intended to support that growth, as well as to capture the best practices and lessons learned by these early Agile adopters. Broader, more successful Agile execution will take time, trial and error, and shaping integrated hardware and software. However, Agile inherently serves as a risk mitigation strategy, since early working software products reduce risk by validating requirements and performance characteristics Is there a clear owner of the program (or broader enterprise) architecture?  Is there a clear, early commitment from user representatives and the broader user base?  Are users co-located with, or

Security & Risk Management group) 1. Authentication/authorization decisions 2. System and data access 3. System and application changes, especially privileged changes 4. Data changes (CRUD) 5. Invalid CREATE SELF-SERVICE ACCESS TO TELEMETRY AND INFORMATION RADIATORS i. Spread the information – anyone who wants or needs the information can readily access it without production access or other privileged conversion rates up 50% b. A BRIEF HISTORY OF A/B TESTING i. Pioneered in direct response marketing ii. Early efforts required sending thousands of postcards/flyers and asking consumer for follow-up action (phone

careful to carry mirrors to avoid petrification. Good luck, Agile fellows. In the past: We viewed EA as primarily concerned with standardization, consistency, planning, and cost reduction. It documented bad. Let’s just agree that they might be overrated. A Better Way – Treat IT as an Enterprise Asset (EA): When we add all of our current IT capabilities together, we arrive at an asset that enables the I will refer to as the EA, which could just as well stand for Economic Asset.  The EA has intangible, latent capabilities—potential that is, for the moment, hidden.  The EA asset evolves over time

capabilities as being in a continuous state of transformation, when we see them as tightly integrated into an EA, and when we realize that the costs and risks of custom development have been radically reduced, the finished investing and just need to “maintain.” But unless we want functional and technical debt, a lumpy EA, and a need to do an expensive and risky transformation effort, FOC is in no sense a “final” operating

production applications and services g. CATCH ERRORS AS EARLY IN OUR AUTOMATED TESTING AS POSSIBLE i. A test suite’s goal is to find the error as early as possible, in the fastest category as possible ii each other c. ARCHITECTURAL ARCHETYPES: MONOLITHS VS. MICROSERVICES i. Monoliths are often best early in a product life cycle ii. Need to evolve based upon new constraints, goals, and functionality

innovators and the early adopters d. EXPANDING DEVOPS ACROSS OUR ORGANIZATION i. As we generate success, we earn the right to expand the scope of the DevOps Initiative 1. Find Innovators & Early Adopters2.

them understand team goals in the context of organization goals, provide feedback and guidance as early as possible ii. Awareness and involvement provides better business context for risk-based decisions

Route Adds – requires heightened security access  Database Data Script Execution  Load Balancer Node Disablement  OS and Security Patching  Requesting access to technology specific dashboards and consoles

container security, east/west traffic management, a zero-trust model, a whitelist, Role-Based Access Control (RBAC), continuous monitoring, signature-based continuous scanning using Common Vulnerabilities

monitor it more I need… • a Log Aggregation and Search service, but to install it I need… • root access on a bunch of servers, but I need more servers so I need… • an Infrastructure as a Service platform