New Distributed Agile Framework

I am working on a new Distributed Agile Framework with my team mates Hugo Messer, Savita Pahuja, and Arjan Franzen. Our latest post can be found on InfoQ. We welcome feedback and comments on the framework draft that we can incorporate as we iterate on our next version.

https://www.infoq.com/articles/be-agile-distributed-teams

screen-shot-2017-02-11-at-2-58-03-pm

screen-shot-2017-02-11-at-3-33-04-pm

—————————–

If You enjoy Auspicious Agile you can support us on Patreon – https://www.patreon.com/AuspiciousAgile

Also support Auspicious Agile by shopping on Amazon using the links below!
https://www.amazon.com/?tag=auspiagile-20

Advertisements
Tagged with: , , , , , , ,
Posted in Agile, Agile Framework, agile manifesto, agile methodology, Agile Scaling, Agile Teams, Business Agility, Collaboration, Communication, Distributed Agile, InfoQ, Kaizen, Large Scale Scrum (LESS), Leadership, lean, SAFe, Scrum

DevSecOps Putting Security at the Heart of DevOps

DevSecOps RSA Conference 2017 in San Francisco and DevSecCon in Singapore will both take place in February, and point to the trend toward merging DevOps and security, a combination called DevSecOps.

DevSecOps – the combination of DevOps and Security (or SecOps) – is a new trend making its presence known across the internet, industry and conferences.  With DevSecOps RSA Conference 2017 in San Francisco and DevSecCon in Singapore coming up in February 2017 we take a closer look at this new trend.

DevSecOps puts security squarely in the middle of DevOps.  No longer treating security as an afterthought, or as a one time review in a traditional or waterfall project context.  So what is DevSecOps?  

DevSecOps.org says that “The mindset established by DevSecOps lends itself to a cooperative system whereby business operators are supplied with tools and processes that help with security decision making along with security staff that enable use and tuning for these tools.”  

The DevSecOps Manifesto defines:

  • Leaning in over always saying “no”
  • Data & security science over fear, uncertainty and doubt
  • Open contribution & collaboration over security-only requirements
  • Consumable security services with APIs over mandated security controls & paperwork
  • Business driven security scores over rubber stamp security
  • Red & blue team exploit testing over relying on scans & theoretical vulnerabilities
  • 24×7 proactive security monitoring over reacting after being informed of an incident
  • Shared threat intelligence over keeping info to ourselves
  • Compliance operations over clipboards & checklists

Shannon Lietz of DevSecOps.org also offers five foundational principles of DevSecOps:

  1. Customer focused mindset
  2. Scale, scale, scale
  3. Objective criteria
  4. Proactive hunting
  5. Continuous detection and response

Are practitioners and voices across the internet and social media supportive of DevSecOps?  Here are some of the opinions about DevSecOps:

According to TripWire.com contributor Tim Prendergast security professionals are now becoming viewed more as peers than simply approvers at the end of a project.  This is giving security professionals a seat at the table so that security can be more proactively addressed by teams.

CSOOnline looks at the variations of DevSecOps found in the wild – SecDevOps, DevOpsSec.  Jamie Tischart of CSOOnline likes the SecDevOps variation better as it “puts security first”.  CSOOnline has this to say about DevSecOps:

“The last one is DevSecOps. Literally, you can expand this to completing development, then reviewing and automating for security, and then deploying and operating. This articulation hopes to catch the security concerns before they are deployed to the world but are not as incorporated into the overall process as SecDevOps. Certainly DevSecOps has the benefit of focusing on security before introducing a vulnerability to the the wild, but it is not security-focused in every activity.”

TechBeacon also speaks to the many names which apply with the addition of names like rugged DevOps.  Chris Romeo in his TechBeacon article speaks of a perceived need for a standard name.

“This gives us a hint as to the disconnect that exists within security in DevOps. It’s still the wild west. There is no standard that defines security for DevOps, and the chances of a standard ever developing is small because different organizations are doing things their own way, and can’t even agree on a standard name. And while there is a standard for the secure development lifecycle (ISO/IEC 27034-1), few organizations are ever validated against it .”

In his Sonatype blog Derek Weeks posits that there is strong evidence that DevSecOps has picked up significant momentum in 2016.  Derek points to the November 2016 Gartner release of its report on DevSecOps.  Gartner’s inclusion of DevSecOps indicates that the trend is becoming mainstream, as Gartner’s focus is on mainstream technology topics and not early adoption topics.

Other voices in the conversation on DevSecOps range from private sector, to the open source Community with many conferences.  In the private sector HP notes that the inclusion of security into DevOps is a hot topic.  HP notes that the different terminology indicates that security is an addition to DevOps rather than an integral part of it (at least in the current state).

In the open source community there are multiple meetups on DevSecOps including one in Singapore and another in the US in San Diego.  The Singapore meetup description indicates that:

“DevOps is a cultural shift for more and more organisations, bringing speed and innovation benefits that surpass other SDLC methods. But some of the principles of DevOps aren’t quite aligned with how companies of all sizes will need to incorporate and embed security into this shift. DevSecOps provides a path forward for the transformation and helps companies to shift security to the left so that everyone can take responsibility for it.”

The DevSecOps Dojo is another location on the Web for updates on what is happening in the world of DevSecOps including article updates and a DevSecOps Twitter feed.
A range of several recent (and upcoming) conferences also show how pervasive DevSecOps has become.  DevSecOps RSA Conference 2017 has support from DevSecOps.com, Sonatype, and RSA Conference. A previous DevSecCon recently took place in London, and will be held for the first time in Asia in February.  DevSecOps was also a featured topic at the recent 2016 IT Expo London.


If You enjoy Auspicious Agile you can support us on Patreon – https://www.patreon.com/AuspiciousAgile

Also support Auspicious Agile by shopping on Amazon using the links below!
https://www.amazon.com/?tag=auspiagile-20

A useful reference on DevOps is the Phoenix Project by Gene Kim – http://amzn.to/2q5Sshe (Amazon)

(Affiliate)

Tagged with: , , , ,
Posted in Agile, Cyber Security, DevOps, DevSecOps Manifesto, News, Security, Toolchain, Uncategorized

Agile and The Design Sprint

Agile and The Design Sprint – This week’s Auspicious Agile video blog takes a look at the Google Ventures Design Sprint. We cover several applications including Venture Capital, Innovation Labs, Hackathons, and Agile Product Teams.


If You enjoy Auspicious Agile you can support us on Patreon – https://www.patreon.com/AuspiciousAgile

Also support Auspicious Agile by shopping on Amazon using the links below!
https://www.amazon.com/?tag=auspiagile-20

Google Ventures Design Sprint – http://www.gv.com/sprint/

(Affiliate)

The “Time Timer” used in Google Design Sprints can be found here.

(Affiliate)

Also useful for Design Thinking and Design Sprints – white board wall sticker:
(Affiliate)

Tagged with: , , , , , , , , ,
Posted in Agile, agile methodology, Agile Teams, Design, Design Sprint, Design Thinking, Disruption, Entrepreneurship, Ideate, Innovation, Large Scale Scrum (LESS), lean, lean startup, Learning, Product, Prototyping, SAFe, Scrum, Software Development, Venture Capital

My Latest InfoQ News Piece – DevOps Deis Helm Release for Kubernetes

 

Deis Helm Major Release Improves Kubernetes Usability

screen-shot-2016-10-28-at-7-56-15-am

——————-

If You enjoy Auspicious Agile you can support us on Patreon – https://www.patreon.com/AuspiciousAgile

Also support Auspicious Agile by shopping on Amazon using the links below!
https://www.amazon.com/?tag=auspiagile-20

Tagged with: , , , , ,
Posted in DevOps, InfoQ, Kubernetes, News, Toolchain

The Culture Change of DevOps (Video Blog)

This week’s Auspicious Agile Video Blog takes a look at the culture change of DevOps. DevOps requires more than just adopting tools, it also requires changes in culture and the way we work. Here we look at several culture aspects in DevOps to consider.

Here are some of the links and resources mentioned in the video blog:

– Xebia Labs periodic table of DevOps – https://xebialabs.com/periodic-table-of-devops-tools/

– Phoenix Project by Gene Kim – http://www.realgenekim.me/

———————-

If You enjoy Auspicious Agile you can support us on Patreon – https://www.patreon.com/AuspiciousAgile

Also support Auspicious Agile by shopping on Amazon using the links below!
https://www.amazon.com/?tag=auspiagile-20

http://amzn.to/2q5Sshe (Affiliate)

– Dan Pink Drive – https://www.youtube.com/watch?v=u6XAPnuFjJc

(Affiliate)

– Auspicious Agile first blog on culture change of DevOps – https://auspiciousagile.com/2016/02/20/the-culture-change-of-devops-and-your-career/

– Mirco Herring, DevOps Leadership Culture – https://notafactoryanymore.com/tag/devops-culture/

Tagged with: , , , , , , ,
Posted in Agile, Agile Adoption, agile manifesto, agile methodology, Agile Teams, Ansible, Budget, DevOps, Docker, Finance, Flow, Innovation, Jenkins, Leadership, lean, Servant Leadership, Software Development, Toolchain

SAFE Agile Contracts

This week’s Auspicious Agile video blog takes a look at the Scaled Agile Framework (SAFe) approach to Agile contracts.  This blog is a continuation of the series on Agile contracts.

The first blog post in this series can be found here – https://auspiciousagile.com/2014/11/08/agile-contracts/

The related Scaled Agile Framework Blog post can be found here – http://www.scaledagileframework.com/agile-contracts-and-safe/


If You enjoy Auspicious Agile you can support us on Patreon – https://www.patreon.com/AuspiciousAgile

Also support Auspicious Agile by shopping on Amazon using the links below!
https://www.amazon.com/?tag=auspiagile-20

– Varidesk height adjustable standing desk – (Amazon)

Useful Reference:  SAFe4 Reference Guide

(Affiliate)

Tagged with: , , , , , , , , , , ,
Posted in Agile, Agile Adoption, agile business, agile enterprise, Agile Framework, Agile Manager, Agile Project Manager, Agile Scaling, Budget, contracts, Finance, SAFe, Scrum, Software Development

Discuss Agile – Agile & DevOps Scaling Tour Webinar

The Agile Scaling and DevOps Tour compares some of the most popular Agile scaling methods today including SAFe, LESS, DAD, Spotify, Nexus and Scrum-of-Scrums. The DevOps portion of the tour covers how Agile and DevOps are related, and aspects of the DevOps Toolchain. Together Enterprise Agile and DevOps are powerful tools for achieving business results, learn how by watching this Webinar.

Full YouTube Playlist is => here

http://www.discussagile.com/event/agile-devops-scaling-tour/

Screen Shot 2016-07-21 at 8.25.15 PM

—————————-

If You enjoy Auspicious Agile you can support us on Patreon – https://www.patreon.com/AuspiciousAgile

Also support Auspicious Agile by shopping on Amazon using the links below!
https://www.amazon.com/?tag=auspiagile-20

http://amzn.to/2q6j9Cj

Tagged with: , , , , , , , , , , , ,
Posted in Agile, Agile Adoption, agile enterprise, Agile Scaling, DevOps, Disciplined Agile Delivery, Large Scale Scrum (LESS), NEXUS, SAFe, Scrum of Scrums, Shu-Ha-Ri, Toolchain
%d bloggers like this: