QA DevSecOps Leading a Quality-Driven DevOps Transformation Stacy - - PDF document

qa devsecops
SMART_READER_LITE
LIVE PREVIEW

QA DevSecOps Leading a Quality-Driven DevOps Transformation Stacy - - PDF document

Nov 11, 2022 173 likes •337 views

10/2/19 QA DevSecOps Leading a Quality-Driven DevOps Transformation Stacy Kirk CEO, QualityWorks Consulting Group Old School Power of a Tester Being Excuse to be Nosy in all meetings Go-No-Go Paid to Keep it Real 1 10/2/19

slide-1
SLIDE 1

10/2/19 1

¡ ¡

QADevSecOps

Leading a Quality-Driven DevOps Transformation Stacy Kirk

CEO, QualityWorks Consulting Group

Go-No-Go Paid to Keep it Real Excuse to be in all meetings Being Nosy

Old School Power

  • f a Tester
slide-2
SLIDE 2

10/2/19 2

¡ ¡

DEV OPS TEST SEC QA

Why DevSecOps over DevTestOps?

@queenofcode

Testing is notoriously 'unsexy' in appearance compared to security. Why? I don't know - imo you can't have one without the other. I blame Hackers (the movie).

@BrehoneMiller

... Security is seen as a high priority with all of the recent breaches (but without the quality, you just have secure crap).

  • Bob Dobbs

Testing is what happens at every step, including defining the value we think we might want to develop. People add things between Dev and Ops because they think Dev is coding and Ops is

  • support. Dev is building the product. Ops

is using it.

  • David Clarke

...testing has already been incorporated within the DevOps fold... Saying that testing is part of development is not contentious. But telling Devs that they are responsible for the security of their code is still contentious.

slide-3
SLIDE 3

10/2/19 3

DevSecOps

= Quality @ Speed

DevOps

= Secure Quality @ Speed

It’s a Movement for Quality

REQUIRES CHAMPIONS

Heroes

A QUALITY MOVEMENT

Champion: A person who fights or argues for a cause or on behalf of someone else. Hero: A person of great strength and ability who carries out extraordinary deeds of bravery.

slide-4
SLIDE 4

10/2/19 4

IDENTIFY YOUR HERO

Diversity of Perspective Builds Great Products

Understand Your Villains

slide-5
SLIDE 5

10/2/19 5

Tools & Technologies

slide-6
SLIDE 6

10/2/19 6

Characteristics of Iron Man

Innovator Automator Tooler Problem Solver Creative Visionary

Overtooling Limited Resources Lack of Trust

  • Start small and show

value

  • Iteratively improve
  • Measure Value
  • Don’t let speed impact

stability and the quality

  • f your tools
  • Not every problem

requires a technical solution

  • Start with training and

process improvement

TOOLS VILLAINS

slide-7
SLIDE 7

10/2/19 7

Disciplined Practicer

slide-8
SLIDE 8

10/2/19 8

Disciplined Practicer

Continuous Learner Continuous Experimenter Data Driven Analyst Passionate Transparency Fails Fast Fear of Failure Apathy No Room for Experimentation

Process & Discipline Villains

slide-9
SLIDE 9

10/2/19 9

People & Culture

slide-10
SLIDE 10

10/2/19 10

People & Culture

Empathizer Gets to the Truth Collaborator Includer Communicator Diplomat Trusted Protector Won’t Collaborate Doesn’t Want Change Fear and Sabotage

People & Culture Villains

Transformation fails due to a lack of believers

slide-11
SLIDE 11

10/2/19 11

How can you be a hero when...

QUALITY IS EVERYBODY’S RESPONSIBILITY?

Six Steps to QA-led DevSecOps

1 2

User Story Measures Development Security Operations QA

3 4 5

QUALITY-DRIVEN DEVSECOPS

6

slide-12
SLIDE 12

10/2/19 12

Step 1: Partner with Product

HULK of PROCESS IRONMAN INNOVATOR WONDER OF CULTURE

Quality-Driven DevSecOps Measure Quality from the Customer’s Perspective Automated Acceptance Criteria Must Happen by End

  • f Sprint

Pair on Acceptance Criteria/ Promote ATDD

Step 2: Aid ScrumMaster

HULK of PROCESS IRONMAN INNOVATOR WONDER OF CULTURE

Quality-Driven DevSecOps Identify ways to better use collaborative software Don’t let retros become

  • monotonous. It’s our process

bug hunt. Leverage metrics to reduce cultural resistance

slide-13
SLIDE 13

10/2/19 13

Step 3: Guide Quality-Driven Development

HULK of PROCESS IRONMAN INNOVATOR WONDER OF CULTURE

Quality-Driven DevSecOps Pair and Co-locate to Build Rapid Feedback Loops Build Trust with Pre-Testing

  • ver Bug-Tracking

Define, explain, and validate Quality Gates for Pipeline Write unit tests starter code, create and share mock services

Step 4: Include Security

HULK of PROCESS IRONMAN INNOVATOR WONDER OF CULTURE

Quality-Driven DevSecOps Don’t let the teams forget about the voice of security Baby Steps over All or Nothing Iterate on the Definition of Done to include more Definitions of Secure Add scripts that can validate security into the automation suite

slide-14
SLIDE 14

10/2/19 14

Step 5: Empathize with Operations

HULK of PROCESS IRONMAN INNOVATOR WONDER OF CULTURE

Quality-Driven DevSecOps Pair to solve Operational Issues Show integration of Lessons Learned Pull Data/Conduct Analysis in Production Integrate feedback into Best Practices/Retros Leverage Test Automation to Create Operational Monitoring Tools Make Dashboards Visible Cross-Team

Step 6: Ignite More Heroes for Quality

HULK of PROCESS IRONMAN INNOVATOR WONDER OF CULTURE

Quality-Driven DevSecOps Believe, protect, and eliminate doubt. Drive Communities of Practice (CoP) Mentor, share, and collaborate of tool and automation development Define impactful roles for those who are not automaters. Shift-Left Strategies to reduce mini-waterfall

slide-15
SLIDE 15

10/2/19 15 There are heroes among us. Not to make us feel smaller. To remind us what makes us great.

  • LOIS LANE