Attack surface management
Attack surface management: you can’t protect what you can’t see By Marios Kyriacou Wikipedia defines the attack surface of a software environment as “the sum of the different points where an unauthorised user can try to enter data, extract data,
How global rooftop growth can fight climate change
How global rooftop growth can fight climate change: New research from Vienna University of Economics and Business Rooftops around the world could be key to fighting the climate crisis, new research from Vienna University of Economics and Business (WU) shows. Behnam Zakeri, Assistant Professor at WU’s Institute for Data, Energy, and Sustainability (IDEaS), and his fellow researchers utilised machine learning to estimate global rooftop area growth from 2020 to 2050. They found that by 2050, the global rooftop area is expected to increase to between 0.3 and 0.38 million square kilometres, representing a 20-52% increase from 2020, depending on different socio-economic developments. Africa is projected to see the highest growth, potentially doubling its rooftop area. With buildings accounting for 30% of global final energy consumption and 26% of global energy-related emissions, the model can aid in planning sustainable energy systems, with significant potential benefits in emerging economies. Rooftop solar power holds significant potential for emerging economies. With rapid rooftop area growth, these regions can leverage their manufacturing capabilities, high solar potential, cost-effective labour, and entrepreneurial spirit to achieve sustainable development and prosperity. This single harmonised global dataset can be used to inform policies for mitigating climate change, reducing biodiversity loss, and disaster risk management. Zakeri emphasises the breakthrough nature of this work, “this research exemplifies the power of artificial intelligence (AI) and emerging data sources in potentially resolving global sustainability challenges. This was not possible a few years ago or would have been very costly using alternative methods.” The study is also highly useful for urban planning and in the design of sustainable cities, furthering the ethos of the UN Sustainable Development Goals 7 (clean energy), 11 (sustainable cities), 13 (climate action), and 15 (life on land). Upcoming events in DevOps Join us for an in-depth presentation on the advanced cloud strategies at The National DevOps Conference and Awards, happening in London on October 22nd and 23rd, 2024. This premier event will feature expert insights into how AI is transforming DevOps practices and the broader tech industry. View the Full Agenda: The National DevOps Conference and Awards Agenda Exclusive Offer: Gain free entry to the conference by submitting your project to the DevOps Awards before the September 16th deadline. Don’t miss this opportunity to showcase your innovation and network with industry leaders. For exhibit at the conference, please contact calum.budge@31media.co.uk Foe media enquiries, please contact vaishnavi.nashte@31media.co.uk
Embracing CI/CD for Improved Software Deployment and Developer Health
This article is published in collaboration with The National DevOps Conference and Awards.To be a speaker at the conference or to exhibit your solutions to our delegates, please get in touch here. As part of the #LeadersInTech series, we collaborated with Rob Reid, Technical Evangelist at Cockroach Labs on how developers can embrace CI/CD for improves software deployment and developer health. I’ve never been woken up at 2 a.m. by a company that uses CI/CD. Put another way, for software developers, the use of Continuous Integration (CI) and Continuous Deployment (CD), or CI/CD, for software development, testing and deployment is a game changer for maintaining code quality, smooth processes, and ensuring reliable releases. It transforms the development lifecycle, allowing teams to focus more on innovation rather than firefighting issues. And for preventing those 2 a.m. fire drills. Continuous Integration involves the integration of code changes into a shared repository multiple times a day. Automated tests are run to detect errors early, ensuring that the codebase remains stable. This continuous integration supports a proactive approach to problem-solving, substantially decreasing the likelihood of disruptive, last-minute discoveries. Continuous Deployment, on the other hand, focuses on automating the release of validated code to production environments, streamlining the entire deployment process. This tightly integrated testing and deployment process ensures high compatibility and operational reliability, which are critical for our users’ success. This approach also ensures that every version of the application works harmoniously with CockroachDB before reaching production. Benefits of CI/CD The primary benefit of CI/CD is maintaining a clean main branch of code, ready for release at any moment. This practice instills confidence in developers, knowing that their code is always in a releasable state. Additionally, CI/CD ensures reproducibility, allowing the deployment process to be consistent across different environments. The importance of automated testing in CI/CD cannot be overstated. Automated regression tests catch bugs early, enabling developers to make bold changes without fear of breaking the codebase. This leads to a more dynamic and innovative development environment. Best Practices for CI/CD: Treat Infrastructure as Disposable: Adopt the mindset of treating infrastructure like “cattle, not pets.” For example, use automated scripts for provisioning that quickly replace faulty instances without manual intervention, enhancing scalability and reliability. Automate Everything: From testing to deployment, automate as many processes as possible. This reduces the risk of human error and ensures consistency across deployments. Comprehensive Testing: Ensure that tests are integral to the process. Proper test coverage provides confidence in the codebase, allowing for more significant changes and refactoring. Feature Flags: Use feature flags to safely release new features. This allows for “dark releases”, where features are deployed but not activated until needed, providing a quick rollback mechanism if issues arise. Eliminate Bureaucracy: Avoid unnecessary release reviews and approval processes. Focus on building a robust CI/CD pipeline that allows for high-velocity development and deployment. The impact of CI/CD on developer health The adoption of CI/CD not only improves technical operations but also has a profound impact on developer well-being: no more fear that you will bring your company’s IT to a grinding halt because of a “fix” or addition that broke the codebase! Automated processes and the ability to trust the tools rather than relying solely on personal interventions leads to a more balanced work-life experience and better overall results. I have also found that when the CI/CD mindset gets set from the top, at the executive level, there is a healthier work balance for the developer. Counter to this are companies that reward the “hero culture” of software releases which start at 2 a.m.. A culture of being rewarded for fixing production issues rather than preventing them not only increases stress but also slows down development as manual interventions become the norm. CI/CD processes are not just technical practices; they represent a shift towards a healthier and more efficient development culture. By automating processes, ensuring comprehensive testing, and eliminating bureaucratic hurdles, companies can create a more dynamic and innovative environment. For organisations still on the fence about adopting CI/CD, it’s crucial to understand that the initial investment in building a robust CI/CD pipeline pays off significantly in the long run. The result is not only a more reliable and scalable codebase but also a happier, healthier team ready to tackle the challenges of modern software development. Learn more about CI/CD practices at the National DevOps Conference 2024 Join us for an in-depth presentation on CI/CD practices at The National DevOps Conference and Awards, happening in London on October 22nd and 23rd, 2024. This premier event will feature expert insights into how AI is transforming DevOps practices and the broader tech industry. View the Full Agenda: The National DevOps Conference and Awards Agenda Exclusive Offer: Gain free entry to the conference by submitting your project to the DevOps Awards before the September 16th deadline. Don’t miss this opportunity to showcase your innovation and network with industry leaders. For exhibit at the conference, please contact calum.budge@31media.co.uk Foe media enquiries, please contact vaishnavi.nashte@31media.co.uk
New Study: Sustainability Still Takes a Back Seat to Financial Factors
Sustainability still takes a back seat to financial factors in business decisions Companies still consider sustainability less important than financial factors when selecting other companies as customers and suppliers, finds new study from Mannheim Business School. The EU’s Supply Chain Act, adopted in May 2024, requires large companies to make greater commitment to environmental protection and social standards, motivating all companies in supply chains to comply with sustainability goals. Sustainability vs Profit: What drives business decisions in supply chains? Dr. Jannis Bischof, Professor from Mannheim Business School, and colleagues surveyed more than 2600 companies on environmental, social, and governance (ESG) in supply chains, including how important they consider non-financial indicators to be when selecting customers or suppliers, or how they rate the new standards for sustainability reporting. They found that many companies hold a negative attitude towards current sustainability regulations, including the EU’s new sustainability reporting standards: 56% of companies without an ESG focus and 39.2% with an ESG focus rate the new standards for sustainability reporting as “rather negative” or “very negative”, describing the requirements as too bureaucratic and complex. However, companies that voluntarily report on sustainability and align their business model accordingly for strategic reasons welcome the new regulation. The study also finds that expectations associated with the new Supply Chain Act are only being fulfilled to a limited extent. Although a similar act had already been implemented in Germany, companies still overwhelmingly rely on financial indicators when selecting business partners, customers, or suppliers along their supply chain, such as price, product features, terms of payment, and delivery terms. Non-financial indicators, such as environmental protection and sustainability, rank at the bottom of the list. These results not only apply to large companies (more than 1000 employees), which are required to disclose their ESG performance, but also smaller companies. Why companies are resisting the EU’s new sustainability reporting standards “The many bureaucratic obligations for supply chains do little to change the fact that companies are hardly willing to change their usual processes out of consideration for social or environmental goals when selecting their business relationships,” says Dr. Bischof. “In too many cases, the implementation of the law is purely a compliance exercise with no real impact on sustainability goals.” Companies that use ESG factors for their own business model and therefore have a strategic focus on sustainability goals are prepared to increase their environmental and social efforts and adapt supply chains accordingly. Upcoming events and awards in DevOps Join us for an in-depth presentation on the advanced cloud strategies at The National DevOps Conference and Awards, happening in London on October 22nd and 23rd, 2024. This premier event will feature expert insights into how AI is transforming DevOps practices and the broader tech industry. View the Full Agenda: The National DevOps Conference and Awards Agenda Exclusive Offer: Gain free entry to the conference by submitting your project to the DevOps Awards before the September 16th deadline. Don’t miss this opportunity to showcase your innovation and network with industry leaders. For exhibit at the conference, please contact calum.budge@31media.co.uk Foe media enquiries, please contact vaishnavi.nashte@31media.co.uk
Advanced Cloud Strategies for Privacy and Security
#NDCA2024 Speaker Edition With less than 2 months until The National DevOps Conference and Awards, we interviewed #NDCA speaker, Harbinder Singh. The conference & Awards takes place in London on the 22nd and 23rd of October 2024. To exhibit your products at the event, please get in touch here. Author: Harbinder Singh, Head of Cloud and Security and a speaker at the National DevOps Conference and Awards In today’s digital age, where cloud computing drives business innovation, protecting sensitive data has never been more critical. While the cloud offers unparalleled scalability and flexibility, it also presents significant privacy and security challenges. Organisations must balance the openness and accessibility of cloud environments with stringent privacy controls to safeguard their most valuable assets. My upcoming conference presentation will explore strategies to achieve this balance, focusing on tools and practices like IAM policies, Alerts and AWS capabilities to make it difficult for malicious actors. Enforcing Security with IAM Policies and HTTPS A fundamental aspect of securing your cloud environment is the implementation of robust Identity and Access Management (IAM) policies. These policies allow you to control who can access your resources and under what conditions. A critical strategy is enforcing HTTPS for all communications with your cloud services, ensuring that data in transit is encrypted and protected from eavesdropping or man-in-the-middle attacks. For example, you can create an IAM policy to deny non-HTTPS requests to S3 buckets, ensuring all data exchanges are secure. This policy can be extended to other AWS services, providing comprehensive encryption across your cloud infrastructure. Securing Communication with VPC Endpoints, Cloud Map and Service Discovery Maintaining privacy within your cloud environment requires securing the flow of data. Virtual Private Cloud (VPC) endpoints and endpoint services enable private communication between resources within a VPC and AWS services without exposing data to the public internet. VPC endpoints allow you to create a private connection between your VPC and services like S3 or DynamoDB, ensuring that data remains within your VPC’s secure boundaries. VPC endpoint services, on the other hand, allow you to create private endpoints for custom applications, securely sharing services within your infrastructure or with partners. In dynamic cloud environments, where resources frequently scale and move, keeping track of service locations can be challenging. AWS Cloud Map provides service discovery by dynamically managing the location of cloud resources and ensuring secure communication between services. By integrating AWS Cloud Map with IAM policies and VPC endpoints, you can ensure that service discovery within your cloud environment is both secure and private. This integration is particularly useful in micro-services architectures, where services need to discover and interact with each other efficiently without exposure to public networks. Continuous monitoring for security Continuous monitoring and timely alerting are essential for maintaining the security and privacy of your cloud environment. AWS CloudWatch provides robust tools to monitor the health and security of your resources, offering insights into metrics such as traffic patterns, access logs, and error rates. CloudWatch Alarms can notify you of unusual activity, such as traffic spikes or unauthorised access attempts. CloudTrail adds another layer of security by recording all API calls made within your AWS account, providing a detailed audit trail. This helps you track user activity, detect suspicious behaviour, and ensure compliance with internal and external regulations. Security threats are constantly evolving, making continuous monitoring and response crucial. Tools like alert logic provide managed detection and response services that offer real-time visibility into security threats across your cloud environment. Combining machine learning with human expertise, Alert Logic helps detect and respond to incidents before they can cause significant damage, ensuring that your private data remains secure. Vulnerability assessment for cloud environment Regularly conduct penetration tests of the application. Tools like Github code Scanning, Dependabot, OWASP Zap, AWS Inspector are some automated security assessment tools and services that scans your code, cloud infrastructure for vulnerabilities, most important can be integrated in your CI/CD. These tools help identify potential security issues, such as misconfigured security groups or unpatched software vulnerabilities, and provide detailed reports so you can address them proactively. Regular use of AWS Inspector helps ensure that your cloud environment remains secure against evolving threats. Strengthening perimeter protection with IDP, WAF, security groups, and NACLs Perimeter protection is a critical aspect of cloud security, defending your environment from external threats. Identify provider, Web Application Firewall (WAF), Security Groups, and Network Access Control Lists (NACLs) form the backbone of this protection. Identity Providers (IdPs) enable secure authentication and authorisation by integrating with services to enforce who can access your cloud resources. By using identity federation, you can allow users from different domains or external identity providers (like Okta, Google, or Active Directory) to access your AWS environment without needing to create separate IAM users. This enhances security by centralising access management and ensuring that only authenticated and authorised users can access sensitive resources. WAF protects web applications from common threats such as SQL injection and cross-site scripting by filtering and monitoring incoming traffic, ensuring only legitimate traffic reaches your applications. Security Groups act as virtual firewalls for your EC2 instances, controlling inbound and outbound traffic based on defined rules, allowing only authorised traffic to access your resources. NACLs provide an additional layer of security by controlling traffic at the subnet level, offering stateless filtering to allow or deny traffic based on specific rules. These tools work together to form a robust perimeter defence, minimising the risk of unauthorised access and safeguarding your data. Optimising data retention to manage privacy risks Managing the volume of data stored in the cloud is crucial for reducing privacy risks. Over time, data accumulation can increase storage costs and make securing all information effectively more challenging. Implementing data retention policies helps mitigate this risk by automatically archiving or deleting data that is no longer needed. There are lifecycle management policies for services like S3, allowing you to define rules for transitioning data to lower-cost storage or for permanent deletion after a certain period. This not
How Automation is Transforming DevOps
In collaboration with The National DevOps Conference and Awards, we interviewed Michael Sagalovich, QA and DevOps Practice Lead at Coherent Solutions. In this article he lists out the key trends within DevOps and how automation is transforming and driving digital transformation. The National DevOps Conference & Awards takes place in London on the 22nd and 23rd of October 2024. To exhibit your products at the event, please get in touch here. The critical force driving digital transformation Although automation is currently emerging as a trend in the IT community, the basic idea of automating tasks throughout the software development lifecycle has been around for decades. In its essence, we cannot talk about DevOps without talking about automation. But what we’re seeing now is more and more different industries finding benefits in automation beyond just the IT and software development industries. As cloud environments become ever more complex, automation is becoming imperative to digital transformations and business continuity for organisations across the map. How automation and CI/CD pipelines are transforming DevOps Automation is increasingly being integrated into various stages of the DevOps pipeline, from code integration to testing, ensuring rapid and reliable delivery of applications. The current and most prevalent trend in automation, aside from AI, is moving towards ‘automate everything’. As infrastructures become more complex, this is becoming all the more critical particularly in the processes that occur after developers commit their code. Continuous Integration and Continuous Delivery (CI/CD) methodologies are integral to modern DevOps practices. These approaches involve the seamless integration of code into a shared repository and the automated deployment of applications to production environments. CI/CD pipelines are instrumental in reducing manual errors, improving code quality, and accelerating the delivery of applications to end-users. Furthermore, infrastructure as code (IaC) remains crucial. Tools like TerraForm, and cloud-specific tools are allowing organisations to manage their cloud infrastructure through code. Additionally, Kubernetes, which automates managing Docker images, has been a staple in DevOps for over a decade. While there are always new libraries and tools emerging, these foundational tools continue to play a significant role in automation for DevOps. From IT to Financial Services: How Automation is Driving Innovation Automation is transforming industries by streamlining processes, reducing manual labour, and enabling faster delivery of services. For instance, in the IT sector, automation is applied to every step that occurs after a developer commits their code, reducing errors and handling complex infrastructures. It’s a crucial and unavoidable process for any organisations hoping to do anything at scale. Taking the UK’s 2022 mortgage meltdown as an example, a lack of automation lead to banks not being able to cope with the rapidly changing market conditions and falling behind on updating their interest rates and mortgage programs. Contrasting this, companies like Netflix have successfully used automation to deliver new features extremely fast to the market. This rapid delivery, sometimes as quick as 15 minutes from idea to production, would be impossible without automation. Regardless of the industry, if there’s an IT component, automation is likely to enhance its operations by streamlining processes and enabling faster decision-making. The key to an effective digital strategy Automation’s role in a company’s digital strategy is vital. It underpins digital transformation efforts, with a focus on automating workflows to demonstrate tangible benefits to end-users. As industries continue to evolve, automation will remain a key driver in shaping digital landscapes and ensuring competitive advantage. Beyond enhancing testing and reducing human error, automating routine tasks enables teams to focus on the bigger picture, collaborate effectively, and design better solutions. In today’s competitive landscape, this is critical. While AI and other technologies can contribute, human expertise remains essential, especially in addressing security concerns. Automation ultimately allows organisations to reduce silos creating a collaborative environment for transformation and future business growth. Addressing security in DevOps While the integration of automation has been a game-changer in DevOps, significantly enhancing the speed and efficiency of development and operations, the importance of security cannot be overstated. While DevOps tools have streamlined the code release process, security challenges persist. Automation and artificial intelligence offer substantial support, yet they cannot entirely replace the need for manual oversight in security protocols. In the balance between rapid delivery and robust security is delicate; speed-to-market should rarely ever take precedence over security, especially in organisations releasing products on a large scale. Ultimately, security may vary in priority depending on the industry and the audience size, so it is imperative that organisations take a tailored approach when addressing security in their DevOps practices. Maintaining a competitive edge in the current digital landscape comes down to companies embracing automation as a strategic imperative. By integrating automated processes into their operations, businesses can enhance their operational efficiency, foster collaboration, and in turn, deliver superior products and services to their customers. Explore AI and automation at the National DevOps Conference in London Join us for an in-depth discussion on the scope and future of AI and automation at The National DevOps Conference and Awards, happening in London on October 22nd and 23rd, 2024. This premier event will feature expert insights into how AI is transforming DevOps practices and the broader tech industry. View the Full Agenda: The National DevOps Conference and Awards Agenda Exclusive Offer: Gain free entry to the conference by submitting your project to the DevOps Awards before the September 16th deadline. Don’t miss this opportunity to showcase your innovation and network with industry leaders. For exhibit at the conference, please contact calum.budge@31media.co.uk Foe media enquiries, please contact vaishnavi.nashte@31media.co.uk
Leaders in Tech: Matt Rees
Welcome to our Leaders in Tech editorial series. Speaking to leaders in the industry to capture their stories, career highs and lows, their trials and successes, their current company and their role, most recent projects, advice to others, and the individuals who they most look up to in the industry. This week, we talked to Matt Rees, Digital Solution Architect at BT, to find out more about why he joined the tech industry, what his role entails, what are the challenges he faces as a tech leader, and his advice to aspiring engineers and developers. First of all, could you introduce yourself and your current role? I’m Matt Rees a Solution Architect at BT Digital working in the Consumer division – we build and maintain all the digital products for BT’s Consumer brands (BT, EE, and PlusNet). Can you tell me about your journey in technology? I went to university to study Audio and Music Technology at the University of the West of England (UWE) which is a new university in the city of Bristol, UK. I’d chosen that course as I wanted to become a sound engineer. On the first day the course leader said if we wanted to be sound engineers, we should “go and be someone’s tea boy in a recording studio … and that we were at university to learn about the technology that underpins sound and music”. That was 2008 which was a big year in mobile development as iPhoneOS 2.0 launched. Most people don’t remember that when the first iPhone launched in 2007 it only had the default Apple software. iPhone OS 2.0 saw the launch of the App Store where developers could build custom software “Apps”. I saw the iPhone as the natural evolution of the iPod – the defining piece of music technology of my generation so being able to add custom software to this seemed to me like the perfect intersection of music and technology. At university, I learned the basics of C and C++ building audio plugins, in my final year I began learning Objective-C so I could build iPhone apps. UWE is the newer and smaller university in Bristol but whereas it can’t compete with Bristol university’s heritage and research status it was very good at preparing students for work. So much so that one module even required us to build a digital product for a local company. I managed to convince my friends that we should build an iPhone app for a local football website and so my journey into professional development began. Once I’d graduated the university secured me an internship at a local digital agency building mobile apps and over the course of the last 11 years I’ve worked for a number of agencies across the UK building apps for brands including Jet2, McCain, and UK Greetings. After a few years, I decided to switch from being agency side to being client-side and saw that EE was hiring. EE sold iPhones so it seemed a natural fit for a place to go and make iPhone apps. BT then purchased EE. What inspired you to get involved in the IT industry? It’s great to be able to build something that people are using. It’s similar to music when all the parts come together and you can see people enjoying the song it can be really rewarding. Having an idea and being able to build that and have it come to life is the main reason I started coding. What is the favorite part of your job? I love learning, so being in such a fast-paced industry where you’re constantly having to learn new skills is really enjoyable, it can be stressful always having to stay on top but as you get more experienced you learn when and how to pick up new tools. According to you, what makes a good leader in the industry? Empathy – leading a team is both about being great with technology and making sound decisions but also appreciating that everyone has their own lives with their own circumstances. Those circumstances could be anything from having a newborn baby, a relationship breaking down, or a family member being sick. Being able to support your team by helping them through those moments will pay dividends in the long run. What are some of the challenges you faced during your career? One of the earliest challenges was the perception of not having a computer science or software engineering degree meant I didn’t know how to code. This is where having a portfolio of projects I’d worked on really helped. I produced fully working apps that helped me learn the basics of coding. Software engineering can be taught on the job and each company has different standards anyway so never be afraid to apply for a job that you think is above you. You can teach standards, but you can’t replace passion. What are you the proudest of in your career so far? When our app (My EE) hit number 3 in the App Store charts for Utilities (behind Google Chrome and Google Search) that was really rewarding to see. Do you have goals for the future? I’d love to be involved in making software engineering more environmentally friendly. In my spare time, I build the website for Protect Our Winters UK where we help passionate outdoor people become effective climate advocates to achieve systemic solutions to climate change. Do you have any advice for aspiring engineers and testers? Start now. There is so much great content (both free and paid) out there start making mistakes now. Mistakes are how we learn and get better, it’s better to make lots of small mistakes and keep continuously improving than it is to be the perfect first time.
Leaders in Tech: Saul Zarrate
Welcome to our Leaders in Tech editorial series. Speaking to leaders in the industry to capture their stories, career highs and lows, their trials and successes, their current company and their role, most recent projects, advice to others, and the individuals who they most look up to in the industry. This week, we talked to Saul Zarrate, Head of Delivery at Altamira, to find out more about why he joined the tech industry, what his role entails, what are the challenges he faces as a tech leader, and his advice to aspiring engineers and developers. Could you introduce yourself and your current role? My name is Saul Zarrate – I am the Head of Delivery for an American start-up called Altamira. Can you tell me about your journey and how you got where you are now? Having studied Computer Science and Systems Engineering, I spent most of my early life coding (mainly caffeinating while battling Java and Oracle). While doing that, I became aware that my strongest fortitude lay in leading IT teams, managing clients and customers, and explaining IT to non-IT people. This mix naturally led me to become an IT manager. What inspired you to get involved in the IT industry? Honestly? It was a great accident. My older brother studied Computer Science as well, so we had a PC in our house, which I would play games on (for many hours!). However, an element that is a better answer for this is that I liked abstracting information, structuring data, and solving problems; in other words, I was a math geek! This blend put me in IT. Having said all this, once I got to understand IT at University and then at work, I became super passionate about the ability to make things easier for people via the power of automation (which technology provides). Elon Musk talks about how IT can be seen as magic, i.e. if you were going to describe it to someone from a century ago, they would think that you are a sorcerer – that’s the magic of IT! Why did you decide to specialize in DevOps and Agile? What do you like about it? It was first introduced to me in 2010; like many, I was initially skeptical since it sounded like a hippie fashionable concept. The fancy names and the purism injected into these ways of working didn’t help either. I realized, however, that the difference was not so much on the tooling, the processes, or even the practices, but the approach itself. These ideologies are very team-oriented, and are all about simplicity and user-centricity – all this resonated and still resonates with me after more than 10 years of learning and practicing. Do you have a favorite part of your job? Not just one, but I often think about the adrenaline rush that comes from transforming seemingly impossible challenges into a deliverable that provides value to a user/customer. Team collaboration is a formidable tool to change something unthinkable into something tangible. According to you, what makes a leader in the industry? In my opinion, the answer to this question is a combination of several simple answers. Savvy IT leaders don’t have just one or even a handful of skills; they have a combination of many. I will miss some, but here are a few that come to mind: Understand that collaboration, inclusivity, and diversity are key to building great software. Strive to do more with the same, or less. Seek to automate, build templates, re-use, etc. Question stuff, e.g. Do deployments take more than an hour? We have a problem then. Do products take months to launch? We lack simplifying, etc. Understand that the most important decision is to hire the right people. By bringing in the right people, your project is already 60-70% closer to success. Know that it takes an optimal combination of cultural fit and technical competence to find the right team members. Play an infinite game but are pragmatic and results-oriented. Strive to improve team throughput/velocity over time. Have accountability. When something goes wrong, they acknowledge it right away, apologize, and share some learnings from it. Start with the customer in mind and then retrospectively find an IT solution to meet a need/opportunity (most IT people start with IT and try to fit it, into the customer!). Are empathetic. Are able to understand the other party’s perspective, whether it’s a customer, peer, or teammate. Understand that being in charge of people means looking after them. Show genuine interest for the humans in their team, challenge them, respect them, support them, and coach them to do/be better. Help to achieve 2 to 3 company business goals. As humans, we are drawn to details, which is why we get obsessed and distracted – ultimately, all that really matters in a company is stuff you can count with your fingers. Are altruistic. Make everything about the team, ensure the team is recognized, get excited about it, fight for them – never run teams with an ego. I am sure I am missing a few, but the point is that just ticking one or a few, doesn’t make you a good leader. The compounded combination of many little things like these is what savvy IT leaders share. What are some of the challenges you faced during your career? I lost key people on a high-profile project, seriously compromising its completion. Our team culture allowed others to step up, do the impossible, and cover as a team. Remarkably we managed to deliver the project in the end. I once worked for an egocentric and uninspiring manager. This taught me about my own resilience capacity despite toxic situations as well as about setting boundaries, which we tend to forget when we try to prove ourselves. I have managed people with mental health issues and had to let people go. Finding the sweet spot between ‘it’s just a business, not personal‘ and ‘they are people with families, lives, etc’ was challenging, but,
Leaders in Tech: Alan Rana
Welcome to our Leaders in Tech editorial series. Speaking to leaders in the industry to capture their stories, career highs and lows, their trials and successes, their current company and their role, most recent projects, advice to others, and the individuals who they most look up to in the industry. This week, we talked to Alan Rana, DevOps Engineer, to find out more about why he joined the tech industry, what his role entails, what are the challenges he faces as a tech leader, and his advice to aspiring engineers and developers. Could you introduce yourself and your current role? My name is Alan Rana. I am a DevOps engineer at Automation Logic. Automation logic is a consultancy company specialising in DevOps and cloud transformation and delivery. In my current role, I’m working with major public sector clients to help them adopt DevOps best practices in their cloud architecture and migration work. My current team is involved in migrating, supporting, and monitoring legacy applications onto the cloud. Can you tell me about your journey and how you got where you are now? I did my undergraduate and master’s in mechanical engineering. However, it was during my master’s when I realised mechanical engineering was not something I was interested in anymore. I started getting more interested in the IT industry, with coding, automation, and cloud computing. I knew the future would be very interesting in the IT industry so I wanted to get involved. I wasn’t fully sure which part of IT I wanted to specialise in as I was fairly new to the IT world at this point and I was fascinated by pretty much everything! I wanted to learn a bit of everything in the IT industry and that’s when I found the perfect Graduate DevOps role at Automation Logic. Automation Logic has a DevOps academy program where they hold 3 months of intense training, which includes programming languages such as python, cloud computing, Kubernetes, and many more DevOps topics! This was an amazing learning opportunity for me to get a taste of the technologies and sectors within IT. It was the perfect step into the IT and DevOps industry. And I haven’t regretted it and I have loved it ever since. What inspired you to get involved in the IT industry? As mentioned above, I realised I had lost my passion and interest in mechanical engineering during my master’s degree and started to look for an alternative route. Just like the majority of students, I decided to try to come up with a start-up business and wanted to create a car-sharing application. This is when my interest in the IT industry started. During my research into creating an application, it was fascinating to see how codes worked, how it was all automated, and how certain applications were hosted and maintained in a cloud platform. Unfortunately, my car-sharing application didn’t work out (like many ideas), however, it made me realise I wanted to get into the IT industry. More specifically, it made me interested in cloud computing, writing infrastructure as code, and automating as much as possible. It was amazing to see how processes were getting automated. Hours of work were reduced to minutes, all because it was captured correctly and strategically in code which was triggered by a few commands rather than long manual steps. Why did you decide to specialise in DevOps? I wanted to specialise in DevOps as I was noticing how big cloud computing was getting. I was noticing the benefits of Companies migrating to the cloud; more efficiency, decreasing costs, scalability, etc. And I wanted to be involved in this exciting process. Also, I always liked the idea of being involved in the application lifecycle process. From the applications development to deployment in production. Being in a “DevOps” role allowed me to have the flexibility to get involved in the different lifecycle phases of an application. From working with the developers in the development phase, migrating and deploying it to the cloud, working with the testing & security team all the way to monitoring & analytics of the application in production. Do you have a favorite part of your job? One of my favorite parts of my job is when I’ve been stuck with a code error for a long time or my team has received an alarm for fault with the application/infrastructure and after the debugging session we manage to fix it, that feeling of success and breakthrough is always amazing! I also enjoy being part of “show and tell” sessions where I can share my knowledge and experience on a certain task with the team. What are some of the challenges you faced during your career? So far, one of the most challenging works I’ve faced is trying to migrate legacy applications to the cloud whilst trying to implement the DevOps “working ways” for a client that is attached to certain technologies or concepts that they have stuck with for a while. It can be difficult to introduce new technologies or concepts. (Have to be prepared for the tough questions that may come your way). Also, as a consultant, it’s always difficult to switch and adapt to different technologies that different clients are using. Although this may be difficult, it is also rewarding to learn new technologies. What are you the proudest of in your career so far? A big proud moment for me so far is being part of a team involved in a full-scale migration of legacy applications and databases into the cloud, for a large government department. We have currently completed 90% of the migration. Since migrating to AWS, we have seen roughly 35% less spending in the first few months of migration, with even more to come once we’ve fully migrated and during the “improve phase” where we will continue to monitor the applications, and improve and reduce more unnecessary cost. It’s also a proud feeling to see how much the client engineers have improved. Many
