DevOps Days Baltimore was an exciting experience. The organizers did an exceptional job in curating an event that fostered collaboration and learning.

The last DevOps Days Baltimore was in 2019, and it was evident that the community was thrilled to be back together after the challenges of COVID. The quality of discussions during sessions and community-driven open spaces was exceptionally high. Here are some of my top takeaways from the event.

Stop committing secrets!

In “Stop Committing Your Secrets – Git Hooks To The Rescue!” Dwayne McDaniel of GitGuardian shared how even large enterprises struggle with secrets being leaked and then later used to breach data. I was shocked to learn that 1 out of 10 developers have committed secrets.

Using hooks in your git process enables you to be sure any commit with secrets is blocked. You can roll your own with hooks and regular expressions, or check out the ggshield repo, which has them preconfigured.

Polarities, not dichotomies

In “Have your cake and eat it too (Polarities in DevOps)” Jonathan King of Fearless talked about the false dichotomies we often struggle with. These poles, like Dev and Ops, or security and speed, aren’t mutually exclusive and should be considered polarities instead of opposites. This was a heady, challenging talk that got at how we think about our challenges and not settling for mediocrity.

The research showed that the highest-performing teams aren’t those that focus on one pole but instead when a team can find a way to allow those poles to support each other mutually. My biggest takeaway was that it is essential to identify the early indicators of negative aspects of those poles so a team can take steps to avoid them. For example, in the polarity of security and speed, the problem is never that a team is too secure. Instead, it’s that too much red tape might slow down development. With that goal in mind, a team will find ways to increase security without adding too much overhead.

Building High-performing DevOps Teams

In “The State of DevOps – Capabilities for Building High-performing Technology Teams,” Nathen Harvey of DORA and Nathaniel Avery of Google spoke on findings from DORA’s State of DevOps report and encouraged teams to fill out this year’s survey.

They talked about the most common reactions when something breaks and how it can be a gauge of a team’s culture. The three responses are:

  • Failure leads to scapegoating. You hear statements like “It’s not my fault.”
  • Failure leads to justice. This is marked by a mentality that says, “Justice must be served.”
  • Failure leads to inquiry.- Folks begin by immediately saying, “Let’s investigate.”

The conclusion was to start changing how people behave, and it will change how they think.

On Call Teams

In the talk “Best Practices for On Call Team,” Mandi Walls of Pager Duty shared how to build a robust on-call team that doesn’t burn out the folks on it. Prioritizing team wellness, providing adequate context, and setting clear responsibilities go a long way in making sure a team is prepared when a crisis hits.

Ignite Talks

In the afternoons, attendees were treated to a series of ignite talks. Ignite talks are 5-minute presentations with 20 slides auto-advancing every 15 seconds. Speakers have to be succinct to get their point across in time.

Leon Fayer spoke on how “the soft skills are the hard skills.”

Michel Schildmiejer sprinted through how to do CI/CD using Jenkins, Terraform, and Oracle

Scott Mabe proved DevOps is far from dead, and debunked other tech myths as well.

Donald Lilley showed how taking a data-driven approach boosted tourism in the city of Baltimore.

For my (John Richards) lightning talk, I compared the challenge of measuring Maryland’s Chesapeake Bay to the challenge we face in understanding our cloud attack surface. I walked through creating asset inventory so you can take a holistic approach to cloud security and identify coverage gaps. Instead of trying to roll your own solution, use the free, open-source Paladin Cloud repo to quickly get your asset inventory online and visualize your attack surface.

Open Spaces

Open Spaces are community-driven round table discussions. Folks come up with topics and then share them with the group. All those topics become sticky notes and are placed on a board where attendees can then go dot vote on the ones they want to participate in. The most popular topics are assigned to tables, and anyone interested in that topic goes to that table and has a collective discussion.

These topics tackle real-world problems, and I was consistently impressed at how the best ideas often came from the person you didn’t expect. It really showcases that we all can learn so much from each other. Definitely try one if you get a chance. A few high-level takeaways from some of the spaces I was a part of.

  • The distinctions between roles like DevOps engineer and Platform engineer aren’t always clear and can vary widely by organization. Keep this in mind if you are applying for one of those positions.
  • With the recent prevalence of AI, we may soon see a rise in MLOps (Machine Learning Operations) as developers face new challenges like resisting model drift.
  • It’s important for senior engineers to create a culture of learning while not turning into a crutch for Jr. Devs. A friend of mine is often asked to crochet for others, but she has a policy that she will sit with you and teach you but doesn’t take requests. Similarly, Sr. Devs may need to painstakingly walk Jr. Devs through how to arrive at a solution, even if just doing it outright seems faster at the moment. In the long run, this enables them to find solutions on their own in the future.

What’s Next for DevOps Days Baltimore?

DevOps Days Baltimore came back in style, and the team is already planning for 2024. Make sure to save the date for May 21 – 22, 2024.