DOES Europe 2021

The definition of a Security Champion according to OWASP is “an active member of a team that may help to make decisions about when to engage the security team.”
In a time of growing high profile attacks on software supply chains across the world - most recently Dependency Confusion and the SolarWinds breach - building a security culture in your development teams has never been so important. 
Robbie Tyrie, Information Security Manager at Aegon, has implemented security champions in a number of enterprise organisations including Tesco Bank, JP Morgan, Virgin Money and NHS Scotland. Join Robbie as he shares his step-by-step Playbook. 
Learn how to: 

• Create a problem statement
  
• Identify the champions 
  
• Define the role
  
• Create communication channels between dev, sec and ops 
  
• Gain management buy-in
  
• Create a security culture 
  

This session is presented by Sonatype.

A story of how Vodafone broke through inertia and learned behaviours to achieve the cultural and behavioral changes it needed to transform from a Telco to a Technology business. How, with a huge will and determination to transform but no clear path ahead, we chose endless KPIs to harness and 'measure' our transformation - but found that after the early quick wins had dried up (although they did deliver value) we plateaued and couldn't break through to the real transformation.

After truly realising (not just reading about) the **cultural ** significance of the journey, and appreciating that the outcomes, not the journey, is our focus - OKRs began to change our behaviour from the ground up and the momentum and progress began to organically drive itself.

Today we're delivering value faster, happier and more frequently than ever!

Visma embedded security into their DevOps transition from early on. This has led to advances in both fields that makes words like DevSecOps, SecDevOps redundant. DevOps seasoned with security is natural, fun and really empowering for the DevOps teams.

Espen shares the Visma story in a fun and engaging way for those that want to avoid security becoming a delay in DevOps and rather control it from the Developers perspective and accelerate development.

Every organisation faces different problems when transitioning to a DevOps focused culture and large organisations can present more challenges than most. In this case study, I’ll share our experiences of how we put DevOps Theory into practice in a 3500-developer organisation; what worked for us, what didn’t work and the areas we are still working on 2.5 years into the transformation.

Through automation, we standardised CICD pipeline creation, which saved each team weeks of effort per pipeline. Automation enabled teams to take full advantage of the built in DevOps capabilities such as Shift Left on Security and Continuous Integration. Extending the automation into custom dashboards enabled teams to visualise their progress towards Continuous Delivery and take action where appropriate.

Cloud cost management has always been a key pillar when it comes to architecting a successful cloud environment well. However, with cloud spend in 2021 showing no sign of stopping, paired with the directly implied shift from CapEx to OpEx, doing a quarterly review of your cloud consumption is no longer enough.
Combining aspects of Financial Management, Cloud Operations, Demand Management and the core disciplines of Procurement; FinOps aids organisations in driving modern Cloud Finance Operating models, by aligning one’s Cloud Adoption Journey and Cloud Spend to Engineering Efforts and Business Initiatives
The benefits an organisation can expect as a result of moving towards a FinOps Model are:

• Setup for the Future: A pathway to a Financial Operating model that is better aligned to the dynamics of Cloud computing
• Improved Decision Making: The ability to make financial decisions driven by data as the key source; resulting in a more optimised consumption of IT services
• Traceability of Decisions: Providing organizations with a financial trace, one that aligns business decisions to the cloud spend incurred
• Empowered Product Teams: Providing them with the autonomy, visibility and responsibility to make their own financial decisions, whilst operating within the guardrails established
• Optimised Cloud Spend: ensuring every penny spent on Cloud services is done using the optimal service offerings available and making use of the appropriate financial incentives and consumption models the Cloud Service Providers have to offer

This talk will cover:

• How to Bring Your Finance Functions into your Cloud Adoption
• What is FinOps? How does it help?
• Understanding the Core building blocks for successful FinOps function
• Establish a Financial Trace between your Cloud Spend, Engineering Efforts, and Business Initiatives
• What is the FinOps Foundation (finops.org) and the benefits that it offers

Simple right? It should be. Delivering reliable software is an important part of accelerating your digital transformation. Teams often need to get back to the basics of their software development and delivery lifecycle. They do this using insight they can derive from understanding the value flow through their delivery toolchain. With a focus on value stream management and catching security defects early, delivering application reliability depends on automation across both the DevOps and AIOps ecosystem. Join this session to hear stories and insights from simplifying the delivery toolchain by implementing GitLab Ultimate for IBM Cloud Paks and using IBM Automation to collate and orchestrate your deployment into production.

This session is presented by IBM.

Nationwide’s Infrastructure organization is on a journey to execute DevOps and Technology Product practices throughout the organization. Starting with the Identity and Access Management team, Nationwide has been able to transform the way Infrastructure delivers outcomes to consumers through several common DevOps practices. In this session you will learn how the Identity and Access Management team transformed; providing value and transparency to its consumers by utilizing the principles of product delivery including:

• Agile delivery capabilities
• Defined product ownership models
• Transparent financials through unit cost
• Moving from a project to product mindset
• Redefining the Engineering Role to support development and product delivery capability

Learn how you can use these examples to implement quicker delivery, transparency, and prioritization into your team to not only support value driven outcomes for consumers, but more engaged engineers.

What will it take for companies with complex legacy landscapes to quickly sense changing business needs and continuously evolve in response? As several of them embark on the digital transformation journey, the opportunity to transform into agile, responsive beings, at enterprise scale, is a compelling one. The opportunity to be a Live Enterprise. Our vision for Infosys as a Live Enterprise is to position our 300K+ workforce at the sensing-feeling-responding core of the company, with the ability to seamlessly interact with and continuously learn from our client and partner ecosystems. To realize this vision, we are reimagining our employee experience, our core business processes, and all our enabling IT systems and infrastructure. This means focusing on personal productivity, nurturing zero-latency in processes, ensuring just-in-time data for decision-making, driving hyper-productivity and facilitating continuous learning to instill new patterns of sentient behaviour.

Our session tells the story of how Infosys IT went through this transformation, primarily focusing on the Agile and DevSecOps adoption and automation at scale to transform the delivery of IT systems to be sentient, faster, reliable, resilient and scalable. Along with the technology transformation to modernize IT applications and systems, Infosys Distributed Agile & DevSecOps Model was adopted to transform Ways of Working and DevSecOps practices. To enable and accelerate this adoption, an *enterprise-grade platform* that empowers teams with codified engineering practices and AI/ML driven insights for faster and secure releases, was employed. Infosys DevSecOps Platform is a Cloud native, ‘NoCode’ DevSecOps platform built on sentient principles powered by AI/ML driven insights, with security built in across the value stream. The platform significantly eased the adoption of modern technologies due to it's out-of-the-box CI-CD support and its metrics driven visibility across portfolios guided in managing the KPIs and goals. Through its self-service model, it accelerated the adoption of SOX compliant release automation pipelines governed by templates and gating w.r.t to code quality, security and automation coverage.
Through this session, we share our learnings from this massive transformation led by a platform approach, touching areas around people, process, technology and tools transformation.
The landscape involves diverse technologies (Angular, JAVA, Service fabric, Android, IOS, Docker, Kubernetes, Python, Cloud, PostgreSQL) and environment agnostic (On-premise / Hyperscalers) container-based deployments. Platform approach helped in moving from from Docker Swarm to Kubernetes and Nexus to JFROG.

INFOSYSIT has delivered DevSecOps automation at scale – 150+ applications, 700+ pipelines, 100K+ builds & deploys. DevSecOps practices at INFOSYSIT automated code quality analysis, Continuous testing have resulted in 100% increase in the no. of releases per month, 50% improvement in Deployment Lead time, 48% defect reduction and 15% ticket reduction due to better quality releases.

CROZ is a mid-sized professional services company with around 300 tech-oriented people. We use our technical, domain, and organizational expertise to help our clients build better products and achieve their business goals.

About CROZ
Our mission is to provide superb and professional IT solutions to enterprise customers by ensuring IT service whose level of quality surpasses customer demands. We do this by maintaining and growing a sustainable community of capable, constantly growing, and accomplished employees, along with satisfied enterprise customers who keep coming back to us.
Our vision is to become the first option for every complex organization that wants to have a superb IT solution. We want to be recognized as a reliable partner who promptly solves challenges in integration, modernization, team organization, and in development of new systems.
But moving away from corporate statements, this is who we are in a nutshell:
“We aren’t a crazy new age fashionable IT agency. We don’t care about the media attention. We know and trust our clients and never let them feel like they are competing for our time. We are a safe and strong community of exquisite engineers and we aspire for continuous professional greatness both for us and our clients. Our work ethics means being concise and meticulous. Our favorite projects are very challenging and highly complex. The only way we agree to move forward is by excelling in our fields of expertise day after day, leaving no loose ends behind.”
We operate across Europe with some of the customers located in North America and the Middle East. Our customers mostly come from financial, telco and government sectors. We are particularly proud of the collaboration with companies such as Nationwide, Santander, HSBC, The Royal Bank of Scotland, Lloyds Bank, Raiffeisen Bank International, Vodafone, Deutsche Telekom Group, and Telefonica. Apart from these industry sectors, we are active in other sectors as well, with customers such as Howco, Bosch, Scania, European Space Agency, WestJet, Airbus, AGCO, Baker Hughes, and BP plc.
Throughout the years, we have successfully delivered more than 600 mostly enterprise-level projects with customers in 18 countries. There aren't many industries we haven't tackled and we are proud that every new customer remains our trusted and long-term partner.
The problem we encountered
With the speed of innovation higher than ever and the technology more complex than ever, we realized that our existing teams couldn't keep tabs on every moving part in the new technology stack that was emerging in the cloud.
Apart from working with our clients on designing and implementing new features, our teams became overwhelmed with the nuances of the underlying technology platform. Additionally, with each team using the platform as they saw fit, we experienced a proliferation of delivery process variations and various practices to use the platform. It wasn’t even clear what a platform is.
The net effect we have observed was people spending time designing their variation of the delivery process and reinventing existing practices. We have also observed a cumbersome team onboarding process due to the lack of standardization, and technical debt skyrocketing just before the major technology platform migration was to take place.
All of the above reflected in a significant decrease in the flow of value to the clients.
What did we do to overcome the problem?
Looking for a different way to structure our teams and coordinate work, we have found our inspiration in four fundamental team topologies and their interaction modes from the book Team Topologies.
A year after introducing the platform team and establishing interactions with the rest of the organization, we found that the new team structure better promotes collaboration and knowledge sharing, relieves cognitive load from existing teams enabling them to focus on delivering value to our clients, and serves as additional leverage for further organizational improvement initiatives.
Thinking in terms of four fundamental team topologies and three core interaction modes cleared up some ambiguities around roles and responsibilities in the delivery process. This enabled teams to focus on what they love and do best, motivating them to further build their skills. It also made the role of every team member in the delivery process transparent. No other past initiative produced such engagement among people.
In every sociotechnical organization, technology aspects and organization aspects are tightly intertwined. Looking back, we have changed the former without considering the latter and the system pushed back with a tangible manifestation through friction and bottlenecks occurring in the delivery process.
In this talk, we will share the experience of our on-going sociotechnical transformation, and changes that worked for us, but also some that didn't.
Krešimir Mudrovčić, Board Member at CROZ, describes the impact this organizational change had on our business growth.
"We had a strong track record in the South Europe region, designing and delivering complex IT solutions in enterprise environments. Our ambition was to further expand our operations across Europe and North America and collaborate with organizations that make an impact in their industries. Expanding our operations to these new markets put a strain on our delivery department in terms of efficiency needed to deliver new projects, but also in terms of implementing new technologies.
We understood that old delivery models and team organization that got us here, couldn't support our further growth. Improving our internal delivery organization and processes made us more efficient and more nimble in embracing new technology and sharing knowledge across the organization. At the end of the day, our revenue increased 70% while headcount grew only 10%. This is an increase in productivity that comes from the new organization. And we keep on promoting these organizational ideas with our customers, helping them reap the same benefits."

Since the publication of the book Team Topologies in September 2019, countless organizations around the world have begun to adopt Team Topologies principles for their digital operating model. In this talk, Matthew Skelton and Manuel Pais - co-authors of Team Topologies - explore some emerging patterns and trends of Team Topologies adoption. What do organizations find difficult to do? What challenges do organizations need to overcome to make the shift to a Team Topologies approach? What combinations of techniques work well?
Learn how organizations are:

• Using Team Topologies as a shared language across the organization
• Using Team Topologies together with Domain-driven Design (DDD) for effective boundaries
• Using Team Topologies with Wardley Mapping to increase situational awareness and decide how and what to build
• Using the principles of Thinnest Viable Platform and Platform as a Product to help build successful modern platforms

Understand the aspects of Team Topologies that can be more challenging including:

• Assessing team cognitive load
• Introducing product management and agile delivery practices for infrastructure platforms and data platforms
• Shifting from “compliance via manual inspection” to “compliance as code”

Increase your success with Team Topologies with these key insights from the authors of Team Topologies. 

This session is presented by LaunchDarkly.

It's easy to get discouraged reading books about industry best practices that say things like "always test in prod!" and "10 deploys a day!!" At times, they can make the goal of being a high-functioning DevOps organization feel out-of-reach for large enterprises, where changes to the way we operate take time to roll out. A few years ago, Vanguard started its journey to adopting Site Reliability Engineering across the IT organization, and that transformation effort is still underway today. In this talk, we will share where we started, how far we've come since then, and all of the steps we've taken along the way, as we've worked to evangelize changes to the way we measure availability, enable experimentation, leverage highly-available architecture patterns, and learn from failure.

As the digital demands of the business continue to escalate, software delivery teams are under extraordinary pressure to deliver more work faster. Speed, however, counts for little if these teams are not delivering a high-quality product of value; rapid turnaround for a feature request is futile if the feature doesn’t meet business needs! Despite limited visibility, competing priorities and siloed measurement, the goal remains the same – to continuously innovate and improve the flow of business value.

In this session, Justin Watts, Director of Agile Change at Lloyds Banking Group, and Adrian Jones, VP EMEA at Tasktop will discuss:

• The importance of end-to-end value flow, and respecting the laws of physics
• How to identify leading indicators to track and improve lagging measures
• Ways to empower teams to collaborate, share lessons learned, and capitalize on reduced time-to-market and velocity gains

This session is presented by Tasktop.

Three years ago, I presented a talk on the skills pipeline myth at ShmooCon, denoting that our ability to overcome our staffing and skills shortage is to look more broadly at the available talent and development channels that currently exist to address our shortcomings. Three years later, as the rise of DevSecOps out of DevOps has taken hold, an alternative model has adjust how we need to view the talent and skills pipeline to ensure we don’t put ourselves into a bigger hole and create a larger problem.

My first talk equated the typical mentality of technology staffing efforts to focus on direct or specialty skills to address each niche of the need for various security roles, rather than look at the needs based on the design of the complete ecosystem. My term of “firefighter”, were those specialists brought in to do a singular focused task, who were difficult to find for the role and resulted in premium pay and tightly scoped expertise. These are individuals brought in, often after an event has occurred or the organization has been told they need these skills or competencies.

Conversely, addressing the problem in the design phase, would expand the possible pool of talent to address issues that may not be specialists in a sole topic, but may encompass a broader range of skillsets. In this case, preventing accidental ignition through the implementation of controls, such as “safety matches” or other prevention and mitigation techniques. In this case, while solving a narrowly scoped issue can be viewed and “attacked” as a solution from different points of view and available resources.

With the movement of DevOps to DevSecOps, the model for both is a shared skill AND responsibility model. It is a reversed mindset to where the title of a DevOps or DevSecOps engineer relies on being a generalist to be able to be plugged in nearly anywhere, but may swing this concept to the extreme the other direction. In this case, nobody is potentially really good at anything, and thus impacts quality, reliability and security by expecting these roles to service every need.

In this talk I plan to see how we can find the middle and work towards solving our skills pipeline issues, but also adapt a successful shared responsibility model that adequately addresses the needs of modern architectures and service use models.

Application development is increasingly happening on low-code environments like Salesforce. These SaaS platforms offer simplicity and make it easy for business specialists to build applications themselves. But managing their end-to-end development process is often far more complicated than the development itself. Andrew Davis, author of the book Mastering Salesforce DevOps, will explain how Salesforce has grown from a tool for salespeople into a $30 billion company driving the creation of millions of jobs. We'll look at the unique challenges of DevOps for SaaS solutions and the options for addressing them.

In this talk Matt and Ilia will explain their journey to enable DevOps in a traditional program that supports route optimisation services for FedEx packages delivery. And how leadership behaviours, enterprise wide cooperation, engineering practices and shared quality mindset changed hearts and minds of people which resulted in supercharged delivery in this program.

In such a large enterprise it’s not possible to just start “doing DevOps” by a team and that’s it - there are organisational procedures and functions, established historically and distributed geographically, various delivery commitments to the customers, ongoing operations. In reality there is limited capacity for such moves. We all know the theory - everyone who is participating in value delivery needs to be “on board” in supporting the change:

• Leaders to model behaviours and allocate time for improvement.
• Change Management to make processes better so products can move fast.
• Security and Compliance, to shift left and let possible violations be caught at early stages.
• Infra and Architecture, to enable the ecosystem and let local architectures and solutions emerge.

This story is about such 360 degree cooperation, where leaders, various organisation functions and Agile Release Train teams joined their forces and made change real.

What will it take for companies with complex legacy landscapes to quickly sense changing business needs and continuously evolve in response? As several of them embark on the digital transformation journey, the opportunity to transform into agile, responsive beings, at enterprise scale, is a compelling one. The opportunity to be a Live Enterprise. Our vision for Infosys as a Live Enterprise is to position our 300K+ workforce at the sensing-feeling-responding core of the company, with the ability to seamlessly interact with and continuously learn from our client and partner ecosystems. To realize this vision, we are reimagining our employee experience, our core business processes, and all our enabling IT systems and infrastructure. This means focusing on personal productivity, nurturing zero-latency in processes, ensuring just-in-time data for decision-making, driving hyper-productivity and facilitating continuous learning to instill new patterns of sentient behaviour.

Our session tells the story of how Infosys IT went through this transformation, primarily focusing on the Agile and DevSecOps adoption and automation at scale to transform the delivery of IT systems to be sentient, faster, reliable, resilient and scalable. Along with the technology transformation to modernize IT applications and systems, Infosys Distributed Agile & DevSecOps Model was adopted to transform Ways of Working and DevSecOps practices. To enable and accelerate this adoption, an *enterprise-grade platform* that empowers teams with codified engineering practices and AI/ML driven insights for faster and secure releases, was employed. Infosys DevSecOps Platform is a Cloud native, ‘NoCode’ DevSecOps platform built on sentient principles powered by AI/ML driven insights, with security built in across the value stream. The platform significantly eased the adoption of modern technologies due to it's out-of-the-box CI-CD support and its metrics driven visibility across portfolios guided in managing the KPIs and goals. Through its self-service model, it accelerated the adoption of SOX compliant release automation pipelines governed by templates and gating w.r.t to code quality, security and automation coverage.
Through this session, we share our learnings from this massive transformation led by a platform approach, touching areas around people, process, technology and tools transformation.
The landscape involves diverse technologies (Angular, JAVA, Service fabric, Android, IOS, Docker, Kubernetes, Python, Cloud, PostgreSQL) and environment agnostic (On-premise / Hyperscalers) container-based deployments. Platform approach helped in moving from from Docker Swarm to Kubernetes and Nexus to JFROG.

INFOSYSIT has delivered DevSecOps automation at scale – 150+ applications, 700+ pipelines, 100K+ builds & deploys. DevSecOps practices at INFOSYSIT automated code quality analysis, Continuous testing have resulted in 100% increase in the no. of releases per month, 50% improvement in Deployment Lead time, 48% defect reduction and 15% ticket reduction due to better quality releases.

Progressive Delivery is the practice of decoupling deploy from release, allowing changes to be safely pushed all the way to production and verified there before releasing to users. Selectively dialing up and down the exposure of code in production without a new deploy, rollback, or hotfix is the foundation of Progressive Delivery, but the higher-level benefits of safety and fast feedback come from layering practices on top of that. Whether you are new to Progressive Delivery or are already practicing some aspect of it, you'll learn/refresh on the basics and then come away with a powerful model for layering higher-value benefits on top of that foundation.

This session is presented by Split.

We all know SRE as a growing engineering practice for IT operations. In fact, SRE is a modern ITSM framework that reimagines service management as an engineering practice with a singular goal of consistent reliability. This session will explore SRE in the context of ITSM with particular insight on how SRE approaches service level, change, incident, problem and capacity management. The session will also explore SRE as a self regulating ITSM system that most closely aligns with Agile and DevOps as three continuous flows of managing services.

As a Data-Driven company, adidas has strong demand for reliable, scalable and fast Data Analytics Platform.  
This presentation is about our solution how we enabled DevOps principles along with number of capabilities from the Accelerate book (like Continuous Delivery, Architecture for scaling) in the Data Warehouse domain. During the journey we convinced more than 10 teams around the world how DevOps principles bring them speed, high quality and empowerment in creation of data models and data pipelines. 
Now as the practices are adopted, 10+ teams are delivering Data for Analytics demands:

• independently from each other
• faster and with higher quality
• in smaller batches
• deploying changes to complex data models and pipelines on-demand multiple times a day instead of old fixed biweekly cycle.

Some details:
Our purpose is to increase speed and quality in delivering Data for Analytics use cases by:

• Increase quality of delivery in Data Warehouse environments
• Increase speed of changes
• Improve reliability of complex Data Models and Data Pipelines
• Improve reliability of deployments

Top challenges:

• Merging skills and ways of working of experts coming from Data Warehousing and Software Engineering backgrounds
• Finding Continuous Integration and Delivery patterns acceptable for Data models and pipelines
• Some tools in Data stack cannot be managed with the code
• Code (definition of the Database object) is tightly coupled with the data
• High complexity of atomic objects (e.g. a database view harmonizing KPI calculation from data points from multiple systems can contain several thousands lines of code)

Now that DevOps has been adopted widely, and much of the friction between development and operations has been reduced, organizations and their technical leadership want to learn how to address the next layer of friction, security. Or as it’s now being called, DevSecOps.Much like the Agile development models that preceded DevOps, integrating security into the development process is necessary for the faster creation of innovative and safe applications. Establishing a DevSecOps culture amounts to overcoming the friction between the silos within your organization, and the rest is engineering.Creating a DevSecOps culture requires the right technology, delivery processes, governance models, and cultural empowerment. By continuously assessing each of these pillars, your organization can establish a proactive DevSecOps culture.In this talk, viewers will learn:

• how to nurture a DevSecOps culture
• unite previously siloed roles of development, security, and operations and
• create a collaborative shared-responsibility paradigm.

The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns. In this session, we will explore how developers are targeted as a vehicle for malware distribution, how immensely we depend on open-source maintainers to release timely security fixes, and how the race to the cloud creates new security concerns for developers to cope with, as computing resources turn into infrastructure as code.

This session is presented by Snyk.

How do you transform your IT – technologies, workforce, skill and culture - while the business is - disrupted to its maximum?
How do you cope with losing 1/3 of your IT resources overnight?
How do you still increase your deployment speed?
How do you enable an international workforce to work seamlessly on new features?

TUI had started to transform its business and digital identity even before Covid-19 came around. The pandemic has obliged us to fasten, stop or change priorities dramatically and hence, had a noticeable impact on our DevOps journey, too. Yet, we decided to look at the good of the crisis and are still in the process of laying the foundation for our future – and it's going to be a bright one!

Examples are:

• Full remote working helped us integrate a lot of cross-cultural multinational teams with ease
• Communities and coaching of teams
• investment in the current workforce

The combination of Value Stream Management (VSM), DevOps, and Data-Driven Organizational Strategy is crucial to the long-term success of modern organizations in highly connected and competitive environments.
The challenge is that defining your VSM Strategy tends to go straight from Step B to Step G without any regard for everything that needs to happen from C to F. In order to understand how to support your Development Value Streams, you must understand the purpose for which your business exists, what exactly is the value that it delivers, and how do you measure the successful delivery of that value (hint: it’s not ROI). Once you know what your currency of value is and how you measure it, you still shouldn’t go straight to what systems you use to create that value.

Before you go to systems, you have to look at what business processes you use to execute your Operational Value Stream. Once you know what business processes you have in place, then and only then, can you truly define your VSM Strategy.

Our session will review proven success patterns and real examples of how clients have advanced their Value Stream Management practices to create better DevOps and Data-Driven Organizational strategies. We will also highlight common failure points and how to overcome them.

Imagine you have to scale operations to cater to more students than the largest education board in the country. Imagine the company growing at a breakneck speed and more services were being added while increasing the customer base. Imagine that a Pandemic hits and the scale has to be increased further.
That imagination came true a year ago.

And we have since then seamlessly scaled the BizOps without any hiccup mainly because of the automated Enterprise DevOps practices that were followed. The scale was not restricted to the systems alone, but the Dev team was doubled and automated DevOps enabled us to easily enable the teams to build-test-deploy, which at the peak reached 800 new builds a week.

This talk is to share an Enterprise BizOps story on how DevOps was preparing when the weather was fine anticipating rainy days. It has been an arduous and overwhelming journey that has a lot of learnings which included our failures and small incremental successes that led to the scale BYJU'S is at now - The World's largest EdTech company.

Welcome to our world where software applications are the critical driver of business performance. Every moment, business is won or lost based on the software we deliver to our customers. And the demands of the customer are ever growing. That’s why companies across all industries are prioritizing software delivery to get better, more secure and compliant software to their customers faster.

Nationwide Building Society is in the midst of an Agile transformation, driven by an exciting DevOps strategy. This strategy is enabling the secure delivery of new capabilities to ensure customer needs can be met faster, while meeting the compliance requirements necessary in a highly-regulated industry. Balancing developer innovation and autonomy with governance and compliance guardrails hasn’t been easy though. While their journey continues, Nationwide has made considerable progress, creating a modern, best in class software delivery architecture and culture, ensuring customer need is always front of mind.

The need for speed is proportional to the need for safety. So, how do you deliver new capabilities to customers faster without compromising security? How do you adapt existing DevOps workflows to assure governance and compliance? How do you deliver consistent value?

In this talk, Sacha Labourey, Chief Strategy Officer at CloudBees; Ben Angell, DevOps Engineering Lead, and Sanmat Jhanjhari, DevOps Lead at Nationwide will discuss the path they’ve taken and the lessons they’ve learned along the way.

This session is presented by CloudBees.

We'll take you through the transformation of NAV, Norways biggest governmental agency, responsible for paying out a third of the federal budget. Five years ago, we had no internal developers, and 4 releases a year. Now we have 300 internal developers, and deploy to production every other minute.

We believe we did something right - treating internal platforms as products, going for continuous improvement over projects.

We also did some things that we are not sure about. How to split up a gigantic organisation into autonomous teams.

This talk will tell the story of our journey, and share what we learned.

We all know Psychological Safety is the bedrock of high performance in teams and after tens of years of the academia, Google and the DevOps community trying to underline its importance, the business world is starting to take notice and focus on this healthy and necessary team dynamic. At the heart of Psychological Safety - its positive desirable behavior - that of being open and speaking up. Impeding it - the main patters of negative behaviors stopping teammates from being courageous and speaking up - "Impression Management" - the fear of appearing Ignorant, Incompetent, Negative, Disruptive or Intrusive if they do so. When teammates and leaders alike succumb to these fears, it is a sign that Psychological Safety is low and it is dropping even further so performance suffers. We have to learn to recognize the patterns and stop these behaviors in their tracks to protect the magical team bubble where we can be elite. PeopleNotTech designed a solution to measure and increase Psychological Safety by working with hundreds of teams around the world -in particular in financial services- and they are citing some of the examples they've come across.

Data Science and AI are huge buzzwords nowadays. Data Scientists are creating insights and predictions with huge potential to overthrow our daily work by far. Unfortunately many of these approaches keep stuck after few meters in the mud of operations.

At Continental Tires we started out by creating an environment and accompanying processes from day one. Following the agile approach of Continous delivery and Continous deployment the Data Science Factory was a supporting infrastructure to support Data Scientist to industrialize AI and Machine Learning Use Cases. Today this environments is used by Data Scientists all over the different parts of Conti Tires and is even highly recognized by players like AWS, Microsoft or Google.

In this talk we will present the architecture and the approach we followed to implement this provider-independent environment. Done as Infrastructure-as-code and aligned with processes to follow a CI/CD pipeline Data Science at Tires can be done for developing real products inhouse. DevOps and MLOps are collaborating together with the Data Scientists to bring the old industrial company into the new world of Software and Data driven products.

This experience report describes the transition of a large medical organization which develops computed tomography modalities towards more agile and lean approaches that improve the speed and the “flow” in the organization and the products it produces. It describes the broad set of challenges that are faced, especially when developing complex software-intensive systems in a safety-critical and regulated medical domain. This practical case study details the concrete set of activities, insights, and “lessons learned” that were done in this organizational-wide transition in a structure that allows persons or organizations with similar challenges to apply them to their own organizations.

Furthermore, this experience report describes how we apply DevOps approaches not only to software, but to software-intensive cyber-physical systems. Minimizing downtime of systems during updates is a vital aspect for our customers as well as the robustness of in the field updates. In a world of complex cyber-physical systems of systems that is an far from easy task and requires early continuous * activities including continuous deployment to in-house systems before the subsequent final release as well as an extremely high transparency of the installed base through a regular feedback loop and data analytics methods.

What do D&I and DevOps have in common? Surprisingly, a lot. Some people think Diversity is for their HR department to worry about, which is like saying DevOps is just an IT concern. This couldn’t be further from the truth. These seemingly unrelated concepts have one very important thing in common: they are both critical to any organization trying to survive in the age of digital.

In this talk you will learn:

• The story about what happened when Cornerstone CTO put the most senior woman of our globally distributed 1,000+ person Technology team in charge of diversity.
• Why Diversity & Inclusion is as important to your organization’s survival as DevOps.
• How advancing D&I will accelerate your DevOps transformation.
• 5 key D&I lessons that worked for Cornerstone that can be applied to any complex enterprise IT organization.

Environmental Sustainability, Diversity Equity and Inclusion, Community Engagement, Stakeholder Capitalism - all of these aspects of responsible corporate behavior have become increasingly strategic, often urgent concerns of boards of directors. IT organizations have not yet come to terms with the critical role they play in planning, governance, and execution of their companies' social good efforts. In this session I'll show how critical that role is and provide some ideas and frameworks with which technologists can "engineer" solutions to these challenges.

Amidst the digital revolution and the change that affects human behavior, IKEA have had to rapidly change the way we do IT and software development. Two years ago, we set out to change (almost) everything we do and how we look at software security.  In this presentation, we will focus on our Cyber Jedi Academy, a community, created to empower software developers within IKEA to address and work with security. The presentation will cover what we’ve learnt from running the academy for a year, and how we have come to change many things, such as why we must adopt team-centric security and how this optimizes the security work within teams.  

This session is presented by Synopsys.

Low efficiency in scaling development environments, manual processes and the need for better visibility were just some of the challenges that Paysafe faced with their software development practices. Paysafe is a pioneer in the digital commerce space and to continue to maintain leadership and competitive advantage, Paysafe needed to transform its software development to achieve faster time to market, improve operational efficiencies, while reducing risk. In this talk, Sujit Unni - Chief Technology Officer of Paysafe, walks us through the process of achieving this transformation - challenges to be addressed, goals to be achieved and the process of selecting the right DevOps platform to supercharge this transformation.

This session is presented by GitLab.

In 2009 Patrick Debois coined the term DevOps at a Velocity event in Belgium. 12 years later there have been countless books to describe this cooperation between development and operations to deliver capability rapidly to the user. We further have extended that term into Industrial DevOps to account for complex system of systems which include hardware, firmware, and software. Many of the practices such as small batch sizes, limit work in progress, and organizing around value are not new. The benefits of these practices in quality, schedule, cost, transparency, value are undisputed facts that have been shown repeatedly in periodicals such as the DORA report. The question is if the ideas are not new and the benefits are proven why is it so difficult for organizations to move to DevOps and almost impossible to move to Industrial DevOps.

Robin Yeman, Chief Technical Officer at Catalyst Campus and Suzette Johnson Senior Northrop Grumman Fellow will walk through the common barriers to adoption they see in these two large scale companies as well as invite the audience to participate in potential root causes of these barriers. The barriers we will discuss are Organizational Structure, Psychological Safety, Access to Common Language, Understanding the Value Stream, Lack of Trust, Access to patterns to break down systems, and exclusive over inclusive behaviors. In this session you will not only hear stories of programs who are experiencing these barriers you will have the opportunity to collaborate on solutions.

Ways of working have evolved significantly in Sainsbury’s Tech during the last 6 years. We’ve been responding to the dual challenges presented by a rapidly changing retail industry and constantly evolving technology landscape. During that time we’ve come from traditional IT organisation structured around functional roles and projects to outward looking stable integrated teams developing business focused products. We’ve been drawing inspiration from Agile and DevOps along the way, however we’ve been following our own path. We believe all organisations need to find their own way but we’re happy to share some of things we’ve tried, things which have worked, things which haven’t and the significant lessons we’ve learnt.

William Hill, one of the world’s leading betting and gaming companies, needs to satisfy both its customers and its regulatory requirements. In their quest for a negative mean-time to repair, find out out how they use PagerDuty and Rundeck together to empower internal teams to take action and automate fixes to common problems – all while maintaining impressive levels of uptime and keeping the compliance team happy.

This session is presented by Rundeck by PagerDuty.

Please join us to learn about our journey at Nationwide Building Society to creating a learning organisation. How do we unlock discoverability of knowledge and learnings within the organisation and how we connect teams to share.

Our talk will feature some of our winning teams from our first ever Ways of Working Awards and also a focus on sharing our experiences from running learning events.

Agility, CI/CD, DevOps are often challenging for large Enterprises. In this session, Anders will present his 10+ year story from how 100+ developers moved from 2-3 releases per year to 30+ production deployments per day.
With Anders' cartoon presenter style you will probably have some fun, but also bring home some learnings from his success and failure stories.

COVID-19 sent individuals home from their workplaces, some organizations did not seem to miss a beat, while others struggled more to get access to their systems and allow everyone to work. One key challenge was how to do workshops across multiple teams to start DevOps transformations while everyone was locked down and separated.

This session will describe the various techniques and capabilities used to make virtual workshops a reality, not quite as good as true face to face but good enough to help move people along as well as ideas to grow teaming and collaboration in this remote time.

How do you transform speed from 10 to 5,000 deployments per year, while increasing overall website reliability for 30 teams working on a £3.5 billion retail website? How do you embed an operability mindset into product teams working at one of Britain’s oldest, largest, and most popular retailers?

John Lewis & Partners has provided its customers with retail merchandise since 1864. The company is co-owned by its 78,000 employees, and it operates 42 stores across the UK as well as johnlewis.com. Over the past few years, John Lewis & Partners has been on a digital transformation journey, replacing its ecommerce monolith with tens of microservices and teams, and a bespoke, award-winning digital platform.
We have a big emphasis on operability. We’ve built a Paved Road for telemetry, including availability targets and service level objective alerts. We’ve implemented You Build It You Run It at scale. We’ve adopted Chaos Days, post-incident reviews, and per-team incident management.

We’d like to share with you the successes we’ve had, and the lessons we’ve learned while adopting operability at scale. We’re hoping to encourage and inspire other folks working in large enterprise organisations! Your takeaways will be: how a digital platform can remove telemetry friction, how you can track leading indicators of operability, and how you can measure the cost effectiveness of You Build It You Run It.

DevOps lets developers innovate faster. But some normal DevOps processes can create the opportunity for bad actors or dangerous code to enter your DevOps toolchains and your software applications. Where are the security risks and how can DevOps teams prevent attacks without slowing down delivery? We’ll provide some easy tips and best practices to secure your toolchain while keeping your development moving.

This session is presented by Anchore.

Modern enterprise applications such as SAP and Salesforce make it easier than ever to connect applications, data, and processes across on-premise, cloud, and hybrid environments. These integrations let you optimize operations across lines of business and drive delightful customer experiences. But with great power comes great responsibility.

When your application landscape is being continuously updated, upgraded, and customized, a defect in any one release could lead to disaster for your business. How do you begin to push through the noise and concentrate on what really matters when innovating?

Join us for an insightful investigation into how continuous end-to-end test automation can de-risk your enterprise integrations, letting you accelerate innovation while ensuring your business keeps running. We’ll we’ll share how having a common language and a risk-based, AI-powered approach to testing can help you focus resources, innovate faster and do it dependably.

This session is presented by Tricentis.

At the 2020 DevOps Enterprise Summits Nationwide’s Office of Internal Audit delivered valuable insights on topics such as how to pass an audit in a DevOps environment and how risk is mitigated in a continuous delivery model. Over the past year, Nationwide Internal Audit has continued to explore the implementation of DevOps practices and its impact on key controls. Partnering with Nationwide’s development and operations communities, Internal Audit is back with insights based on experience. Building upon the concepts presented in 2020, Nationwide will bring attendees along on their journey, moving from theory to practice.

By attending this session, attendees will get a refresher of how to think differently about risks and controls in a DevOps environment. They’ll also learn how increased reliance on automation (e.g., automated testing) has impacted risk mitigation and control assessments at Nationwide.

How often do you survey your developers for their opinion on their experience building products for your business? Do your developers actively recommend your company to other developers?

Part of T-Mobile’s journey in becoming a software unicorn is to build a diversified developer community and learning culture which retains developers as well as attracts them.

Join Chris Hill, Director and Jennifer Stockton, Recruiting Manager as they walk you through how T-Mobile helped to create a sustainable developer workforce to position T-Mobile's future growth.