the language and speech,
especially the jargon, slang or
argot, of a particular field, group
or individual
Gareth Rushgrove
lingo
noun
plural noun: lingoes
Slide 22
Slide 22 text
Language acts as a barrier to
entry to different communities
Gareth Rushgrove
Slide 23
Slide 23 text
Language differences reinforce
organisational silos
Gareth Rushgrove
Slide 24
Slide 24 text
Gareth Rushgrove
Identify words in your organisation
that are only in use in certain
groups or teams
Tip
Slide 25
Slide 25 text
(without introducing more risk)
The New Service
Management
Talking ITIL and agile
Slide 26
Slide 26 text
At GDS we talked a lot about
Design, User Research, Agile and
Open Source because they were
fairly new to Government
Gareth Rushgrove
Slide 27
Slide 27 text
Gareth Rushgrove
We talked a lot about discovery and
alpha because people started there
Slide 28
Slide 28 text
Gareth Rushgrove
We hired a lot of software
developers because
Government had very few
Slide 29
Slide 29 text
Gareth Rushgrove
We didn’t talk enough about
operations
Slide 30
Slide 30 text
We didn’t talk enough about
operations (to begin with because
we weren’t running anything)
Gareth Rushgrove
Slide 31
Slide 31 text
Gareth Rushgrove
Don’t take things for granted,
communicate about everything
you care about
Tip
Slide 32
Slide 32 text
Gareth Rushgrove
Words often carry the weight of
past experiences and other
organisations
Tip
Slide 33
Slide 33 text
Will the release really work?
Gareth Rushgrove
Paraphrasing one of my colleagues from 2012
”
“
Slide 34
Slide 34 text
Yes. We’ve done it more than
1000 times. I’m confident it
works now
Gareth Rushgrove
Paraphrasing me
”
“
Slide 35
Slide 35 text
Early members of GDS were
mainly from media, startup and
technology backgrounds
Gareth Rushgrove
Slide 36
Slide 36 text
The formal language of
Service Management* was
unfamiliar to most
Gareth Rushgrove
*Ironically, ITIL was a creation of CCTA, a UK Government agency
Slide 37
Slide 37 text
But practices like automation,
developers on-call, configuration
management, continuous
deployment, and automated
testing were second nature
Gareth Rushgrove
Slide 38
Slide 38 text
Gareth Rushgrove
Transformation often means
new types of people. They will
bring their own language
and assumptions
Tip
Slide 39
Slide 39 text
We cancelled one configuration
management effort because we
couldn’t keep the spreadsheet
up to date
Gareth Rushgrove
Remembering one conversation with an Government department
”
“
Slide 40
Slide 40 text
The recommendation was to move
from quarterly releases to one
release every 6 months
Gareth Rushgrove
Remembering one conversation with an Government department
”
“
Slide 41
Slide 41 text
Oh, we use an open source
configuration management tool
which reports state every
30 minutes for every device
Gareth Rushgrove
Remembering one conversation with an Government department
”
“
Slide 42
Slide 42 text
Overlapping words from different
tribes are often a great place to
start collaborating
Gareth Rushgrove
Tip
Slide 43
Slide 43 text
(without introducing more risk)
Stereotypes
Understanding what people think of you
Slide 44
Slide 44 text
A lack of personal relationships,
sometimes caused by the
inability to communicate,
leads to stereotypes
Gareth Rushgrove
Slide 45
Slide 45 text
a widely held but fixed and
oversimplified image or idea of a
particular type of person or thing.
Gareth Rushgrove
stereotype
noun
plural noun: stereotypes
Slide 46
Slide 46 text
No
Gareth Rushgrove
Shiny new
technology!
We need
bimodal IT
What grade
are you?
Slide 47
Slide 47 text
No
Gareth Rushgrove
Shiny new
technology!
We need
bimodal IT
What grade
are you?
Developer
Slide 48
Slide 48 text
No
Gareth Rushgrove
Shiny new
technology!
We need
bimodal IT
What grade
are you?
Government
Slide 49
Slide 49 text
No
Gareth Rushgrove
Shiny new
technology!
We need
bimodal IT
What grade
are you?
IT
Slide 50
Slide 50 text
No
Gareth Rushgrove
Shiny new
technology!
We need
bimodal IT
What grade
are you?
Security
Slide 51
Slide 51 text
Some silos are organisational
Gareth Rushgrove
Slide 52
Slide 52 text
Many silos are personal
Gareth Rushgrove
Slide 53
Slide 53 text
a fictional rogue systems
administrator who takes out his
anger on users and others who
pester him with computer problems
Gareth Rushgrove
BOFH
Bastard Operator from Hell
Slide 54
Slide 54 text
Subverting stereotypes as a way
to build relationships
Gareth Rushgrove
Tip
Slide 55
Slide 55 text
(without introducing more risk)
Security Says No?
Experts, intermediaries and end users
Slide 56
Slide 56 text
Gareth Rushgrove
Slide 57
Slide 57 text
Scaling finite expertise is often
done with stacks of paper policy
Gareth Rushgrove
Slide 58
Slide 58 text
Making use of stacks of paper
policy often involves middlemen
Gareth Rushgrove
Slide 59
Slide 59 text
Having direct access to real
domain experts* is awesome
Gareth Rushgrove
*Unfairly in my case that mean
Slide 60
Slide 60 text
I think you’ll find you can’t do that
because of my interpretation of this
wording in GPG13
Gareth Rushgrove
Unfairly paraphrasing countless conversations with intermediaries
”
“
Slide 61
Slide 61 text
Let’s just ring Richard from
GCHQ and see what he thinks
Gareth Rushgrove
”
“
Unfairly paraphrasing countless conversations with intermediaries
Slide 62
Slide 62 text
…!
Gareth Rushgrove
Paraphrasing countless conversations with intermediaries
”
“
Slide 63
Slide 63 text
Don’t let scarcity of expertise lead
to unapproachable stereotypes
Gareth Rushgrove
Tip
Slide 64
Slide 64 text
(without introducing more risk)
Code as a
Communication Medium
Bridging policy and practice
Slide 65
Slide 65 text
The dreaded incident severity
conversation
Gareth Rushgrove
Slide 66
Slide 66 text
Critical, Major, Minor, P1, Sev2
Gareth Rushgrove
Slide 67
Slide 67 text
Stage 1
Everyone thinks
everything is critical
Gareth Rushgrove
Slide 68
Slide 68 text
Stage 2
Everyone thinks all incidents for
there own service are critical
Gareth Rushgrove
Slide 69
Slide 69 text
(without introducing more risk)
Feature: Search
@high
Scenario: check search results on unified search
Given I am testing through the full stack
And I force a varnish cache miss
When I search for "tax" using unified search
Then I should see some search results
@normal
Scenario: check organisation filtering on unified search
Given I am testing through the full stack
And I force a varnish cache miss
When I search for "policy" using unified search
Then I should see organisations in the unified organisation filter
@normal
Scenario: check sitemap
Given I am testing through the full stack
And I force a varnish cache miss
When I get the sitemap index
Then It should contain a link to at least one sitemap file
And I should be able to get all the referenced sitemap files
GOV.UK Smoke Tests
Slide 70
Slide 70 text
(without introducing more risk)
Feature: Search
@high
Scenario: check search resul
Given I am testing through
And I force a varnish cach
When I search for "tax" us
Slide 71
Slide 71 text
The ambiguous nature of the
written word
Gareth Rushgrove
Slide 72
Slide 72 text
Lots of opportunities for
policy as code
Gareth Rushgrove
Slide 73
Slide 73 text
(without introducing more risk)
// Should cache responses for the period defined in a `Cache-Control:
// max-age=n` response header.
func TestCacheCacheControlMaxAge(t *testing.T) {
ResetBackends(backendsByPriority)
const cacheDuration = time.Duration(5 * time.Second)
headerValue := fmt.Sprintf("max-age=%.0f", cacheDuration.Seconds())
handler := func(w http.ResponseWriter) {
w.Header().Set("Cache-Control", headerValue)
}
req := NewUniqueEdgeGET(t)
testRequestsCachedDuration(t, req, handler, cacheDuration)
}
CDN Acceptance Tests
Slide 74
Slide 74 text
(without introducing more risk)
Scenario: The application should not contain SQL injection vulnerabilities
Meta: @id scan_sql_injection @cwe-89
Given a scanner with all policies disabled
And the SQL-Injection policy is enabled
And the attack strength is set to High
And the alert threshold is set to Low
When the scanner is run
And the XML report is written to the file sql_injection.xml
Then no Medium or higher risk vulnerabilities should be present
BDD Security