Moving on Up – Sarah Glanville & Paul Lemon – Sky – Software Delivery 2016
Agile at Sky : As Gold sponsors we were delighted to welcome the Sky team to Agile on the Beach and their great lunchtime session on Agile at Sky with Head of Technology Paul Lemon and Scrum Master, Sarah Glanville.
Moving on Up
Building a brand new agile team of over 100 people in 4 months is an exciting, challenging and rewarding task and Sarah and Paul will talk through the highs and lows and share their learnings from doing this. Sky are creating a brand new digital centre in Leeds, the heart of the Northern Powerhouse and this talk will share the experience of the first team to land in Leeds. How do you seed the culture, recruit the right people, set up the correct working practises and continue to deliver a committed roadmap?
Sarah Glanville – Sky – Scrum Master
Sarah Glanville is an enthusiastic and motivating speaker who has held several positions in Agile organisations and is passionate about inspiring women into a role in STEM careers. She has worked in many male dominated environments and is a strong believer in diversity being the key to a successful team. Sarah is currently a Scrum Master at Sky, where she ensures the wellbeing of her team and empowers them to continuously improve their practices whilst still meeting the high expectations of their customers. @girlstest2
Paul Lemon – Sky – Head of Technology
Paul Lemon is a technical leader with over 16 years industry experience. He has a passion for the creation and development of digital products and content. He is an expert at agile technical delivery both leading and/or collaborating with stakeholders, project management and creative experts.
He is the Head of Technology for Sky’s 70+ online service team, heading up the team of Scrum Masters, Business Analysts, Engineers and Testers which he helped to build in Sky’s new tech hub in Leeds @anthonylime
Jim Barritt Finding the merkle tree in the block chain forest
Short synopsis: You may have heard that “block chain” technology is going to change the world (http://www.weforum.org/agenda/2015/12/how-blockchain-technology-could-change-the-world) . This talk will take you behind the scenes to explore what exactly is block chain anyway, from a technical perspective.
Bio: Jim Barritt has been writing code for many years. He is currently a Principal Consultant for ThoughtWorks. His passion is the code and systems architectures, helping teams deliver reliably and rapidly. https://about.me/jimbarritt
Long synopsis: Bitcoin has created a federated, digital currency in which there is no single authority to guarantee transactions – there is no bank. Instead a distributed collection of nodes process transactions and come to a consensus about the truth. The underlying algorithms and patterns that enable bitcoin to be successful have potentially widespread application in the areas of distributed contracts, verification of integrity of data and distributed financial transactions amongst others. This “block chain” technology is fast becoming the latest buzzword in the IT industry, even receiving attention from the the UK governments chief scientific officer on Radio 4 Today Programme (http://www.bbc.co.uk/programmes/p03fyd3z). The BBC have also published a series focusing on the social and economic impacts of this technology (http://www.bbc.co.uk/programmes/b066wfp4). But what is “block chain”, technically? What does it mean to a developer or a person building software? And what are these “Merkle Trees” that seem to play a big part in the story. In this talk, Jim will give an overview of blockchain from a technical perspective, starting with the original paper that was the foundation for bitcoin and discussing some of the component elements, such as Merkle Trees and how they might be applied in different scenarios. Along the way we will also visit related initiatives like google certificate transparency (https://www.certificate-transparency.org/)
Lyndsay Prewer Smoothing the continuous delivery path – a tale of two architectures
Short synopsis: What makes Continuous Delivery easy and what makes it hard? Should it be all Scala, Docker and microservices, or is .Net, Windows and monoliths a safer bet? This session shares best practices and anti-patterns encountered by two teams, with very different architectures, both on their journey to successful continuous delivery.
Bio: Lyndsay is an Agile Delivery Consultant. He’s spent the last twenty years helping developers, teams and organisations improve their software delivery. He’s currently consulting for Equal Experts, at HMRC, on the delivery of HMRC’s new Gov.UK digital tax services. He speaks regularly at European conferences (Agile Cambridge, Agile Testing Days, Agile Lean Europe) and London Meetups. For more information, check out lyndsayp.com.
Long synopsis: Continuous Delivery is gaining recognition as a best practice. It’s in use by many leading organisations, including NetFlix, Amazon and Etsy. It’s a proven way of reducing risk, reducing time to market and increasing a team’s agility. Despite these benefits, adopting and improving it is challenging. This is the story of how two very different teams successfully practice and improve Continuous Delivery. Both teams were sizeable (more than five features teams) and mature in their use of agile and lean practices. One team chose Scala, mongodb, Docker and microservices, on a greenfield project. The other faced the constraints of legacy code, .Net, MySQL, Windows, and a monolithic architecture. This session shares the best practices and anti-patterns encountered by the two teams, looking at those common to both, and those that were specific to each team’s own context.
Penetration Testing in the Release Pipeline – David Brownhill & Craig Scott-Angell- Software Delivery, Agile on the Beach 2016
David Brownhill & Craig Scott-Angell – Penetration Testing in the Release Pipeline
Short synopsis: Agile development teams that have security verification requirements for their user story acceptance criteria will have these defined using a BDD-style scenario. The talk will explain how the security tests can be defined and implemented using a framework combining tools from the popular KALI Linux tool-set.
Long synopsis: Teams should take security seriously with today’s online threats and follow secure coding practices. They should utilise web and native application scanning tools both statically and dynamically where-ever possible and required. These tools can be time consuming in a release pipeline which is where you want to target your testing to real security requirements for fast feedback. Utilising a framework like BDD-Security you can utilise a collection of provided scenarios or write your own specific security tests. Potential vulnerabilities within a build candidate may be functional and driven using Selenium WebDriver in the form of a traditional penetration test or API based. SSL vulnerabilities can be checked and verified using SSLyze and scans utilising the OWASP Zed Attack Proxy can be run. Example scenarios will be presented along with an example implementation of a release pipeline running against AWS, built from Team City using Ansible and executing vulnerability tests against both pre-production and production environments.
David is a Non Functional Test Consultant currently working with implementing non-functional requirements as part of a continuously deploying pipeline. In addition to security this includes performance and operational acceptance scenarios.
Graduating from Stirling University David started his career as a developer at British Telecom in Martlesham Heath progressing via performance testing to a more all encompassing role including a full range of non-functional responsibilities.
Craig is a Software Test Engineer with extensive experience in quality assurance through a career in defence, Finance and internet economy businesses.
Originally graduating as an Electro-Mechanical Engineer Craig started his career as a System engineer in defence at General Dynamics before moving to a career as a software Test Engineer for Ingenico UK and Skyscanner. Craig now works as a Senior Automation Engineer.
Working closely with Agile teams, Craig believes that Security testing should be a key component of the software development lifecycle to ensure secure, quality software in a continuous integration environment.
Craig is passionate about building quality from the start and thrives on the challenge of cultivating a security conscious culture to ensure continued success in the current climate of online threats.
The ability to react and deliver working software quickly is a vital component to the way we work. Our clients run some of the biggest brands in the world, so how do we continuously deliver software whilst ensuring we keep our clients happy and our quality high?
Testing in a Continuous Delivery World – Wouter Lagerweij
Software Delivery 2016
Hey, do you remember when everyone was asking what the role of the tester would be in an agile team? It’s happening again! A team that releases every commit needs to take testing seriously. That changes the role of the tester once again. And of developers, too. It puts the customer center stage again. Continue reading →
I’m lucky enough to work for a company who offer 10% time, and believe it’s had many benefits for our team including engagement and performance improvements and as a tool for both retainment and attraction. However sometimes it can be hard to keep the business bought in to the idea of a very expensive team doing ‘nothing’ one day a fortnight. I’ll also share tips and tricks to get your team to make the most of their Learning and Development time without telling them what to do! Continue reading →