DevOps Enterprise Journal Fall 2022 Overview

We are proud to announce the publication of the Fall 2022 DevOps Enterprise Journal. In this issue, we present guidance papers from the eighth annual DevOps Enterprise Forum, which brings together the brightest minds in correct DevOps, Agile, Lean thinking, and the new ways of working that are necessary to meet the challenges of the technological revolution.

This year, in addition to industry leaders and experts from across the enterprise technology sector, we welcomed two groups from the US Department of Defense to discuss the unique challenges the armed forces face in meeting the technological challenges of today and tomorrow.

Over the course of the three days, this group worked together to identify and create written guidance for the top problems facing the technology community, including information security vulnerabilities like the Log4j supply chain event of 2021; the continued importance and challenges of effective modern leadership; the ongoing and evolving role of the platform; and much more.

In this post, we provide an overview of each of the eight papers in the Fall 2022 DevOps Enterprise Journal (free to read here).

Good Consulting

Senior leaders and managers will likely need the help of a consultant at some point. However, despite the clear need for consultants, many consulting engagements still fail, ending over budget, overdue, and with underwhelming results. This paper provides practical ways for clients to make the most out of their consulting engagements, including how to approach a consultant, how to set expectations, and how to successfully offboard the consultant, leaving both the client and consultant satisfied. Although this guide is written for clients, consultants can also leverage it to meet client expectations and develop a clear understanding of the client’s needs.

Building on “A Leader’s Guide to Working with Consultants: Moving from Consultant Dependency to Building Internal Capability,” published in the Fall 2021 DevOps Enterprise Journal, this guide focuses specifically on engagements where the consulting company is instrumental in delivering a new capability in the form of a product or service (i.e., delivery engagements).

As you read through this guide, the authors take you on a journey through epic stories of success and failure, leaving you with a clear picture of what good consulting can look like and how you can make your next delivery engagement a success!

Get the Good Consulting paper.

Software is Eating the Battlespace

Soldiers, sailors, airmen, marines, and guardians rely on complex firmware and software systems to carry out complex missions in their interconnected battlespace. Each “smart” asset in our arsenal sharpens the spear and must be adaptable to a changing operational landscape. Over a decade ago, the commercial industry recognized that “software is eating the world” and embraced the power of software to transform business value generation.

The US DoD must also transform to achieve mission objectives. This is often approached by the adoption of new technologies. However, to truly transform the modern “smart battlespace,” we must redefine expectations using a modern mindset, iterative processes, and a culture open to learning and sharing. We must unleash the “boots behind the keyboard” to empower a new breed of warfighter to execute operations in ways we have not yet harnessed within national defense.

We know how to load out marines and insert them onto a beach. But, how do we load them out and insert them into a digital battlespace? First, this paper provides strategies for this new digital battlespace, beginning with a series of considerations critical to preparing the battlespace. Next, we address the landscape of this new battlespace, the enclaves within it, and how we deploy operations (e.g., grant access) to that digital beach. Finally, we explore the journey we face within the DoD to reinvent, retool, and retrain our service members for their missions in this new digital battlespace.

In this paper, we present ideas and strategies that emphasize creating value for the warfighter and that add efficiency to the war-fighting enterprise. While the mission of service in the DoD is a noble cause, we must continue to foster cultures, technical platforms, and shifts in expectations that will motivate future members of our services to innovate ways to deter war and defend the United States.

Get the Software is Eating the Battlespace paper.

Responding to Novel Security Vulnerabilities

In early December 2021, rumors about a remote code execution vulnerability in Log4j began circulating on social media, and it was quickly dubbed Log4Shell. Over the next three days, those rumors were confirmed, an additional vector was found, and the immense scope of the vulnerability became clear. Log4j, a logging library used in Java development since 2001, could be provoked into loading code from an attacker’s host.

The vulnerability was found in on-premises software, software as a service (SaaS), and internally developed applications. Vulnerable versions of Log4j were in organizations’ applications’ direct dependencies and in their transitive dependencies. It was embedded in vendor products, including monitoring, visualization, and security tools. Mitigating this vulnerability required companies to change application configurations in anything Java-based. Remediating it required dependency updates, testing and deployment cycles, and redeployment of vendor software.

In the aftermath of this vulnerability, some organizations responded quickly and with relative efficiency. Others lost days before even beginning their response. In spring of 2022, some organizations were still struggling to fully complete their remediation. There is much we can learn from these differences among organizations, and this paper attempts to capture and synthesize some of those learnings.

Get the Responding to Novel Security Vulnerabilities paper.

Overcoming Barriers to Industrial DevOps

The adoption of Industrial DevOps principles is uneven across the value streams of complex systems and the supply chains contributing to regulated, cyber-physical systems at scale. The purpose of Industrial DevOps is to intentionally apply the principles across all functional areas contributing to the system’s design, development, and deployment.

When there is a lack of alignment around shared principles, it inhibits the flow of value. Given that many large-scale cyber-physical systems have critical security and safety requirements, alignment across the value stream is even more important, as these systems provide a critical infrastructure that underpins civilization and our international security.

One of the largest builders of large cyber-physical systems is the US Department of Defense (DoD). In October of 2020, Dr. Will Roper (Assistant Secretary of the Air Force for Acquisition, Technology, and Logistics) wrote a position paper entitled “Take the Red Pill: The New Digital Acquisition Reality,” where he illustrated these needs for the US Air Force.  He explains that DevOps needs to include everything from concept to delivery for cyber-physical systems. This means all safety, regulatory, certification, and quality features are built into the DevOps process, which is now often referred to in the DoD community as Dev*Ops (see Figure 1). Due to the safety and security needs of many cyber-physical systems, we integrate Dev*Ops into the Industrial DevOps principles. This paper specifically addresses concerns from the hardware engineering community and provides considerations to support their Industrial DevOps journey.

Get the Overcoming Barriers to Industrial DevOps paper.

Measuring Leadership

Who are your leaders? The answer to this question used to be obvious. Leaders were the individuals responsible for managing people. Often they were celebrated for being stern, appropriately distant, and swiftly decisive. The ability to command every situation with the deftness and authority of a silverback gorilla was a prize to attain. We are happy to share, those days are long gone.

Leadership in the twenty-first century has taken a turn for the better—a turn toward people. With this change, there is an increase in the prevalence and impact of informal leaders. These individuals are followed for their empathy and ability to empower others, rather than their title or placement on an org chart.

As more and more well-established companies find themselves undergoing transformation activities, it is critical that they also undertake a leadership revision.

“Interesting, but why?” you may ask. The answer is simple: leadership styles foster culture, which will facilitate the adoption and sustainability of whatever your “new” is. As such, whether your transformation activities are focused on DevOps/Agility/Lean development, new customer-interaction channels, or something else entirely, the cultures (both macro and micro) your organizations are made up of will enhance or detract from your transformation. Taking a proactive approach will guide leadership behavior and a culture shift in a way that adds value rather than detracts.

Get the Measuring Leadership paper.

The Role of a Platform

Adopting a “you build it, you operate it” (YBYO) model requires a company to provide an internal developer platform that enables developers to build and operate their products. This platform can standardize processes and enable (or enforce) recommended practices. However, the platform can potentially overwhelm engineers by increasing their cognitive load. This can lead to burnout, productivity problems, low morale, and high attrition. A well-built platform can reduce cognitive load and lead to enhanced productivity, making compliance with standards easy, while also becoming a competitive advantage.

A product delivery platform is not just to ship applications but to be a vehicle for standardization that can ease compliance with recommended practices and simplify the daily work of engineers, all while reducing cognitive load.

Doing it right is not easy. It puts a high burden on the platform’s creators, especially if care and attention aren’t dedicated to product management and usability. However, the investment required to provide a capable platform is amortized across teams supported by the platform, and it will grow in value like any other product. It is a requirement for success.

This paper appeals to senior technical leaders who seek to build systems that enable software-engineering teams to work at their fullest potential and quickly deliver quality software and services.

Get the Role of a Platform paper

The Developer Platform

This paper discusses the emerging concept of the developer platform. It is written for senior leaders, especially on the infrastructure and operations (I&O) side of large enterprises. It has never been easy being an I&O leader. As vividly portrayed in The Phoenix Project, traditional infrastructure organizations are often overloaded, surprised by development initiatives, and prone to destructive multitasking and queuing issues. Infrastructure organizations bear the brunt of criticism from developers and other enterprise stakeholders; their lack of responsiveness leads to frustration. This can result in developers seeking greener pastures elsewhere.

This paper will examine what “good” looks like in terms of current developer platforms and the ways in which many organizations fall short. It will cover how to realize the value of a developer platform from engineering, product, and business perspectives.

This paper provides guidance on: what it takes to extract value from a platform, recommendations of approaches and techniques, model for maturation and scale case studies of enterprises sharing their
experience

Get The Developer Platform paper.

Organizing for Success

Winning the future fight requires fully unleashing technical capabilities across the US Department of Defense (DoD) and other government agencies. Developing software at speed and scale is crucial to that effort. In February 2022, Deputy Secretary of Defense Dr. Kathleen Hicks charted a path forward by releasing the DoD Software Modernization Strategy, arguing that “delivering a more lethal force requires the ability to evolve faster and be more adaptable than our adversaries.”

However, government software efforts lag behind. Operating at greater speed and agility is absolutely essential to winning the future fight. After surveying approximately 30 government software efforts, some key attributes as to what is going wrong are clear—first, it is not a technology issue. Instead, it is organizational—most DoD software efforts are not achieving desired war-fighter outcomes because they are not organized to succeed. Our findings reinforce prior research that indicates the greatest challenges with DoD software are “non-technical challenges dealing with regulations, organizational culture, and process.”

Get the Organizing for Success paper.

- About The Authors

IT Revolution

Trusted by technology leaders worldwide. Since publishing The Phoenix Project in 2013, and launching DevOps Enterprise Summit in 2014, we’ve been assembling guidance from industry experts and top practitioners.

Follow IT Revolution on Social Media

• 
• 
•