Threads of the Next Wave of DevOps
bfuller
Posted on September 13, 2023
First Wave of DevOps
Amazing things are happening with the next wave of DevOps but first we should understand where it started. Perhaps you watched this Flickr talk, or read The Phoenix Project and The DevOps Handbook. There were lots of ways over time you could have been introduced to the idea of Devs, Ops, and Security working together. The ideas that came together showed that you can release via a secure pipeline, deploy multiple times a day, and it was performant and allowed cross-team collaboration.
Out of this incredible movement came conferences, meetups, and thought leaders. Talks like Everything is Terrible: Three Perspectives on Building, Configuring, and Securing Software where you have folks talking about how to talk to each other. These were our tools to help folks bridge the gap of their culture challenges.
The DevOps movement kicked off countless companies focused on infrastructure as code, configuration management, CI/CD, Monitoring, Observability, and Security for DevOps. We even changed people’s titles. No longer are you a SysAdmin, now you are a DevOps engineer.
We created the tooling to let you work in your current system with the idea, if you could make the tool do that, you should. This allowed folks to get started at big and small companies. To try out a new way to grow and scale. To build these wonderfully complex applications and platforms. This first wave took on the notion that teams could now work together and safely deploy multiple times a day. But did we? Amy Tobey talks about it in her amazing talk about the importance of the socio-technical and resiliency, which Kelly Shortridge built on with her talk about Adaptive Capacity. Or see Emily Freeman’s talk about Reimagining the SDLC. These talks, like the Flickr talk before it, are the beacon for the next wave of DevOps. Folks still don’t have the context they need.
The threads that bind
I was listening to Adam Jacob on Arrested DevOps and it struck me, the trend I’m seeing with a small group of startups are the “threads” Adam references. These threads are a collection of Next Wave/Second Wave DevOps startups — companies that saw that the first wave of DevOps allowed us to build and grow really complex systems, but without that je ne sais quoi.
But we’re kind of stuck. Almost stale or apathetic in our innovation trajectory. The idea is still just out of reach in practice. This is where the next wave of DevOps companies comes in. We are the quoi.
With great complexity comes a responsibility to your teams and the tech stack that, until the first wave tools came along, we didn’t have the bandwidth to take on. Heidi Waterhouse described it best when she said to me,
“If DevOps was about breaking down the silos between operations and development to allow a smooth flow of value between creation and delivery, this NextOps that you're describing (seems to?) mean that we're allowing everyone to see and understand the system they're part of. It the difference between extrapolating where you on on a paper map vs your phone just knowing and telling you and giving you context on how close the nearest TJs is.”
Folks need to understand their knowns and unknowns. The cohort that owns each functional piece of the technical stack. A dependency graph to visualize what those connections actually are without sending a team or a principal on a tech stack archeological dig to document everything about a slice of the stack. They are manually filling in the context, and the history as they remember it. What we need is a way to keep that up to date in real-time. We need to bring in the socio to work with the technical. That requires guardrails and standards. We are squarely at “just because you can doesn’t mean you should.”
Instead of that log file, we need to see the points in our stack that light up and are related in some weird, utterly human, and creative way. Because that could be how a vulnerability sneaks in, or a sustained outage happens or causes application performance issues.
Here are some of the commonalities between the thread companies:
- Providing context around the complexity of your stack
- Identifying the cohort of experts and the impact of a change big or small
- Visual problem solving because parsing that log file takes time we don’t have
- Making the complex aspects of your system more approachable
- Creating a safe space for new folks to grow and thrive
Pretty cool.
Which Threads are being pulled on?
AppMap
AppMap’s CEO Elizabeth Lawler is someone I have so much respect for. She cares deeply about this space and the problems that need to be solved. AppMap is a graph-based product that helps people understand the application's complexity and how to make improvements. AppMap is the helpful tool you need to identify and fix application performance issues, CI issues using GitHub Actions, improve code reviews (see their GitHub Action beta for more), and so much more.
DryRun Security
DryRun Security founders James Wickett and Ken Rose are fantastic and collaborative. Firm believers that DevOps has always included security, they are acknowledging that our stack is not going to become less complex, that folks want to do the right thing when it comes to security, and providing a way to provide the insight and context folks need in order to identify and remediate vulnerabilities within their tech stack. It’s brilliant really. You can leverage their GitHub app to get contextual security analysis and find risky code changes before they make it to production. The OpenContext team has had the opportunity to partner with DryRun.
OpenContext
This is my personal favorite of the collection.✨ Simply put, we help you find your fixer. From code to artifact to cloud, we will identify the socio- in your technical dependency graph. In terms of rethinking DevOps, we are committed to making your complex systems more manageable through visibility, which allows a greater degree of safety because there are no secrets except the secrets you need. OpenContext just makes it easier for AppSec to collaborate, to understand the complexity, and for DevOps, SREs, and Platform Engineers to partner up. It really does take a cohort of people to make complex systems work. Sign up for the beta!
Overmind
Overmind is interesting because I think we have the greatest potential to dance in the same space. That said, CEO Dylan Ratcliffe and his team at Overmind are amazing. I had the opportunity to work with a lot of the team previously. They are solid and passionate about this space and improving the lives of the DevOps community. Overmind's focus is on taking these complex systems that folks can’t possibly keep in their head and making it approachable. You can find your unknowns. When in the middle of an incident, you want a tool like Overmind to help you get back to rights quickly. Overmind is focused on infrastructure and all your infrastructure. Their Beta signup is open.
Stanza
Stanza is another company in the space I’ve been watching. They have some top-notch talent! Their goal is to bring reliability to everyone. Not just Google, Facebook, and Stripe. They’ve been there and done that at scale. Their product makes reliability practices approachable, and scalable as well as ensuring you see where you have some potential problems.
System Initiative
I don’t think Adam Jacob needs me to wax poetically about him. Just know, I think the world of him and what he’s doing. The team at OpenContext took some time to try out the System Initiative beta and OMG! Watching some of their blog/podcast/AMA content around the launch I especially appreciate the notion that the System Initiative team understands that complexity is not going away. Instead, they are building a tool that allows folks working in complex systems to do it in a more approachable way. This will not remove the complexity, it will make it more manageable to navigate. It’s a tool for those subject matter experts, on down to the new folks at your company. And the best part, the visual component makes it approachable and possible to understand the shape of what you are building and identify connections that may otherwise be non-obvious. They focus on collaboration, making it a first-class citizen in the product. See for yourself: Beta signup
It’s also important to note that Adam has talked about the Second Wave of DevOps and I absolutely agree with his takes. Check out his blog post.
Help strengthen the threads
Now, I'm getting to the part where I don’t follow the norm. Some of these companies are stepping in on what we are doing at OpenContext. I know many of the cofounders and teams and they are brilliant! More importantly, we will be pushing each other for your benefit. Give everyone above a try. We are all at various stages of “early” which is the coolest time to help a company grow.
OpenContext has been beta-testing these company's products. We also have our own beta open with all sorts of really cool stuff coming soon. I encourage you to try one or several of these products out.
It’s not a matter of who wins, because we already know there is room for more than one. It’s a matter of which one meets your particular needs. We went from choose your own adventure style DevOps growth to a context-driven graph view of DevOps. Now it’s time for some structure, guardrails, and socio-technical context.
Edit: I did not accurately capture DryRun Security's offering and corrected the language to accurately reflect their product.
Posted on September 13, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.