It’s early Tuesday morning, and I am again in the metro, going to a location in Prague I have never been to before. People are quiet on the train, thinking about their lives. I saw just a few people not looking at their phones. Have we become humanity addicted to some shiny devices and so-called “technologies”? That could be another topic. Now, I am going to the second day of DevOpsDays2023 Prague.
The hotel welcomes me with many tobacco smokers outside and a strange facade. I am in the right place because I saw familiar faces and heard someone talking about Jenkins.
I took the elevator to the conference area and headed to the registration. A lovely girl said hello to me after I got my welcome pack. I said hello back. I told myself something was wrong. See, sweet girls never say hello to me like that.
Then I remembered I am in a friendly company because DevOps is not only about technologies but also about the mindset of being nice to others.
I met a few great people I worked with and then went to the conference room. I expected more attendees. The room was 80% full. It may be too early.
I was just on time for the first speaker.
Ben Hirschberg – Unpacking Open Source Security in Public Repos & Registries.
Ben is representing a company called ARMO which deals with container security. I discovered their free scanner while trying to convince some of my stakeholders that we are shipping not-so-well-secured containers. I was eager to learn more.
Armo’s team researched and compared the vulnerabilities they discovered in two large groups: All open-source projects in Github as one group and a group of so-called “graduated projects” from CNCF as the second. He showed the security findings in both groups, leaning towards the intention that the graduated projects are a bit more secure (in most areas). We should investigate how they did it and apply it on our own.
The other exciting point I have struggled with is that we should investigate critical /high CVEs found during the scan because they could not be exploited in particular cases. Usually, this is part of the remediation activity, but I know of some companies that want their containers clean, no matter what. This struggle sometimes causes a lot of friction within the teams. He also showed some use cases to support that.
The CVE scanners are good conversation starters, but the human element is needed to do the analysis and prepare the remediation plan. I don’t expect the AI to do this now, but this will be the future.
Paul Bruce – Re-growing a DevOps Community (in Boston)
Considering the title, the second talk would be boring. I was wrong.
Paul took us through a growth journey, and he challenged me and most of the audience to think about diversity, community, and true belonging.
Even though his talk was about some efforts in a different country, I learned a lot about working and building a community. This is a vital tool on your tool belt of (professional) life.
I am a visual person. When he shared a picture of grass in the parking lot, I immediately thought: everything is possible. Then he said the same with his own words.
We need to look for possibilities, specifically in unusual places. The beauty of life doesn’t lie in the known. Nobody cares about a beach full of beton, but most people will smile and be happy seeing a flower pushing through the horror and bringing something beautiful to the world. This also applies to personal and work relations. Right?
I wanted to spend more time with Paul while he was in Prague, but I didn’t make it. He is a very insightful person to learn from. So next time you end up in an event near him, say hi and soak some wisdom.
One of my favorite parts of any event is the “free” coffee. Ok, you got me, it’s the “free” beer, but it was 10:30, and I don’t like drinking in the morning.
The coffee breaks are an excellent way to support community conferences by visiting sponsors’ booths. Because of them, such events exist.
The second best use of the breaks is to meet people. I prefer to avoid meeting new people. I get nervous most of the time when I have to talk to an entirely stranger person. I know I am weird. I stayed within my comfort zone by talking to people I already knew. If you like meeting people, use the coffee break to enlarge your horizon.
I went back to the room after gulping a disgusting cup of coffee. Instant coffee is different from my thing, but I needed the caffeine. I went back to the room to meet the next fantastic speaker.
Sowmya Sridharamurthy – TestOps? well, never mind
Doing proper testing is a hoax. We always do it in a way that goes against the value and the experience within the quality team. On the other hand, the level of testing desired by the same team could be more business justifiable. This, of course, is my sole opinion.
Sowmya focuses on an exciting intersection between Operations and Testing. Testing has a very low priority in the modern DevOps world.
Everyone knows that we need to ship faster quality software. Surprisingly the team responsible for this part needs to be addressed. Their proposals for improvements, tools, and processes often go to /dev/null.
I learned a lot from this talk. If I have to pinpoint one: Automation is the key, but you need to talk to your quality professionals to achieve that. So why don’t you start this conversation now?
Can you also ensure you have covered the whole 9 yards of testing?
Michael Man – Overcoming the DevSecOps Imposter Syndrome
The Security component that puts the Sec part into the DevSecOps is vast. Often one might feel insecure in their knowledge just because we aim to focus on many things simultaneously.
Michal covered how he solved such a problem himself. The key is to identify what area to focus on and the gaps you have in your knowledge and prepare a learning plan.
Mental health is essential. Take care of yourself and reach out for help. The Cuber Security community will help you.
Two cups of espresso later, I get tired of writing about my great DevOpsDays experience. My energy level is getting low, and I want to go and walk the dog now. While I am doing this, please reflect on the learnings from today:
- Opensource is secure; There are good examples you could follow. What steps are you going to take next?
- You could find beauty and inspirational ideas mostly in unusual places. What does that mean to you?
- Can we deliver quality software without testing? Who can tell?
- Continuous learning is an excellent way to beat the Impostor syndrome. What are you going to learn next?
Why don’t you take a short walk as well? See you in 15 minutes.
I am back. I hope you had a refreshing break in the open. I’m not too fond of commercial conferences because you always have many more questions and topics, and there is no venue to discuss them.
DevOpsDays Prague fixes that by running an Open Space where you can propose your topic, get the people interested in discussing it, and a room or a space where you do that.
I stayed for three sessions, but I contributed to two.
Usually, the Vegas rule applies, so I am not going to share what we have discussed, but I am free to share what I have learned:
- One topic could explode into more subjects, making the whole conversation unfocused and wasteful. The main topic of the room was Gender gaps in communications, but we ended up in a heated discussion about the entire Diversity and Inclusion subject, and we achieved nothing.
- The second open space I visited was called “Where are the Business people.” The room needed help to identify why they needed business people and why they were interested in finding them. We have yet to reach an agreement on the goal of the session. We shared some event names where people go, and that’s all.
- The third discussion was about the Impostor Syndrome and how to overcome it. The meeting went south, and many people could not share their opinions, wasting good intentions.
Putting some tiny structures in the Open Spaces and focusing the energy in the right direction could produce beautiful results beneficial for everyone present. I’ve seen this working!
I took the metro back to my area of Prague, still observing people around me. I am curious. I went back home full of energy and new knowledge. I know how hard it is to organize an event like this. I am speaking from experience. I have organized more than 30 of those.
Kudos to the whole crew of DevOpsDays 2023, who did this in their free time without any benefits except for the joy of providing the others with a place to meet and discuss common topics.
You should be proud of yourselves!