
Henry Been on Security with DevOps - Episode 012
In this episode, Jeffrey is discussing security in DevOps with his guest, Henry Been. Henry is an independent DevOps and Azure architect from the Netherlands. He enjoys working with development teams to create and deliver great software — and for him, this includes the full DevOps cycle; starting with discovering and planning new features and ending only when end users are satisfied. Henry’s interests include the Azure cloud, Agile, DevOps, software architecture and the design and implementation of testable and maintainable software. Next to his work, Henry is one of the Microsoft ALM DevOps Rangers — which is a group of 130 engineers worldwide who share professional guidance and create gap-filling solutions surrounding Azure. Henry and Jeffrey discuss, in-depth, everything you want to know when it comes to security with DevOps. Henry offers advice on how to implement security into your DevOps practice, makes recommendations on how to be more secure at each stage of the software development application lifecycle, highlights possible vulnerabilities that you might want to watch out for, and offers tools you can utilize to combat this and up your security in your DevOps environment. Topics of Discussion: [:40] About today’s episode and featured guest expert. [1:35] Jeffrey welcomes Henry to the podcast. [1:41] What Henry has been up to of late. [2:21] How Henry has found himself in the DevOps space. [3:08] Henry shares some information about the ALM DevOps Rangers he is a part of. [4:16] About the half-marathon Henry recently finished! [5:50] How did the term DevSecOps come about? And what do people need to know about it? [7:22] Henry offers advice on how to implement security into your DevOps practice. [8:26] Henry’s recommendations for being more secure at each stage of the software development application lifecycle. [12:47] The vulnerabilities of copying your database offsite. [13:44] Is keeping your database offline more secure than having it online? [14:04] A word from Azure DevOps sponsor: Clear Measure. [14:29] Henry outlines ways to limit the surface area of personal access to environments. [16:29] A vulnerability in the FCKeditor WYSIWYG HTML editor and how to avoid it. [17:53] Henry and Jeffrey’s take on why many are fearful of a scheduled, automated deployment or redeployment. [20:45] The work Henry has done with Azure Policy and how can help. [24:04] One of the most vulnerable attack surfaces: any area that a human’s account has access to. [24:41] What’s on the roadmap for Henry! [26:32] How to keep up with Henry and everything he’s doing. [27:02] Henry’s recommendations to those who want to learn more about security in their DevOps environment. Mentioned in this Episode: Azure DevOps Azure DevOps User Group on Meetup Microsoft ALM DevOps Rangers DevSecOps SQL Clone from Redgate Redgate Clear Measure (Sponsor) Infrastructure as code FCKeditor WYSIWYG HTML Azure Policy Henry’s Blog (HenryBeen.nl) Henry’s Twitter @Henry_Been Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes. Follow Up with Our Guest: Henry Been’s LinkedIn Henry’s Blog Henry’s Twitter
26 Nov 201828min

Eric Hexter on DevOps Diagnostics - Episode 011
In today’s episode, Jeffrey is joined by Eric Hexter, the Chief Technology Officer of Quarterspot LASO — a fintech company that produces lending platforms using machine learning. He built the company in the Cloud with DevOps as a foundational component of delivering the product. Eric has filled roles as CTO, Chief Architect, Developer, and Consultant. He’s spent most of his career working with web technologies, with a total of twenty years experience producing technology solutions that deliver business value. As Jeffrey says, Eric is the DevOps King. He’s done some incredible work over the past decade and a half and has even written some books — well, namely one book back in 2012, ASP.NET MVC 4 in Action, co-authored by Jeffrey as well. Eric and Jeffrey talk all about DevOps Diagnostics today, running through the various categories within it, such as: system metrics, log files, air conditions, heartbeats, and data integrity checks. Eric also gives his recommendations to those new and experienced with the system — tools, resources, and services. Topics of Discussion: [:47] About today’s guest, Eric Hexter. [1:19] Jeffrey welcomes Eric to the podcast. [2:28] How Eric first got interested in the world of DevOps. [4:01] Eric talks about some of the key points made from his presentation on the Azure DevOps User Group on Meetup. [6:46] What Cloud DevOps diagnostics consist of. [8:10] What categories .NET developers need to be watching in order to operate their systems effectively. [9:08] Eric talks about one of these categories: his favorite system metrics. [12:15] Eric gives a quick rundown on queue-based processing. [14:23] Eric’s favorite queue at the moment. [15:21] The importance of having metrics on every running piece of your application. [18:23] A word from Azure DevOps sponsor: Clear Measure. [18:52] How Eric looks at system metrics. [20:06] On Eric’s team, who looks at the metrics? [20:34] Eric gives an explanation of the next category of Cloud DevOps diagnostics: log files. [22:32] What Eric recommends developers should be logging to a text file. [23:33] Eric explains what a decorator pattern looks like in code. [24:42] Eric briefly explains built-in log files. [25:03] How Eric brings all these log files together to cohesively view them all. [26:31] How does Eric log files? [27:30] Why logging as a first class feature within the application can be incredibly useful. [29:14] The next category of Cloud DevOps diagnostics: air conditions and common patterns within it. [38:13] The next category: heartbeats. [42:00] Eric dives into the next diagnostics category: data integrity checks. [44:04] The differences in structured logging compared to regular logging. [48:46] For structured logging, does Eric have a favorite library? [50:41] Eric’s recommendations tools and services to get started in all of this. [53:06] Eric’s advice on how to consolidate all your flat files to start a consistent view. [54:16] Eric’s favorite heartbeat source. [55:00] Additional resources Eric recommends listeners to go check out after this week’s episode. Mentioned in this Episode: Quarterspot ASP.NET MVC 4 in Action, by Eric Hexter, Jeffrey Palermo, Jimmy Bogard, Matthew Hinze, and Jeremy Skinner Azure DevOps Azure DevOps User Group on Meetup PREMISAzure Storage New Relic Stackify Application Insights Azure Queue Storage Clear Measure (Sponsor) Grafana Loggly The Netflix Tech Blog Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes. Follow Up with Our Guest: Eric Hexter’s LinkedIn
19 Nov 201856min

Talking Azure DevOps at the Microsoft Ignite Event 2018 - Episode 010
This episode Jeffrey brings you a live recording from the Microsoft Ignite event. Today, he’s talking with several people, including Greg Leonardo, an Azure MVP and Cloud Architect; Josh Gaverick, an MVP in Application Lifecycle Management and an Senior Application Architect at 10th Magnitude; Rob Richardson, a Microsoft MVP in ASP.NET who also builds web properties for small and medium sized businesses; and Colin Dembovsky, an ALM MVP and Cloud Solution Architect at 10th Magnitude. Tune in to hear highlights from each of the guest’s panels, what they have enjoyed learning about at the conference, their insights on various topics in the Azure space, their day-to-day work and projects outside of the conference, and their predictions on the future of Azure! Topics of Discussion: [:40] About today’s episode. [:51] Jeffrey introduces his first guest this episode, Greg Leonardo. [1:55] How Greg journeyed into the Azure space. [2:49] What has been going on in Greg’s local community of Tampa, Florida. [3:59] What Greg and Jeffrey share in common: supporting VetsinTech! [4:48] Greg explains what a front door is in the Azure space. [5:40] Where to find more information about the work Greg is up to. [7:01] Greg explains some of the interesting ideas found in his book. [10:27] A word from Azure DevOps sponsor: Clear Measure. [10:53] Jeffrey introduces the next set of guests: Josh Gaverick, Rob Richardson, and Colin Dembovsky. [11:50] How the conference has been so far for the three of them. [12:23] Highlights from Rob’s talk at the conference. [14:35] What has been Josh’s highlights of the conference thus far and what his talk was about. [17:21] Colin’s highlights at the conference. [19:18] Josh’s insights on SQL Managed Instance. [20:09] About Josh’s other talks at the conference. [21:16] About Rob’s current projects at his job. [24:45] What Colin works on day-to-day. [28:18] About Josh’s current work. [35:27] Recommendations for listeners to check out after this week’s episode! [41:22] Jeffrey asks: five years from now, where are we going to be? Mentioned in this Episode: Azure DevOps Microsoft Ignite Hands-On Cloud Solutions with Azure, by Greg Leonardo VetsinTech Clear Measure (Sponsor) Azure Front Door Service GregLeonardo.com SQL Managed Instance The Mythical Man-Month: Essays on Software Engineering, by Fred Brooks Micro Focus Azure Kubernetes Service (AKS) Windows Containers Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes. Follow Up with Our Guests: Greg Leonardo’s LinkedIn GregLeonardo.com Josh Garverick’s LinkedIn RobRich.net Colin Dembovsky’s LinkedIn
12 Nov 201851min

Aaron Bjork on Driving Team Productivity and Promoting Culture Through Azure DevOps - Episode 009
Jeffrey Palermo is joined by Aaron Bjork on the Azure DevOps Podcast today! Aaron is a Principal Group Program Manager at Microsoft where he directs all work in the areas of Agile project management, reporting, and collaboration for Azure DevOps Services. He’s a 16-year Microsoft veteran who has spent his career building products that promote and encourage team productivity. He is also a recognized Agile thought leader and speaks regularly with companies around the world on how to improve their software development practices. He has a proven track record of setting a vision, creating and building teams, driving user experience, and delivering results. In this episode, Jeffrey and Aaron speak about creating and promoting culture through Azure DevOps, how companies can effectively adopt DevOps principles, and how to view analytics and metrics. Aaron also explains his main focuses and goals for Azure DevOps and how he came to join Microsoft and land his role as Principal Group Program Manager. Topics of Discussion: [:47] About today’s guest, Aaron Bjork. [1:57] Jeffrey welcomes Aaron to the podcast and he gives a bit of background about himself. [4:40] How Aaron came to join Microsoft and land his role as Principal Group Program Manager. [7:54] What are the main focuses and goals for Azure DevOps in Aaron’s role? [10:22] A word from Azure DevOps Podcast sponsor: Clear Measure. [10:55] Aaron’s thoughts on the culture of Azure DevOps. [14:11] Aaron’s advice to mid-sized, non-technology-based companies trying to adopt DevOps principles. [16:36] What metrics does Aaron look at in Azure DevOps? [19:54] Does Aaron collect data manually or is it all automatic through Azure DevOps? [21:25] Aaron talks about where to find your analytics view within Azure DevOps. [23:50] Having eliminated the dedicated tester role, who are the bugs now created by? [26:24] What is Aaron spending his time on these days? Mentioned in this Episode: Azure DevOps Clear Measure (Sponsor) Azure Boards Power BI Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes. Follow Up with Our Guest: Aaron Bjork on LinkedIn
5 Nov 201830min

Damian Brady on DevOps for Data Science and Machine Learning - Episode 008
This week, your host, Jeffrey Palermo, interviews Damian Brady. Damian is a Senior Cloud DevOps Developer Advocate at Microsoft, helping customers implement DevOps methods on the Microsoft platform. He’s been with Microsoft for just over a year now and formerly served as a developer for Octopus Deploy. In this episode, Damian and Jeffrey talk all things data science and machine learning. Damian answers key questions such as: what has been the biggest change in the area of data science since the Azure DevOps release? What does source control look like for data science projects in DevOps? And more. He also explains some of the interesting architectures he has put together for machine learning and walks Jeffrey through the process of his machine learning model from source control, building, packaging, and finally, to deploying. He also gives his recommendations for those who want to go even further with data science after listening to this week’s episode. Topics of Discussion: [:52] About today’s guest, Damian Brady. [1:06] Damian introduces himself and explains his role at Microsoft. [1:46] Which group Damian is presently on at Microsoft. [4:14] With the Azure DevOps release, what’s the big change in the area of data science? What is going to be different for people building or running models? [6:47] For data science projects what does the source control look like? [8:49] For the Microsoft ML, is there a particular format that the data is stored in, in source control? [9:09] If the data is large and needs to be versioned, what are the current methods people are using? [11:06] A word from Azure DevOps sponsor: Clear Measure. [11:39] Some of the interesting architectures Damian has put together for machine learning. [16:10] Damian walks Jeffrey through his machine learning model from source control to building, to packaging up the release, to deploying. [19:20] For this type of model, where would be the physical environment where it’s measuring information? [20:24] Damian talks firewall rules, permissions, and security. [23:16] The advantages of using Azure’s IoT Hub. [24:46] Damian talks about the new open source features that were added with the release. [28:20] Does Damian still encounter customers who say they don’t want to use Microsoft products because they don’t realize they’re open source? [29:36] Is it true that VS Code is the most popular editor? [31:03] One of the huge advantages of using open source. [31:53] Damian talks build agents. [33:33] About the new Windows-hosted container build agent. [35:50] Damian’s recommendation for listeners who want to go further with data science after listening to this week’s podcast! Mentioned in this Episode: Azure DevOps Azure Pipelines Octopus Deploy Clear Measure (Sponsor) Buck Hodges on the introduction to Azure DevOps Services - Episode 001 Donovan Brown on How to Use Azure DevOps Services - Episode 002 Source control in Azure DevOps Ubuntu Machine Learning (ML) Amazon Web Services (AWS) Azure Cognitive Services CustomVision.ai Raspberry Pi Azure Data Center .NET Core Python GitHub Azure IoT Hub ADP Summit VS Code Docker Compose Subversion Chocolatey Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes. Follow Up with Our Guest: Damian Brady’s LinkedIn
29 Okt 201837min

Lori Lamkin, Microsoft’s Director of PM on Shifting to Azure DevOps - Episode 007
In this episode, Jeffrey speaks with Lori Lamkin, Microsoft’s Director of Program Management. She has been leading the Visual Studio Team Services program management since the conception of Team Foundation Server in 2002 — that’s 16 years in the space of better shipping software using Microsoft technologies! She led the transition of the team to Agile methodologies, to open source reuse, to Cloud services, and Azure. Lori and Jeffrey discuss what’s next for Lori in and of her role as Director of PM, her strategy behind leading the big shift from VSTS to Azure DevOps, the current roles and duties within Microsoft Azure DevOps, what she sees as the biggest shift in progressing from Agile and adopting DevOps, and how DevOps has become more and more efficient. Topics of Discussion: [:51] About today’s guest, Lori Lamkin! [1:18] Jeffrey welcomes Lori to the podcast. [3:22] Lori speaks about the strategy behind leading the big shift from VSTS to Azure DevOps. [5:42] What’s next for Lori in and out of her role as Director of PM? What has she been up to? [8:18] Lori gives some background on Azure DevOps history. [15:37] Lori talks about the current roles and duties within Microsoft Azure DevOps. [18:08] A word from Azure DevOps sponsor: Clear Measure. [18:34] How the organization for Azure DevOps is structured much differently than many other organizations. [20:38] What Lori thinks is the biggest shift in progressing from Agile and adopting DevOps. [23:34] Why everyone in Lori’s team is a Software Development Engineer. [25:08] Did Lori’s team used to have Systems Engineers (otherwise known as IT Pros)? [27:18] The broad set of skills that is required of the developers to operate the components of Azure DevOps that the Azure Data Center is running on. [28:55] The change in business with DevOps and how it has become more efficient. [31:21] Lori’s take on the culture change CEO Satya Nadella is driving as well as his 1ES (one engineering system) plan. [35:26] Is there no software Git can’t handle? [36:18] Where Lori suggests you further your learning after listening to this episode. Mentioned in this Episode: Azure DevOpsAzure DevOps ServicesAzure Cloud Clear Measure (Sponsor) Microsoft Secrets: How the World's Most Powerful Software Company Creates Technology, Shapes Markets, and Manages People, by Michael A. Cusumano Satya Nadella on transforming Microsoft’s culture More about Satya’s One Engineering System initiativeTFVS AKA.MS/DevOps GitHub Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes. Follow Up with Our Guest: Lori Lamkin’s LinkedIn
22 Okt 201837min

Edward Thomson on All Things Git, libgit2, and Azure DevOps - Episode 006
This week, your host, Jeffrey Palermo, brings you a recording, live from the Microsoft Ignite conference. He interviews Edward Thomson, the Principal Program Manager for Azure DevOps, the maintainer of libgit2 (the git library), a host of All Things Git (a podcast about Git), and the curator of Developer Tools Weekly (a weekly newsletter with developer tool news). After the tight-knit company Edward was a Software Engineer for — Teamprise — was acquired by Microsoft, Edward transitioned into the role of Software Engineer with Microsoft, then GitHub briefly, 6 years later. After Github, Edward returned to Microsoft in 2017, this time as their Senior Program Manager — and most recently, as their Principal Program Manager (since two months ago). Edward is a huge mover and shaker in the Git area of Azure DevOps Services. And in this episode, he answers questions that tons of teams continue to ask in the space. He also speaks about his many side projects: libgit2, All Things Git, and Developer Tools Weekly. Topics of Discussion: [1:11] About today’s episode and guest. [1:37] Jeffrey welcomes Edward to the podcast. [2:13] A bit about the Microsoft Ignite conference. [3:31] How Edward landed the role he’s currently in, with Microsoft. [6:38] Does the work Edward has been doing with Git, precede him joining Microsoft? [9:58] A word from Azure DevOps sponsor: Clear Measure. [10:24] What is libgit2? What does it do? [13:11] Is there any source code that won’t work with Git? [16:18] Version control of binary files — where does it all break down? [18:11] Is there a file size that’s too large for Git? [20:14] Does Edward recommend checking in your NuGet packages? [24:12] When did the use of shallow cloning (for repositories) come about? [26:44] What is Edward and the Azure DevOps team thinking about pushing forward with the Git engine (when Microsoft acquires GitHub)? [30:03] Edward talks about his weekly newsletter, Developer Tools Weekly. [31:29] What was in Edward’s weekly newsletter that he sent off just this morning (of recording this podcast). [34:36] All about Edward’s podcast, All Things Git. [36:27] Edward answers some FAQs in the Git area of Azure DevOps! [47:03] Edward’s parting words for listeners on today’s podcast. Mentioned in this Episode: Microsoft Ignite Microsoft Ignite’s TwitterADP: Buck Hodges episode ADP: Donovan Brown episodeADP: Sam Guckenheimer episode libgit2 All Things Git Podcast Developer Tools Weekly Teamprise Visual Studio GitHub Clear Measure (Sponsor) VFSforGit GitKraken Sourcetree Azure Repos Game Developers Conference (GDC) NuGet Shallow CloningAzure Pipelines dev.azure.com/libgit2 Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes. Follow Up with Our Guest: Edward Thomson’s LinkedIn Edward Thomson’s Twitter
15 Okt 201850min

Dave McKinstry on Integrating Azure DevOps and the Culture of DevOps - Episode 005
This week, Jeffrey Palermo is joined by his guest, Dave McKinstry. Dave is a Program Manager with the Azure DevOps Services Community Team — connecting with partners and customers, spreading modern practises, and helping developers succeed with DevOps and Azure. Prior to his position at Microsoft, he has been in software services and technical sales for over 18 years. As a consultant, principal consultant, co-owner, and manager, he has always helped people efficiently build better software. He loves what he does as a technologist and enjoys being a part of today's rapid technology evolution. In this episode, Jeffrey and Dave talk about changes for Dave since the launch of Azure DevOps, what his journey has been like in the DevOps industry, his thoughts on companies looking to integrate Azure DevOps and move forward with automated deployment and reaching the continuous integration mark, how he thinks developers can move forward in terms of quality and Agile 101, and the modern skillset of what a developer and/or system engineer should look like in today’s DevOps environment. Topics of Discussion: [:39] About today’s guest, Dave McKinstry. [1:00] Jeffrey welcomes Dave to the podcast. [1:14] How it has been for Dave since the launch of Azure DevOps. [1:25] Which side does Dave work on? Azure DevOps Services or Azure DevOps Server? [2:58] Is Dave going to be at the Ignite event? [3:10] What has been Dave’s journey through (what we now talk about as) modern practices and shipping software? [5:25] How is it with Dave’s customers in regards to getting to continuous delivery and the continuous integration mark. [8:03] The general nature of smaller and larger companies from a business perspective. [10:03] Dave’s thoughts on the companies integrating Azure DevOps looking into moving forward with automated deployment. [12:20] A word from Azure DevOps sponsor: Clear Measure. [12:48] How developers can move forward with quality and Agile 101. [15:10] How did the culture of DevOps (Dev and Ops) come together? [17:57] Dave’s take on the relevant tasks of 15 years ago, no longer being relevant in today’s DevOps environment. [20:28] The modern skillset of DevOps and what developers and system engineers need to be doing in the current DevOps world. [21:29] About the benefits of Dave’s standing treadmill desk (that he’s currently using during the recording of the podcast)! [25:40] Dave and Jeffrey’s early schooling, programming, and typing experiences! And the contrast with modern day schooling and the changing world. [28:59] Dave describes the term ‘machine learning’ and the impact it has. [33:15] What Dave recommends listeners should do next. Mentioned in this Episode: Azure DevOps Azure DevOps Services Azure DevOps Server Microsoft Ignite eventApplication Lifecycle Management (ALM)Team Foundation Server (TFS) CICD Better Business Bureau Clear Measure (Sponsor) Agile 101 Mythical Man-Month: Essays on Software Engineering, by Fred Brooks IoT aka.ms/devops Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes. Follow Up with Our Guest: Dave McKinstry’s LinkedIn
8 Okt 201834min






















