Inspire, develop, and guide a winning organization.
Create visible workflows to achieve well-architected software.
Understand and use meaningful data to measure success.
Integrate and automate quality, security, and compliance into daily work.
Understand the unique values and behaviors of a successful organization.
Explore our extensive library of experience reports.
An on-demand learning experience from the people who brought you The Phoenix Project, Team Topologies, Accelerate, and more.
Learn how making work visible, value stream management, and flow metrics can affect change in your organization.
Clarify team interactions for fast flow using simple sense-making approaches and tools.
Multiple award-winning CTO, researcher, and bestselling author Gene Kim hosts enterprise technology and business leaders.
In the first part of this two-part episode of The Idealcast, Gene Kim speaks with Dr. Ron Westrum, Emeritus Professor of Sociology at Eastern Michigan University.
In the first episode of Season 2 of The Idealcast, Gene Kim speaks with Admiral John Richardson, who served as Chief of Naval Operations for four years.
Weekly discussion around “Deming’s Journey to Profound Knowledge” with author John Willis.
VIRTUAL — Helping leaders succeed and organizations thrive (formerly DevOps Enterprise Summit).
Venue: Fontainebleau — Helping leaders succeed and organizations thrive (formerly DevOps Enterprise Summit).
DevOps best practices, case studies, organizational change, ways of working, and the latest thinking affecting business and technology leadership.
Is slowify a real word?
Could right fit help talent discover more meaning and satisfaction at work and help companies find lost productivity?
The values and philosophies that frame the processes, procedures, and practices of DevOps.
This post presents the four key metrics to measure software delivery performance.
Learning from Log4Shell/Log4J
In early December 2021, rumors about a remote code execution vulnerability in Log4j began circulating on social media, and it was quickly dubbed Log4Shell. Over the next three days, those rumors were confirmed, an additional vector was found, and the immense scope of the vulnerability became clear. Log4j, a logging library used in Java development since 2001, could be provoked into loading code from an attacker’s host.
The vulnerability was found in on-premises software, software as a service (SaaS), and internally developed applications. Vulnerable versions of Log4j were in organizations’ applications’ direct dependencies and in their transitive dependencies. It was embedded in vendor products, including monitoring, visualization, and security tools. Mitigating this vulnerability required companies to change application configurations in anything Java-based. Remediating it required dependency updates, testing and deployment cycles, and redeployment of vendor software.
In the aftermath of this vulnerability, some organizations responded quickly and with relative efficiency. Others lost days before even beginning their response. In spring of 2022, some organizations were still struggling to fully complete their remediation. There is much we can learn from these differences among organizations, and this paper attempts to capture and synthesize some of those learnings.
This paper provides clear guidance on how to respond and prepare for novel security vulnerabilities.
This paper was written by experts in information security who have real-life experience addressing security vulnerabilities.
This paper uses a real-life security incident to help show organizations differing levels of response.
This paper takes learnings from all over the industry and synthesizes them into an easy-to-digest set of tactics.
VP Engineering and Chief Architect at eBay
Innovative technology leader
Speaker, author, leader, evangelist, engineer, researcher, and disruptor in developer relations and experience
Author of Making Work Visible
Dr. Tapabrata "Topo" Pal is a thought leader, keynote speaker, evangelist in the areas of DevSecOps, Continuous Delivery, Cloud Computing, Open Source Adoption and Digital Transformation. He is a hands-on developer and Open Source contributor. Topo has been leading and contributing to industry initiatives around automated governance in DevOps practices. Topo resides Richmond, Virginia with his wife and two children.
Information Security and Compliance Practices
Attestation of the Integrity of Assets in the...
A Novel about DevOps, Security, Audit Compliance,...
