OMGWTFBBQDEVSECOPS; how to give a DevOpsDays vendor pitch;

The Difference Between DevOps & DevSecOps

In this longer blog post, I go over how I've finally come to think about what DevSecOps is.

A summary of what the post covers:

• A secure software supply chain – This is a fancy way of saying "we know all the components that went into building and deploying this software and trust those components." It also includes the actual CI/CD pipeline that you trust and that's resistant to third parties including malicious code, as we've seen happen in recent years.

• Improved culture and collaboration – Increasing collaboration and understanding between developers and security staff. As with many governance practices, with security, the governed (developers) and the governors (security staff) usually have an antagonistic relationship. Developers see security as unstoppable masters of "no," and security people see developers as clueless coders. Well, that relationship isn't helpful! As with DevOps, transforming "culture" to be more helpful is part of DevSecOps.

• Automation and guardrails – Automating security policy enforcement, and providing defaults and templates to make it as easy as possible for developers to write secure code and applications configuration from the start. Historically, verifying that developers are writing secure code has been a manual, error-prone process. Much of this can be automated now with good platforms.

Read the rest!

Things that help companies get better at software

When we standardized and enforced controls in the CI/CD pipeline the quality improved dramatically. Everyone knew the standards they were held to. - "Global Bank"

Here is an April 2020 McKinsey report that tries to show a relationship between being good at software and making money. I don't know math enough to judge these kinds of models (as with the DevOps reports too), but, sure!

Here's their relative ranking of how various developer tools and practices help:

How to Give a DevOpsDays Vendor Pitch

When you sponsor DevOpsDays, you get a 1 to 2 minute pitch. I used to give a lot of these, they're fun if you make them fun! Here's the advice I gave a co-worker who's doing one soon:

To say that you “should not do a pitch” is not helpful. Of course you should give a vendor pitch, you paid for this! You just need to pitch it like a person, not “stay on script.”

You have two minutes, do something like this:

1. First, thank the organizers for putting together this event. It’s all volunteer done so it’s a huge investment of time for those people.

2. If there's someone (including you!) talking at the event, mention their talk - the speaker's name, topic, and time of the talk.

3. If you know the topics people have been talking about, narrow down to your pitch starting from there. “Well, there’s been a lot of talk about getting kubernetes up and running, focusing on building a ‘platform’ for developers, and, as always some observablity.”

4. Then, “let me tell you what we’re doing at VMware. We have a full-on application development stack now, and tools for managing and running kubernetes, as well as an open source kubernetes distro ready for you to use. We’ve got a stack with everything - well, most everything - you need to help out your developers and operators when it comes to improving how they do software. You know, getting software out the door weekly, if not daily to do all that ‘digital transformation’ stuff.”

5. “We have developer tools and frameworks like Spring and API management; the developer support and services you layer on-top of kubernetes to make it all self-service and developer toil free; and the operations tools you use with kubernetes to keep it up and running and secure. And, if you want, we’ve can hook you you up with a kubernetes distro, or you can use whatever distro and public cloud services you want. Our stack will work with all the great ones!”

6. “If you’re curious, you should start with the Tanzu Community Edition (go to tanzucommunityedition.io), it’s free and built on open source components. We’ve got all sorts of stuff you can pay for if you’re into that. Just come by the booth and check it out.”

7. If there's free stuff (schwag) at the table/booth, mention that in a flippant way: "we've got some free stuff at the booth, like some pens and stickers, and some weird charger - come get them, we don't bite and won't make you talk with us. We have to ship this stuff back, so we'd prefer to get rid of it."

8. Thanks!

Try to be as normal as possible and be as off-brand as you feel comfortable being. Don’t, of course, say bad things about VMware (or anyone else) - more roll your eyes at hype-y phrases and ideas. Act however you’d act when you’re relaxed with friends. The people at DevOpsDays are an extremely friendly crowd, they want you to succeed and even be your friend if you seem normal.

Finally, if you can hit the time limit a few seconds under, it will be impressive and cool, and that good feeling will be your reward.

Engaging with People at the Table/Booth

At the table/booth, people will be hesitant to come up, so if you see someone looking at the booth, say something like "want a free sticker/book/pen/etc.?" Tell them they can take two, or three even. If they stick around, they want to talk.

Ask them "so what do you work on?" Some people are confused by this question, so you can clarify by saying "I mean, like, at work." This usually gets them to start talking. You just ask them questions like "what do you think of that? Is it fun?" Always give them an out to leave - that is, let them keep asking questions instead of you. Then remind them to take more stuff and say "well, enjoy the rest of the show!"

Relevant to your interests

How do you know when a business leads with technology? “what does it mean to lead a business with technology? Well, a business that leads with technology is a business that: Employ technology in support of revenue growth and customer experience rather than using IT for greater cost take out, integration, etc. Growth is technology’s Job 1 in the digital economy and business that lead with technology are not afraid to use it. Have a clear understanding of their priorities, goals, and strategies. Businesses that lead with technology know what they must have and can tell you the actions or changes required to achieve their goals, particularly goals that are not expressed solely in financial terms.”

Perforce to acquire infrastructure as code pioneer Puppet

Hopefully it won't be like Progress acquiring Chef! Also, I need to think about what it means for DevOps- and open source-think that both of these companies were purchased by PE-ish firms - maybe nothing! Maybe something!

Engage with my brand!