DevExec World + DevLead Conference
Wednesday, February 17, 2021
Talk to executives in IT divisions of large enterprises about security and invariably the conversation will hover around
Is DevSecOps the only thing you need to do for security in your IT division or is there more?
What impact does bringing in secure culture in an engineering context mean?
What handshake is needed between the IT function and the security / risk function for large enterprises?
How does this impact roles and responsibilities of a developer?
This talk is an attempt to answer questions such as these using a real world examples of transformations seen in Fortune 100 companies.
If you’ve been someone like me, been in the industry for a while, and have completed years as an engineer, you might have this difficult question: What’s next? Shall I continue on the technology ladder or explore the possibility of tech leadership path. A lot of companies like Intuit will have a career path split, usually after the senior engineer level: technical or management path. So which one should you pick? Usually, the choice is very clear for engineers who want to stay in technology. However, there are people like me indecisive, not sure which choice to make.
A lot of people deal with this dilemma, in this session, I will unpack of responsibilities to Engineer and Manager aspects of this role. For e. How as an engineer this role becomes the flag bearer of Operational and Technical Excellence of the product development. And as a manager make a high performing team by Hire/Grow and Retain and effective Team and People Management.
In the end - Technical managers are a special breed, requiring both technical savvy and people skills. It’s an interesting work, at times the technical aspects will need more attention, sometimes it’s the people aspects. In this leadership role, we can create a bigger impact than by writing code myself.
In this training session, we will learn how to convert best practices on performance and scalability to a cultural behavior and keep our apps at a performance state-of-art, preventing loads, and improving our emergency playbook.
We will learn how to plan, design, and execute preventive performance tests, collect, and interpret the right metrics and how to act on emergencies.
Thursday, February 18, 2021
How can IT deliver the rapidly increasing feature backlog with not so rapidly increasing developer pool? How can IT leverage the legacy workforce that once was on the leading edge of tech but over the years became more known for business expertise than the cutting edge tech we need them to be experts on? How can we make that work force churn out code rapidly using latest tech without them having to learn intricate details of the underlying tech? How can we enable everyday deploy without having to hire a large pool of dev ops engineers? Come learn Low Code No Code Development that will address these issues.
While the Lo Code No Code movement has been evolving for a few years now, what’s really emerging is the pace at which the providers are increasing their market cap. Added to that trend is the acquisitions of some of these by the Cloud providers - AWS, Microsoft and Google. Enterprises will start looking at options beyond the Cloud in the next few years and this is why, it’s really important to fully evaluate this for applicability in your enterprise. IT Executives need to have their Strategy and Architecture teams evaluate this NOW to make an impact on planning for future.
In this session, we will go over those platform trends briefly but will focus on areas of an enterprise that can potentially benefit from this technology. Attendees an walk away with an understanding of the potential footprint this tech is best suited to occupy, potential benefits of this tech, ways to exploit the non-traditional workforce in IT development, and an understanding of potential pivot points in the tech transformation efforts that are currently underway in their organizations.
Building and marinating a five 9s system isn’t just about the tools and technologies. Development culture has a big part in how you keep a system available while scaling it up and supporting more features, users, and locations.
A healthy learning culture, supporting the development, not repairing mistakes, and identifying weak points is another tool in the engineering toolbox.
In this talk, we will discuss how to create a learning culture using debriefs, what to avoid, and how to instill change in an engineering organization.
We hear it all the time; Management has a list of requirements for a new product line. The design team is tasked with designing; the dev team is tasked with building, and after reading 1,000 grueling feature requirements everyone reluctantly signs off on a release date.
Then the real fun begins. The design team gets creative. The dev team gets technical. Product requirements are incorrect (or missed), Ego’s collide, and the whole team stresses to meet rapidly approaching deadlines. Where did the communication break down? Why can’t team members all speak the same language? We’re here to tell you that they can, and it starts with process.
During this presentation, we’ll show you how to train your team to work more effectively together and how to establish a “common language” to overcome cross-disciplinary obstacles. This talk will highlight case studies, examples, and procedures the audience can use to better their lives and their product development lifecycle.
Features are the Future
Over the last 15 years, organizations have had difficulty with the entire software delivery process, but two artifacts in particular became a recurring problem. The problem stems from the Goldilocks principle: one of these artifacts is much too big to overcome efficiently, and one of them is much too small to make a significant impact, so we need to find the one that is just right.
The artifact that is much too small would be the individual build. In fact, organizations and individuals often obsess over the individual Build. Builds are important, but in the grand scheme of things, they are often too small to make a significant difference in a short period of time. The artifact that is often too big, that many are trying to improve with Agile practices, is the Release, which was an arduous 18-month-long process.
So what artifact is “just right?” As the user, what we really care about are the Features: the stuff we use and interact with all the time to make our daily lives better. However, the systems we have today haven't advanced to the point where software features are the nearest proxy for customer value. In other words, the feature must be at the forefront of the UI.
In this talk, I will share why features are the proxy for value and explore the different levels of abstraction for the “just right” aspect of a Feature in order to shift people's mindset from thinking in terms of Builds or Releases, to thinking in terms of the customer and business value. I will share tactics to address the Goldilocks problem and how to have these discussions at the right level of the software in order to make prioritizations, decisions, and discoveries.
What Attendees Will Learn:
A different perspective about software delivery, which will help them make better decisions about which features to pursue and builds/releases to postpone.
Learn why features are the future and how they are the perfect middle-ground between individual builds and major releases.
How to ultimately break free from the Goldilocks problem of software delivery.
Context switching between your IDE, Github.com, JIRA, Terminal, and Slack is no way to optimize collaboration and it results in countless hours of distraction and lack of focus, hurting code quality. Team alignment and productivity depend on just the right mix of collaboration and staying in the zone. Extensible IDEs are opening the door to great innovation in developer workflow. Turning the IDE into the true Hub of the development flow is the best way to integrate the essential tools into a cohesive and streamlined process. In the future, your code host, issue tracker and messaging app will be placed where they belong: In your editor. Here we will discuss how such an integration should happen, and we will spell out the benefits that accrue to the individual developer, the team and the organization.
Legacy software supply chain “exploits," such as the now famous Struts incident at Equifax, prey on publicly disclosed open source vulnerabilities that are left unpatched in the wild. Conversely, next-generation software supply chain “attacks” are far more sinister because bad actors are no longer waiting for public vulnerability disclosures. Instead, they are taking the initiative and actively injecting malicious code into open source projects that feed the global supply chain. By shifting their focus “upstream," bad actors can infect a single component, which will then be distributed “downstream” using legitimate software workflows and update mechanisms.
Next-generation cyber attacks actively targeting open source software projects have increased 430% year-over-year. From February 2015 to June 2019, 216 such attacks were recorded. Then from July 2019 to May 2020 an additional 929 attacks were documented.
Next-generation software supply chain attacks are possible for three reasons:
Open source projects rely on contributions from thousands of volunteer developers, and discriminating between community members with good or malicious intent is difficult, if not impossible.
Open source projects themselves typically incorporate hundreds — if not thousands — of dependencies from other open source projects, many of which contain known vulnerabilities. While some open source projects demonstrate exemplary hygiene as measured by mean time to remediate (MTTR) and mean time to update (MTTU), many others do not. The sheer volume of open source and massive number of dependencies makes it difficult to quickly evaluate the quality and security of every new version of a dependency.
The ethos of open source is built on “shared trust” between a global community of individuals, which creates a fertile environment whereby bad actors can prey upon good people with surprising ease.
When malicious code is deliberately and secretly injected upstream into open source projects, it is highly likely that no one knows the malware is there, except for the person that planted it. This approach allows adversaries to surreptitiously “set traps” upstream, and then carry out attacks downstream once the vulnerability has moved through the supply chain and into the wild.
Historically, data security has been an afterthought — something that others handle; the IT team will handle it after our software goes live, the client will handle it with hardware. In today’s environment of large-scale data breaches, data security as an afterthought is too little too late.
Application and data security should be part of every design and product roadmap discussion just like functionality, stability and user experience. The more mobile the data needs to be, the more agile the solution needs to be. By shifting security conversations to early in the product development lifecycle instead of after code has already been released, software organizations can save money, better differentiate their offerings and scale more effectively in the long run. This session will discuss important design considerations for application-level security and how to select tools and methods that support your software architecture instead of dictating it.
A constant refrain among leaders in development is that while there are innumerable candidates for any given job, finding someone with the right skills is often impossible. Developers blame HR for recruiting the wrong candidates. New recruits are difficult to ramp up to productivity and many don't work out at all. The recruiting and hiring cycle lengthens and no one is happy.
The problem, however, is not with individual recruitment pools, HR policies, or company geography. The real problem is with an ecosystem for training developers that is broken on every level.
With everything from University programs producing degreed computer scientists to boot camps graduating "full-stack" developers within weeks, one might think that filling developers' roles was easy-- But the plethora of contemporary training opportunities have only added complexity and noise to the milieu.
In this session, award-winning online instructor Mark Lassoff, will discuss the problems endemic in developer training and make suggestions that any company can implement to start fixing the problems. Lassoff has taught over 1.5 million developers online and thoroughly understand the upsides and limitations of the current training models.
After this session, you will be better equipped to recruit, onboard, and retain entry-level developers. You will also be better positioned to advocate for industry-level change so that there is a better match between those completing training and the opportunities awaiting them.
You know you need top talent. But recruiters have annoyed you for years. Or they've done the heavy lifting and now that you're looking to build your own team - you're stuck. This session will show you how to set a talent strategy, look beyond your network and engage directly with the people you want on your team.Attendees will leave with tools, templates and a new deeper understanding of talent acquisition. This will be a spam free session! It doesn't work and everyone hates it!
The process of hiring has always been simple: candidates apply, they are interviewed, sometimes given a task or test to complete, then they are hired. But what if the future of hiring was still simple, but used complex AI to find the perfect candidate? Vivek Ravisankar, Co-Founder & CEO of HackerRank, says AI in hiring is now becoming essential, but that’s not all. In order to scale your teams successfully, companies need to start utilizing new hiring tools, but they also must be using those tools correctly. Right now, we need to rethink AI’s current and future role in hiring, so Vivek will dive deeper into the benefits and challenges of using AI while recruiting and how AI will play an important role in sourcing and hiring as we move forward in an increasingly digital world where face-to-face options aren’t readily available anymore.
What Steps do you take in Creating a Diverse and Inclusive High-Performance Organization. We are looking for great conversation and lots of learning, sharing, and collaborating on all things surrounding this topic: "What’s your role in fostering an effective and high-performance remote product engineering culture?" The thing I'm most excited to hear about from this community: what are your top lessons learned in 2020.
Friday, February 19, 2021
When starting to build your team, what are you looking for in a candidate? Technical skills? Leadership skills? Ability to get things done? Over the past decade, I have built and managed many engineering teams, and when I looked back on my 10x developers and looked at what differentiates them from the others, I noticed that it wasn't necessarily superb technical skills or years of experience, but rather their sense of ownership.
In this talk, first, I will convince you why ownership is so essential to your engineering culture. I will explain why, if you own something, it makes you care a bit more about it. Why once you feel accountable for your deliveries and your domain will welcome responsibility gladly. And why ownership might starts with your territory and field but tend to grow and to increase your influence globally, not just locally.
Having people that care about the value they bring to your team, to the entire R&D, and your company’s goals are so fundamental, I believe it is one of the critical building blocks for creating a healthy and prosperous engineering culture. So, I will share how to look for a sense of ownership in a candidate. What kinds of questions you should ask in an interview to spot it, and how to make the right recruiting choices. And will share some tips and tricks, how to define and measure ownership in your existing team members, how to encourage them to take more responsibility for themselves, and why this is important - not just for the company's sake but also for their own.
Building a team of individuals with a sense of ownership who can work together will genuinely make the whole more significant than the sum of its parts and will maximize your team's full potential.
Breaking changes are sad. We’ve all been there; someone else changes their API in a way you weren’t expecting, and now you have a live-ops incident you need to fix urgently to get your software working again. Of course, many of us are on the other side too: we build APIs that other people’s software relies on.
This talk will cover how you can:
(a) Get really good at identifying what changes *might* break someone’s integration
(b) Help your API consumers to build integrations that are resilient to these kinds of changes
(c) Release potentially breaking changes as safely as possible
Companies have long relied upon static analysis to secure their code, but the typical process with delayed results and high false positive rates is painful for developers and generates unnecessary work for security engineers. A recent trend is changing that. Code analysis tools are increasingly delivering better developer experiences, coverage of a broader set of bugs, and improving results over time. These improvements allow a much tighter integration into modern agile development processes, shifting left the detection of reliability and security issues. Google and Facebook have pioneered this new model of static analysis that involves broad deployment of extremely scalable analysis tools (billions of lines of code / thousands of commits per day) and have collected and published extensive data on its impact on code quality. Amazon has also used static analysis to streamline certification and compliance tasks. With development teams more distributed than ever, tools like static analysis become increasingly critical for development organizations to overcome the loss of productivity and risk to code quality.
In the last few years, Roblox has grown into a massive online platform with over 150 million users and a diverse global community of 2+ million creators on the platform. In the past year, the company has doubled the developer team internally to meet the needs of the platform. With two sets of developer communities, Roblox has thoughtfully nurtured and scaled each to create a thriving, inclusive environment that makes it easy for developers of all ages and skill levels to be able to create compelling content for millions of players across the globe. In this talk, Roblox VP of Developer Relations Matthew Curtis will highlight the key management principles that helped Roblox foster and manage not just the creator community, but also the internal developer team including enabling self-organization, removing friction and fostering cooperation.
We all know that out of box thinking is a highly valued competence that is deeply sought in all fields to attain exponential growth. But it also is truly exhausting to be different from others at the table, so why not just comply? Isn't the mold there for a reason? Learn about tools to identify, self-examine, strategize and break the mold leading yourself to new horizons and own your success.
The intention of this conversation is to raise some relevant questions about the relationship with the developers. Do companies need this? Is important? Is there a real impact when promoting an incentive program for developers?
Today, product development teams are more global and diverse. Working with different cultures brings benefits of different points of view and perspectives. Research has found that diverse teams are more innovative. However without the right framework can become dysfunctional. Organizations are becoming more intentional on building a global mindset in product development by building diverse teams. In this talk, we will review the benefits of diversity, how to create a global mindset in teams and building a culturally competent organization.
The one question I'm asked more than any other when talking about working at GitLab is: wait, you don't have any offices? That is often followed by a confused look or the direct question: How?
Writing down decisions, asynchronous communication, measuring results, not hours. Companies often aspire to these goals...however in an all-remote company, they aren't aspirational - they are requirements. GitLab has grown from 9 people in 2014 to over 900 people in 55 different countries with a valuation of almost $3 billion.
In this talk, we'll discover some of the not-so-secret sauce that GitLab has leveraged to achieve this growth. On this journey, our values have remained the same. We value collaboration, results, efficiency, diversity & inclusion, iteration, and transparency. And we've done all that without having any office, headquarters, or anything that looks like one.
PRO SESSION: The Persuasion Equation - How to Effectively Communicate Results to People Who Don’t Want to Listen
This session will present a winning workflow for Analysts, Developers and Engineers to harness the power of persuasion with data. Attendees will hear how to present the results of their data science, projects or analysis and drive their audience to act on those results.
My experience with presenting my work in data science to people who then became inspired to act on that work, when they initially didn’t want to listen. I call this “The Persuasion Equation”. It's how I found a way to make my voice heard within an organisation, and it’s the difference between insights and action.