The DevOps Audit Defense Toolkit: Helping IT and Audit Work Better Together

Many organizations want to adopt DevOps practices to get the benefits associated with it: faster time to market, increased stability and quality, and more time to build stuff that’s valuable to the bottom line. But they often get tripped up by audits and compliance checks to make sure the organization is adequately addressing risk. DevOps practices don’t align well with traditional audit practices. So these organizations are often left asking themselves, “How do I position my organization for an audit when I’m using DevOps practices?” Until recently, there hasn’t been a really good answer.

But that’s changing.
Continue reading

5 Nuggets for Managing Big IT Changes

I’ve gleaned a lot of “nuggets” of wisdom about how I think IT should be done from my professional experiences over the years. These nuggets range over a variety of topics — people, communication, approaches, strategy, tactics. They never have anything to do with a specific technology or technique. Many nuggets have been picked up because I’ve observed things that worked. Many others have been picked up because I’ve observed things that haven’t.

Here are five of the nuggets I’ve found really helpful to managing IT, particularly when you’re doing something meaningful (a.k.a, hard, complex, big, visible, strategic). But first, two quick caveats. One, these nuggets have nuances. They aren’t meant to be applied in every situation or even the same way in different situations. Their usefulness is in provoking questions. Second, common sense applies. I’m not dogmatic with these and I don’t expect anyone else to be, either. If they help you in certain situations, great. If they don’t, then don’t use them. In all cases, use your big, powerful brain.
Continue reading