DevOps II: Advanced DevSecOps and Automation
Video Transcript
Hello, my name is Sean Masterman. I'm an adjunct faculty member for the information technology infrastructure program in the University of Minnesota's College of Continuing and Professional Studies.
This summer, I used a flipped classroom approach, moving the class preparation outside of the classroom so the students would spend their classroom time focused on the hands-on application of what was being taught. The result: a market-driven course called Advanced DevSec Ops and Automation.
Under the guidance of two product owners with more than 40 years of combined industry experience in delivering enterprise solutions, a small but mighty group of students worked as a Scrum team. Their proposed product: a mobile fitness app for iOS and Android developed using DevSec Op principles and practices and supported by Scrum ceremonies.
If you're unfamiliar with DevOps or its latest iteration, DevSecOps, it's a philosophy and practice that combines development and IT operations to enhance collaboration and automate the software development life cycle, also known as SDLC. It aims to increase productivity and speed to market through continuous integration and continuous deployment using infrastructure as code.
Enterprise Dev Ops teams have been working closely with security and governance teams to deliver secure and transparent solutions for more than a decade. The DevSecOps recognizes the need to more fully integrate the security team into the process emphasizing the concept of shift left which weaves security practices through the SDLC.
As we enter our final week of the semester and complete our last sprint, I wanted to reflect on the experience with two members of the scrum team. Elias Vera-Jimenez, one of the student engineers who has been instrumental in the team's success, and Jon Gregersen, a senior software engineer with decades of experience in the financial sector, who has been supporting the students as one of the product owners.
Gentlemen, welcome. I hope your week is going well. I have a series of questions for our reflection today. So, this is actually for both of you. Uh, what did you find most engaging about this process?
Gregersen: I will start, Elias. I came into this, you know, blind, not really knowing anything about what this class was about and what we were going to go through and was a little hesitant that, you know, are the kids really going to be energetic and really focused or are we just going to kind of go through something? And I was surprised and impressed at the energy that they brought to class, and you know going through and picking out what they you know what what's my scope's going to be and how you know how we refined it down. It was uh it was really really nice to see.
Masterman: That's awesome. Elias, what do you think?
Vera-Jimenez: Yeah, it's pretty similar story for me as well. I've taken the other DevOps classes and they were not like this. So, like you said, you restructured the class, so I I'd assumed it would be a little different. It was very interesting to see just how different it was. Doing a project over the course of the entire class was much more engaging to me than just getting a bunch of smaller projects that we work on as like one- or two-person teams.
Masterman: That's awesome. Good. All right. So, Elias, back to you. What valuable experiences and skills did you gain from this course?
Vera-Jimenez: I would say working in a Scrum team was probably one of the biggest, like, most valuable things I've learned from this course. Really learning how to utilize a industry-standard format for a team structure for our project was incredibly helpful for getting this project structured in the first place.
Otherwise, organizing ourselves as a team would have just been tough you know without like some sort of guideline to follow. So using Scrum was definitely one of the biggest valuable things we used.
Masterman: All right, and another one for both of you — and Elias why don't you why don't you start with this — but what would you change about this course to make it more engaging for students?
Vera-Jimenez: I think the course was honestly structured very well. But one thing I would change to make it a little more engaging would be to focus on the security part a little more. I think we didn't get to touch on that enough, right? I think everything else was great. We got to touch on pipelines. We got to learn about VMs. We worked in a database on our project, an API and an app, but we really didn't get to focus on the Sec, as in the security part of that of SecOps. So I would have liked to do that more.
Masterman: Yeah, that's a great idea 'cause with the different security fundamentals that we talk about in the course, it would be good to practice those. So that's something we'll have to look at for future classes, is how do we actually integrate SAST and DAST into the into the build into the code process.
So Elias, was there anything that surprised you or you didn't expect to learn?
Vera-Jimenez: Yeah, I guess I didn't expect to learn as much about pipelining and really getting that system built out as we did in the class. For the first like couple weeks of the class, we really took the time to work on a pipeline . . . and I can't remember if this was going to change in DevOps 1. I think we were going to end up doing that then, but before in the older version, we didn't get to work on it. It was very enjoyable to get to kind of build out our own pipeline, and we are planning on using one for our project, so it's going to be really helpful in that aspect.
Masterman: That's great. Yeah, and I'm in the process of finalizing the first class and that's what we're going to do is actually build a pipeline more from a cookbook perspective, so, it'll be a little more focused on the different components of the pipeline and really looking at the different tooling.
So, the theory is once you've taken that first course, you'll have been familiar with building a pipeline. By the time you get to this course, the capstone, you're pretty familiar and you know what tooling you like and theoretically there may even be a pipeline that could be dusted to use to escalate the process, make it go more quickly, so yeah. Yeah, that's great.
So, what would you share with a student who's considering this course?
Vera-Jimenez: It's vital that you that as a student you attend every class, right? Working on a Scrum team and following the Scrum ceremonies, sprints, sprint reviews, standups, all that stuff: it means that you, kind of, have to be there to really get the full value and experience out of it. Because as a team, you kind of need your teammates to be reliable and responsible, and you obviously want to be there to be to make sure you are 100% a part of that team. It makes it easier for you to kind of get engaged with your team. Our team's gotten really close, I would say, from everybody just kind of making sure that they're engaging and working together. So, yeah, this is one of those classes where you really do need to attend um every every lecture, every session.
Masterman: Yeah. And how was having industry experts supporting you through this process? How was that?
Vera-Jimenez: Oh, it was it was amazing. We got like real-world feedback from actual industry professionals. So, it was nice to hear what their advice was. One big example is when we were first planning out what our app would actually look like, once we had nailed down what we wanted, there was this day where Jon and his coworker came in and we had them sit down in front of us and we kind of presented what our idea was for the project, the fitness app.
At the time, we hadn't actually built out any, like, diagrams or any Canva spec'd-out like Photoshop pages for what our app screens would look like. So what Jon suggested was that we get up on the whiteboards in the class and really start to draw out the app screens and build them out, and then we would talk about the different aspects, like, how we should have the screens laid out, how many buttons there should be, how big the buttons should be, what should be on them, what pages we how many pages we should have.
I think we started out thinking we were going to do like five. And I think there was like three different ideas for what the app would look like. I think I thought that the app was going to just be more of a list of exercises with some with a bunch of different navigation options on the bottom, whereas one of my peers, Peter, thought that it was going to be more of a hardcore exercise, like, workouts app where you kind of have a set of a workout set of exercises like to select from and you would go there, so really getting that narrowed down into a more feasible, most valuable product MVP for our app was really important and incredibly helpful in our process for actually getting nailed down what we wanted to do. So that was probably one of the biggest parts.
Masterman: Building those wireframes on the on the whiteboard was a pretty important step in the process for the team?
Vera-Jimenez: Yeah. Oh yeah. Yeah. definitely helped us really see like, okay, we can actually build this thing that with this. If it's going to look like this, we can totally do this.
Gregersen: It helps get people on the same page, you know, like you're saying, Peter is in one and now everybody's on the same page. That's good.
Masterman: Well, I enjoyed that process from a support perspective because it gave the product owners and and me as a Scrum Master the opportunity to say, you know, "How's that going to flow? What's that going to look like? How's that going to tie to the database?" You know, kind of ask some of those questions that really push how the process is actually going to work and what the customer experience, the user experience is going to look like. That was a really powerful exercise, and I think it was very engaging. Everybody felt really energized coming out of that session. I think that was really kind of a big turning point in the process to really get us kicked off. That was great.
So, Jon, why did you invest your free time to support the students? What led you to do that?
Gregersen: You know, that's a great question. A little background history, right? They've been doing this for 38 years and I came through and learned everything on the job. So I had people teach me how to do various things, right? And it's your own initiative, I mean, you have to go and find these, seek them out, ask them for help, and they were always all more than willing to help. So I figured it was time for me to pay back a little bit of that.
Also, I have seven kids and they're all in their 20s. Some of them have gone to college and just graduated. I feel like I'm helping people their age, feel like I'm helping their friends, to become better and be more ready to be hired and and work in the industry that I work in.
Masterman: Yeah, yeah. That's awesome. So, what's what's one thing that happened this semester that you remember from the experience? What's something that's going to stick with you?
Gregersen: Yeah, it's going to kind of go back to like one of the very first classes like we talked about a minute ago where we were putting things on the whiteboard, and all of, you know, the size of what they had planned to build originally, which would be great, but you know, kind of grounded them a little bit. They were open to suggestions and open to ideas and I thought that was very nice.
Masterman: Yeah. Yeah, exactly. So, would you do it again? Would you consider volunteering again?
Gregersen: My wife would tell me I'm crazy, but I would definitely do it again. I really enjoyed it. It gave me energy as well to see them dive into this. And, you know, I lead teams just like this every day. It's nice to see people with the energy going into and working as a team. I think it's going to prepare them well for industry, when they get that far, to be able to work on a team. You're responsible for your actions. You're responsible to your team members.
Masterman: Yeah, exactly, exactly. So, a couple weeks ago, we had the opportunity for one of the other classes to come and give feedback. So, Elias, how was having peer feedback for the product review?
Vera-Jimenez: It was exciting. I'd never actually been able to present to a completely different class like that. Usually, you know, when you're presenting in classrooms and all that, everybody's pretty familiar with what's being presented or people have a general idea about what it's supposed to look like, right? Everybody's getting the same framework or rubric to follow, so. But with a completely different class, they have no clue, right? I'm pretty sure they went in blind. So, really kind of getting them to latch on and pay attention was engaging, and getting the feedback that we did, it was kind of awesome to see. It was nice to see that these people were actually engaged with our product and our project. So, it was awesome.
Masterman: So, in 14 weeks, there's only so much that you can build. Do you think that you guys will take this further? We kind of talked about the security side and not really getting into that piece, you know, and especially with the feedback that came from the product review. Do you think there is momentum? Do you think you'll continue building this?
Vera-Jimenez: I definitely think it would be it would be fun and and engaging to continue building it. I think there's a chance some of us will probably stick on, but I could also see that some of us might hop off because it's not everybody's cup of tea, you know, to build an app and all that and API, but we definitely gained an immense amount of experience from from this and I think we could easily connect and keep it going even past this class and out of college. Maybe. That would be awesome, too.
Gregersen: Yeah, that's how companies are built. You know what I mean? Somebody gets an idea and and maybe it's in college, maybe it's not, it takes off and it turns into a business. Certainly a possibility.
Vera-Jimenez: That'd be cool.
Masterman: So, Jon, I'm going to pull on a thread that you've kind of started. Say a little bit more about how you think this course prepares the students to work in industry.
Gregersen: Well, like I say, this is pretty much exactly the kind of work that I do every day. So, I work with software engineers, both frontend, backend development, you know, developing new software for business. Having to come up with wireframes, come up with thoughts and designs. You bring it to the product owners because in the end, in most cases, you're not the one who's going to use it. They're going to be the ones to use it. I think is a testament to what you're going to get when you get into the industry.
Masterman: Yeah. So, Jon, if you had a parting thought for students considering this course or maybe even industry people who might be interested in doing what you're doing, volunteering as a product owner, what would you say? What would you share?
Gregersen: First, the students, I think that this course does a very good job of preparing you for the future in software development in general. In working for industry, I think it really preps you well. In regards to other people helping out, it is going to create better candidates for those of us who are looking for workers, people who are ready to go, and that, to me, I think, is something that others should join on.
Masterman: Yeah, thank you. So Elias, what would be your parting message?
Vera-Jimenez: Yeah, I have to agree with Jon. It's great industry experience. It really felt like working in industry. I've had internships before and this experience definitely felt a lot like what I've done there and and more, for sure. We got to really lead our own project here and plan it out from the ground up, really build out our frameworks, our architecture. We came up with a database and API setup with our apps. It's a great, great experience and it's a great way to expand our skill sets and really get to use these industry-level tools stuff like Jira and GitHub. Great for learning some industry-related work.
Masterman: Wonderful. Well, thank you very much gentlemen. I appreciate your time.
Gregersen: Awesome. Thank you Elias.
Vera-Jimenez: Thank you. Yeah. Thank you guys.
DevOps II: Advanced DevSecOps and Automation is part of the Information Technology Infrastructure Bachelor's Degree.
