressing compound performance problems, etc.
We explore with Steve the benefits and use cases for Nubeva, how it works, and how Nubeva provides this level of visibility while maintaining the integrity and security of TLS communications. Join us as we explore new and unprecedented levels of access to encrypted communications.
So much happening on shifting security left, but what about shift right? Jeff Williams, CTO of Contrast Security gives us a great update on the state of DevSecOps, shift left, shift right and appsec, as well as DataOps.
Jeff is one of the sharpest people in the cyberworld, so this is worth your time to hear what he is thinking.
More than ever, application security is a top priority. Beyond secure coding practices, a holistic app security strategy addresses the full application and infrastructure stack. This includes containers, microservices, orchestration, infrastructure software, and the cloud. Bolting on the next security tool may not be the answer.
Kamal Shah, StackRox CEO, joins us on this episode of DevOps Chats, diving into the need for a systemic security approach across the lifecycle of cloud-native, even "Kubenative", applications. We explore how Kubernetes and cloud-native apps bring access to rich configuration information, usage visibility, runtime context, inherent security controls, and compliance. It's a fascinating conversation that will open up new paths to secure Kubernetes and cloud-native applications.
Cockroach Labs the folks behind CockroachDB recently announced another round of funding as they continue their mission to allow you to scale your data without complexity.
We spoke with CEO Spencer Kimball about their plans and how Cockroach Labs shall inherit the DB world
Stateless application architecture is the current de facto approach, right? Not necessarily. Stateful applications communicating over TCP sockets can and are successfully built even in today’s age of cloud-native applications.
Our guest on this episode of DevOps Chat is Chris McCord, creator of the Phoenix open source software, and architectural engineer at DockYard. Chris came up as a developer using PHP, Java, and Ruby. When he learned that WhatsApp was built using Elixir, running on the Erlang VMs, Chris was intrigued. What’s needed is a developer-friendly web framework for creating web and mobile applications.
Chris started the development of the Phoenix Framework in 2011 and saw adoption pick up in 2014/15. Fast forward to today, Chris is an integral part of a vibrant community of developers using Phoenix to create web-oriented, mobile, embedded, and real-time applications that can support large transaction server volumes with less code.
Join us as we talk with Chris McCord about Phoenix, why he created the opensource project which today expands into Phoenix LiveView, and the PhoenixFrenzy developer challenge (winners to be select in early-to-mid October.)You can find more information about Phoenix and the PhoenixFrenzy at the following links:
- Phoenix Phrenzy: https://dockyard.com/press/releases/2019/07/22/dockyard-to-launch-phoenix-phrenzy-contest
- Chris' presentation at ElixirConf: https://dockyard.com/blog/2019/09/06/whats-new-and-next-for-phoenix-liveview
As the velocity of software creation, testing, and deployment increase rapidly, security at the app level is gaining ever more scrutiny. Code vulnerability scanners, automated security test tools, test libraries for containers are just a few of the security testing approaches broadly in use. Many of these approaches fall under a DAST (dynamic application security testing) or SAST (static application security testing.)
As velocity increases, so does that amount of code we're creating, placing even great importance on testing, test automation, and application security testing.
Creator of Seeker IAST (Interactive Application Security Testing), Ofer Maor, Director of Solutions Management at Synopsys, joins DevOps Chat. We talk about the value of IAST, maximizing testing automation, integration of testing technologies into the workflow, security testing built into containers, application security testing orchestration, and more.
Value Stream Management (VSM) is a term we hear with higher frequency. DevOps, Agile, Lean, and contemporary application development are very dynamic. These rapid, dynamic approaches can make the software development process opaque to the broader organization. It’s early in this part of the market, but it’s born out the need for quantifying the business value coming from our investments in software development.
Steve Boone, Head of Product Management at HCL UrbanCode, joins us on this episode of DevOps Chat to talk about the state of this emerging market. Steve shares valuable insights about how organizations are working together, where DevOps and Agile are making a measurable difference, and what management can do to provide teams with tools to manage their VSM.
Data and database technologies are experiencing disruption. The volume of data collected is exploding, creating new potential for disruptive services and new companies. Data is distributed across locations in the cloud and the data center. Also, cloud technologies bring a plethora of database types, distribution options, analytics capabilities, and AI/ML processing. Any company not leveraging data to the benefit of its customers and business are just asking to be the next victim of disruption.
Nikita Shamgunov, memSQL Co-CEO / Co-Founder, joins DevOps Chat to discuss how these disruptive factors changed how containerized and cloud-native applications approach data collection and storage. Speed, high volume data collection, distributed design, and scale are all challenges Nikita sees as vital for cloud-native applications of today and the future.
Red Hat Linux is a staple of most enterprise IT organization's software diets. Developers and IT leaders all over the world took notice when IBM acquired Red Hat. Will IBM Red Hat change? Will Red Hat continue to operate as it does today or will it be subsumed and disappear into some IBM business unit? Will IBM Red Hat still contribute to projects and tools like Kubernetes, JBoss, Fuse, OpenJDK, Eclipse IDE, and many others (https://redhatofficial.github.io/#!/main)? All are important questions.
Brad Micklea, Lead of the Developer Program and Tools at IBM, joins DevOps Chat to talk about the future of Red Hat as part of IBM. Brad sends a strong message that Red Hat will remain focused on the developer community and tools for Linux, Kubernetes, Java, DevOps, and others.
Join us as we talk with Brad about the future of Red Hat, DevOps, and open source developer tools.
Swiftly after announcing their acquisition of SignalFx, Splunk vaults into microservices tracing by announcing its intention to acquire Omnition. Tech companies are rapidly making acquisitions to strengthen their position in the DevOps and contemporary cloud-native software stack.
Rick Fitz, SVP and GM of Splunk's IT Markets Group, joins DevOps Chat to share with us the drivers behind Splunk's move into microservices and service mesh tracing. Information about Omnition is in short supply as Omnition's been in stealth, racing to develop a product to address the observability needs of DevOps teams. Omnition has received some notice through its contributions to OpenCensus open source, now being merged into OpenTracing.
In addition to this episode of DevOps Chat, check out Mike Vizard's article about the Omnition announcement at https://devops.com/splunk-adds-omnition-to-devops-portfolio/.
The software development tool needs of a 2-3 person team can be much different than those of a large enterprise. CI/CD is a common approach nearly all software teams establish. But what needs of a larger software organization to you adopt early on and which simply adds more complexity than benefit?
Rob Zuber, CTO of CircleCI, began tackling this problem in the mobile space and then moved to CircleCI to help create what is now a well established SaaS-based CI/CD offering to software teams of all sizes. Join us on this episode of DevOps Chat and take away some valuable CI/CD lessons for your organization.
Doing anything at enterprise scale call brings with it a whole new set of requirements. With potentially thousands of requirements across hundreds of applications and releases, it can be a daunting challenge to pull together all the DevOps activities across a large enterprise. This has given rise to the new term Value Stream Management (VSM.)
Like Salesforce for managing the sales pipeline, Value Stream Management is about IT seeing across all its initiatives, teams and projects. Are high-value requirements making it into production systems? Is DevOps making the expected impact at enterprise scale? Are VSM tools well integrated into the DevOps toolchain or are teams slowed by extra or unnecessary work. You must keep a handle on it all but we don't want the medicine to be worse than the disease.
In this episode of DevOps Chat, we explore VSM with our guest Bob Davis, CMO at Plutora. Plutora tackles the VSM challenge at some of the largest banks, financial institutions, telecom and mobile carriers, insurance, hotels, and Internet technology companies.
As any CIO knows, a data management architecture is essential to caring for one of the organization's most valuable assets: data. Data management sounds simple but it's not. Backup and recovery, disaster recovery, data retention, governance, e-discovery... all are parts of any effective data protection strategy.
As businesses move and grow their presence in the cloud, the same capabilities apply in this very dynamic and elastic environment.
Recently, Druva received another investment round of $130m led by Viking Global. Mike Palmer, Druva Chief Product Officer, joins us on this episode of DevOps Chat where we talk about Druva's planned use of those funds, and Druva's approach to providing a SaaS-based data protection platform.
Network technology has undergone its own transformation in parallel with cloud infrastructure, how we create software, and the adoption of DevOps. SDN, NFV, virtual network appliances, and an ever-expanding suite of APIs making network and security technologies much more accessible to developers.
Network engineers' worlds are rapidly changing too. From highly skilled to associate-level, all network engineers are faced with building up a new and necessary skill: software development. Learning software dev can be a daunting, even intimidating proposition even for someone already skilled in the network engineer domain.
So, how do we lift up the community of network engineers and help them build their development chops? How can software and DevOps engineers easily get access to all the programmatic interfaces that configure, manage and control the network?
These questions and more we explore with Susie Wee, Founder, Senior Vice President, and CTO of Cisco DevNet. DevNet is an online resource full of information for app developers, infrastructure developers, and network and DevOps engineers. On DevNet you'll find training (Python, API, and more), sandboxes for experimentation, code exchanges (including GitHub), CI/CD, and new Cisco certifications for software. Check out DevNet at https://developer.cisco.com.
It's easy to forget not everyone started their move to the cloud eight or even ten years ago. Early adopters have a wealth of experiences that can benefit newcomers and experienced teams alike.
A preview to August 14th's webinar "Top 5 AWS Security Mistakes and How to Stop Them Before You Lose Data", DisruptOps CEO Mike Rothman joins us on DevOps Chat. In this episode, we reflect on learnings and knowledge Mike and co-founder Rich Mogul incorporated into their product DisruptOps Guardrails.
Be sure to register for the Aug. 14th webinar at https://webinars.devops.com/top-5-aws-security-mistakes-and-how-to-stop-them-before-you-lose-data.
In a world where our apps are stitched together from a various building blocks, why wouldn't we do the same with Kubernetes? Operators make this possible.
We spoke with Rob Szumski of IBM RedHat OpenShift team about the groundbreaking work he and the OpenShift team have been doing with bringing an entire library/repo of Operators for Kubernetes that will make it easier and faster to deploy and use Kubernetes.
Low code/no code is the wave and now you can ride it with Kubernetes too. Have a listen.
The tribe at Armory (https://armory.io) announced their $28m series B funding, led by Insight Partners. Armory enables continuous software delivery at enterprise scale, powered by Spinnaker.
That is a crisp mission statement, but beyond that Armory is bringing the open source Spinnaker to the enterprise market. As such they are also helping the entire Spinnaker community and as part of this the entire CD market. They are members of the CD Foundation, part of the Linux Foundation as well.
I had a chance to catch up with their founder/CEO, DROdio and VP of marketing, Carl Landers to talk about Spinnaker, CD and the state of software delivery.
BTW, if you are interested in learning more about Spinnaker and will be in San Diego for CloudNative.com/KubeCon, the Spinnaker Summit is the weekend before. The Armory folks have been nice enough to arrange a 20% discount if you would like to go: https://www.eventbrite.com/e/spinnaker-summit-2019-tickets-57895274324?discount=ARMORYAUGUST20 The code for discount is ARMORYAUGUST20.
Also you can join the Spinnaker slack channel at: http://join.Spinnaker.io i
Martin McKeay, a cybersecurity veteran, joins us to review Akamai's latest State of The Internet report (SOTI). This SOTI edition, dubbed Financial Services Attack Economy, highlights the vast array of cyber attacks targeted at the financial systems ecosystem over the past 18 months.
Martin highlight from the report includes readily available lists of compromised user IDs and passwords, stuffing attacks, low cost or free All-In-One (AIO) attack tools, and the characteristics of phishing attacks against enterprises versus financial institutions. And more.
Join us on this episode of DevOps Chat with Martin McKeay, Editorial Director, Akamai. The full report is available at www.akamai.com/soti/
Michael Coates is on a mission, a journey, an unassailable quest.
You don't come away from senior security leadership roles at Twitter and Mozilla without some real-world lessons of how to improve cybersecurity. Those lessons inspired our guest Michael Coates, former Twitter CISO, to co-found his new startup Altitude Networks.
While we don't yet know all the details about Altitude Networks, we know Michael is addressing the protection of data when using cloud collaboration software like Google Drive, Box, Dropbox, Office 365 and other online collaboration services.
Michael shares with us the lessons he learned from security roles at Twitter and Mozilla is applying at Altitude Networks. Security products need to be designed to solve problems and alleviate work, not make work. And security needs to enable end-users to get their work done and not interrupt them with confusing popups, options, and decisions most end users won't understand.
Join us on this episode of DevOps Chat to get the latest on Michael Coates and his new company Altitude Networks. You can sign up for Michael's new newsletter at https://hubs.ly/H0jvMBN0 .
Agile, DevOps, multiple cloud providers, serverless, contemporary cloud native apps, shadow IT using a credit card…it can be daunting for any IT organization to be responsive to the internal customer needs. It’s even tougher to be proactive and get ahead of the curve. Enter Cloud Management Platforms (CMP).
On this episode of DevOps Chat, we talk with Bernard Sanders (no, not the presidential candidate), CTO of CloudBolt. Our conversation explores how IT can use a CMP to provide the IT and self-service capabilities so DevOps and Agile teams won’t feel the pain and slowdown of IT past. Learn more about CloudBolt’s products at www.cloudbolt.io.
Should we secure containers? How do we secure containers? How do we secure serverless computing architectured apps? With code repositories growing rapidly with each container we create, our guest John Kinsella, VP of Engineering - Container Security at Qualys, has some sage advice for securing containers.
Containers are not intended to isolate code from security vulnerabilities, containers are designed for packaging and use. Which of my containers have a vulnerable version of OpenSSL installed in them? Integrating vulnerability scanning into the CI/CD process gives developers information to catch vulnerabilities in open source code before it hits production.
Join us on this episode of DevOps Chat as we dive into the container security insights John Kinsella of Qualys has to offer.
RSAC 2019 APJ in Singapore is coming up and we’re lucky enough to preview a talk by Derek Manky titled "Flash War: Tapering an Accelerating Attack Chain."
The speed at which networks are attacked, compromised and then intruders spread laterally is increasing rapidly. Add swarm technologies with AI machine learning and automation and the future holds a world where attacks that take days, hours or minutes today could laterally happen in fractions of a second tomorrow. House of Mirror defenses (yes, the network security equivalent of Bruce Lee’s Enter The Dragon mirror room) and other deceptions techniques step up to the challenge of tapering this accelerating attack chain.
On this episode of DevOps Chats, Derek Manky, Chief of Security Insights at Fortinet previews his RSAC 2019 APJ Preview talk, Flash War: Tapering an Accelerating Attack Chain, scheduled at 1:15pm on July18th in Singapore. Join us on this podcast and at Derek’s RSA talk.
RSA Asia Pacific & Japan Conference 2019 in Singapore promises exciting and engaging sessions. A likely popular and possibly controversial talk will be “The Future of AppSec is Cloud Native.”
Co-Presented by Jimmy Mesta (CEO and co-founder Ksoc and CTO at Manicode Security) and Jim Manico (Founder and trainer at Manicode Security), this talk makes the bold assertion that how we build cloud native applications will establish the new benchmark for application security.
On this episode of DevOps Chats, Jimmy and Jim preview their RSA APJ 2019 talk, set out the case for why cloud native is the future for AppSec, and entice all of us to come learn more at their session on July 18 at 4:30pm. We hope to see everyone at their talk at RSA APJ 2019.
Our podcast guest believes the world changed “on a Tuesday" six months ago when the enterprise move to the cloud became imperative, not just an aspirational goal. That eureka moment was enough to pull Steve Mullaney off the sidelines and back into the game as CEO of Aviatrix after successful executive gigs at Palo Alto Networks and Nicira.
Go-build might be a wonderful approach for cloud-native apps, but enterprises want the framework laid out ahead of their move to the cloud. Think enterprise cloud IT reference architecture, much like Cisco provided for enterprise IP networks, DEC mainstreamed for client-server, and IBM established for mainframe computing. You have to “bring the cloud to them.” That enterprise cloud reference architecture is what Aviatrix targets, in the same buy-with-a-credit-card model that fueled customers’ unfettered move to AWS.
On our DevOps Chat podcast episode, Steve Mullaney, CEO of Aviatrix, talks about what enterprises want in a true enterprise multi-cloud backbone to support their needs. Additional information about Aviatrix offerings is available at www.aviatrix.com.
Secure software depends on people finding vulnerabilities and deploying fixes before they are exploited in the wild. This has lead to a world of security researchers and bug bounties directed at finding new vulnerabilities.
As dedicated as security researchers are, there is a vast ocean of software in existence, waiting for someone to find and exploit the next security vulnerability for profit or nefarious uses. With autonomous vehicles on the horizon, is there an autonomous solution to finding and fixing software vulnerabilities?
Enter DARPA Cyber Grand Challenge winner “Mayhem”, created by a team of researchers from Carnegie Mellon University who spun out security startup ForAllSecure. And they have a BHAG (Big Hairy Audacious Goal). "Our vision is to check the world’s software for exploitable bugs so they can be fixed before attackers use them to hack computers”. Mayhem has moved on from capture the flag contests to observing and finding vulnerabilities in DoD software and is working its way to corporate systems.
In this episode of DevOps Chats we talk with David Brumley, ForAllSecure co-founder and CEO, and CMU professor about the technology behind Mayhem, how it observes software as it executes, and injects changes to effect and observe new and potentially exploitable behaviors. More information about Mayhem is also available at www.forallsecure.com.
Wouldn’t it be helpful to know if other cloud users are seeing the same or similar attacks that you are? Security intelligence about cloud applications beyond just those you own and operate as an enterprise opens up a new dimension in attack visibility against an even large sets of cloud apps.
Sumo Logic announced its extending their machine analytics and intelligence platform to include AWS Guard Duty during AWS re:Inforce 2019. Dubbed Global Intelligence Service for Amazon GuardDuty, the new service is more than just a data aggregation and reporting play. The new service provides additional context around GuardDuty data by reporting attack information across multiple Sumo Logic customers using AWS GuardDuty. Essentially a “crowdsourcing” approach to reporting threat intelligence across the cloud.
In this episode of DevOps Chat, David Andrejewski, Senior Engineering Manager at Sumo Logic, joins us to talk about this new, more expansive threat intelligence service. More information about Global Intelligence Service for Amazon GuardDuty is available in the press release and website at https://www.sumologic.com/application/aws-guardduty/ .
Making sure our applications are secure during runtime is of course important but how do we shift left so security is built into containerized, serverless applications?
Lacework announced the addition of build-time security capabilities which complement their existing run-time offering for cloud, container and hybrid environments.
This “shift left” will provide security and compliance visibility across the enterprise’s infrastructure footprint, from development to runtime, and for cloud, container, bare metal, and hybrid environments.
On this DevOps Chats episode, we talk with Lacework CEO Dan Hubbard about some of the challenges in moving security earlier in the DevOps process, and the benefits of examining security and vulnerabilities in both dev and runtime environments. More information about the announcement is available at http://www.lacework.com.
Introducing chaotic, unpredictable test software into your methodical testing regime is a good idea, right? Yes, it's a branch of testing called Chaos Engineering, or Chaos Testing. Netflix's Chaos Monkey famously introduced many of us to the idea that resilient systems, networks and software become more resilient and less brittle if we use chaotic testing methods to find their weak points before customers do.
An innovative engineer at xMatters launched a new open source chaos testing tool named after H.P. Lovecraft's nightmarish character Cthulhu. Cthulhu is designed to test across multiple cloud providers, initially supporting Google Cloud with plans to support Amazon Web Services. It's open source, free to use, looking for more contributors, and is available on GitBub.
We are joined on this DevOps Chats by Tobias Dunn-Krahn, CTO, and Gabrielle Gasse, lead engineer on the Cthulhu open source project, both at xMatters.
As more and more of the components that make up the applications we use are open source, the need to secure these open source components increases. Of course Equifax is the poster child for this issue.
Checkmarx, one of the leaders i application security scanning has had an open source scanning module for sometime. They have now updated that with a new homegrown engine that greatly improves the ability for their scanner to detect open source vulnerabilities in your applications. https://www.checkmarx.com/press-releases/checkmarx-makes-sca-market-waves-with-enhanced-open-source-security-offering
In this DevOps Chat we speak with Matthew Rose of Checkmarx about what this means for you.
Agility, DevOps and Digital Transformation are racing into the mainstream. You know that’s the case when enterprise technology suppliers shift and adapt their strategies from infrastructure software to platforms for application delivery. That’s certainly been the case with SUSE, a company we’ve know for a long time going back to its Linux distribution origins.
Adoption of contemporary software technologies such as Kubernetes containers presents another investment decision. Do you download, build, maintain and support your installation of Kubernetes or do pre-integrated and supported solutions enable you to speed up building and delivering applications. A control versus speed argument.
On our DevOps Chat podcast we explore these paths; when its preferable organizations build from open source resources, when to utilize a Containers as a Service offering, or when an application delivery platform with support from a trusted supplier is best. Joining me in the discussion is Jennifer Kotzen, Senior Product Marketing Manager at SUSE. You can find out more about SUSE's offerings at https://www.suse.com.
SignalFx just announced a $75m dollar round of financing, bringing their total raise to date to $179m. This is an impressive war chest that allows SignalFx to continue it mission of bringing next generation Cloud Monitoring to large enterprises.
In this DevOps Chat we sat down with SignalFx CEO and co-founder, Karthik Rau to discuss what were the big trends he and the team bet on early in SignalFx's development which have allowed them to capitalize on the opportunity in the cloud monitoring market. Karthik also gives us his vision for where the market is heading and what SignalFx is going to use these funds for to stay at the forefront. Congrats to Karthik and the SignalFx team.
DevOps and Agile are all about making software cycles short and dynamic, empowering development teams to rapidly iterate, leveraging tools with fewer burdens and reliance on outside organizations. It's the dev + ops combination that is so powerful.
But what about security, specifically the identity of physical and virtual devices, containers and micro services? Digital certificates are a key asset in managing device identity but traditional tools and processes may not fit the speed and dynamic nature of today's cloud native software.
Our guest on DevOps Chats is Sandra Chrust, Senior Product Marketing Manager at Venafi. Sandra shares with us lessons learned to more easily manage device identities in DevOps and Agile environments, leveraging tools that provide self service portals, APIs and SDKs for automation. No more support tickets!
Dynatrace is a company that really reinvented itself as it saw the world it played in changing over the last few years. They moved from tracing and APM to what they call Software Intelligence and Smart Monitoring.
In this DevOps Chat we sat
Mark Schwartz is one of the rare individuals who is not only a great IT exec but can also analyze what works and doesn't work and write it up in a way that helps others. His "A Seat at the Table" is still one of my favorite DevOps books.
Mark's new book is called War, Peace & IT. You can download an excerpt of it here: https://dl.orangedox.com/WarPeaceITExcerpt
We speak with Mark about the book and some of the lessons behind it. Have a listen and check out the book ASAP
Machine data comprises a vast array of data sources including logs, messages, events, telemetry data, and application and domain-specific relevant data.
Aggregating all of these types of data, from sources across the enterprise and devices connected to our networks, brings opportunities to create intelligent analytics and new insights for use by the business, service delivery, security, devops and IT operations.
In this Devops Chat we talk with Colin Britton, Chief Strategy Office at Devo, exploring how organizations are combining machine data with analytical and visualization tools to elevate the value IT brings to the business. You may recall Devo CEO Walter Scott joined us on a previous Devops Chat. Its a fascinating topic so have a listen and check out Devo at devo.com
Adopting devops means changes from how you build software to organizational processes and cultural behaviors. Large enterprises have even greater challenges to overcome including supporting a large number of applications and addressing technical debt while also taking on new development initiatives like digital transformation.
What can we learn from experienced devops practitioners?
In this DevOps Chat we spoke with Mark Levy, Director of Strategy, Software Delivery at Micro Focus, covering seven keys to successful devops implementations at large enterprises. You can find out more about the company at www.MicroFocus.com
Lumigo finds itself in the middle of one of the biggest waves in infrastructure deployment today, serverless. This is no accident, the company was started about a year ago with the mission of providing a serverless intelligence platform.
The founders are ex-Checkpoint folks who saw the need for a best practices based platform to help deploy serverless payloads (apps) across different public cloud providers including AWS Lamdba, Azure and Google Cloud.
In this DevOps Chat we spoke with Aviad Mor, CTO, co-founder of Lumigo about the company and the serverless market. You can find out more albout the company at https://lumigo.io
In this day in age to stay at one company for 19 years is remarkable. In the tech sector it is almost unheard of. But Rajalakshmi "Raji" Srinivasan has been with Zoho for that long. She is a terrific advocate for the company.
Most recently she has worked with the Site24X7 (http://site24x7.com)team. We had a great chat about AIOps, DevOps and life. I think you will enjoy it.
Capsule8 is focused on protecting Linux infrastructure whether in the cloud, in containers or even bare metal. The team is make up of industry veterans who understand the problems security pros face, as well as the frustrations of developers, devops and sys admins deal with every day. Their approach is more of a shift right DevSecOps, focusing on detecting attacks, threats and vulnerabilities on production infrastructure.
I spoke with co-founder & chief architect, Pete Markowsky in this DevOps chat. Have a listen and hopefully learn
If you have massive amounts of data Devo wants to help. The company was founded in Madrid and specializes in the handling and processing of massive amounts of data.
In this DevOps chat we spoke with Devo CEO Walter Scott to talk about the use cases for Devo in a data crazy world. Walter is a seasoned CEO in the tech sector. He knows a problem when he sees it and he thinks Devo is the answer. Have a listen to why and check out Devo at https://devo.com
The year 2019 is shaping up as a "coming home" year for Chef. After recently reaffirming its commitment to an open source strategy, they are gearing up for the best ChefConf yet. ChefConf is coming home to Seattle for 2019 and many of the Chef favorites including Adam Jacobs, John Willis and more will be speaking.
I had a chance to catch up with Nell Shamrell-Harrington, Principal Software Development Engineer and Community Engineering Lead at Chef. Nell gave us a great preview of the whole event, as well as her own presentation and what her most anticipated sessions and activities are.
You can still register for ChefConf, as well as get more information at: https://chefconf.chef.io/
Flashpoint is a business risk intelligence provider who has been protecting government and private sector assets for a long time. In fact to paraphrase Jack Nicholson in A Few Good Men, "we have been sleeping under the blanket of their security" for a while now.
I had a chance to catch up with co-founder and CEO Josh Lefkowitz and discuss Flashpoint's offerings. They recently upgraded their dashboards to give users more info tailored to their specific verticals and greater insight into risk intelligence. Have a listen
The Open Policy Agent (OPA) was accepted for incubation by the Cloud Native Computing Foundation ( https://www.cncf.io/blog/2019/04/02/toc-votes-to-move-opa-into-cncf-incubator/). In this chat we spoke with one of the founders of the project Torin Sandall about OPA and why the CNCF is the right place for OPA. We also discuss the company he works for Styra, that works with OPA.
Accelerate - The State of DevOps Report by Dr. Nicole Forsgren and the folks at Dora (now part of Google)is far and away the most widely cited research in the DevOps field. Dr Nicole and her team have brought scientific rigor to the survey over these past 6 years and the results show it.
Here is your chance to shape the future of the DevOps market by taking 25 minutes of your time and take this years State of DevOps Survey. These reports are only as good as the info they gather.
So have a listen to our conversation and then please go take the survey! https://bit.ly/2UzLMH2
In this DevOps Chat we met with Jonathan Fries, VP of Engineering and Digital Transformation at Exadel. Jonathan tells us about the new Innovation Lab by Exadel as a place for organizations to accelerate their transformation. We also talk about the state of IT in general from his perch at Exadel, a company with 20 years of empowering IT.
You can find out more about the Innovation Lab at https://exadel.com/innovation-lab/.
At the recent Cloud Foundry Summit, IBM Cloud made several significant announcements enhancing the service from IBM and enriching the Cloud Foundry platform.
In this DevOps Chat we caught up with Jason McGee, IBM Fellow, VP and CTO of IBM cloud to get all of the details.
As the move to Cloud Native accelerates we are seeing the rise of the cloud first architect and his impact on DevSecOps, cloud security and more. In this DevOps Chat we sat down with Chris Hines of ZScaler to explore the importance of this position and how security is working with Dev and DevOps to make us all more secure.
Aqua Security one of the leaders in container and cloud native security announced they have raised $62m in a "C" round of investment, led by Insight Partners. We spoke with Rani Osnat and Andy Feit of Aqua about how this validates the cloud native security field that Aqua has helped develop.
This interview is also available in a video format on http://digitalanarchist.io and https://devops.com
In front of next month's ChefConf in Seattle (https://chefconf.chef.io/), Chef has announced a major refinement to its business model. Affirming and clarifying its commitment to open source business models, Chef will now and in the future release all of its software as open source. Speaking with Corey Scobie, SVP of products and engineering, he explains that Chef will be adding services, training and support to the open source software, as well as packaging all of this together. For the full story be sure to listen to the podcast and check out the video version of this interview along with accompanying slides on https://devops.com
Taking the lessons they learned heading Apples offensive security team the Sqreen founding team is moving Application Security Management (ASM) into the mainstream. They just announced a $14m series A investment led by blue chip VC firm Greylock Partners. In this DevOps Chat we speak with CEO and co-founder, Pierre Betouin about how Sqreen is filling a need in the AppSec market between WAFs, DAST, STAST, etc. that is vital to locking down our applications. For more info check out https://sqreen.com
In this DevOps Chat we speak with Keshav Vasudevan, product manager for performance testing at SmartBear. Keshav talks about the move to "end to end DevOps", the importance of shifting left with testing and the latest state of the art in Performance and load testing with SmartBear.
Asaf Cidon is the VP of Email Security at Barracuda. In this DevOps Chat we sat down with Asaf and spoke about what some of the new threats and up and coming attack vectors in email security are.
Asaf is in a unique position at Barracuda to be on the front lines of the battle for email security. You can find out more about what Asaf and Barracuda are doing around email security at http://barracuda.com and their blog where Asaf frequently writes about new email security threats
WhiteSource has become a force in the security of open source components in your applications. One would think that it would follow that securing these open source components inside of a container would flow from this. But with containers, all is not always as it seems.
Containers require a approach that is unique to containers. So the folks at White Source went to the lab and have engineered a solution that is container native and container specific.
In this DevOps chat we speak with VP of Product David Habusha about White Source for Containers.
Simon Crosby has made a career of technology on the edge. From leading the charge with the Xen hypervisor to microVMs with Bromium and much more in between, Crosby has led some of the most innovative technology developers in the industry. He is now the CTO of SWIM.ai which is literally brining computing to the edge (almost an anti-cloud. This approach promises some revolutionary capabilities. If Simon is involved there is a good chance it will succeed as well. Have a listen to what Simon is all about now and check our more at https://www.swim.ai/
F5 Networks has acquired NGINX the leading open source web server player. The move clearly puts F5 in the DevOps space, as well as the open source market. In this DevOps Chat we speak with Lori MacVittie of F5 along with Sidney Rabsatt of NGINX. Some great insights into why this acquisition makes sense for both parties.
Yesterday saw the announcement of the CD Foundation, a new foundation under the auspices of the Linux Foundation. It will provide the home base for a vendor-neutral Continuous Delivery Foundation (CDF) committed to making it easier to build and reuse DevOps pipelines across multiple continuous integration/continuous delivery (CI/CD) platforms. The first projects to be hosted under the auspices of CDF includes Jenkins, the open source CI/CD system, and Jenkins X, an open source CI/CD solution on Kubernetes. Both were developed by CloudBees. Netflix and Google, meanwhile, are contributing Spinnaker, an open source multi-cloud CD solution, and Google is also adding Tekton, an open source project and specification for creating CI/CD components. Founding members of the CDF include Alauda, Alibaba, Anchore, Armory, Autodesk, Capital One, CircleCI, CloudBees, DeployHub, GitLab, Google, Huawei, JFrog, Netflix, Puppet, Red Hat, SAP and Snyk. In this chat we speak with KK, founder of Jenkins and CTO of Cloudbees and Tracy Miranda, Open Source Community Director for Cloudbees. They give us the insight behind the foundation and what the future may be for Jenkins, JenkinsX and Cloudbees
There are really only two repositories of any scale for software components today. The Nexus repo managed by Sonatype and the Artifactory artifact repo managed by JFrog. Up until now they were separate and apart, working with one was independent of another.
In a big move towards keeping DevOps open, the Sonatype people have released a plugin that will allow their Nexus Firewall to work with Artifactory as well as Nexus.
This means that users of both repos can now use the Nexus firewall to make sure that components or artifacts they download are in compliance with the policies they have set up. They can make sure there are no known vulnerabilities to the version you are downloading to use. This is really a big deal and kudos to Sonatype.
In this DevOps Chat we speak with Wayne Jackson, CEO of Sonatype and Brian Fox, CTO and co-founder of Sonatype about what this means for the DevOps community.
I have known of Jeff Williams in the security industry for more than several years. He is a well respected thought leader in AppSec and OWASP. I finally got a chance to catch up with Jeff and talk with him about Contrast Security the company he co-founded and how it is helping.
In this DevOps Chat we speak with Cyara CEO and co-founder, Alok Kulkarni about how DevOps is helping in the customer experience arena. Cyara has carved out a leadership role in bringing DevOps to CX. Alok is a delight to speak with and very wired into this space.
The big news in DevOps today was the acquisition of Shippable by JFrog. This adds a CI/CD solution to the JFrog Enterprise + platform and further expands JFrog's end to end DevOps offering beyond Artifactory and more.
In this DevOps chat we speak with Shippable CEO Avi Cavale, JFrog CEO Shlomi Ben Haim and JFrog VP of marketing , Ayally Goldschmidt about what was behind this acquisition and what are the plans going forward.
Agile has a bit of a longer history and subsequent maturity than DevOps. Despite this, how can organization now that it is in fact an "agile organization". What does that even mean?
Our guest on this DevOps Chat is Jeff Dalton, founder of Broadsword consulting, author of Great Big Agile and founder of AgileCXO. Jeff shares with us his latest venture which is building AgileCXO into a worldwide movement to certify that organizations are in fact practicing Agile with best practices. Have a listen
Michael Stahnke has been with Puppet longer than just about everyone currently with the company. In his position as director of engineering he has had a front row seat as the DevOps market emerged and matures.
In this DevOps Chat we speak with Michael about his own personal journey, what he is seeing in the market and the most recent State of DevOps report from Puppet.
Anshu Agarwal has a tremendous record of working in startups that had successful exits. Now for the first time, along with her co-founders, she is actually founding the startup herself.
Nimbella is a serverless platform that is cloud agnostic and makes developing and deploying applications easy. Whether in a public cloud, private data center or both, Nimbella can help.
In this chat we speak with Anshu about her own personal journey and where Nimbella is and what the plans are for going forward
Christopher O'Malley is one of the leading voices in the DevOps for Mainframe community. He is relentless in advocating how the mainframe platform can not just exist, but thrive in todays agile/DevOps environments. His evangelism not only keeps his company Compuware front and center in the mainframe DevOps discussion, but really lifts the entire market.
In this chat we catch up with Chris to talk about the latest release of Topaz, what are the latest trends in the mainframe market and what we can expect in the near short term.
Chris is always a great interview with lots to say and this interview is right on point.
In this DevOps Chat we speak with Manish Gupta, CEO co-founder of ShiftLeft. ShiftLeft is one of the up and coming DevSecOps companies. As evidence of such, they were recently chosen as one of the 10 finalists for this years #RSAC innovation Sandbox award.
I have known Manish for many years in the security industry and it does not surprise me that he is once again at the top of a company that is setting the mark in the industry.
As DevSecOps continues to mature we are seeing solutions that help at different points of the software pipeline. Some solutions are shifting far left and helping developers at the point of development and committing code. Other solutions are squarely aimed at the old Ops team. Almost a DevSec and a SecOps bifurcation.
I am not sure that this is a great thing, I would like to see a more holistic solution, but I do believe the market will correct this.
ShiftLeft could be one of those companies who is on top at the end of the day.
They say if you live long enough . . . Few things give me greater pleasure than seeing my friends well earned success. Rich Mogull and Mike Rothman (along with Adrian Lane, Jody Brazil & Brandy Peterson) have been chasing a dream for more than a few years now. How to make the SecOps persons life easier, while bringing security into the age of DevOps, automation, agile, CI/CD, etc. Say hello to DisruptOps (http://www.disruptops.com).
I first interviewed Mike about DisruptOps a few months ago. The company was just emerging from stealth.
While they are still in preview, they were one of hundreds of companies that threw their hat into the ring for the prestigious RSAC Innovation Sandbox. Very proud to report that they were one of 10 finalists selected for this years program. If history is any guide, the fact they made the final cut is a good indicator of success to come. And well it should frankly. This founding team are some of the most dynamic, talented and smartest people I know in the business.
I had a chance to sit down with Rich Mogull and Mike Rothman to discuss what is driving DisruptOps and what the disruption is all about. Have a listen as we talk about it from the executive view, the security admin view and the market view.
Also be sure to check out DisruptOps at DevOps Connect: DevSecOps Days at RSAC, Monday, March 4th. https://www.devopsconnect.com/event/devops-connect-devsecops-days-rsac-2019/
Rich is also on a panel at the event as well as several other sessions at RSAC this year.
Enjoy!
The RSA Conference is just a month away. Once again RSAC promises to be the place where the world gathers around security. With upwards of 50,000 people attending, it is big by anyone's standard.
If you haven't already registered, here is a code for $100 dollars off a full conference pass (all sessions), 1U9DEVOPSFD or get a free expo pass, 1U9DEVOPSXP
DevSecOps will be center stage this year, literally. Shannon Lietz, the found of DevSecOps.org will be keynoting as well as leading a week long track on DevSecOps. Appearing with Shannon, is another leader of the DevSecOps community, James Wickett. James is the founder of the Rugged DevOps movement and a key member of the Signal Science team. Both James and Shannon are our guests in this DevOps Chat.
Part 1 of this chat where with just Shannon is also available.
In addition to the DevSecOps track all week, there is also the 5th annual DevOps Connect: DevSecOps Days on Monday, March 4th at Moscone, as part of RSAC. www.devopsconnect.com/event/devops-c…ays-rsac-2019/ www.devsecopsdays.com/2019-devsecops…s-sanfrancisco
The RSA Conference is just a month away. Once again RSAC promises to be the place where the world gathers around security. With upwards of 50,000 people attending, it is big by anyone's standard.
If you haven't already registered, here is a code for $100 dollars off a full conference pass (all sessions), 1U9DEVOPSFD a free expo pass, 1U9DEVOPSXP
DevSecOps will be center stage this year, literally. Shannon Lietz, the found of DevSecOps.org will be keynoting as well as leading a week long track on DevSecOps. Shannon is our guest in this DevOps Chat. Part 2 of this chat where we are joined by Rugged DevOps founder, James Wickett will follow this chat next.
In addition to the DevSecOps track, there is also the 5th annual DevOps Connect: DevSecOps Days on Monday, March 4th at Moscone, as part of RSAC. https://www.devopsconnect.com/event/devops-connect-devsecops-days-rsac-2019/ https://www.devsecopsdays.com/2019-devsecopsdays-sanfrancisco
Tyler Shields is someone who has made the leap from technical security expert to business leader. At Veracode, CA and now Sonatype, Tyler is someone who can clearly enunciate the path forward for business leaders on what they should be doing in regard to DevSecOps, open source security and minimally viable security.
Tyler gets it and you can learn a lot from him. Have a listen and enjoy
What exactly is a chief scientist? Eric Sheridan at WhiteHat tells us. More than that, Eric gives us what he calls the "the security addendum to the 12 factor App." I guess to understand this, you need to understand something about the 12 factor app process. Here is the website to learn: https://12factor.net/
Eric lays out a well reasoned approach to appsec and some good research findings from WhiteHat. Have a listen
In this DevOps Chat we speak with nClouds CEO JT Giri about the challenges SMBs face when moving to the cloud. As an AWS premier partner, nClouds specializes in helping these companies achieve a successful cloud migration. So why should SMBs migrate to the cloud? What are their challenges? How can they succeed? JT shares with us his insight, honed from helping dozens and dozens of SMBs do this successfully.
In this DevOps chat we speak with our old friend Tim Woods, VP of technology alliances at Firemon. Firemon's mission has moved beyond the management of the firewall to managing your security. Recent acquisitions have enabled them to offer comprehensive security management across the entire hybrid environment.
Tim and I discuss the current state of technology and what large enterprises are looking for their hybrid environments. Great conversation!
Scaling your testing is the scourge of many software teams. While test automation and continuous testing have made great strides, it is still hard to automate every QA test. Also engineering resources who can script these tests are hard to find. Enter Rainforest.
Rainforest has a unique crowdsourcing solution to continuous testing. It combines crowdsourcing talent with automation to deliver a high level of quality assurance on a continuous basis.
In this chat we spoke with CIO Derek Choy as he explains to us why Rainforest in some ways can be the Uber of QA.
Two megatrends for 2019 and beyond is scale and automation. The identity management space is a perfect example. Between all of the IP enabled devices (machines) coming on line, the billions of people and their identities, managing these billions and billions takes systems that will redefine scale and almost by definition have to be automated.
Enter Forgerock. They are a leader in managed identities for both consumer brands, IoT devices and more. We spoke with Peter Barker, their VP of product about the challenges to scaling at this level and how important identity management is.
In this DevOps Chat we look at some exciting new technology from a company called MissingLink. Yosi Tauguri is their CEO, founder and he is the guest on this DevOps Chat. Missinglink is part of the Samsung X product development team. Their mission is to use ai to help data engineers with deep learning problems that can transform organizations abilities to meet and exceed today's customers expectations. Really interesting stuff here.
Managing your machines identities is as or even more important than managing your personal identities. And with the explosion in the amount of machines thanks to IoT, containers, serverless and more their numbers are in the 10s of billions or more. That is a big job and someone has to do it.
That is why Venafi just security a $100 million dollar round of funding. We caught up with Venafi CEO Jeff Hudson to talk about how big and important a job it is to manage these billions and billions of machines (sorry for the Carl Sagan, but its true). Venafi has been doing this for 7 years and have learned a thing or two along the way. Listen in as Jeff educates us on this very important mission.
James Wickett is the man to go to for DevSecOps. The founder of the Rugged DevOps movement which has merged into the DevSecOps group, James is one of the most knowledgeable people on the subject of DevSecOps.
In this DevOps Chat James shares his views on what is on the horizon for DevSecOps and what are the most important things we can do to make our teams more secure. Have a listen as James gives us his take. Also look for the video of this interview on DevOps.com
Unravel is making a name in the AIOps, APM and big data markets. We chat with Unravel CEO Kunal Agarwal in this DevOps Chat about what makes Unravel a must have for its customers. We also take a sneak peek ahead to what the near and not so near future holds for big data, AIOps and the tech scene in general. Great listen.
Portshift brings a new identity-based application security model from code to runtime. Cloud or on prem, Portshift works. In this chat we speak with CEO Ran Ilany and VP Business Ops Eran Grabiner about what is unique to the Portshift solution and why you should consider it for your own application security. Especially for your DevOps teams.
SauceLabs has unveiled its new headless browser testing capability which will allow for automated and continuous testing to perform even faster.
I sat down with Lubos Parobek, VP of Product at Sauce to discuss what drove this development and how it can help DevOps teams be even more efficient with their testing.
Managing Macs, iPhones, iPads and other Apple devices at scale is not something really native to iOS or OSX. Enter Fleetsmith. In sort of a Puppet meets Apple, the Fleetsmith team automates configuration, management and security of your Apple devices.
In this chat we sit down with Fleetsmith co-founder, CEO Zack Blum and company advisor, Puppet co-founder, Luke Kanies to discuss the mission and challenge in managing your Apple devices.
While everyone wants to focus on building a new app, the fact is there are many, many apps already out there. They need to be maintained, updated and modernized. How do you upgrade these legacy apps to new infrastructure, frameworks, languages, etc? App Modernization is a thing.
In this DevOps Chat we speak with Matt Tarnawsky of IBM about App Modernization and Service Virtualization, testing and more.
It seems every organization is chasing digital transformation. Some companies are succeeding, some are wallowing a bit, trying to figure out how to do it. Box is a company that is both successfully navigating digital transformation, as well as a catalyst for digital transformation at other organizations.
In this DevOps Chat we speak with Paul Chapman, CIO of Box about these topics and he gives us his own take on what the environment is like for companies and what they should do to thrive today. Great conversation, enjoy!
RSA Conference is where the world comes to meet Security. For the last 14 years, the Innovation Sandbox Contest was where you could find out what the up and coming companies in security were up to.
This year RSAC is doing something else in addition. The Launch Pad is where to come to if you have a great idea. You can pitch to VCs, the community and your peers - get great feedback. https://www.rsaconference.com/events/us19/agenda/rsac-launch-pad
In this chat we speak with Cecilia Marinier of RSAC about Sandbox, Launch Pad and so much more that is RSAC. Listen to the chat, go to RSAC and enjoy.
Digicert a leader in the digital certificate world recently conducted a survey on the use and security around Internet of Things (IoT). In this DevOps Chat we spoke with Mike Nelson, VP of IoT Security at Digicert. Mike explains the results of the survey as well as what are the key things that the top tier companies are doing that sets them apart.
You can get the full results of the survey and report at https://www.digicert.com/state-of-iot-security-survey/
In just a little over 3 years Aqua Security has set their mark in the container security space. With their major new release of Aqua 3.5 they have again raised the bar with Serverless and Container Encryption upgrades and feature sets.
I sat down with the Aqua Enforcer himself, Rani Osnat and "Boston" Andy Feit to discuss the details of this major release. Rani and Andy give us an inside peek.
As the old saying goes, "speed kills". When it comes to development, a lack of speed can kill too. Marko Anastasov and the Semaphore team have always strived to make Semaphore the fastest CI tool in the market. With version 2.0 of Semaphore they believe they truly are.
Marko brings a unique perspective as a developer to leading the Semaphore team. He knows what he and his colleagues like and that is the roadmap for Semaphore. Have a listen to Marko tell us in his own words.
Chris Eng has been shepherding the State of Software Security for a long time now. This new volume 9 of the survey is one of the best. I had a chance to sit down with Chris and discuss some of the highlights and interesting findings in this years report. Don't miss this chat and be sure to download the report from the Veracode site.
Dale Vecchio has tens of years in the mainframe business. 18 or so of those years was with Gartner covering the mainframe beat. Dale is now with LzLabs. They recently conducted a survey with Microsoft On mainframe use: https://info.lzlabs.com/lzlabs-microsoft-mainframe-modernization-survey-2018
The results may or may not surprise you depending on your views on mainframes. It seems that a very high majority of mainframe users would like to ditch their mainframes if they could. There are some other interesting results here as well.
Of course LzLabs offers software as mainframe and Microsoft is not exactly known as a mainframe powerhouse. So I guess "take it with a a grain of salt" applies.
What do you think? Can we scale out in the cloud without scaling up as we do in mainframes or can we do it all in the cloud?
Evan Kaplan, CEO of Influx Data is someone who knows his way around the technology world. In a lifetime of experience that has seen him found and manage several successful companies from start up to public entities, Evan has had a great track record of success. Influx Data is yet another success for Kaplan. Building on the open source InfluxDB they boast over 200,000 users of Influx today.
I sat down with Evan to discuss Systems instrumentation today and what big data and velocity means for developers and everyone up the stack. It is a very different world from just 15 or 20 years ago. Listen in as Evan gives us his insight.
It is really my pleasure to present this episode of DevOps Chat. I have known Mike Rothman for 15 years or so. He and his partners in DisruptOps, Rich Mogull, Adrian Lane, Jody Brazil and Brandy Peterson have been some of the sharpest guys in the information security world for a long time. I knew they were working on a DevSecOps startup but I couldn't say anything.
Well know the cat is out of the bag and I am happy to give you this conversation with Mike, who is President of DisruptOps. This is a company to watch with real ideas and experience behind it. Have a listen to our conversation and check them out at http://disruptops.com
Toby Corbin is a team lead on IBM's Microclimate Developer Experience tribe. Part of what he does is performance analysis for developers utilizing Cloud Private for the application environments.
As such he has a unique relationship and perspective with what developers, as well as DevOps teams are experiencing and what they are striving for in terms of microservices and infrastructure, etc.. We had a good chat with Toby on some of this in this episode.
You can find out more about IBM's Microclimate at https://www.ibm.com/in-en/marketplace/microclimate
Gil Sever and Applitools are pioneering a new segment in the AI market, Visual AI. Originally used as part of their testing and monitoring solution, Applitools believes that visual AI will become an entire segment with the AI space. When it does, Applitools will be the leader in it. Great vision from the CEO.
Right now Applitools is doing a great job with visual testing and monitoring. We check in with Gil and get the latest.
In this DevOps Chat we sit down with Rani Osnat and Andy Feit of Aqua Security to discuss what is happening in the container security market. The entire container space is of course exploding with this year's North American KubeCon in Seattle shaping up to be a blockbuster event (https://events.linuxfoundation.org/events/kubecon-cloudnativecon-north-america-2018/)
Aqua along with AWS and Red Hat are putting on the KubeSec Enterprise Summit on the Monday of KubeCon and if container security is on your radar (and if its not, why not?) don't miss this one.
October 17, 2018 starting at 3am New York time, AllDayDevOps is back. With over 124 speakers/sessions, there is virtually (no pun intended) something for everyone. We caught up with Derek Weeks and Mark Miller, the founders of AllDayDevOps to see what's new and what has them excited. Great stuff going on here and you can be part of it by registering now http://alldaydevops.com
Mark Curphey has been a leader in the security space for many years. He recently joined Veracode and is helping to shape the strategy there. He has some great thoughts on the future of DevSecOps and AppSec. In this interview we speak with Mark about his vision and thoughts on the future of DevSecOps
It was announced yesterday (https://www.prnewswire.com/news-releases/clearlake-capital-backed-perforce-software-to-acquire-perfecto-mobile-300726603.html) that Perforce has acquired Perfecto Mobile. Perfecto is one of the leading players in the mobile app testing space. Perforce originally was a version control solution, but with 5 acquisitions recently is branching out into a broader DevOps solution company.
I sat down with the CEOs of Perfecto and Perforce to discuss the reasoning behind the merger, as well as the broader DevOps market trends that are at play here. Great conversation, have a listen!
Zohar Alon is a pioneer in cloud security having started Dome9 after leaving a distinguished stint at Checkpoint. Dome9 has seen the advent of DevSecOps influence the Cloud Security space (or maybe it is the other way around).
I have known Zohar for years and he is always an interesting interview. This podcast is no exception. Good stuff from the Zohar!
Listeners to DevOps Chat are not strangers to JFrog. We recently spoke with CEO, co-founder, Shlomi Ben Haim about their acquisition of Trainologic. But today we are happy to announce that Shlomi and team have announced a series D round of capital total a whopping $165m dollars! This may be the biggest raise in the DevOps market to date.
We speak with Shlomi about how this came about and what are JFrog's plans now that it is fully funded. Also what does this mean for the industry in light of other recent news around capital raises.
Congrats to Shlomi and the entire JFrog team.
Pete Cheslock has appeared on DevOps Chat as his career has spanned several leading DevOps enabled companies. It seems that where there is DevOps, there is Pete Cheslock. Pete has joined Chaos Search as VP of product. Pete tells us why he joined and what excites him about Chaos Search and DevOps.
The Accelerate State of DevOps Report(https://cloudplatformonline.com/2018-state-of-devops.html) has become the go to source for the definitive word on DevOps adoption and metrics. Building on 6 years of research with sound academic process, the State of DevOps reports are peer review class research into the state of DevOps.
We sit down with DORA co-founder and well known DevOps author and practitioner, Jez Humble to discuss this years report and its key findings.
A few months back Tricentis merged with QASymphony to create a large player in the continuous testing space. This interview with Tricentis CEO Sandeep Johri originally ran(https://devops.com/tricentis-acquires-qasymphony-the-age-of-continuous-testing-is-upon-us/) on DevOps.com.
You can hear it now on Soundcloud and elsewhere as just a podcast.
Yesterday JFrog announced it had acquired Trainologic. I sat down with Trainologic CEO Gal Marder, who is now Jfrog's VP of DevOps Services and Jfrog's CEO and co-founder, Shlomi Ben Haim.
Shlomi and Gla give us the reasons behind the acquisition and what the plan is for rolling DevOps professional services as part of the Jfrog bundle of offerings.
With so many companies adopting DevOps, the need for pro services to help them is a big need. Jfrog hopes to capitalize on this by creating pro serve commando units.
You can find out more here: https://jfrog.com/about/jfrog-acquires-trainologic-to-fortify-platform-expansion-with-enterprise-devops-services/
Container adoption has gone mainstream. It seems everyone is moving to a Kubernetes/Docker model. Part and parcel with that is the challenge of how do we secure these environments. There are many companies that claim to offer container security solutions, but many of them have "container washed" their existing solutions. There are few "container native" security companies. StackRox is one of these companies. In this chat we speak with Ali Golsha, CEO of StackRox.
The security of open source components have been in the spotlight especially since the Equifax breach last year. In this DevOps Chat we speak with WhiteSource Software co-founder Azi Cohen about the challenges that DevOps and DevSecOps teams are facing in trying to keep their applications secure. A big part of this is making sure your open source components are up to date and secure. This is where WhiteSource Software plays. Azi had some great insights on this subject
Eric Minick, CD and Continuous Testing Program Director at IBM talks to us about Day 2 of DevOps and beyond. Eric is always a great guest on DevOps Chat and this episode is no exception. Lots of really good information here.
In this chat we sat down with Ben Bernstein, CEO of Twistlock. Twistlock just announced another round of venture capital funding, as well as continued progress in customer adoption and new features. Bernstein also shared with us his views on container security and what the market is looking for.
Shift Left. You have heard the term but what does it mean? In this chat we sit down with Chetan Conikee, founder & CTO of ShiftLeft to discuss what we mean by ShiftLeft. Also about how we can take lessons learned in DevOps to make AppSec and security better. Great conversation with someone who understands the issue.
There were several incident management vendors who were "DevOps native" in the market. But with the maturity of the DevOps movement and the adoption of DevOps by organizations large and small, larger more established incident management firms have taken their own lessons in adopting DevOps to tailor their solutions for DevOps. Everbridge is one of those companies. A public company, Everbridge is bringing their best in class solution to the DevOps market. I spoke with Prashant Darisi, VP of Products there about this and more. Have a listen.
CircleCI was born as a cloud native SaaS based CI solution. Since then they have also released an "on prem" solution and today offers a full CI/CD solution. We chat with Rob Zuber, CTO at CircleCI and veteran of the tech space with four startups under his belt. Rob gave us some great insight into the market, I am sure you will find interesting.
SignalFX is a company hitting its stride by providing a quality solution to large enterprises. The company recently announced a new round of capital with a $45m raise. We chat with CEO Karthik Rau about what this means for the future of the company and what it means for the modern applications that we are seeing deployed today.
RoelBob creator and futurist Bob Reselman talks about what the future may hold for you and your career in light of automation. In the bigger picture what does this really mean for you, your children and society in general? Bob gives us his thoughts in this chat
There is a great new book coming out called the Kitty Hawk Venture. In the vein of Gene Kim's The Phoenix Project, Kitty Hawk is also a novel, rather than your typical business text. It is the story of a fictional company in the airline industry, but is based on a true story. It is due out in July but you can pre-order on Amazon now: https://www.amazon.com/Kitty-Hawk-Venture-Continuous-Delivery/dp/1484236602
In this DevOps Chat we speak with one of the authors of the book, CA VP, Aruna Ravichandran about the book, about continuous testing and her passion for DevOps. This is Aruna's 2nd book on DevOps, in addition to her many other activities. She is a dynamic personality and I think you will really enjoy this chat and the book!
In this episode of "The CEO's View" we again chat with Derek Langone of XebiaLabs. Derek tackles a tough question: What's killing your digital transformation? Hint: It might be you. No one ever said these transformations are easy. A few missteps could doom your progress. But don't give up, keep at it, follow some of Derek's advice here and you might just transform successfully.
In our continuing series of "The CEO's View" with Derek Langone of XebiaLabs we take a bit of a deep dive into DevSecOps and how it has risen to the top of the list in Derek's conversations with organizations around the world. Great discussion with some keen insights, enjoy!
In this special edition DevOps Chat we speak with acclaimed DevOps leader and author, Gary Gruver, DevOps pioneer and thought leader, Helen Beal and Electric Cloud executive Sam Fell about the upcoming DevOps Workshop which will follow the DevOps Enterprise Summit in London. The workshop takes place on June 27th. You can get information and tickets at: https://www.eventbrite.co.uk/e/devops-workshop-from-new-learner-to-executive-leader-with-gary-gruver-and-devops-institute-tickets-45409188104 . Also be sure to check out DevSecOps Days the day after this workshop in London! https://www.eventbrite.com/myevent?eid=44808855493
It's always great to catch up with Robert Reeves, CTO, founder of Datical. Datical just released a new survey about the State of Database Deployments in Application Delivery (https://www.datical.com/whitepapers/survey-the-state-of-database-deployments-in-application-delivery/). Have a listen to our chat and be sure to download the survey report!
In this DevOps Chat we speak with Kurt Glazemakers of Cyxtera, the makers of AppGate SDP. SDP stands for software defined perimeter and the Cyxtera security division has a new release out with some exciting new features. Have a listen to get the scoop.
Yaniv Yehuda of DBMaestro has his ear to the ground on what is happening with DevOps for databases. He talks to us about the state of the market and what is the latest from DBMaestro. Have a listen and learn
SRE is a very hot field right now. Some say it is "the ops in DevOps". We chat with Stig Sorenson of the Bloomberg SRE team about how Bloomberg is using SRE to make their business more responsive to their customers. Stig and the Bloomberg team are really at the forefront of what is happening in the SRE field, so this is a great look in.
Sinead Glynn of IBM discusses a couple of trends in cloud service management. How does DevOps, ITIL, ITSM, SRE, as well as Machine Learning and AI factor into this. Hybrid cloud versus multi-cloud. Sinead has a great catbird seat to observe all of these changes. It is an exciting time to be in Ops and Sinead gives us a peek inside.
DOES London 2018 speaker, Ann Marie of IBM gives us a preview of her session on whether audit and compliance is a DevOps Killer. Have a listen to get a preview of her talk and be sure to register for DevOps Enterprise Summit London 2018: https://events.itrevolution.com/eur/
In this DevOps Chat our guest is Andrea Martinez Crawford, distinguished engineer and CTO for DevOps at IBM's Hybrid Cloud division. Andrea and Alan Shimel, editor-in-chief of DevOps.com talk about what is a "modern application" versus a legacy app. With special emphasis on what this means for DevOps. Great discussion!
Mirco Hering is a DevOps expert with Accenture. He is also an accomplished blogger and now a DevOps author. His book DevOps for the Modern Enterprise from IT Revolution is available on Amazon and other sites that sell books. Mirco in his role with Accenture is also very tuned into the Asia-Pacific region's DevOps scene, as well as Europe. We discuss a little bit about both AP and Europe as well as a preview of DOES London 2018. Great conversation with a real DevOps practitioner.
Chris O'Malley is bullish on mainframes. As you would expect someone who is the CEO of Compuware. But it is more than just bullish. Today's mainframes can run as fast as you need them too. Want to run Java or JS node? No problem. There is no reason to treat the mainframe as if it is not a native of today's computing environments. In fact for many tasks the mainframes is the best tool for the job. Chris is a great advocate and I think you will find this chat very interesting.
Appian World is just a few weeks away. Featuring a hackathon, keynote by The Woz and more, it promises to be a great time down on Miami Beach. DevOps.com will be there shooting video, reporting on the conference and talking to real, live practitioners. We spoke with Malcom Ross, VP of product marketing for Appian and a keynote speaker at Appian World himself. He gave us some great insight into conference, but more important into what is going on in the world of Low-Code. You can get more info at https://appianworld.appian.com/
Tim Hockin is Principle Software Engineer at Google. He is also one of the founders of the Kubernetes project and works on Google Cloud Platform. When he talks about containers and microservices, pay attention. :-) We caught up with Tim and spoke with him about microservices and how to refactor your applications if it makes sense. Enjoy1
Interop China has been growing steadily since its inception in 2013. It is part of the Cloud Connect conference. This year they are featuring both DevOps and DevSecOps tracks and talks. Jayne Groll of the DevOps Institute is the DevOps track chair and Alan Shimel of DevOps.com and Security Boulevard is speaking at DevSecOps.com. We sat down with Molly Huang and Kelly Yao of UBM China to discuss this years event. It sounds like it will be a great one!
When two legends in the InfoSec world start a new company, people take notice. Jeremiah Grossman and Robert "RSnake" Hansen recently announced their new venture BitDiscovery (http://www.bitdiscovery.com) was coming out of stealth, fresh off a venture raise and the acquisition Robert's company, Outside Intel. BitDiscovery offers a radically different way of doing asset inventory and website discovery. Rather than scanning when you want to discover your assets, with BitDiscovery, you just query the master database that the company has assembled and it tells you what it has already found there. This is possible because BitDiscovery keeps a snapshot updated constantly of just about the entire Internet. That is one Big Data based solution right there. Robert and Jeremiah are just the kind of guys to make something like this work. Also after speaking to them, I believe that with that kind of data, there will be a lot more uses for this technology that will present themselves to the BitDiscovery team. With the track record of these two pioneers, look for big things!
In this DevOps Chat we speak with Scott Wilson of CA Automic about the modern software factory, software pipelines, CD/ARA and more. That is a lot packed into just about 15 minutes! Scott is always an interesting guest with good things to say and learn from. Enjoy!
In this chat we spoke with Prem Chandraskearan, VP of Software engineering at Barclaycard. Prem has led the DevOps transformation there. He sums up his learning with this:
The best way for an organization to approach DevOps is from a collaborative angle. When development and operations experts actively work together in a cohesive effort, solutions are well designed, efficient and smart from both a development and maintenance perspective. When operations is viewed as a software problem, Dev and Ops can work in tandem to implement a tool that is holistically a part of the process from start to finish.
DevOps is always a work in progress, but the initiative can only improve with quality resources that implement a variety of backgrounds and perspectives on both Dev and Ops working together. Barclaycard has had some interesting challenges with DevOps due to being in the credit card/banking industry, so for example, the “you build it, you run it” mantra doesn’t work as well for us as it would for other enterprises implementing DevOps. It is definitely a learning curve, and our goals and best practices are still coming to fruition, but we are continuing to find ways to automate.
The best way to get teams to work together is to simply ensure that they are not in silos, meaning that if there are distinct dev and ops teams, they must spend time in each other’s sectors to understand the pains, how the functions work, what makes it tick, etc. When the development and maintenance perspective are strategized in tandem, it automatically makes for a better, more streamlined workflow.
The best way to ensure a DevOps initiative’s long-term success is to ensure that the foundation of the program is collaborative and understanding of how each function works. With this, automation testing for failure is imperative to discover problems that are typically only otherwise found in production. If all the bases are covered and the process is streamlined and collaborative, the overall quality of your DevOps function will be much higher.
Aqua Security have established themselves as a leader in the container security space. Rani Osnat, VP of Aqua Security and a frequent guest gives us an update on the latest developments around Kubernetes, security controls and the newest version of AquaSec, 3.0.
This is the first in a new series of DevOps Chats that we will be recording featuring Derek Langone, CEO of XebiaLabs. Derek will be sharing his unique view as the CEO of one of the leading agents of DevOps transformation in the enterprise, XebiaLabs. If you are an executive looking at digital transformation, you should listen to what Derek has to say. Enjoy!
In his role as chief product officer at New Relic Jim Gochee has had a front row seat to dozens, if not hundreds of organizations undergoing digital transformation. He gives us some of his observations and tips in this interesting DevOps Chat. Enjoy!
In this DevOps chat we sit down with Judit Sharon, CEO of OnPage. OnPage has been providing alerting and incident management services primarily to the health care industry before DevOps was called DevOps. As DevOps has exploded on the scene, the security and functionality built into OnPage was a perfect fit for ITOps and DevOps teams. As a result OnPage has expanded beyond its Health Care industry roots to become a very popular solution in the DevOps space. OnPage recently conducted a survey on the state of alerting in the IT Ops space. Judit gives us some insight into the findings, but you can download the full survey report at https://www.onpage.com/the-state-of-it-operations-ebook/. Great conversation, enjoy!
Harry Sverdlove has a long history in security first at Carbon Black and now as the founder CTO of EdgeWise Networks which emerged from stealth last August. Edgewise has solutions around Network Security and the cloud. Many think network security does not apply to cloud, but oh yes it does. By the same token (no pun intended), network security plays with DevSecOps as well. Harry and I have a great discussion on this and more.
GitLab has a very complete and ambitious plan to offer a complete DevOps solution to its customer base. Leveraging open source plus great service and premium feature sets, GitLab has become a leader in the DevOps field. I spoke to GitLab CEO Sid Sijbrandij and new VP of product marketing, Ashish Kuthiala about the vision of GitLab being a single application for the whole software development and operations lifecycle.
Have you ever thought you had a great idea for a business, but weren't sure what comes next? Think you can do better than those people you work for now? Just had the dream of starting your own company? If so there is a new playbook for you. My friends Rajat Bhargava and Will Herman have written the Startup Playbook to help. We sit down with serial founder, Bhargava to discuss the new book, what is the best advice in there and 3 tips that every founder should know. A bit off of our usual DevOps, but a great chat. Enjoy!
Also, you can download a kindle version of the book for 99 cents! Here is the link: https://www.amazon.com/Startup-Playbook-Founder-Founder-Veterans-ebook/dp/B078QCRYWJ/ref=tmm_kin_swatch_0?_encoding
Finally a few times at the end I referred to the book as the Founders Playbook. I tried to dub in Starters Playbook, but frankly my interviewing skills are better than my sound engineer skills. Apologies.
Few areas in DevOps are hotter than continuous testing. Automating various types of tests as part of your CI/CD pipeline is a bit of a holy grail in the DevOps world.
Tricentis is a company that is offering a tried and proven enterprise solution in this area. Having perfected their technology over the last 6-7 years and having raised $165m in capital, Tricentis is poised to deliver.
In this DevOps Chat we sit down with Tricentis CEO Sandeep Johri to discuss the market, the opportunity and what Tricentis is up to.
Great conversation!
The environments that we deploy applications in have certainly changed over the last 10 years. This is true for the way we secure applications as well. Barracuda Networks has ridden this wave to cloud native and making solutions for developers, devops teams and security and risk teams. We speak to Tim Jefferson, VP of public cloud for Barracuda on how they are adapting and helping to shape this market
Application Security Requirements & Threat Management (ASRTM)is a great way to: • Lowering costs to build secure software • Making security measurable • Turning unplanned work into planned work • Freeing up time away from remediation, and into feature development • Having a single process that works with in-house, outsourced, and commercial software • Providing confidence that software is secure, when requirements are linked to verification
In this chat with Rohit Sethi of Security Compass, we discuss ASRTM and how it helps DevOps teams, security teams and DevSecOps.
One of the hottest new trends in the cybersecurity world is what is being called "Deception". While honeypots and such have been around for a long time, the idea of purposely deceiving your attackers has really gained momentum, especially in the age of APT (advanced persistent threats). The team at Illusive Networks has pioneered this approach to safeguarding your infrastructure. In this Security Boulevard Chat we sit down with Illusive Networks Ofer Israeli to discuss the "art of deception."
Rosalind Radcliffe is a treasure of the mainframe world. It is always an interesting interview whenever we get the chance to speak with her. In this chat, Rosalind updates us on the newest generation of Big Iron from IBM, the z14 systems. Rosalind also tells us about some of the new capabilities of z14 that allow you to go as fast as you need it in your organization. Rosalind says it is time to move away from thinking of bi-modal IT. Even multi-speed IT is outdated. Today's mainframe can keep up with anything you throw at it.
Michael Kaczmarksi is an IBM Fellow and CTO of DevOps and Service Management. In his distinguished career at IBM he has obviously seen technologies come and go. Michael gives us an inside look at IBM's Cloud Private offering and how it relates to DevOps, Service management, hybrid cloud and so many other contemporary technologies in the market today.
In this DevOps Chat we are joined by Andy Richman of Park My Cloud and Samir Mehra of Cloud Health Technologies. Both of these cloud experts give sound advice on how you can best and most efficiently manage your cloud infrastructure whether it is on AWS, Azure, Google or anywhere else. If you are interested in optimizing your cloud deployments (who isn't?), then have a listen.
They already number in the billions, but connected devices or IoT were not all built with security as top of mind.
In this chat we speak with Mike Nelson, VP of IoT Security at DigiCert, a global leader in digital security for connected systems and devices. Mike tells what to do with your legacy devices and systems to help make them more secure and what to look for in systems going forward so that you can be as secure as possible.
Great practical advice.
In this DevOps Chat find out how the developers of Wolfpack (http://wolfpack.run) are saving over 50% of their prior costs for cloud by using Park My Cloud's cloud management platform.
Though the cloud offers many benefits to app developers and others, controlling the costs of these apps can sometimes elude organizations big and small. Cloud sprawl can quickly lead to cloud bills. In this chat we speak with Jonathan Chashper, CEO of Wolfpack about how his company got a handle on the cloud and is saving over 50% of what they were paying before.
Microservices and Containers: Mastering the Re-Platforming of the IT Infrastructure
The re-platforming of the enterprise IT infrastructure is no small undertaking and is usually provoked by a shifting set of key business drivers. That is precisely the case today. The term digital transformation is in the hearts, minds and on the lips of top-level business executives and IT leaders alike. The underlying traditional or legacy infrastructures that have dominated enterprise IT for nearly 30 years simply cannot handle the workloads or power the applications that will drive business decisively forward.
Both microservices and containers are destined to play a major role in this enterprise re-platforming, for different reasons. Containers for their part hold significant benefits both for developers and the development effort as well as for the organization itself. Understanding this range of benefits is instrumental to securing IT budget for containers going forward.
In this interview, Jim Scott, director, enterprise strategy and architecture at MapR, can discuss the most promising and compelling tools, technologies and solutions destined to play a major role in this re-platforming of the enterprise. Jim will highlight how to stay one clear step ahead as IT undertakes what is arguably its most mission-critical task in a generation.
Chef Habitat is growing up. Along the way it is really becoming quite a useful platform for application automation, including beefing up your security and compliance. We had a great update from the Chef team on what is new with Habitat. We have two Chef folks, Jaime Winsor, a co-author of Habitat and Tasha Drew, senior product manager and Blake Irvin of SmartB, a Habitat user.
Chef has spent a lot of time bringing security and compliance into the software development lifecycle (SDLM). They have several solutions both open source and commercial which can help with your DevSecOps practice. I had a chance to sit down with Dan Hauenstein and Dominick Richter. Dominick is one of the founding members of dev-sec.io and co-creator of Chef Compliance.
Container adoption rates are skyrocketing. Securing these environments is both a tremendous opportunity and a daunting challenge. Aqua Security has taken on this challenge. With their most recent funding announcement and other momentum news, they are making their play to lock down the container security market and establish themselves as the market leader.
I had a chance to catch up with Rani Osnat of Aqua to hear about their funding news, how they are going to use the money and what the challenges are in the container security space.
Do you know suffer from Cloud Sprawl? Do you know how many instances you have and what is on each one? Getting handle and managing your cloud, hybrid cloud or multi-cloud can quickly outgrow companies both big and small.
In this DevOps Chat we speak with ParkMyCloud CEO Jay Chapel who gives us some practical tips and advice how to get cloud sprawl under control.
Harness.io launched from stealth today with a goal of disrupting the CI/CD market. Made up of members from the AppDynamics founding team, Harness has a plan to bring a higher level of CI/CD functionality to those who require it.
DevOps Chats caught up with Steve Burton, VP of product marketing at Harness to understand how theContinuous Delivery-As A-Service Platform seeks to make it happen.
In this DevOps Chat we catch up with Dr Kristian Stewart of IBM. Kristian talks to us about how dev and ops can work together. He calls it shift ops left and shift dev right. He has some great ideas borne out of his years of experience in the field.
Kristian's background is as follows:
Dr Kristian J Stewart, Architect - Hybrid Cloud Event Management and Analytics
Kristian currently leads architecture for IBM's Netcool Event Management offering, and is part of the team providing as-a-service capabilities to IBM's clients with Cloud Event Management. He has worked in Systems and Service Management for 18 years. He lives in England with his wife and two daughters, two cats, and five Raspberry Pis.
OpenMake has been involved in the software integration and delivery process for many years. The CI/CD revolution that is inherent in much of what DevOps is about has changed the company and their model in ways not imagined. DeployHub has been open sourced and has really found a community. DeployHub Pro has landed OpenMake on the Gartner MQ. We speak with OpenMake CEO Tracy Ragan about road to open source and DevOps success.
IBM's latest enterprise system, z14 is in general release. Beyond pure speeds and feeds, the z14 has capabilities that go far beyond where any z system has gone before. Pervasive encryption, hybrid cloud integration, many new APIs and more make the z14 "the biggest release in z systems over the last 10 years at least" according to Hayden Lindsey, VP of Enterprise DevOps. Hayden is our guest in this chat and he lays out all of the reasons why z14 isn't your grandads mainframe
Steve Boone is the product owner and development manager for Urban Code Deploy. He has helped hundreds of companies adopt, implement and scale their agile and DevOps practices as part of their digital transformation. In this chat Steve gives us some insights into how can you measure your DevOps success.
Wouldn't it be nice to have the entire continuous delivery topography laid out in a nice map that shows how they are all interconnected? Sort of like a subway or metro map? Well now you have it and it is interactive! The good folks at Automic, a CA Technologies company just released their Continuous Delivery Map. It is really cool and they are adding to it all the time.
I caught up with Scott Wilson of Automic and had a chat about the Continuous Delivery Map. As usual the streaming audio of our conversation is immediately below, followed by a transcript of our chat.
The path to cloud can be best navigated utilizing DevOps. JT Giri, co-founder and CEO of nClouds, is helping enterprises and startups alike migrate to the Cloud and adopt DevOps practices at the same time. It is a formula that is proving very successful. I had a chance to sit down with JT and discuss this path in this episode of DevOps Chat.
Chef is doing everything it can to automate as much of your IT process as possible. From config management to deployment, compliance to testing, Chef is trying help. With several open source projects, as well as enterprise class solutions, there is a lot to pick from. We check in with Ken Cheney, CMO of Chef for our regular check in on whats new. Have a listen and enjoy!
Jenkins World 2017 is right around the corner, August 28-31st in San Francisco. This years event is by far the biggest one yet! I had a chance to sit down with Sacha Labourey, CEO of CloudBees. He gives us some great info on why Jenkins World is a can't miss event. You can get a 20% discount on Jenkins World by using the code JWHGILMORE @ https://www.cloudbees.com/jenkinsworld.
DevOps.com will be there filming videos as well as Alan Shimel, DevOps.com editor in chief will be moderating a panel on DevSecOps as well.
See you in San Francisco at Jenkins World!
When doing research around launching DevOps.com, one of the most interesting and leading figures in the DevOps movement was Damon Edwards. It has always been a goal to sit down with Damon for a DevOps Chat. While having interviewed him numerous times for DevOps TV, for this chat, Damon joins us to discuss Rundeck(https://www.rundeck.com)and how it is helping flesh out the Ops in DevOps.
Damon is super knowledgeable and well versed in this and other areas, so this chat is a really informative episode. Enjoy!
Three of the hottest topics in IT today: IoT, Cognitive and Blockchain. What role does DevOps play in successfully leveraging these? In this DevOps Chat we ask Cliff Utstein - Director of Offering Management, IBM Cloud DevOps and CJ Paul - Distinguished Engineer & Chief Architect, IBM Cloud DevOps for the answers. It is a lively discussion with as both Cliff and CJ are very experienced in these areas and have some great thoughts. Enjoy!
In this DevOps Chat we sit down with Pete Chestna of CA Veracode about a survey they conducted of Developers and Security teams. The goal was to see if the teams were working together in an effort of making security everyone's responsibility.
Pete is a great evangelist for DevSecOps, having been a developer for many years, as well as deeply involved in the security community. Pete always has great things to say and you will find this interview very interesting I think!
DevOps.com caught up with Gene Kim prior to DOES London 2017. However due to some sound engineering issues, this chat was not able to be edited in time for the preview of the great DOES London 2017 show it was intended to be. With more time we have cleaned up the file and while not perfect it is indeed very listenable with some great info from Gene. If you like you can also check the keynotes from the show, many of which Gene mentions here on YouTube at: https://www.youtube.com/watch?v=FCnmJCc95ns&list=PLvk9Yh_MWYuyBf9AAlnI7Q6-zy_iDqRoh
Logs are increasingly becoming a big data analysis issue. So why not bring some AI to this big data problem? Loom Systems is doing just that and as a result is making it easier to analyze log data for actionable and meaningful results. I had a chance to sit down with Loom Systems CEO Gabby Menachem to discuss what AI means for the log analysis space and how it can make your job easier.
Design thinking? What does it mean? Why should you care? I had a chance to sit down with Sarah Plantenberg of IBM who is my go to person on Design Thinking. Sarah has recently taken on a new role within IBM helping to bring design thinking to IBM customers. This DevOps chat is a great conversation with Sarah, who is a bright and engaging subject. I am sure you will enjoy!
ChefConf 2017 is right around the corner, May 22-24 in Austin. We had a chance to catch up with Ken Cheney, CMO Chef to get the scoop on what are the highlights of this years big Chef conference. Have a listen and there is still time to go. Get info at https://chefconf.chef.io/2017/
Using any tool or technology because it is the "cool thing to do" is never a good idea. In this DevOps Chat, we speak with Flint Brenton, CEO of Collabnet. Flint has been around long enough to know that if you are not using the right technology for a given task, you are not going to have the success you might have otherwise. Picking the right tool for the job is as important as doing the job itself. Flint also gives us some good background on CollabNet which has been servicing the developer and ops communities long before DevOps was cool
Michael Olson of Puppet's product team is our guest on this episode of DevOps Chats. Michael gives us the scoop on Puppets 3 major announcements around product updates, new products and new global expansion.
New versions of Puppet Enterprise and Puppet open source, new products include Lumogon and Puppet Cloud Discovery. New partner offerings with AWS, Cisco and others, as well as new offices in Singapore and Seattle.
Taken together it paints the picture of Puppet continuing its growth into a global enterprise provider of DevOps solutions. You can read more on my take on these at https://wp.me/p4upoP-tRu
Our guest on this DevOps chat is Dr. Steven Mayner who is a confirmed speaker for DevOps Enterprise Summit, London 2017. Steven is of the worlds foremost experts on Scaled Agile Framework. He has helped organizations the world over achieve great results with the SAFe framework. An engaging speaker, you will enjoy this interview.
Value stream mapping, what is it? Sure you have heard of it, but what does it really mean and how can it help you? We discuss value stream mapping in some detail with Eric Robertson, VP of product and engineering at CollabNet. Great discussion on how this Lean based idea can really help in your DevOps transformation.
Rob England, IT Skeptic was once a DevOps skeptic (what do you expect, he is the IT skeptic), but even this skeptic has been won over to the ways of DevOps. So much so in fact that he is presenting at this years DOES London conference Rob is presenting on the importance of people in the DevOps equation. If even the IT skeptic can see the advantages of DevOps, you should too? I don't know, but have a listen as we catch up with always entertaining Rob England in advance of DOES London.
The Jenkins community was just given a major upgrade yesterday with the release of Blue Ocean 1.0. Blue Ocean puts Continuous Delivery within reach of every team. This release was a long time in the making, with lots of hard work and thought behind it. Here from two of the Jenkins community leaders on what it is and why it could be a game changer for you!
DOES London 2017 Program Committee member and speaker, Jonathan Fletcher, CTO of Hiscox tells us about what he will be speaking about at DOES. We also talk about what it is like to be a member of the program committee for DOES, what kind of submissions they saw, what are the themes for this years show and more. Jonathan is a sharp fellow and always a pleasure to speak with.
Dr. Nicole Forsgren, founder and CEO of DORA, DevOps Research and Analysis will be speaking at DOES London on June 5th and 6th to announce the findings of this years State of DevOps Survey. She will be joined by Jez Humble (her co-founder at DORA) and Nigel Kersten of Puppet.
Dr. Forsgren gives us her take on why DOES is a special event for her and what we might see in this years survey analysis.
We sit down with Nigel Kersten of Puppet who will be speaking at DOES London on June 5th and 6th at the QE II Conference Center. Nigel will be speaking with Dr. Nicole Forsgren and Jez Humble of DORA to announce the findings of the 6th annual State of DevOps Survey.
Jose Quaresma is DevOps Lead DK at Accenture. Jose is based in Denmark and is part of the Advanced Technology & Architecture practice. He is a featured speaker at DOES London this year. We had a chance to sit down with Jose and understand why he felt compelled to speak at DOES this year and some of why he is excited about DevOps.
Omed Habib is a Director of Product Marketing at AppDynamics. Omed actually has an engineering background and is really sharp. We had a great discussion on Maslow's Theory of Happiness and how it relates to developers, ops and DevOps.
You never know what you will learn about on a DevOps Chat ;-) Hope you enjoy!
Sanjeev Sharma of IBM has a new book out called the DevOps Adoption Playbook, a guide to adopting DevOps in a multi-speed IT enterprise. Let me say that this is no book for dummies either.
The DevOps Adoption Playbook represents the sum total of the many DevOps lessons and learning that Sanjeev has accumulated in his role as a CTO and leader of DevOps at IBM. Much of it is based on the workshops he has done all over the world with literally dozens of enterprises.
As I told Sanjeev after reading the book, "in a market full of books on "what is", this is a book on "how to". I think you will enjoy this chat.
This DevOps Chat is with Mark Blach of Diamanti. Diamanti recently came out of stealth with a purpose built appliance optimized for containerized applications. What is that you say, why use an appliance and not the cloud? Good question. Mark and the Diamanti guys have a great answer to. Have a listen and hear for yourself.
In this DevOps Chat we speak with Laurel Dixon-Bull of Urban Code and Frank Canihuante of Travelers. Frank explains to us how he improved the CI pipeline at Travelers and some of the challenges he faced with the scale of a large enterprise like Travelers. Good case study.
Our guest on this DevOps Chat is Jonah Kowall of Appdynamics. Jonah is very bright and dialed into the DevOps scene. He talks with us about APM and its continuing evolution and diversification. Lots of great information here!
In this DevOps Chat we speak with Steve Jones, evangelist at RedGate and founder of SQL Server Central. Steve talks to us how organizations are moving their databases into the DevOps mode. He also tells us about SQL Clone, the newest offering from RedGate. Great conversation!
In this DevOps Chat we speak with Scott Wilson of Automic. Scott has a long history in IT and DevOps. He gives us some great insights into some of the challenges he sees and hears from the many organizations he works with at Automic
Tuesday, March 7th CA is sponsoring the DevOps Virtual Summit. There are some great guests scheduled to speak including two of the founders of DORA, Gene Kim and Dr. Nicole Forsgren. DevOps.com had a chance to catch up with Dr. Nicole and ask her about her presentation at the virtual summit, what is new at DORA and what we may be seeing in the coming months. Nicole gives us some great info on new books and offerings from DORA as well as why you really should attend the DevOps Virtual Summit.
If you would like to register to attend the summit, you can do athttp://resources.infoworld.com/ccd/show/200046726/01506610177859IFW4EV1XD3HMX/
DevOps.com sits down with Tasktop CEO and co-founder, Dr Mik Kersten. Mik gives us a look at the latest in task management and more insight into DevOps
Madhura Maskasky, co-founder and VP Product of Platform9 gives us an inside look at what is happening in the "open source as a service" company.
While culture is of the utmost importance to enable digital transformation, there are many other milestones in a successful DevOps journey. Join Alan Shimel, Editor-in-Chief, DevOps.com, as he hosts Bryson Koehler, GM, Distinguished Engineer and CTO of IBM Watson and Cloud Platform, and Shelbee Smith-Eigenbrode, Senior Software Engineer/IT Architect at IBM. Learn about challenges that The Weather Company (TWC) faced during the transition from TWC, to being TWC: an IBM company. Koehler is CTO of IBM’s newly formed Watson and Cloud Platform, as well as GM and distinguished engineer for IBM. Prior to this role, he served as executive vice president, distinguished engineer and CIO/CTO of TWC. He has an extraordinary record of leading significant business transformations and underlying cultural shifts. To do so successfully, Koehler maintains cultural change must first be incited in tech companies at the developer level. While at TWC, Koehler built a DevOps culture and practice that encourages transparency, accountability and collaboration. It is his mission to replicate this model in the transformation of IBM’s culture from a legacy IT enterprise to a true cloud platform company.
DevOps editor-in-chief, Alan Shimel sits down with Chris Lazzaro and Peter Klenk of IBM to talk DevOps, Bluemix, Bluemix Garage and more. Chris and Peter bring a wealth of information and experience to the table and it is always good to get their take on things. We also spend some time talking about the upcoming IBM InterConnect Conference at Mandalay Bay in March.
DevOps.com sits down with DevOps industry veteran Justin Vaughan-Brown of AppDynamics. Justin is one of only a handful of people who have been involved with DevOps with several DevOps vendors. He has a great view into the market and where DevOps is heading. Justin shares some of this with us and specifically looks at the APM and BPM markets. This is a great chat with a DevOps insider and we are sure you will enjoy it!
DevOps.com catches up with Chef CMO Ken Cheney. Ken gives us an update aboutAWS OpsWorks for Chef Automate, the latest on Chef Habitat and Ken gives us his view what is in store in the DevOps market this year. It is a great chat and you shouldn't miss it. Hopefully, Ken will be joining us regularly on DevOps Chats this year.
DevOps.com catches up with Nigel Kersten, Chief Technical Strategist at Puppet. While Nigel is a wealth of information and we could take days speaking with him, todays chat is all about the 2017 DevOps Survey presented by Puppet and DORA and is open now. After listening to this great 15 minute interview, head on over and take the survey at: https://devops-survey.com/register.php
Our first DevOps Chat of 2017 is with Aruna Ravichandran, co-author of DevOps for Digital Leaders. When not writing Aruna is a VP of DevOps marketing at CA Technologies. Over the course of her career Aruna has been a code writing engineer, in addition to a business executive, so she brings a great perspective to what it takes to successfully lead DevOps transformations.
Our chat is actually a pre-cursor to a full Q & A webinar we will be producing with Aruna, where we will dive much deeper into the book's subject matter. The webinar is January 17th and you can sign up to attend for free at http://webinars.devops.com/devops-digital-leaders.
Aruna is a very interesting person and the book is great. It is also available for free in electronic form, as well for sale in hardcover on Amazon and other book outlets. All proceeds from the book go to charity to enable gifted student to attend university who would otherwise be challenged due to economic hardship. Just another reason to listen to the chat, attend the webinar and check out the book :-)
DevOps.com sits down with Jeff Schaeffer, SVP and GM Continuous Delivery and DevOps Business Unit at CA Technologies. Jeff discusses the launch of the new CD community on DevOps.com sponsored by CA, as well as the impact of Continuous Delivery on the way businesses are delivering software today. It seems we are moving to everything being done continuously. Jeff gives us some keen insight on this.
Huw Price, Vice President, Application Delivery, CA Technologies is our guest on this DevOps Chat. Huw and Alan Shimel discuss Automation. Specifically that automation for automation's sake alone is not always a good thing. Building the right automation is key. Organizations need to understand what and why they are automating something before investing in automating it. Huw will be discussing this topic further in an upcoming webinar on DevOps.com.
Our guest for this DevOps Chat is Lucas Carlson, VP of Strategy, Automic. Carlson is fairly new to Automic, but no stranger to technology. He has founded several companies, had successful exits, worked in key positions at larger companies such as CenturyLink where he ran their lab and also written several books, both fiction and non-fiction.
Lucas discusses what he thinks is a fundamental challenge in DevOps. That is that DevOps appears to be Developer led and is by and for Developers. In Lucas's view it doesn't work as well for Ops and fundamentally something has to change to make it work. Have a listen to this provocative discussion and stay tuned for a deeper dive on this subject with Lucas and others soon!
IBM InterConnect 2017 is coming in March. The call for speakers is open until March 11th. You can get more info at http://www.ibm.com/interconnect. In the meantime I had a chance to catch up with Randy Newell, Director WorldWide Marketing DevOps. Randy gives us his own take on what the highlights of InterConnect 2017 will be, as well as upcoming IBM sessions at the DevOps Enterprise Summit in San Francisco. Randy is very knowledgable about the market and a great conversation. Enjoy!
DevOps.com sits down with Tim Butel, VP Products at XebiaLabs to discuss what is the latest in DevOps, Continuous Delivery and at XebiaLabs. He talks to us about his own job duties, what he sees in the DevOps market and how XebiaLabs is setting its mark in the market.
Our guest in this DevOps Chat is Hayden Lindsey, VP of DevOps and Enterprise Systems and distinguished engineer at IBM. Beyond the title though, Hayden is a great gentlemen who I have had the pleasure of interviewing several times over the years.
Hayden and his team have done a great job of not only keeping the "big iron" systems working the world over, but in fact teaching some of these "old dogs new tricks". Hayden and IBM's Enterprise System Group have leveraged technologies like DevOps and Agile to make todays enterprise systems work better and faster, keeping up with even the highest performing IT teams. Hayden tells us about the latest offerings from his team as well as discussing "Cognitive DevOps."
I think you will enjoy Hayden's view of the market right now.
The most widely anticipated book in the DevOps world was officially released today. The DevOps Handbook by Gene Kim, John Willis, Patrick Debois and Jez Humble is here. We sit down with Gene how tells us about this labor of love and learning that was over 5 years in the making. With over 40 case studies of companies who have make the transformation to DevOps and high performing IT, this book serves as a guide to DevOps success. Gene gives us a preview to the upcoming DevOps Enterprise Summit in San Francisco this November. This is a great episode, not to be missed! Read full transcript here: https://devops.com/devops-chat-g/
Panzura is a company that has made its mark by offering tremendous savings and even bigger speed improvements for companies with distributed data systems. With that kind of advantage, it is almost a no brainer that this would be very useful for DevOps. More and more we are seeing Panzura used by DevOps teams. Two Panzura execs, Rich Weber and Barry Phillips give us the lowdown on Panzura, as well as how and why DevOps and Panzura are made for each other.
Dr. CJ Paul, distinguished engineeer, DevOps Methods & Tools, IBM Cloud sits down with DevOps.com editor in chief, Alan Shimel to discuss trends in ITSM and DevOps. Paul also discusses IBM BlueMix Garage and the BlueMix Garage Method among other topics.
DevOps.com editor-in-chief Alan Shimel sits down with Michael Olson, Senior Product Marketing Manager at Puppet. Michael and I discuss a number of topics including the recent DevOps Salary survey that Puppet released. Another topic of discussion is the webinar Puppet is sponsoring and Michael is appearing on September 27, 2016 titled, "A Roadmap for DevOps Success." This webinar is a great jumping off point for those who are looking to set off on their DevOps transformation or even anyone looking for a DevOps reset. Please click the link to register if you are interested. In the meantime, Michael gave us a great amount of information about the topic and DevOps in general. I think you will find it very interesting and useful.
DevOps.com chats with Mark Nunnikhoven, VP of cloud research at Trend Micro. Mark talks about cloud security in a hybrid cloud world. it is a good discussion around DevSecOps, cloud and the future. Enjoy!
DevOps Chats speaks with John Harris of LeftShift IT about the red hot DevOps consulting business, continuous testing and more. John has real experience in the field and some great insights to share!
DevOps.com chats with Dave West, CEO of Scrum.org about the current state of Scrum and Agile, how it interacts with DevOps and while both developers and ops people should care. This is a great conversation, a little longer than our usual but worth your time. Enjoy!
DevOps.com talks with Mohit Bhatnagar, VP of product at ClusterHQ, the container data people. Mohit talks about the results of a recent survey that ClusterHQ and DevOps.com partnered on. Mohit also discusses other trends in the container space. Mohit's views on the state of the container market are very informed and interesting. Enjoy!
I had a chance to speak with Jean Louis Vignaud of IBM about the recently announced GitHib Enteprise as a Service on IBM BlueMix. This allows enterprises who want to use the very popular Git service but for whatever reason cannot use the public cloud community version. Organizations can now run their own "private label" GitHub Enterprise on their own premises.
You can find out more about this exciting new offering at: 1. Blog : Introducing the first-ever GitHub Enterprise as a hosted service: https://developer.ibm.com/bluemix/2016/06/16/github-enterprise-hosted-service-on-bluemix/ 2. Video : Benefits of GitHub Enterprise with IBM Bluemix Dedicated: https://www.youtube.com/watch?v=AxGTFZzZ7vU 3. SlideShare: IBM Bluemix Dedicated – GitHub Enterprise: http://www.slideshare.net/IBMDevOps/ibm-bluemix-dedicated-github-enterprise
We had a chance to sit down with Steve Hazel of Sauce Labs. Steve is the CTO, co-founder of the Sauce Labs. There has been so much written lately about the role of automated testing in DevOps and what the role of QA is going forward. Listen to what an industry veteran and thought leader has to say on the subject.
Also Steve recommended The Phoenix Project in our interview as a great book to read. Afterwards he had another great selection that we wanted to include: The Principles of Product Development Flow by Donald G. Reinertsen is never going to be a best seller, but it's a real engineer's book on process. If you aspire to push the state of the art forward beyond today's Agile and DevOps ideas, this book will show you a deeper and more rigorous way of thinking about product development processes.
DevOps.com sits down with Julian Dunn, product manager for Chef about the new open source Habitat, a project to automate applications and a bold new offering from one of the leaders of the DevOps world.
You can find out more about Habitat at https://www.habitat.sh/
Also you can find more about Habitat and Chef at the upcoming ChefConf in Austin, the week of July 11, 2016. https://chefconf.chef.io/
DevOps.com had a chance to catch up with IBM CTO DevOps Technical Sales and distinguished engineer Sanjeev Sharma. Sanjeev tells us a little bit about his upcoming panel at Gene Kim's DevOps Enterprise Summit, London.
DevOps.com editor-in-chief Alan Shimel sits down with Nathen Harvey, VP of Community Development. Nathen gave us his insight into the importance of security and compliance scanning while code is still on the developers work station. Security and compliance is everyone's responsibility and the earlier in the process it is done, the easier it is. Chef is playing a leading role in this mission and Nathen tells us a little bit about what they are doing. You can find more at http://www.chef.io/compliance.
DevOps.com editor-in-chief Alan Shimel had a chance to sit down and speak with Christian Beedgen, CTO and co-founder of Sumo Logic. We speak about what is driving innovation at Sumo Logic, what challenges the market is facing with making intelligent analysis of the many sources of information available. While only a short conversation, Christian gives us some great insight.
We sit down with Gene Kim to discuss the upcoming DevOps Enterprise Summit London 2016. Gene shares some of his own picks for highlights of the show and what to expect at this first DOES event in London. You can get more info about the event at http://events.itrevolution.com/eu/
I had a chance to speak with Mike Pittenger, Black Duck Software about DevOps and open source. Mike and I also discussed Docker/Container security a bit, as well as the general state of the tech industry.
DevOps.com sits down with Michael Azoff, principle analyst at Ovum about three recent matrix reports on application release management, DevOps release management and Agile release management. The transcript of this conversation is available on DevOps.com
I had a chance to sit down with Pete Cheslock and Chris Gervais of Threat Stack to talk about DevOps and Security. Pete and Chris are two sharp people and so it was a great discussion. Hope you enjoy another DevOps Chat from DevOps.com
IBM's Rachel Reinitz on the Bluemix Garage Method and the upcoming InterConnect conference
February is open technologies month here at DevOps.com. The open enterprise is also a theme of IBM's InterConnect conference later this month. I interview IBM distinguished engineer Dan Berg to talk about open technologies and their effect on the open enterprise.
In this episode of DevOps Chats, we interview Rosalind Radcliffe, distinguished engineer at IBM about several topics including InterConnect 2016, Febraury 21-25 in Las Vegas, bi modal IT, systems of record and of course DevOps.
IBM's Mustafa Kapadia explains the Value Stream Mapping Workshop that he delivers to clients and he recently presented at cdSummit: SoCal, as well as the overall state of DevOps
I sat down with Sam Guckenheimer of Microsoft to talk about how he led the transformation of Microsoft Visual Studio to Visual Studio Online, a SaaS based offering. Along the way Sam and his team developed the 7 habits of successful DevOps, based on their experiences.
DevOps.com editor in chief, Alan Shimel chats with Sunil Rajasekar, CTO of Lithium Technologies on how leaders can help in transforming their teams to success
A discussion with ElasticBox CEO about their recent survey on the "Value of DevOps" and why senior IT leaders should care.
A conversation with IBM Director of DevOps and Developer Marketing about InterConnect 2016, IBM’s Premier Cloud and Mobile event taking place on February 21-25 in Las Vegas. The event is expected to draw over 20,000 attendees, delivering 2,500 sessions, workshops and labs in 10 major topic areas – including hundreds on DevOps – and many networking opportunities.
Alan Shimel, Editor-in-Chief of DevOps.com, chats with Gary Gruver, author of "Leading the Transformation: Applying Agile and DevOps Principles at Scale".