Continuous Security in Continuous Delivery – LondonCD meetup June 2017

This is part 1 of a 4-part series of articles based on discussions at the LondonCD meetup group on 12 June 2017. The other posts are linked at the end of this article.

How do we continuously address security concerns with modern software development? That was one of the questions we discussed and tried to answer at LondonCD meetup group on 12 June 2017. “The yearly PEN test is dead!”, said one person, meaning that reliance on an infrequent, specialist test to address all security problems is simply not good enough any more.

Office Lens 20170612-201113

Continue reading Continuous Security in Continuous Delivery – LondonCD meetup June 2017

The transformational power of Continuous Delivery

I was recently asked to answer some questions about Continuous Delivery for someone’s undergraduate university research. The questions were interesting, so here are my answers 🙂

  1. What do you feel are the benefits of adopting Continuous Delivery?
  2. How do you feel adopting Continuous Delivery has affected your development cycle?
  3. Do you think Continuous Delivery is an important approach for a company to pick up, If so Why?
  4. How do you think Agile compares to more traditional models like Waterfall?
  5. What is the biggest change you’ve noticed since adopting Agile?
  6. What do you foresee in the future for these models in the industry?

1. What do you feel are the benefits of adopting Continuous Delivery?

The benefits of Continuous Delivery are huge:

  • Greater focus on finishing and shipping.
  • Increased awareness of need for setting up the work to enable feedback and learning.
  • Sense of ‘flow’ within teams.
  • Decisions made using actual data rather than opinions alone.
  • Higher quality software.
  • More joy in work.

(Can I stop yet?)

2. How do you feel adopting Continuous Delivery has affected your development cycle?

(Answering on behalf of our clients) Continuous Delivery has helped us to increase the ownership over software and focus on the value-add things that our organisation produces, rather than ceremonies around testing and releasing.

3. Do you think Continuous Delivery is an important approach for a company to pick up, If so Why?

Yes: adopting CD properly can be truly transformative for the organisation as a whole. IT becomes a means to receive rapid feedback on product/marketing/service offerings, allowing the business to invest more wisely and do more with less risk and lower costs.

4. How do you think Agile compares to more traditional models like Waterfall?

Agile is woefully misunderstood (as was Waterfall) so in that regard, they are similar (!). Truly agile organisations are rare because agility challenges entrenched, comfortable positions within an organisation. Agile done well really makes the nature of an organisation transparent.

5. What is the biggest change you’ve noticed since adopting Agile?

(Answering for our clients) We’re able to improve the software delivery part of the process, but this has highlighted the lack of clarity and vision in the Business.

6. What do you foresee in the future for these models in the industry?

We’re starting to see a backlash against Agile and DevOps already, because people misunderstand or misrepresent what’s going on. Things like SAFe seem to be rebranded PRINCE2 which is a shame. Essentially, many organisations are going to fail because their management does not see the need to change.


At Skelton Thatcher Consulting we have put together a handy Continuous Delivery checklist template (on Trello) to help you assess the things you need to address within your organisation:

2017-03-20--cdchecklist.info

See cdchecklist.info 

 

Slides from talk on Rancher + GoCD at Amsterdam CD meetup

I gave a talk at Continuous Delivery Amsterdam meetup group on 08 Feb 2017:

Using Rancher for highly available deployment services with GoCD and TeamCity

Tools like GoCD and TeamCity are excellent components of advanced Continuous Delivery deployment systems. They help us focus on deployment pipelines and the flow of changes, rather than “builds” or “environments”. We can further enhance these tools by using frameworks like Rancher to manage GoCD and TeamCity as highly available, always-on deployment services. In this talk, we’ll see how to use Rancher to run deployment pipeline tooling like GoCD and TeamCity, and how this lets us focus on the important parts of Continuous Delivery: getting changes to Production safely and rapidly.

The slides are here:

(Thanks to my colleague Rich B for his sterling work on Rancher+AWS)

The other talk (from Wouter Lagerweij) on testing in a CD world was really excellent – the slides are here: http://www.slideshare.net/wouterla/testing-in-a-continuous-delivery-world-continuous-delivery-amsterdam-meetup

Slides from Team and Monoliths talk at Velocity Conf EU, Amsterdam, 7 Nov

I gave a talk at Velocity Conference Europe 2016 called How to break apart a monolithic system safely without destroying your team based on work we have done at Skelton Thatcher Consulting over the past few years with various organisations.

Slides:

The slides are on Slideshare at http://www.slideshare.net/SkeltonThatcher/teams-and-monoliths-matthew-skelton-velocity-eu-2016 and the video of the talk will be online soon.

The main take-aways from the talk are:

  • Recognise that by starting with the needs of the team, we can avoid cognitive overload, thereby making future development more sustainable
  • Understand the type of monolith you are dealing with (there are many kinds of monolith)
  • Consider using Code Forensics (see Your Code as a Crime Scene)
  • Find the natural ‘fracture planes’ in your code and work with these
  • Instrument the monolith before splitting it up
  • Understand data flows and fault responses
  • Split off one segment of code at a time, considering the cognitive load for the team

There is quite a bit more in the talk itself, including the effect of Conway’s Law, the benefits of monoliths, and real-world examples from client engagements.

teams-and-monoliths-summary

A big thanks from me to the organisers of VelocityConf for their hard work, to the audience in my talk for some excellent questions, and to the speaker selection panel for choosing my talk (!).

How and why to run internal tech conferences – InfoQ article

In an environment of rapidly-changing technology and approaches, an internal tech conference can be a powerful and effective way of spreading new ideas and practices and sharing learning & experience. Having organised and run several internal tech conferences (at different organisations), Victoria Morgan-Smith and I decided to write about our experiences in an article for InfoQ: Internal Tech Conferences – How and Why. We also interviewed several other people from various organisations who have also run internal tech conferences in order to give a broader perspective.

Our aim was to inspire and enable other people to develop and run internal tech conferences in their own organisations, building on the experiences of the teams and organisations in the article.

In this article we draw on our personal experience of running internal tech events at companies we’ve worked with, along with reflections and advice from people at Paddy Power Betfair, Callcredit Information Group, ING and others. You’ll find further reading & listening material at the end of the article – there is so much inspirational work happening in so many organisations.

1

Key points from the article are:

  • Software engineering today is as much about people as the technology itself: an internal tech conference can give a huge boost to your organisation’s social capital – that currency by which relationships flourish.
  • The format you choose for your internal tech conference depends on what you want to achieve from it: it can be “by the people for the people”, or a showcase to celebrate achievement. You can keep the audience or speakers to just a single department, or invite other divisions, or even invite external speakers and/or audience.
  • Making the event a success takes effort: choose your speakers well, and mentor themas they prepare their talks. Work on the logistics – it’s the little things that count.
  • Remember to have fun: ‘death by PowerPoint’ will mean people remember the event for the wrong reasons!
  • Follow through: for a lasting impact, keep sight of the outcomes you seek and be ready to work with others to keep the momentum going.

We hope that the article is useful for people thinking of running or improving their own internal tech conferences!

Thanks to everyone involved: people we interviewed, the amazing InfoQ team, and to my co-author Victoria Morgan-Smith.