Communications Between Tribes
•
1 like•996 views
A discussion of the importance of communication between people in different teams or working in different disciplines, with lots of examples from my time introducing devops practices to the UK Government.
Report
Share
Communications Between Tribes
- 1. (without introducing more risk) Communication between Tribes Puppet Gareth Rushgrove A story of silos, Devops and Government
- 2. (without introducing more risk) @garethr
- 3. (without introducing more risk) Gareth Rushgrove
- 4. (without introducing more risk) Backstory The very abridged version
- 6. GDS Government Digital Service Gareth Rushgrove
- 7. Gareth Rushgrove Gareth Rushgrove Technical Architect Government Digital Service @garethr
- 8. I’m no longer a civil servant. Thank you to everyone who is. Gareth Rushgrove
- 9. I learned the importance of communication first hand; from successes, failures and relentless observation Gareth Rushgrove
- 10. - Stories from Government - The importance of language - The power of stereotypes - A few Gareth Rushgrove Tips
- 11. (without introducing more risk) Different Languages One for each silo
- 12. Gareth Rushgrove Appreciating you’re a silo
- 13. Agile, lean, scrum, containers, iteration, stack, hypervisor, nosql, serverless, cloud, velocity… Gareth Rushgrove
- 14. Agile, lean, scrum, containers, iteration, stack, hypervisor, nosql, serverless, cloud, velocity… Gareth Rushgrove Developer silo
- 15. Incident, event, problem, COBIT, configuration management, capacity management, CAB… Gareth Rushgrove
- 16. Incident, event, problem, COBIT, configuration management, capacity management, CAB… Gareth Rushgrove IT silo
- 17. APT, threat model, risk, cyber, mitigation, control, kill chain, threat intelligence, opsec Gareth Rushgrove
- 18. APT, assume compromise, threat model, risk, mitigation, control Gareth Rushgrove Security silo
- 19. SPAD, MCO, GPG, CESG, CERT, GDS, IDP, DTO, 18F, USDS, IL3, OCTO, EUD Gareth Rushgrove
- 20. SPAD, MCO, GPG, CESG, CERT, GDS, IDP, DTO, 18F, USDS Gareth Rushgrove Government silo
- 21. the language and speech, especially the jargon, slang or argot, of a particular field, group or individual Gareth Rushgrove lingo noun plural noun: lingoes
- 22. Language acts as a barrier to entry to different communities Gareth Rushgrove
- 23. Language differences reinforce organisational silos Gareth Rushgrove
- 24. Gareth Rushgrove Identify words in your organisation that are only in use in certain groups or teams Tip
- 25. (without introducing more risk) The New Service Management Talking ITIL and agile
- 26. At GDS we talked a lot about Design, User Research, Agile and Open Source because they were fairly new to Government Gareth Rushgrove
- 27. Gareth Rushgrove We talked a lot about discovery and alpha because people started there
- 28. Gareth Rushgrove We hired a lot of software developers because Government had very few
- 29. Gareth Rushgrove We didn’t talk enough about operations
- 30. We didn’t talk enough about operations (to begin with because we weren’t running anything) Gareth Rushgrove
- 31. Gareth Rushgrove Don’t take things for granted, communicate about everything you care about Tip
- 32. Gareth Rushgrove Words often carry the weight of past experiences and other organisations Tip
- 33. Will the release really work? Gareth Rushgrove Paraphrasing one of my colleagues from 2012 ” “
- 34. Yes. We’ve done it more than 1000 times. I’m confident it works now Gareth Rushgrove Paraphrasing me ” “
- 35. Early members of GDS were mainly from media, startup and technology backgrounds Gareth Rushgrove
- 36. The formal language of Service Management* was unfamiliar to most Gareth Rushgrove *Ironically, ITIL was a creation of CCTA, a UK Government agency
- 37. But practices like automation, developers on-call, configuration management, continuous deployment, and automated testing were second nature Gareth Rushgrove
- 38. Gareth Rushgrove Transformation often means new types of people. They will bring their own language and assumptions Tip
- 39. We cancelled one configuration management effort because we couldn’t keep the spreadsheet up to date Gareth Rushgrove Remembering one conversation with an Government department ” “
- 40. The recommendation was to move from quarterly releases to one release every 6 months Gareth Rushgrove Remembering one conversation with an Government department ” “
- 41. Oh, we use an open source configuration management tool which reports state every 30 minutes for every device Gareth Rushgrove Remembering one conversation with an Government department ” “
- 42. Overlapping words from different tribes are often a great place to start collaborating Gareth Rushgrove Tip
- 43. (without introducing more risk) Stereotypes Understanding what people think of you
- 44. A lack of personal relationships, sometimes caused by the inability to communicate, leads to stereotypes Gareth Rushgrove
- 45. a widely held but fixed and oversimplified image or idea of a particular type of person or thing. Gareth Rushgrove stereotype noun plural noun: stereotypes
- 46. No Gareth Rushgrove Shiny new technology! We need bimodal IT What grade are you?
- 47. No Gareth Rushgrove Shiny new technology! We need bimodal IT What grade are you? Developer
- 48. No Gareth Rushgrove Shiny new technology! We need bimodal IT What grade are you? Government
- 49. No Gareth Rushgrove Shiny new technology! We need bimodal IT What grade are you? IT
- 50. No Gareth Rushgrove Shiny new technology! We need bimodal IT What grade are you? Security
- 51. Some silos are organisational Gareth Rushgrove
- 52. Many silos are personal Gareth Rushgrove
- 53. a fictional rogue systems administrator who takes out his anger on users and others who pester him with computer problems Gareth Rushgrove BOFH Bastard Operator from Hell
- 54. Subverting stereotypes as a way to build relationships Gareth Rushgrove Tip
- 55. (without introducing more risk) Security Says No? Experts, intermediaries and end users
- 56. Gareth Rushgrove
- 57. Scaling finite expertise is often done with stacks of paper policy Gareth Rushgrove
- 58. Making use of stacks of paper policy often involves middlemen Gareth Rushgrove
- 59. Having direct access to real domain experts* is awesome Gareth Rushgrove *Unfairly in my case that mean
- 60. I think you’ll find you can’t do that because of my interpretation of this wording in GPG13 Gareth Rushgrove Unfairly paraphrasing countless conversations with intermediaries” “
- 61. Let’s just ring Richard from GCHQ and see what he thinks Gareth Rushgrove ” “ Unfairly paraphrasing countless conversations with intermediaries
- 62. …! Gareth Rushgrove Paraphrasing countless conversations with intermediaries ” “
- 63. Don’t let scarcity of expertise lead to unapproachable stereotypes Gareth Rushgrove Tip
- 64. (without introducing more risk) Code as a Communication Medium Bridging policy and practice
- 65. The dreaded incident severity conversation Gareth Rushgrove
- 66. Critical, Major, Minor, P1, Sev2 Gareth Rushgrove
- 67. Stage 1 Everyone thinks everything is critical Gareth Rushgrove
- 68. Stage 2 Everyone thinks all incidents for there own service are critical Gareth Rushgrove
- 69. (without introducing more risk) Feature: Search @high Scenario: check search results on unified search Given I am testing through the full stack And I force a varnish cache miss When I search for "tax" using unified search Then I should see some search results @normal Scenario: check organisation filtering on unified search Given I am testing through the full stack And I force a varnish cache miss When I search for "policy" using unified search Then I should see organisations in the unified organisation filter @normal Scenario: check sitemap Given I am testing through the full stack And I force a varnish cache miss When I get the sitemap index Then It should contain a link to at least one sitemap file And I should be able to get all the referenced sitemap files GOV.UK Smoke Tests
- 70. (without introducing more risk) Feature: Search @high Scenario: check search resul Given I am testing through And I force a varnish cach When I search for "tax" us
- 71. The ambiguous nature of the written word Gareth Rushgrove
- 72. Lots of opportunities for policy as code Gareth Rushgrove
- 73. (without introducing more risk) // Should cache responses for the period defined in a `Cache-Control: // max-age=n` response header. func TestCacheCacheControlMaxAge(t *testing.T) { ResetBackends(backendsByPriority) const cacheDuration = time.Duration(5 * time.Second) headerValue := fmt.Sprintf("max-age=%.0f", cacheDuration.Seconds()) handler := func(w http.ResponseWriter) { w.Header().Set("Cache-Control", headerValue) } req := NewUniqueEdgeGET(t) testRequestsCachedDuration(t, req, handler, cacheDuration) } CDN Acceptance Tests
- 74. (without introducing more risk) Scenario: The application should not contain SQL injection vulnerabilities Meta: @id scan_sql_injection @cwe-89 Given a scanner with all policies disabled And the SQL-Injection policy is enabled And the attack strength is set to High And the alert threshold is set to Low When the scanner is run And the XML report is written to the file sql_injection.xml Then no Medium or higher risk vulnerabilities should be present BDD Security
- 75. (without introducing more risk) package { 'openssh': ensure => latest } Puppet
- 76. Where possible combine policy with implementation Gareth Rushgrove Tip
- 77. (without introducing more risk) Conclusions If all you remember is…
- 78. Share language as much as possible Gareth Rushgrove
- 79. Because sharing language makes shared tooling and process easier Gareth Rushgrove
- 80. And learning the language of another tribe is a fantastic way of breaking down silos Gareth Rushgrove
- 81. (without introducing more risk) What I Don’t Know How to Do Devops Enterprise Ask
- 82. What macro organisational structures limit the emergence of silos? Gareth Rushgrove
- 83. (without introducing more risk) Thanks Ask me questions later