Last week I was out in Boulder, Colorado, attending my very first DevOps conference. I don't know about you, but other than workshops that seemed a little too technical for me, I have not seen many DevOps conferences yet. But I am pretty sure that will be changing soon. DevOps is a new "religion" that is going to wash over the IT world like the Fremen of Arakis ran over the Padashar Empire (love it when I can throw in a Dune reference).
I was first introduced to DevOps by my friend Gene Kim. I met Gene for a glass of wine and to catch up in Las Vegas during Black Hat/DefCon/BSides a few years back and he opened my eyes to this new idea of security actually playing nicely with the rest of the IT folks, of IT operations and developers morphing into one organization and through automation better realizing the business goals that everyone professes to strive for.
Frankly, for me at the time, the idea of security not just being the people who say "no" was what caught my eye. But in any event, after meeting with Gene and him sending me a copy of his newest book, which he was finishing at the time (The Phoenix Project, which I will review in a later article), I really didn't catch the DevOps wave just yet.
Fast forward a few years and I began to hear from several different security companies about the need to automate security to allow it to work at the speed of business and keep up with IT and development. I was already familiar with Rally Software, one of the legends of the Boulder tech revolution and a leader in the Agile/Lean development world. When I went out to Boulder this summer and began to see more companies like VictorOps and JumpCloud that were starting to develop products for DevOps, the light bulb began to burn brighter.
The idea that in today's business environment startups don't have the time, money or inclination to build separate IT, development, QA and security teams was pretty obvious. I had also seen firsthand from my years in tech how dysfunctional the relationships are between these teams at enterprises are as well. With the benefit of hindsight, I guess it was inevitable that something like DevOps would come to the fore to solve these issues.
But what exactly is DevOps? That was a question I heard from several VC types and business execs at the DevOps Conference last week. But I am getting ahead of myself.
About a month or so ago, my friend Rajat Bhargava told me that his new company JumpCloud, along with Softlayer, recently acquired by IBM were putting on a DevOps Con in Boulder. The conference was going to be a first attempt at a DevOps conference and they were just opening it to Foundry Group/TechStars/BTV companies. He invited me out to learn about this percolating movement that he said could really change everything.
The idea of going out to Boulder and seeing old friends like Raj, Brad Feld, Seth Levine, etc., while meeting new people and learning, was enough to get me off the couch and out the door to Boulder. The conference was at the Boulderado Hotel and to my surprise there were over 200 people registered to attend.
The conference, in my opinion, was a smashing success. Why I liked it was that it answered the questions a lot of the people in the audience had. Namely, what exactly is DevOps, why should I care and how can it help. The panels were mostly conducted by C-level execs at companies that have DevOp solutions like JumpCloud and VictorOps, as well as execs at companies that had implemented DevOps techniques to scale and automate their business processes. It was very impressive.
Brad Feld spoke about how important DevOps was to many of the Foundry/Techstars companies. Ryan Martens, CTO of Rally, gave an impressive talk about the economics of agile/lean and how it could double, triple or more the profitability of an organization. Nathan Day, chief scientist and co-founder of SoftLayer, had an excellent presentation about how SoftLayer had used DevOps principles throughout their business cycle, even as it applied to non-IT departments. One of the best discussions was by the SendGrid folks on when a company could "outgrow" the cloud. That is to say, when does hosting in the cloud become prohibitively expensive versus hosting your own infrastructure?
Granted, I think some of the more technical sys-admin types in the crowd may have thought the discussion was not technical enough. The finer points of polishing Puppet or Chef scripts may have been more to their liking. On the other hand, those kinds of technical details may have just shut me down, as well as some of the other DevOp newbies in the crowd.
In talking with Raj and Paul Ford, VP of SoftLayer, the co-host of the event, they recognize the need to perhaps have both technical tracks and business tracks at the next DevOps conference they do. They also spoke about several other lessons learned. They also mentioned opening these up to anyone that would like to attend. Well, that certainly indicates that there is a next DevOps conference planned. I for one am glad to hear it. I am looking forward to watching the DevOps movement continue to gain momentum and followers, myself included. Conferences like these are an important piece of equation.
In the meantime like anything new, it is going to create opportunities for winners and losers. I think organizations that don't adopt DevOps principles are not going to keep up with those that do. On the other hand, companies like JumpCloud, for example, which automates cloud server management will find DevOps a fertile ground for new business and success. Listening to some of the folks at the conference I understand why Raj and the JumpCloud team are so excited by this space. I will highlight some of the folks I spoke to and why they are DevOp adherents in a follow up article soon.
In the meantime, you should start learning all you can about DevOps. If you get a chance to attend a DevOps event in your area, you should most definitely attend. If you are lucky enough to be around when Gene Kim gives one of his well-known presentations on DevOps, by all means go. But most of all, remember the name DevOps and start thinking and learning about how it can help you do your job better, faster and easier.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.