Leading by Example - Transformation Leadership Requires DevOps Chops
January 25, 2021

Jeanne Morain
iSpeak Cloud

Leading large Transformation efforts — that involve the creation of a Continuous Integration, Continuous Delivery Pipeline and practice — require knowledge of not only DevOps technology but how to operationalize it and scale it. According to CNBC, although two thirds of companies are undergoing transformation, 70% are still failing, equating to billions in losses. Although, CNBC attributes these losses to communication breakdown, there are more factors that contribute to failures that should not be overlooked. The breakdown in communication typically is that various siloes, leadership, and supporting teams are lost in translation.

Large Transformation initiatives require several layers of individuals — from Leaders to Support Desk — working together for the greater good of the company. More often than not the translation of information between the various layers is where the communication breakdown occurs. In order to truly lead Transformation leaders must have or surround themselves with those that can translate across the layers. One of my favorite quotes is "Vision without execution is hallucination." In order to truly lead these larger initiatives, one must understand what success looks like and lead the team across various levels through communicating, communicating, communicating.

It sounds easier than it is. Part of effective communication is for leaders to have a baseline understanding of not only the goal but what it really means and how you get there. For example, one CTO recently asked his peers if they knew what Cloud Native was. It was not to be condescending, but he was questioning if operations, development, and support understood not only the technology, but also what programmatic changes moving to Cloud Native and a container architecture meant for the company. Why? As a leader he understood that the people and process breakdowns result in large scale failure over technology. The best architecture and technology in the world cannot launch, support, and maintain itself.

The point this particular CTO was trying to make was DevOps goes beyond the CTO, architecture and technology. DecSecOps is the binding mindset across Dev, Security and Operations to deliver value to the Business. More often than not, you may have leaders and/or architects that understand the technology but do not understand the people or process required to actually succeed. DevSecOps starts with architecture but must permeate across the entire organization to succeed. DevSecOps does not just start with the edict from above but only succeeds with the right people and processes in place to translate vision to execution. Leaders at lower levels across Development, Security, Operations and Architecture that have been there, done that. Ones that not only know the technology but understand the implications of how to implement it at scale to reduce cost and increase velocity.

Key principles of DevOps Leaders at the lower levels are:

■ Know the business impact

■ Focus on automation for scale

■ Communicate up, out and down early and often

■ Security and compliance by design from inception until end of life

■ Identify and address risks (containers, processes, skillsets)

It is often too easy to point to senior leadership as the reason a large Transformation initiative failed or succeeded. However, few in DevSecOps speak of the part that contributed to that failure. Many seek the advice of expensive consultants that are no more experienced than the team members already in place. Or perhaps, they are just looking at it from their perspective but failing to see the larger picture of what is needed for that particular organization to be successful. Perspective is a powerful tool that can only be achieved by active listening.

What is an example of "lost in translation" perspective" Recently an architect pushed back on automating a process that would only be done once. When the product owner pushed back, they were shut down by the architect for not having a "DevOps" mindset. They were told that part of DevOps is Infrastructure as Code, and that it was perfectly acceptable to expect each development team to extend their code to include the setup on a per application basis. The DevOps architect believed that they were "shifting the mindset" because the developers were lazy and operations team was incompetent. The architect’s arrogance and inability to try to empathize with the request before saying it was the only solution prove to be short sighted.

Unfortunately, it was the DevOps architect that was blind to the business impact of their decision. This particular organization had 3000 applications to migrate to the Continuous Integration, Continuous Delivery Pipeline. The architect failed to consider the cost to the organization to train the application teams to add the code; for support teams to support the errors or mistakes in the process; for the creation of knowledge base articles, content to deal with ongoing security and compliance escalations. It was not that the developers were lazy, Support did not want to learn Kubernetes — the architecture did not make financial sense for the business.

The product owner did the math, escalated to leadership and led to the CTO’s question. The number of tickets to implement the solution would have been at least 12,000 across support, deployment, site reliability engineering and the customers. The risk to audit alone by implementing a manual process was enough to shut it down from a leadership perspective. When the architect was questioned, his answer was he does not believe in merely counting tickets. He believes these pipelines take at least 5 years or more to build out (after 3 years into it).

As DevSecOps enthusiasts and leaders, we must not discount or discredit those that understand the business impact beyond the technology. Transformation must have leaders that not only understand Containers, Cloud and DevSecOps tools but also impact on People and Process. While failure is the cut of 1000 blades of ignorance — success is measured by the teams working together to breakdown the silos across technology teams and DevSecOps to enhance velocity, not impede it. True leaders will lead by example and work to unite the teams regardless of structure, appointment, and job description because ultimately if the company fails, the entire team does. It is better to win working together than to fail fighting.

I was recently a guest on AlchemistX: Innovators Inside, the podcast about why corporate innovation is hard. I spoke with @RachelChalmers of @alchemistxii about how I got to where I am today. Click the podcast player below to listen.

Jeanne Morain is an Author/Strategist with iSpeak Cloud
Share this

Industry News

March 28, 2024

Check Point® Software Technologies Ltd. announced a collaboration with Microsoft that utilizes the Microsoft Azure OpenAI Service to enhance Check Point Infinity AI Copilot, marking a significant advancement in cyber security AI applications.

March 28, 2024

ArmorCode announced ArmorCode Risk Prioritization, providing a 3D scoring approach for managing application security risks.

March 28, 2024

AppViewX and Fortanix announced a partnership to offer cloud-delivered secure digital identity management and code signing.

March 27, 2024

WaveMaker has updated its platform in response to customer demand for more sophisticated API and code management tools.

March 27, 2024

Vercara announced the launch of UltraAPI™, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance.

March 27, 2024

Legit Security announced the launch of its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline.

March 26, 2024

Progress announced a strategic partnership with Veeam® Software, the #1 leader by market share in Data Protection and Ransomware Recovery, to provide customers with an enterprise-ready cyber defense solution that strengthens the security of their business-critical data.

March 26, 2024

GitGuardian released its Software Composition Analysis (SCA) module.

March 26, 2024

DataStax announced a milestone in its journey to simplify enterprise retrieval-augmented generation (RAG) for developers by integrating with Microsoft Semantic Kernel.

March 25, 2024

Check Point® Software Technologies Ltd. is collaborating with NVIDIA to enhance the security of AI cloud infrastructure. Integrating NVIDIA BlueField DPUs, which feature a broad range of purpose-built, innovative security capabilities, the new Check Point AI Cloud Protect solution will help prevent threats at both the network and host levels.

March 25, 2024

Sentry announced the release of Autofix, an AI-powered feature to debug and fix code in minutes, saving important time and resources.

March 25, 2024

Apiiro announced a product integration and partnership with Secure Code Warrior, the agile developer security training platform, to extend its ASPM technology and processes to the people layer.

March 21, 2024

Progress announced that Progress® Semaphore™, its metadata management and semantic AI platform, was named a Champion in SoftwareReviews’ 2024 Metadata Management Emotional Footprint Awards.

March 21, 2024

The Cloud Native Computing Foundation® (CNCF®) has partnered with Udemy, an online skills marketplace and learning platform.

March 21, 2024

GitLab has acquired Oxeye, the provider of a cloud-native application security and risk management solution.