DevOpsDay Raleigh 2019

Conference badge

I attended the 2019 DevOpsDays Raleigh and really enjoyed it. Here are my take-aways and highlights from my favorite talks. The live-stream video of talks are on the DevOpsDays Raleigh YouTube channel and the individual talk videos should be up by mid-November.

1. General Thoughts

DevOpsDays Raleigh
  • Don’t forget culture during your transformation
  • Don’t focus on finding a single root cause for an incident. There’s rarely a single event.
  • Failures are great opportunities to learn
  • VPs don’t get much respect as these events. Lots of jokes at our expense. :)

2. Culture

Know Your Numbers

by Anne Hungate

I had seen Anne preview this talk at the local meetup but really enjoyed it a second time.

Here’s what I liked:

  • Her list of the reasons why companies execute projects
  • “Right people working on the right projects at the right time.” to make sure your best people are working on the most important projects.
  • Her belief that like the retail apocolypse, there is a digital apoloclypse for companies not ready to move fast with DevOps.

Expand Your DevOps Practice

by Marguerite Bryan

I attended this workshop without really knowing what it was about. It turned out to be a nice workshop on value streams and being Lean.

Here’s what I liked:

  • DevOps is about culture and lean processes as much as technology
  • A fast DevOps approach and pipeline will be useless if ideas/projects are approved on an annual budgeting cycle or a Change Control Board only meets quartlerly
  • The We Believe hypothesis template. I’ve seen this before in design thinking workshops and it was nice to see someone else recommend it. This is a great simple way to test a hyptohesis.
We believe that: [doing this]
for: [target users/people]
will achieve: [this outcome]
We’ll know this is true when:
[this condition]

We believe that offering $25 gift cards to sign up new free-tier customers
for existing customers
will achieve an increase in sales of the premium subscription service.

We'll know this is true when 25% of the new customers have purchased 
the premium service.

Avoiding the Infamous DevOps Team!

by John Esser

This talk focused on when to bring any separate, innovative DevOps teams back into the main business engine of standard work. I think some people missed this main point and focused too much on the somewhat controversial topic of what not to name the team.

Here’s what I liked:

  • His stories of early DevOps conferences
  • The advice to not let innovation teams exist separately for too long before bringing them back into the main business engine.

3. Tech

Just Enough Feature Flagging

by Dave Rogers

Here’s what I liked:

  • Very interactive session with the Story Time breaks to discuss deployment issues and feature flags with your seat neighbor
  • Last few slides summarizing common mistakes and good ideas

Build and Monitor Machine Learning Services in Kubernetes

by Kirk Kaiser

I think confidently deploying and monitoring AI/ML services will become a huge focus area for organizations as they want the value of data science but with the deployment and testing rigor of engineering.

Here’s what I liked:

  • Description of the differences between AI/ML work and workloads from traditional application development
  • Good list of deployment tools:
    • Kubeflow - ML toolkit for kubernetes
    • TensorRT - Inference server
    • Pachyderm - Version control for ML data and pipelines
    • NVIDIA container registry - registry of GPU and ML containers

Intelligent Deployment Pipelines

by Martez Reed

Here’s what I liked:

  • Smart focus on environmental awareness to determine if it’s a good time to deploy
  • Intelligent checks:
    • Are the services and servers available before we deploy?
    • Are the required security groups available (in case another group is responsible for that)?
    • Any there any open network outage tickets that should make us pause the deployment?
    • Is there really high traffic on the application now?
    • Has there been any major infrastructure drift?

4. Security

DevSecOps: How to level up your organization’s security expertise

by Ann Marie Fred

This was the start of a series of security-focused talks. I enjoyed all of them, but this was my favorite.

Here’s what I liked:

  • Great summary slide of tradition IT security vs. DevOps security
  • Focus on active hacks vs. theorectical hacks!
  • IBM open-sourced their npm_audit_fixer tool

Did Netflix Inadvertently Figure Out How to Better Secure the Cloud?

by Ricardo Green

Here’s what I liked:

  • Misconfigured IAM is a huge risk
  • Who gets alerted if ports are opened? S3 buckets made public?
  • Use drift detection to help automate remeadiation
  • Use required tags as part of drift strategy
  • Chaos engineering has benefits for security as well

Open Source Container Security: A Brief Overview

by Jessica Repka

This one was honestly over my head but I knew that many of my colleagues would like it.

Here’s what I liked:

  • Good overview of Anchore Engine (scan images for CVEs and apply policies), Falco (image deployment prevention), and Sysdig Inspect (capture logs for forensics)
  • Jenkins plug-in information

The DevOpsDays series of conferences are a great (and cheap!) way to quickly get up to speed on current best practices. You should definitely try to attend one of your local events.