qa devsecops
play

QA DevSecOps Leading a Quality-Driven DevOps Transformation Stacy - PDF document

10/2/19 QA DevSecOps Leading a Quality-Driven DevOps Transformation Stacy Kirk CEO, QualityWorks Consulting Group Old School Power of a Tester Being Excuse to be Nosy in all meetings Go-No-Go Paid to Keep it Real 1 10/2/19


  1. 10/2/19 ¡ ¡ QA DevSecOps Leading a Quality-Driven DevOps Transformation Stacy Kirk CEO, QualityWorks Consulting Group Old School Power of a Tester Being Excuse to be Nosy in all meetings Go-No-Go Paid to Keep it Real 1

  2. 10/2/19 ¡ ¡ SEC QA D EV OPS TEST Why DevSecOps over DevTestOps? @BrehoneMiller ... Security is seen as a high priority with all of the recent breaches (but without the quality, you just have secure crap). @queenofcode - Bob Dobbs Testing is what happens at every step, Testing is notoriously 'unsexy' in including defining the value we think appearance compared to security. Why? we might want to develop. People add I don't know - imo you can't have one things between Dev and Ops because without the other. I blame Hackers - David Clarke they think Dev is coding and Ops is (the movie). ...testing has already been support. Dev is building the product. Ops incorporated within the DevOps fold... is using it. Saying that testing is part of development is not contentious. But telling Devs that they are responsible for the security of their code is still contentious. 2

  3. 10/2/19 DevOps = Quality @ Speed It’s a Movement for Quality DevSecOps = Secure Quality @ Speed A QUALITY MOVEMENT REQUIRES CHAMPIONS Heroes Champion : A person who fights or argues for a cause or on behalf of someone else. Hero : A person of great strength and ability who carries out extraordinary deeds of bravery. 3

  4. 10/2/19 IDENTIFY YOUR HERO Diversity of Perspective Builds Great Products Understand Your Villains 4

  5. 10/2/19 Tools & Technologies 5

  6. 10/2/19 Characteristics of Iron Man Innovator Automator Tooler Problem Solver Creative Visionary TOOLS VILLAINS Lack of Trust Limited Resources Overtooling • Start small and show • Not every problem • Measure Value value requires a technical • Don’t let speed impact solution • Iteratively improve stability and the quality • Start with training and of your tools process improvement 6

  7. 10/2/19 Disciplined Practicer 7

  8. 10/2/19 Disciplined Practicer Continuous Learner Continuous Experimenter Data Driven Analyst Passionate Transparency Fails Fast Process & Discipline Villains No Room for Apathy Experimentation Fear of Failure 8

  9. 10/2/19 People & Culture 9

  10. 10/2/19 People & Culture Includer Communicator Empathizer Diplomat Gets to the Truth Trusted Collaborator Protector People & Culture Villains Doesn’t Want Change Fear and Sabotage Won’t Collaborate Transformation fails due to a lack of believers 10

  11. 10/2/19 How can you be a hero when... QUALITY IS EVERYBODY’S RESPONSIBILITY? QUALITY-DRIVEN DEVSECOPS Six Steps to QA-led DevSecOps 2 3 4 6 1 5 QA Security Operations Development User Story Measures 11

  12. 10/2/19 Step 1: Partner with Product Quality-Driven DevSecOps HULK of WONDER OF CULTURE PROCESS IRONMAN INNOVATOR Measure Quality from the Automated Acceptance Pair on Acceptance Criteria/ Customer’s Perspective Criteria Must Happen by End Promote ATDD of Sprint Step 2: Aid ScrumMaster Quality-Driven DevSecOps HULK of WONDER OF CULTURE PROCESS IRONMAN INNOVATOR Don’t let retros become Identify ways to better use Leverage metrics to reduce monotonous. It’s our process collaborative software cultural resistance bug hunt. 12

  13. 10/2/19 Step 3: Guide Quality-Driven Development Quality-Driven DevSecOps WONDER OF HULK of CULTURE PROCESS IRONMAN INNOVATOR Pair and Co-locate to Build Define, explain, and Write unit tests starter Rapid Feedback Loops validate Quality Gates for code, create and share Pipeline mock services Build Trust with Pre-Testing over Bug-Tracking Step 4: Include Security Quality-Driven DevSecOps HULK of WONDER OF CULTURE PROCESS IRONMAN INNOVATOR Don’t let the teams forget Iterate on the Definition of Done Add scripts that can validate about the voice of security to include more Definitions of security into the automation Secure suite Baby Steps over All or Nothing 13

  14. 10/2/19 Step 5: Empathize with Operations Quality-Driven DevSecOps HULK of WONDER OF CULTURE PROCESS IRONMAN INNOVATOR Leverage Test Automation to Pull Data/Conduct Analysis in Pair to solve Operational Create Operational Monitoring Production Issues Tools Integrate feedback into Best Show integration of Lessons Make Dashboards Visible Practices/Retros Learned Cross-Team Step 6: Ignite More Heroes for Quality Quality-Driven DevSecOps WONDER OF HULK of CULTURE PROCESS IRONMAN INNOVATOR Define impactful roles for Believe, protect, and those who are not Mentor, share, and eliminate doubt. collaborate of tool and automaters. automation development Drive Communities of Shift-Left Strategies to Practice (CoP) reduce mini-waterfall 14

  15. 10/2/19 There are heroes among us. Not to make us feel smaller. To remind us what makes us great. - LOIS LANE 15

Recommend


More recommend