© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 1 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Full Spectrum Engineering Peter Chestna Director of Developer Engagement 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 2 Who am I? • 25+ Years Software Development Experience • 11+ Years Application Security Experience • Certified Agile Product Owner and Scrum Master • At Veracode since 2006 • From Waterfall to Agile to DevOps • From Monolith to MicroService • Consultant on DevSecOps best practices • Fun Fact: I love whiskey! • Tell me where to drink local whiskey @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 3 Why should you listen to me? • My first web application development was in 1996 • Netscape Navigator and Internet Explorer were shrink-wrapped products that were purchased, not free • IIS before ASP, using HTX/IDC • Shrink-wrapped intranet application for the enterprise @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 4 What’s a DevOps Team? DevOps Team 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 5 Premise Cause: • Microservice architecture • Small X-Functional teams (from Agile) • DevOps Methodology • Need for speed – Value to customer Effect: • Changing the hiring profile for DevOps team members. • Developers need to know more and do more than ever before • X-Functional team needs to have accountability @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 6 Driven by Architecture @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 7 Driven by Technology Evolution • Web 1.0 – Mostly Static HTML – Lots of full page reloads • Web 2.0 – DHTML/AJAX – Load behind pages for perceived performance • Web 3.0 – HTML5/CSS3/Angular – API First/Headless App – Single page apps • Server 1.0 – Simple architecture (2-tier) – Beginning ASP/JSP technology • Server 2.0 – Monolithic applications & Monolithic data stores – N-tier (web/app/data) • Server 3.0 – REST/Node – Backed by microservices – Bounded context @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 8 Waterfall Agile DevOps At Scale Driven by Methodology Requirements Analysis Design Coding Testing Acceptance Team Size: 50+ Release Frequency: 1-4 times per year Team Size: 6-12 Release Frequency: 12-24 times per year Team Size: 6-12 Release Frequency: 100+ times per year @PeteChestna Time 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 9 Software creation today • Developer builds the software • Quality engineer functionally tests the software • Security validates the security of the software • Management approves release of software • Systems Engineering rack, stack and cable hardware • IT installs and configures OS supporting software • OPS installs and monitors software in production @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 10 Software deployment to customers tomorrow • Individual builds the feature • Individual functionally tests the feature • Individual validates the security of the feature • CI/CD Pipeline approves release of feature • Software terraforms the operating environment • Software installs and configures OS supporting software • CI/CD Pipeline installs software in production • Team monitores software in production @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 11 Full Stack Web Developer Angular ECMAScript CSS HTML Node.JS Java NoSQL @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 12 Full Spectrum Engineer Full Spectrum Engineer @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 13 Be a great engineer • Keep up with trends – Design & Implementation – Architecture • Stay on top of standards – W3C, etc. • Understand the open source ecosystem – Frameworks & Libraries @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 14 Keep an eye on quality • TDD – Build quality in from the beginning • Well written unit tests • Regression testing – Make sure you don’t break anyone else • Scale – Can your code handle the real world? @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 15 Understand deployment • Containerization • Infrastructure as code • Version controlled • Automated and repeatable • On demand @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 16 How will you operate it? • Telemetry to detect problems – Alert – Debug & Fix • Make your code anti- fragile – Resilient to failures @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 17 Keep it secure • Part of the definition of done • Educational, preventative and assurance scanning – Fail fast – Automated • Find & fix early @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 18 What about my specialists? Think Guilds. • Identify your leaders and practice experts • Communicate the goal of guilds broadly • Hold regular ‘birds of a feather’ meetings • Share learnings, trends and best practices constantly • Encourage & reward participation @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 19 Conclusions • The way software is being built, deployed and operated is changing • Team sizes are shrinking • Velocity expectations are rising • Accountability is mandatory • We need to build Full Spectrum Engineers – Cross train your full stack developers – Give them the tools to measure and improve themselves – Change your hiring profile – Build guilds to socialize best practices @PeteChestna 

© 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES 20 Thank you Full Spectrum Engineer @PeteChestna Let’s continue the discussion: