Is It Odd to Shift Left Becoming Elite Devsecops Performers Prt283

Title

AWS re:Invent 2022 - Is it ODD to shift left? Becoming elite DevSecOps performers (PRT283)

Summary

  • Colin Falwell, field CTO at Sumo Logic, discusses the importance of integrating DevOps and SecOps to stay competitive in the market.
  • He introduces the concept of Observability-Driven Development (ODD) and emphasizes the need for elite DevSecOps performers.
  • Falwell highlights the complexity of modern systems, the necessity of log aggregation, and the prevalence of burnout in the industry.
  • He presents a case study from Red Hat showing a high percentage of security breaches and outages among Kubernetes users, suggesting the need for better processes and rigor.
  • The talk covers the concept of process capability (CP) and its historical relevance, drawing parallels to modern SRE practices.
  • Falwell stresses the importance of high-quality data, breaking and rebuilding systems regularly, and the need for a framework for metrics.
  • He discusses the characteristics of high-capability process organizations, including the use of open-source libraries and autonomous CI telemetry pipelines.
  • Observability-driven development is presented as a method to get immediate feedback from production, with the goal of deploying directly from a developer's laptop to production.
  • Falwell outlines best practices for observability-driven development, including the unification of data, understanding the voice of the customer, and avoiding lazy calls.
  • He concludes by discussing the traits of elite performing teams, the importance of automation, and the benefits of being an elite performer, such as increased market expansion and success in mergers and acquisitions.

Insights

  • The shift-left approach in DevSecOps is becoming increasingly important for organizations to remain competitive and secure in a fast-paced market.
  • Observability-Driven Development (ODD) is a key strategy for achieving elite performance in DevSecOps, allowing for immediate feedback and rapid iteration.
  • The complexity of modern systems and the acceleration of change necessitate a uniform approach to CI/CD processes and toolchains.
  • High-capability process organizations leverage open-source libraries and maintain autonomous, consistent, and declarative CI telemetry pipelines.
  • Elite performing teams are characterized by their ability to deploy multiple times per day, have a short lead time for changes, low change failure rates, and quick time to restore service.
  • Automation and standardization are critical for achieving the speed and reliability required by elite DevSecOps teams.
  • The use of open-source tools and libraries, such as OpenTelemetry, is encouraged to maintain control over telemetry data and avoid vendor lock-in.
  • The importance of high-quality data and the ability to discern the cause of deviations quickly are emphasized for maintaining a capable process.
  • The talk suggests that organizations should focus on continuous improvement rather than reaching a state of maturity, as IT is continually evolving.
  • The benefits of being an elite performer extend beyond technical capabilities, including better market expansion opportunities and success in mergers and acquisitions.