DevOps Chat

Brian Gracely has been helping to shape the Red Hat OpenShift product line for over 4 years. Brian is a key person in the product team there. In this podcast Brian gives us an update on the latest innovation at OpenShift. Much of what he is talking about will be visible or announced by KubeCon in Amsterdamn. So if you want to get an early look at the latest in Openshift, have a listen to what Brian has to see.

WhiteHat Security is one of the pioneers in AppSec. As such they were an early advocate for DevSecOps. They have been doing annual surveys of the security and developer space for several years. In this years survey the good news is that we are seeing real progress in DevSecOps adoption by developers and security teams. But all is not roses. Some of the same old issues are still there, including how long it takes us to fix vulnerabilities and security issues. In this DevOps Chats we speak with Eric Sheridan, Chief Scientist of WhiteHat about the survey results and what they mean. Have a listen to find out Eric's take on the foundings.

Jenkins founder Kohsuke Kawaguchi (KK) and respected DevOps veteran, Harpreet Singh have launched a new company called Launchable https://launchableinc.com Launchable aims to help you improve your delivery velocity by prioritizing and applying some ML and intelligence to testing. There is still much work to be done but with these two industry luminaries behind it, the expectations are high for something impactful. The VC community and a blue chip list of investors are already on board. Yes this means KK is no longer at CloudBees (several CloudBees execs are investors in Launchable)and Jenkins, while he is still an advisory. But with Jenkins now in the capable hands of the CDF and Linux Foundation and CloudBees well established, he felt this was a good time to pursue an issue he thinks needs to be solved. Hear from KK and Harpreet themselves in this great podcast.

Walkme recently announced a funding round of 90 million dollars bringing their total raise to over $300 million. But according to Rephael Sweary, that is great but the real measure of Walkme's success is their annual reoccurring revenue being over a $100m (which it is) and whether or not that company is helping their customers. In the case of Walkme, that are business's undergoing digital transformations and are looking to accelerate their digital platform adoption. Walkme has been a tremendous success no matter what yardstick you use. Listen to Rephael to understand better his view of the world and what is important for the coming times ahead.

DevSecOps has become a real thing over the last few years. The big shift has been making security tools that developers can use. ShiftLeft has been one of the leaders in this movement, recognizing that security had to shift left (hence the name). I had a chance to sit down right before the holidays with ShiftLeft CEO Manish Gupta about how the shift to developers using security tools is helping to make applications more secure.

Ken Rutsky is on a mission. In addition to being a master cybersecurity marketing ninja, Ken is also the founder of the Cybersecurity Go To Market Dojo. It is the hub of a community of cybersecurity marketers who seek to up their game and bring even more professionalism to cybersec marketing. Frankly, cybersecurity marketers get a bad wrap. Many of them have great technical chops. Just because they have marketing in their title don't assume they are not technical. Ken and the group are again putting on a great together on the Sunday of RSAC week. Also they will be doing a Cyber Marketer of the Year awards as well. Alan Shimel is one of the judges. You can find out more at https://www.gotomarketdojo.com/events/rsa2020-marketers-prefresher-happy-hour-the-marketer-of-the-year-awards

The Eclipse Foundation recently launched a new working group for Edge Native (https://edgenative.eclipse.org/). The mission is to deliver open source edge platforms now. I had a chance to sit down with the guests highlighted below to discuss. Enjoy. Mike Milinkovich, Executive Director, Eclipse Foundation Mike serves as the executive editor for the Eclipse Foundation. An influential voice in the open source and Java communities, Mike has worked tirelessly over the last two decades to help establish the open source model for software development. Outside of work, Mike's passions are his family, the family cottage and hockey (as a coach, player and fan) in pretty much that order. When he's not working, or traveling for work, you will probably find him involved in one of those three things. Kilton Hopkins, CEO and co-founder, Edgeworx Kilton started programming computers when he was 8 years old. That was 1986. He started a software company a few years later. The world is very different than it was back then, but Kilton is still bringing new tech companies to life. He currently serves as the Co-Founder and Chief Executive Officer of Edgeworx, which provides the world with an open-source universal edge computing platform called Eclipse ioFog. Kilton lives in Berkeley, California. He received his MBA from The University of Chicago Booth School of Business in 2010. He likes to meditate, make music, and read about everything scientific.

Sometimes the best way to accomplish something is to choose a path requiring the least friction, or amount of change. Qualys customers now have that path available to them in bring vulnerability scanning into Google Cloud Platform. Qualys' recent announcement means a one-click configuration change enables vulnerability scans in GCP with the results appearing in both Qualys Cloud Center and GCP Security Command Center. Join me on this DevOps Chats to explore this announcement with Sumedh Thakar, Qualys President and Chief Product Officer. We discuss Qualys' and Google's collaboration and how this benefits DevOps teams.

The increasing breadth and complexity of the environments we manage are nothing short of breathtaking. Understanding the security risks and applying policies across the cloud, multi-cloud, private clouds, and a plethora of software technologies is a challenge faced by every enterprise. vArmour recently announced version 5 of the vArmour Application Controller, which opens more significant access to vast amounts of information the Security Graph represents and organizes through its Security Graph and SDK. By streaming cloud, network, and agent information into the Security Graph, enterprises now have a centralized understanding of application relationships across their multi-cloud infrastructure, enabling centralized risk and policy management that is simple, accurate, and secure. Marc Woolward, vArmour CTO and CISO, and I discuss establishing abd assessing policies becomes more manageable through expanded access to information about software infrastructure, systems, environments across the organization. I hope you'll join Marc and me in this fascinating conversation.

Application security is top of mind now more than ever. For more than a decade, Veracode examined increasing amounts of code as it passes through their source code vulnerability scanning service. During this period, automation is increasingly prevalent, making it easier to run scans more frequently and regularly. But has automation helped?. Is the software we create more secure? We gain key insights about this in Veracode's The State of Software Security Report X (10th edition). Chris Eng, Chief Research Officer at Veracode, joins us on DevOps Chats. We talk about many insights uncovered in the latest report, such as 50% of applications are accruing security debt over time, the regularity of scanning correlates to vulnerability fix times, and that scanning frequency directly impacts security debt. There is a wealth of information in the report, and you can get a jump on the key findings on this podcast episode with Chris. Download the full report at https://www.veracode.com/state-of-software-security-report.

Data Privacy is the new front in the compliance wars. For many organizations Data Privacy is a dreaded subject with a maze of governance and compliance issues. Osano wants to make it easy. Led by serial entrepreneur Arlo Gilbert, it is catching fire as enterprises learn that complying with Data Privacy laws is possible and even affordable. Have a listen as Arlo and Alan Shimel discuss this important topic.

Ci/CD has changed the way we do software. From architecting it, to coding it, storing it, testing it, deploying it. GitLab has been a leader in this revolution. I spoke with Darby Frey of GitLab's CI/CD team about this and what the future has in store. Have a listen and hope you enjoy!

While at times it seemed the adoption of DevSecOps was like pushing rope uphill, the market has embraced the premise that DevSecOps is real and is much needed in bringing a higher level of quality to software. StackHawk is a new company out of Boulder, Co that is seeking to allow developers to better secure their code and increase quality. I spoke to two of the co-founders of the company, Ryan Severns and Scott Gerlach while I was out in Boulder recently. Have a listen to what they see as the game changing solutions they want to bring to market.

In this episode of DevOps Chats we talk with Donald Lutz, Principal Software Architect, specializing in systems integration and creating large, scalable cloud applications. Occasionally DevOps Chats is fortunate to spotlight DevOps and cloud native developers doing trailblazing work in contemporary software architectures. Donald fits that bill to a "t.", as an entrepreneur and employee at startups like Faction, BoldTech Systems, and his own company Technetronic Solutions, and established companies including Via West. Our discussion focuses on creating cloud native applications in startups and large enterprise IT. Donald's currently working with one of the world's largest financial institutions to move from legacy applications directly to cloud native apps, bypassing any interim lift-n-shift moves. His work spans many Microsoft technologies, including .NET Core, runtime framework Dapper for RDBMS mapping, Service Fabric, and Azure, and opensource Kubernetes, Terraform, and Puppet (and Enterprise). During our discussion, we cover the challenges of architecting and scaling very large cloud native applications, implementing DevOps in less mature software organizations, how established software patterns benefit DevOps and cloud app developers, and the importance of giving back by hosting meetups to share knowledge and mentor others. Donald also gives back as an active leader and mentor of the FIRST Robotics Team 1410 since 2005. Join in on our conversation as we explore the complex and sophisticated inter-workings of a cloud native software architect.

Application performance company AppDynamics recently released its 2019 edition of the App Attention Index Report. The 2019 report is subtitled The Era of Digital Reflex. Whoa, that sounds heavy!! Joining me on this episode of DevOps Chats is Steve Long, AppDynamics Regional CTO, and Technology Strategy. Cisco acquired AppDynamics in 2017. Digital connections are a near-constant. Interacting with our world through digital apps and transactions are omnipresent: making a restaurant reservation using OpenTable, making payments using an app or our smartphone digital wallet, and checking our smartphones to plan and move through our day. Thus the name of the report "The Era of Digital Reflex." In addition to insights from the report, Steve and I talk about measuring the customer's experience, tieing performance back to the desired business outcoming, strategies for finding problems, and reducing the time it takes to fix problems. Join us on this compelling discussion about application performance, customer experience, and business outcomes.

Test automation and CI/CD are evolving very rapidly to achieve great speed and impactful results by DevOps teams and Agile organizations. Our DevOps Chat guest, Tricentis Chief Product Officer Wolfgang Platz, contributes his experiences to the state of the art with his newly released book Enterprise Continuous Testing. Automating software testing just for the sake of automation, is "doing the mess for less." What is the business value of each software element you are testing, and what is the right strategy for testing these software implemented functions? Automation certainly brings with it speed, but are we ultimately making incremental improvements to testing which doesn't tap into the full power and benefits of automated software testing. Our discussion with Wolfgang focuses on the need for expanding dev-testing with higher-level integration, system, and end-to-end user experience testing, which are often performed well by shared testing and operations teams. Now, think Shift Right. While Agile and dev teams often focus on the progression of creating new and exciting capabilities for the business and our customers, we still require that regression mindset that consistently validates unit tests, valuable business functionality, system integrity, performance, and operational needs.

Pulumi is bringing a new open source tool and approach for modern infrastructure as code. We spoke to Pulumi CEO, co-founder Joe Duffy about it and the SaaS version that they are bringing to market. Pulumi is an up and coming player in this market and you should watch what they are doing going forward.

RSA Conference (#RSAC) besides being the worlds largest cybersecurity conference has also become the place to see the latest innovation in the world of cyber. The woman who drives the innovation programs at RSAC is Cecilia Marinier. We spoke with Cecilia last year for RSA 2019. The program was great last year. 2020 promises to be even better. Listen to Cecilia give us the scoop on on what is in store for 2020. You can find out more about RSAC https://www.rsaconference.com/rsac-programs/innovation-sandbox

Spinnaker Summit 2019 Preview: As you use an opensource tool like Spinnaker, the more you develop best practices and learnings. These are useful to share with others internal to the enterprise and other opensource users. Jing Vergara, Principal Software Engineer at Salesforce, joins DevOps Chats to share a preview of her upcoming talk "Demystifying Spinnaker VM Image Baking and Deployment". Jing shares with us what to include and not to include (like secrets), when baking a VM image, how to avoid configuration drift, and how to deploy to multiple cloud providers using cloud init files. Jing also shares how to use opensource Packer templates with Ansible, Chef, and Docker, and how to build your own packer templates. Jing Vergara's talk is on Sunday, Nov 17th at 10:45 AM PT. Spinnaker Summit 2019 is San Diego on November 15-17.

Robotic Process Automation (RPA) has garnered a great deal of attention as organizations pursue automation routine tasks through automation software. RPA automates tasks integrated into digital business process automation. Wayne Ariola, Tricentis General Manager of RPA, joins DevOps Chats to discuss how Tricentis brings its strengths and heritage in software testing automation into the world of RPA. The expansion into RPA makes a lot of sense when you consider testing technologies that operate on UX domain and data models, avoiding the pitfalls of brittle screen scraping approaches. Together, Wayne and I explore how business process automation using RPA intersects with DevOps tools, processes, and teams, and how RPA benefits from the experiences gained in the DevOps community. Join us on this episode of DevOps Chats as we explore Robotic Process Automation and DevOps.

Spinnaker Summit 2019 Preview: Debugging production issues in any environment can be challenging, and Spinnaker has its production learning curve. Problems aren't always replicable in a smaller environment, and DEBUG messages can be verbose and confusing to triage what's happening. Our DevOps Chat guest Chuck Lane, Salesforce Lead Software Engineer, is giving a talk on "Debugging & Profiling Spinnaker Applications Live" at the Spinnaker Summit 2019. In Chuck's talk, you'll learn skills like remote JVM debugging, custom profiling builds, and the magic of figuring out what's going on with a multithreaded microservice using htop! Chuck's talk is on Saturday, November 16, at 3;40 PM PT. Spinnaker Summit 2019 is November 15-19 in San Deigo.

Spinnaker Summit 2019 Preview: Canary deploys give us a window into how new code deploys perform in production on a limited basis. The technology holds great promise in helping us learn the positive or negative effects of deploys without putting the more extensive set of microservices, application functions, and beyond at risk. How do you route traffic? How do you apply a virtual service manifest? Is there a quick way to perform a smoke test to find server errors? When comparing metrics from new code to old, how do you know which results are good or bad? There is a lot to know and learn how to deploy and use Canarys. Our DevOps Chat guest Omar Al-Hayderi (Engineering Manager and Principal Engineer at Autodesk) is giving a talk on "Canary Deploys with Istio: Lessons Learned" at the Spinnaker Summit 2019. His talk is on Sunday, November 17, at 1:30 PM PT. Spinnaker Summit 2019 is November 15-19 in San Deigo.

Spinnaker Summit 2019 Preview: Secrets Management is vital to any vibrant DevOps and GitOps toolchain. As part of its opensource maturation and thanks to the contribution of our DevOps Chat guest, Spinnaker now has a secure secrets management capability enabling GitOps, taking non-application secrets out of plaintext in Hal config files. (Always a good idea!) Cameron Motevasselani, Software Engineer at Armory, is giving his talk "Spinnaker Plugins: Extending Spinnaker for the Enterprise" on Sunday, November 17, at 10:45 AM PT. In addition to his contributions to Spinnaker's new secrets management facility, Cameron shares the work in progress to create an extensible Spinnaker plugin system. The current work is an early MVP to be followed by the implementation of PF4J and concrete extension points as part of Spinnaker stages. Spinnaker Summit 2019 is November 15-19 in San Deigo.

Spinnaker Summit 2019 Preview: Most open source software isn’t one size fits all, and Spinnaker is no different. While it captures the most general use cases of software delivery, most organizations find that it lacks some features they need to automate their entire delivery pipeline such as integrations with internal tooling or compliance systems. Out of the box (figuratively), Spinnaker provides Run Job and Webhook stages that teams can use to build custom integrations to help fill any void and enable adoption by a wide range of users. Ethan Rogers, Staff Software Engineer with Armory, joins us on DevOps Chat to share a preview of his Spinnaker Summit 2019 talk on Spinnaker extensibility. Ethan shares how Run Job and Webhook stages are used to build custom stages to capture any number of use cases with no code and simple configuration. He also covers situations when it's necessary to write code. Ethan's talk, “Making Spinnaker Your Own”, is Saturday, November 16, 3:45 PM, at Spinnaker Summit 2019 in San Diego. Separately, Ethan appears on the "State of the Kubernetes V2 Provider..." panel Friday, November 15, 2:30 PM.

Spinnaker Summit 2019 Preview: Never underestimate an entrepreneur looking to solve a real-world problem. Aerobotics is bringing drones, imagery, mapping, containers, Kubernetes, Spinnaker, data pipeline processing, and machine learning to agriculture. Sounds interesting, right? Aerobotics uses aerial drones and sophisticated image processing to help growers manage yield, pest & disease in their farms through Artificial Intelligence. Speaking at the upcoming Spinnaker Summit in San Diego, Aerobotics’ head of software Nick Coles, shares with us how his company evolved from making drones to map orchards into a software company using raw image data to create high resolution, georeferenced maps of orchards. Aerobotics technology is comprised of a map engine and tree engine. It's both a fascinating problem space and exciting application of cloud-native technologies, including Spinnaker. This episode of DevOps Chats features a preview of Nick's talk; “The Future of Farming with Aerobotics”. Nick's talk is on Sunday, November 17 12:30 PM, at Spinnaker Summit 2019 in San Diego.

In the traditional datacenter world, security was (or is) very network-centric. Firewalls, IDS, Network Access Control, focus on the aggregation of all traffic traversing in, out, and across the network. Cloud-native applications rely upon different constructs and methods of building applications. It's not just the software and technology stack that requires different security in the cloud-native era. We can't just surround cloud-native applications with security; we must build in security. And to do that requires you understand how container and microservices applications are made using DevOps. You must think about how DevOps works to build in security properly. Enter Lacework, a platform built for DevOps teams to build security into cloud-native applications. Vikram Kapoor, Lacework Co-Founder and CTO, joins DevOps Chat to explore API-centric applications and infrastructure-as-code. We discuss how to build security into cloud-native applications through the DevOps-based software creation process, and not only rely on runtime security technologies. Vikram also discusses some of the planned uses for the recent $42m round of funding.

Spinnaker Summit 2019 Preview: Airbnb is rapidly moving from a monolith Ruby on Rails application to a distributed SOA/Kubernetes architecture in Kubernetes. The new architecture uses self-service codified pipelines and easy webhook integrations scale adoption and collaboration across the company. Even though continuous integration isn't new to Airbnb, every team now needs to be able to scale CI across 100's of containerized services in AWS EC2. Software Engineer Brian Wolfe co-led the decision to move to Spinnaker and build in more automation. At one year into the project, Airbnb has 40 services in production with many more to follow. This episode of DevOps Chats features a preview of Brian's talk; “Scaling a Migration to Continuous Delivery (Aribnb)”. Brian's talk is on Saturday, November 16 11:00 am, at Spinnaker Summit 2019 in San Diego.

The life of an acquired company can be an exciting one full of unexpected twists and turns, and that’s been true of Automic software. Scott Willson, a repeat podcast guest and long-standing member of the DevOps community, joins us again on DevOps Chat. He describes his acquisition journey as being akin to a “barracuda, eaten by a great white shark, eaten by a whale." Scott is Product Marketing Director - Release Automation at CA Technologies, a Broadcom company. (The new proper name of Automic + CA + Broadcom). Scott shares what it’s like being a software DevOps company inside Broadcom, whose strong roots come from the chip manufacturing business. While software has its many differences from chips, of course, Scott shares how many of the DevOps principles and heritage from lean manufacturing made the transition easier. There are valuable lessons here for all of us. Amid all the change, Automic shifted its products to the freemium model. Automic Continuous Delivery Director is now free to use for up to 10 active releases. We talk about the upcoming releases which also includes machine learning. Join us as we bob and weave through the acquisition story into the world of continuous automated delivery. And look for Scott at the DevOps Enterprise Summit the end of October.

We can’t seem to generate enough data. And as they say, you haven’t seen anything yet! Cloud-based managed services are a natural solution to ingest, store, and access large amounts of data from a variety of sources across private and cloud locations. An enterprise solution hosted in the cloud is good, but a developer-friendly, API -based solution, with non-enterprise usage-based pricing, reaches an even broader audience. Enter InfluxDB Cloud 2.0. The name just about says it all. InfluxData VP Products Tim Hall joins DevOps Chats to discuss their new cloud-based time-series database offering. InfluxDB Cloud 2.0 represents that shift to a cloud-based, developer-friendly offering with much greater accessibility. We discuss their use cases, the free and usage-based pricing, the new FLUX language for querying, analytics, and data processing, common APIs, and that TICK stack. TICK stands for Telegraf, InfluxDB, Choronograf, and Kapacitor. It is a feature-rich conversation, so join us. Also, check out InfluxData's October 16th webinar; Optimizing Time Series Performance in the Real World. https://webinars.devops.com/optimizing-time-series-performance-in-the-real-world

Spinnaker Summit 2019 Preview: Software Engineer Rainie Li played an essential role in implementing Spinnaker as part of Pinterest's CI/CD pipeline. The results moved Pinterest from two scheduled deployments per day to continuous deployments, greater than 15 during business hours. This episode of DevOps Chats features a preview of Rainie's talk; “How we introduced CI/CD for Pinterest’s largest monolith services (API and Web) to improve developer velocity, quality & reliability (Pinterest)”. Topics including how Spinnaker was selected, important metrics, Pinterest's future CI/CD platform Hermez, Canary analysis, and lessons learned from the journey are shared. Rainie's talk is on Sunday, November 17th, 1:30 pm PT, at Spinnaker Summit 2019 in San Diego. Joining Rainie on the talk is Jasmine Qin, Software Engineer with Pinterest. https://www.spinnakersummit.com

At the speed of DevOps, automated testing is essential for QA to maintain pace with that of software creation. Automated testing is ripe for innovation too. How do we know we are performing the most relevant tests, that new functions in the software aren’t being missed or overlooked, or that highly dynamic applications aren’t outpacing static test cases and logic? Functionize aims to bring innovation to achieve autonomous testing, making testing, the creation, and maintenance of tests more efficient. Founder and CEO Tamas Cser joins us on this episode of DevOps Chat to share several innovations his company brings to DevOps teams. Join us as we discuss how writing test cases in English help capture intent and result in less brittle tests over time, and about the ability to reach into Functionize during run time and programmatically change object models and internals. Learn how AI improves visual detection of web pages and changes in web page behavior. And how AI can root out test cases that may no longer be valid as software functionality changes.

Dr Mik Kersten always brings a fresh perspective on what is happening in the world of DevOps and value stream management. He is beyond bright, but explains things in a way that everyone can understand. I had a chance to catch up with Mik and find out what was the latest with Tasktop. Have a listen to this great interview

On a project to move one of Google’s Fortune 500 customers to Google Cloud, Google Kubernetes Engine (GKE), and Spinnaker open source, our DevOps Chat guest ran into the message “hang tight". No scripts or documentation. Not to be delayed, Miles Matthias, Google Cloud Consultant with Container Heroes, filled the gap and contributed his work back to the Spinnaker community. This episode of DevOps Chats features a preview of Mile’s talk, “Monitoring Spinnaker with Prometheus Operator on GKE” he is is giving on Saturday, November 16th, 3:45 pm PT, at Spinnaker Summit 2019. Miles also talks quite a bit about Canary testing in this episode.

ZeroNorth has from its founding been focused on bringing a DevSecOps solution to market that was unique and effective. They have brought on industry veteran, John Worrall as the CEO to join Chairman and Founder, Ernest DiGiambattista and the rest of the team to help organizations with DevSecOps. They have also recently raised $10m in funding to help the cause. In this DevOps Chat we sit down with Ernest and John and talk about the new course that ZeroNorth is charting

Many organizations want to implement the latest DevOps/SRE practices, but many struggle with transforming the existing processes over to new streamlined processes. How does an organization transform from 0 automated deploys to 100s/1000s a month? Most importantly, how do you show the value of Spinnaker to your business as a whole? November’s Spinnaker Summit 2019 in San Diego allows us an opportunity to hear and learn from DevOps engineers, developers, and partitioners using Spinnaker open source software. Joel Vasallo, Manager, Cloud DevOps at Redbox, shares with us a preview of his talk where he shares his experience about using Spinnaker open source to increase the number of deploys into production. Joel found Spinnaker so useful because it is very extensible, covers AWS well, strong support for Kubernetes, different deployment types, and has the automation to create the software delivery platform that fits the need. Joel's talk, Transforming Software Delivery using Spinnaker, is on November 17, 12:30 pm PT at Spinnaker Summit 2019 in San Diego.

After Akamai acquired his company, Haseeb Budhani decided to take on his next challenge and start Rafay. Rafay, focuses on the complexity and repetitive aspects of deploying and managing Kubernetes applications. Rafay addresses complexity by providing application abstraction, cluster blueprinting, and enterprise-ready integration, making Rafay a great candidate for multi-region, multi-cloud, hybrid, and edge/MEC adoption. Join us on this episode of DevOps Chats where Haseeb shares some of the experiences and challenges that led him to found Rafay, and how to accelerate your path to Kubernetes and multi-cloud applications.

There are many interviews you do as part of the role as editor in chief of DevOps.com. Then there are some that make it all worthwhile. Anytime I have the pleasure of speaking with Dr Nicole Forsgren, it makes all of the other things I do worthwhile. She has a clarity of vision borne from the foundation of verifiable metrics she has measured and surveyed over the last six years. Just about every DevOps presentation you will see has some reference to her Accelerate: State of DevOps Report. And for good reason. It has become the "authority" on DevOps metrics. We sat down with Nicole to go over what she thinks are some of the key findings in this years report. Have a listen and enjoy.

As application functions get smaller, are containerized, become microservices, combine into service meshes, a new set of challenges crop up. What functions does each service perform? What state constitutes services in trouble? What are the dependencies between services across a complex service mesh? How can we instrument observability, tracing, between the service interactions? Constance Caramanolis, Software Engineer at Omnition, joined us on DevOps Chats, recorded just before Splunk's acquisition announcement. After working a Microsoft, Constance joined Lyft, in part to work with Envoy, open source created by Lyft that brings upstream and downstream tracing across a service mesh. Constance recently joined Omnition, while still in stealth, to help "flip tracing on its head." It's genuinely a fascination conversation and gives us a window into the challenges and solutions to managing a service mesh at scale. Listeners should also check out our DevOps Chats episode talking about the Splunk's acquisition of Omnition with Rick Fitz, SVP and GM of Splunk's IT Markets Group. https://devops.com/devops-chat-splunk-moves-into-microservices-with-omnition-buy/

With claims of Internet traffic encryption levels at 95% and cloud communications up to 100%, it's increasingly difficult to see malicious activities happening on our networks. Encryption is a good thing, of course, until it hides nefarious network traffic and payloads. Then we want to know about it, be able to diagnose it, and take appropriate action. Encryption can be a double-edged sword. Steve Perkins, CMO of Nubeva, joins us on DevOps Chats to talk about Nubeva's solution for out-of-band decryption of next-generation TLS communications. It makes sense that cybersecurity teams desire this new level of visibility, and DevOps teams working with APIs and cloud encrypted communications also want the option of taking an "outside-in" view for troubleshooting, addressing compound performance problems, etc. We explore with Steve the benefits and use cases for Nubeva, how it works, and how Nubeva provides this level of visibility while maintaining the integrity and security of TLS communications. Join us as we explore new and unprecedented levels of access to encrypted communications.

So much happening on shifting security left, but what about shift right? Jeff Williams, CTO of Contrast Security gives us a great update on the state of DevSecOps, shift left, shift right and appsec, as well as DataOps. Jeff is one of the sharpest people in the cyberworld, so this is worth your time to hear what he is thinking.

More than ever, application security is a top priority. Beyond secure coding practices, a holistic app security strategy addresses the full application and infrastructure stack. This includes containers, microservices, orchestration, infrastructure software, and the cloud. Bolting on the next security tool may not be the answer. Kamal Shah, StackRox CEO, joins us on this episode of DevOps Chats, diving into the need for a systemic security approach across the lifecycle of cloud-native, even "Kubenative", applications. We explore how Kubernetes and cloud-native apps bring access to rich configuration information, usage visibility, runtime context, inherent security controls, and compliance. It's a fascinating conversation that will open up new paths to secure Kubernetes and cloud-native applications.

Cockroach Labs the folks behind CockroachDB recently announced another round of funding as they continue their mission to allow you to scale your data without complexity. We spoke with CEO Spencer Kimball about their plans and how Cockroach Labs shall inherit the DB world

Stateless application architecture is the current de facto approach, right? Not necessarily. Stateful applications communicating over TCP sockets can and are successfully built even in today’s age of cloud-native applications. Our guest on this episode of DevOps Chat is Chris McCord, creator of the Phoenix open source software, and architectural engineer at DockYard. Chris came up as a developer using PHP, Java, and Ruby. When he learned that WhatsApp was built using Elixir, running on the Erlang VMs, Chris was intrigued. What’s needed is a developer-friendly web framework for creating web and mobile applications. Chris started the development of the Phoenix Framework in 2011 and saw adoption pick up in 2014/15. Fast forward to today, Chris is an integral part of a vibrant community of developers using Phoenix to create web-oriented, mobile, embedded, and real-time applications that can support large transaction server volumes with less code. Join us as we talk with Chris McCord about Phoenix, why he created the opensource project which today expands into Phoenix LiveView, and the PhoenixFrenzy developer challenge (winners to be select in early-to-mid October.)You can find more information about Phoenix and the PhoenixFrenzy at the following links: * Phoenix Phrenzy: https://dockyard.com/press/releases/2019/07/22/dockyard-to-launch-phoenix-phrenzy-contest * Chris' presentation at ElixirConf: https://dockyard.com/blog/2019/09/06/whats-new-and-next-for-phoenix-liveview

As the velocity of software creation, testing, and deployment increase rapidly, security at the app level is gaining ever more scrutiny. Code vulnerability scanners, automated security test tools, test libraries for containers are just a few of the security testing approaches broadly in use. Many of these approaches fall under a DAST (dynamic application security testing) or SAST (static application security testing.) As velocity increases, so does that amount of code we're creating, placing even great importance on testing, test automation, and application security testing. Creator of Seeker IAST (Interactive Application Security Testing), Ofer Maor, Director of Solutions Management at Synopsys, joins DevOps Chat. We talk about the value of IAST, maximizing testing automation, integration of testing technologies into the workflow, security testing built into containers, application security testing orchestration, and more.

Value Stream Management (VSM) is a term we hear with higher frequency. DevOps, Agile, Lean, and contemporary application development are very dynamic. These rapid, dynamic approaches can make the software development process opaque to the broader organization. It’s early in this part of the market, but it’s born out the need for quantifying the business value coming from our investments in software development. Steve Boone, Head of Product Management at HCL UrbanCode, joins us on this episode of DevOps Chat to talk about the state of this emerging market. Steve shares valuable insights about how organizations are working together, where DevOps and Agile are making a measurable difference, and what management can do to provide teams with tools to manage their VSM.

Data and database technologies are experiencing disruption. The volume of data collected is exploding, creating new potential for disruptive services and new companies. Data is distributed across locations in the cloud and the data center. Also, cloud technologies bring a plethora of database types, distribution options, analytics capabilities, and AI/ML processing. Any company not leveraging data to the benefit of its customers and business are just asking to be the next victim of disruption. Nikita Shamgunov, memSQL Co-CEO / Co-Founder, joins DevOps Chat to discuss how these disruptive factors changed how containerized and cloud-native applications approach data collection and storage. Speed, high volume data collection, distributed design, and scale are all challenges Nikita sees as vital for cloud-native applications of today and the future.

Red Hat Linux is a staple of most enterprise IT organization's software diets. Developers and IT leaders all over the world took notice when IBM acquired Red Hat. Will IBM Red Hat change? Will Red Hat continue to operate as it does today or will it be subsumed and disappear into some IBM business unit? Will IBM Red Hat still contribute to projects and tools like Kubernetes, JBoss, Fuse, OpenJDK, Eclipse IDE, and many others (https://redhatofficial.github.io/#!/main)? All are important questions. Brad Micklea, Lead of the Developer Program and Tools at IBM, joins DevOps Chat to talk about the future of Red Hat as part of IBM. Brad sends a strong message that Red Hat will remain focused on the developer community and tools for Linux, Kubernetes, Java, DevOps, and others. Join us as we talk with Brad about the future of Red Hat, DevOps, and open source developer tools.

Swiftly after announcing their acquisition of SignalFx, Splunk vaults into microservices tracing by announcing its intention to acquire Omnition. Tech companies are rapidly making acquisitions to strengthen their position in the DevOps and contemporary cloud-native software stack. Rick Fitz, SVP and GM of Splunk's IT Markets Group, joins DevOps Chat to share with us the drivers behind Splunk's move into microservices and service mesh tracing. Information about Omnition is in short supply as Omnition's been in stealth, racing to develop a product to address the observability needs of DevOps teams. Omnition has received some notice through its contributions to OpenCensus open source, now being merged into OpenTracing. In addition to this episode of DevOps Chat, check out Mike Vizard's article about the Omnition announcement at https://devops.com/splunk-adds-omnition-to-devops-portfolio/.

The software development tool needs of a 2-3 person team can be much different than those of a large enterprise. CI/CD is a common approach nearly all software teams establish. But what needs of a larger software organization to you adopt early on and which simply adds more complexity than benefit? Rob Zuber, CTO of CircleCI, began tackling this problem in the mobile space and then moved to CircleCI to help create what is now a well established SaaS-based CI/CD offering to software teams of all sizes. Join us on this episode of DevOps Chat and take away some valuable CI/CD lessons for your organization.

Doing anything at enterprise scale call brings with it a whole new set of requirements. With potentially thousands of requirements across hundreds of applications and releases, it can be a daunting challenge to pull together all the DevOps activities across a large enterprise. This has given rise to the new term Value Stream Management (VSM.) Like Salesforce for managing the sales pipeline, Value Stream Management is about IT seeing across all its initiatives, teams and projects. Are high-value requirements making it into production systems? Is DevOps making the expected impact at enterprise scale? Are VSM tools well integrated into the DevOps toolchain or are teams slowed by extra or unnecessary work. You must keep a handle on it all but we don't want the medicine to be worse than the disease. In this episode of DevOps Chat, we explore VSM with our guest Bob Davis, CMO at Plutora. Plutora tackles the VSM challenge at some of the largest banks, financial institutions, telecom and mobile carriers, insurance, hotels, and Internet technology companies.