Arrested DevOps

The Trust Problem Returns Hannah Foxwell, who has spent over a decade in DevOps and platform engineering, draws a striking parallel to earlier transformations: “It used to be that testers didn’t trust developers and ops didn’t trust testers and there were all these silos. Now we’re putting AI agents in the mix. Can we trust them? Should we trust them?” This isn’t just déjà vu—it’s a fundamental challenge that resurfaces with every major shift in how we build software. As Robert Werner points out, management had to give up control and push trust to the edges of organizations during the agile transformation. With cloud adoption came self-service and automation. Now, with AI, we’re dealing with non-deterministic black boxes that we need to trust to be “right often enough.” The Fluency Gap One of the biggest challenges isn’t the technology itself—it’s the lack of shared understanding. Hannah launched “AI for the Rest of Us,” a community now with over 1,000 members, after realizing that AI fluency is essential for making good decisions about where and how to use these tools. “I went to a talk at a conference thinking I’d learn about AI in one talk and become an expert by tomorrow,” Hannah recalls. “It just didn’t happen like that. There’s a whole new domain with new vocabulary, new concepts, new techniques.” The community focuses on making AI accessible without dumbing it down—providing talks and content that explain complex concepts in simple language so more people can participate in the conversation about AI’s role in software development. The Speed-Responsibility Paradox The technology is evolving so rapidly that best practices barely have time to solidify before they’re obsolete. Robert describes how hiring strategies at startups are changing every few weeks as new capabilities emerge. “Things that weren’t feasible last week are suddenly possible,” he notes. But this speed creates a dangerous tension. Organizations are pushing hard for AI adoption while the guardrails, workflows, and cultural practices needed to use it safely are still being figured out. As Matty observes, this leads to perverse incentives—developers required to “use AI” who find ways to tick the box without actually deriving value, just like teams that once added meaningless tests to meet sprint requirements. Who Owns the Code? A critical question emerges: if AI generates the code, who owns it? Who’s responsible when something goes wrong? Hannah frames it in familiar DevOps terms: “Does anybody really want to own a service if they didn’t write it and they don’t understand how it works? It’s the ops challenge again—AI throwing code over the wall to us.” Robert’s answer is pragmatic and honest: humans will need to take responsibility for validating AI-generated code, ev

Security: the one topic that’s guaranteed to turn any DevOps conversation into a mix of fear, eye rolls, and nervous laughter. In this episode of Arrested DevOps, Matty welcomes back Kat Cosgrove to talk about the “never not hot” world of security and why it’s always lurking just over your shoulder (like that one compliance auditor who swears they’re just “observing”). Kat and Matty cover: Why vulnerabilities never seem to stop showing up in your containers (spoiler: they don’t). How teams can respond without spiraling into full-blown panic. The realities of securing Kubernetes and containerized environments (without pretending there’s a magic “easy button.”) Why security culture matters as much as the tools you’re using. Along the way, expect the usual mix of snark, sarcasm, and the occasional tangent about how everything in tech eventually becomes a security problem. If you’ve ever patched the same vulnerability three times in a week, or found yourself yelling at a CVE like it’s a personal enemy, this one’s for you.

We’ve all been there: burning out on volatile tech jobs, tangled in impossible systems, and wondering what our work actually means. On this episode of Arrested DevOps, Matty Stratton sits down with Kat Morgan for a heartfelt, funny, and sharply observant conversation about AI: what it helps with, what it hurts, and how we navigate all of that as humans in tech. They dive deep into how large language models (LLMs) both assist and frustrate us, the ethics of working with machines trained on the labor of others, and why staying kind—to the robots and to ourselves—might be one of the most important practices we have. “We actually have to respect our own presence enough to appreciate that what we put out in the world will also change ourselves.” – Kat Morgan Topics Why strong opinions about AI often miss the nuance Using LLMs to support neurodivergent workflows (executive function as a service!) Treating agents like colleagues and the surprising benefits of that mindset Code hygiene, documentation, and collaborating with AI in GitHub issues Building private, local dev environments to reduce risk and improve trust Ethical tensions: intellectual property, environmental impact, and the AI value chain Why we should be polite to our agents—and what that says about how we treat people Key Takeaways AI isn’t magic, but it can be a helpful colleague. Kat shares how she uses LLMs to stay on task, avoid executive dysfunction, and manage complex projects with greater ease. Good context design matters. When working with AI, things like encapsulated code, clean interfaces, and checklists aren’t just best practices. They’re vital for productive collaboration. Skepticism is healthy. Kat reminds us that while AI can be useful, it also messes up. A lot. And without guardrails and critical thinking, it can become more of a liability than a partner. Build humane systems. From privacy risks to climate concerns, this episode underscores that responsible AI use requires ethical intent, which starts with practitioners.

Openness plays a significant role in propelling DevOps and organizational processes forward. This is not to imply that everything must be open, but the default should be openness unless a valid reason indicates otherwise. Andrew Zigler, developer advocate at Mattermost, and Matty from Arrested DevOps recently shared insights on this subject. They discussed creating impactful developer advocates, managing community writing programs, and dealing with the challenges of open source communities. The Importance of Open Source in Communities Andrew emphasizes that the loudest and most contributory voices in open source projects are usually the paid internal staff. However, he champions setting up pathways in the community to validate the experience of all contributors and reward them with anything from thought leadership, platforms, or even swag. The key is to influence individuals at all levels of engagement and ensure that they feel they own part of what they are contributing. One of the challenges he identified is over-influencing which often stems from the fact that the paid staff are the ones driving the open source project vehicle. This imbalance usually drowns out the voices of other contributors, particularly those who may not have the luxury of dedicating as much time and energy to the project as the paid staff. Andrew suggests a solution: the company creating more developer advocates through the multiplier effect. This means ensuring that everyone across the board understands the importance of the open-source community and empowers them to contribute. The more developers contribute, the larger and more diversified the community becomes, leading to better outcomes and solutions. The Critical Role of Leadership in Open Source Communities Matty highlights how vital leadership is in these initiatives. By allocating resources, prioritizing open source community engagement, and maintaining a strategic focus, leaders can do much to foster a healthy open-source community. Successful leaders understand that engagement levels differ, so they create opportunities for different levels of contributors to partake and contribute to the community. To ensure the project remains harmonious and aligned with company goals, the leadership should give equal weight to both staff and contributors’ voices. In the end, everyone involved in the project is part of the community. Engineering Blogs: The Balance of Output The conversation took an interesting turn when they started discussing engineering blogs, a tricky subject for many organizations. Matty points out that these blogs have the tendency to publish sporadically, often dominated by lengthy droughts of content or a sudden overflow of posts. Such inconsistency happens when

Jessitron is joined by Chelsea Troy, Staff Data Engineer at Mozilla, and one of the all-around most interesting people in software today, to discuss staff engineering, machine learning operations, and maybe also surfing.

Every ADO Cold Open Ever “Episode 0” of ADO “Old Geeks Yell At Cloud” video

The First 90 Days “It’s not a promotion - it’s a career change” (Lindsay Holmwood) “Not All Leaders Are Managers” - (Aaron Bassett)

DevOps is not a department. It's a set of concepts and ideas that are human-centric and driven through Agile practices. It's applying Big A Agile to operations: fast feedback loops, deeper collaboration with stakeholders (which is the engineering team), and invoking people over process and tools. A current problem hamstringing organizations is that they treat DevOps like a commoditized department: one that writes shell scripts and deploys Jenkins servers, and not the value engine that those teams could be. They took the tools team, applied a light version of DevOps ideology, and said, "Hey, that's it. That's DevOps. Hashtag winning."

OWASP Top 10 Stripe: The developer coefficient (quantifies the cost of bad code to companies to be $59B annually) Facebook: FAUSTA: Scaling Dynamic Analysis with Traffic Generation (how runtime analysis was used at WhatsApp to catch design flaws before they reached production) Dragan Stepanović - Async code reviews are choking your company’s throughput (from LAS 2022, a talk which highlights the systemic problems with developers trying to do manual code reviews of large PRs) AppMap, the runtime analysis company which Brian works for Cloud Native Security with Michael Isbitski ADO Episode

It's a complex world! Matty and Michael Stahnke wax philosophical about whether our systems need to be as complicated as we have made them

Arrested DevOps - The Database: The Elephant in the Room Arrested DevOps - Data! Data! Data! With Francesco Tisiot Arrested DevOps - The New DevOps With Adam Jacob History of databases talk from Matty and Kat Cosgrove

Arrested DevOps - DevOps With Better Marketing with Pete Cheslock Arrested DevOps - Platform Engineering with Daniel Bryant Arrested DevOps - Platforms with Kelsey Hightower and Andrew Clay Shafer Lean Enterprise The Future of Ops Is Platform Engineering Charity’s talk from devopsdays NYC Jess Kerr’s blog that Matt mentioned Cargo Cult Science

https://www.instagram.com/ziggy.odoodle/?hl=en https://twitter.com/opentofuorg https://github.com/opentofu https://linkedin.com/company/opentofuorg https://github.com/opentofu/opentofu DevOps World is back for 2023, and you won’t want to miss out on this one-of-a-kind event! This year’s program is packed with exclusive insights, immersive workshops, and unparalleled networking opportunities taking place across multiple cities in the US, UK, and Asia. Elevate your DevOps game and register using the following links: NYC area, Chicago, Silicon Valley, Singapore, and London.

Links to Resources Mentioned 10+ Deploys Per Day: Dev and Ops Cooperation at Flickr *The DevOps Handbook The System Initiative Switch: How to Change Things When Change Is Hard DevOps World is back for 2023, and you won’t want to miss out on this one-of-a-kind event! This year’s program is packed with exclusive insights, immersive workshops, and unparalleled networking opportunities taking place across multiple cities in the US, UK, and Asia. Elevate your DevOps game and register using the following links: NYC area, Chicago, Silicon Valley, Singapore, and London.

The Importance of Your Personal Brand Whether you’re working for a startup or a corporate giant like Visa, Target, or JP Morgan Chase, your personal brand helps to define your professional identity. This brand is not just about showcasing your GitHub contributions, but about telling your unique story. It’s about how you solved a particular problem or contributed to a project, not just about the technologies you used. Building Your Brand Story Building your personal brand starts with self-reflection. Here are three questions to ask yourself: Who are you professionally? Identify your top three technical specialties, professional specialties, and team contributions. Who are you personally? Identify three interests and hobbies, your most important beliefs and values, and aspects of your social, family, or community life that you want to connect with people over. How do you connect with people? Identify shared interests, the advice or information you’re seeking, and what you want to know about other people. Answering these questions gives you a wealth of material to draw from when telling your story and helps you identify your strengths and areas of expertise. Show, Don’t Tell When you’re creating your brand content, remember the old adage: show, don’t tell. Instead of proclaiming yourself a “thought leader,” demonstrate your expertise through your work. Share your accomplishments in a way that highlights how your work benefited others, not just yourself. This approach makes your story more engaging and relatable. Embrace Vulnerability Being open about what you don’t know can be a powerful part of your personal brand. It shows that you’re a lifelong learner, open to new ideas and willing to grow. Plus, asking for help or resources can lead to valuable connections and insights. Pay It Forward Sharing your knowledge and helping others is a powerful way to build your personal brand in tech. It demonstrates your expertise and your willingness to support your peers. This approach is not about trading favors but about creating a positive ripple effect in your community. In conclusion, building a personal brand in tech is about more than just showcasing your skills. It’s about telling your story, connecting with others, and contributing to your community. By being authentic, open, and generous, you can create a personal brand that truly stands out. Links to Resources Mentioned Keep a Brag Book KubeCampus: Free Kubernetes Training <a href="https://www.slideshare.net/cassandrafaris/purposeful-perso

“Everything is a Product” - Matty’s talk “More Buzzwords Won’t Help” - Andrew Clay Shafer Telemetry Hub channel on YouTube DevOps World is back for 2023, and you won’t want to miss out on this one-of-a-kind event! This year’s program is packed with exclusive insights, immersive workshops, and unparalleled networking opportunities taking place across multiple cities in the US, UK, and Asia. Elevate your DevOps game and register using the following links: NYC area, Chicago, Silicon Valley, Singapore, and London.

Sysdig 2023 Cloud-Native Security and Usage Report Pushing Left With Tanya Janca (ADO epsiode) Shifting Left Securely (Matt’s talk) DevOps World is back for 2023, and you won’t want to miss out on this one-of-a-kind event! This year’s program is packed with exclusive insights, immersive workshops, and unparalleled networking opportunities taking place across multiple cities in the US, UK, and Asia. Elevate your DevOps game and register using the following links: NYC area, Chicago, Silicon Valley, Singapore, and London.

Pete’s Video Project Pete’s TikTok Want to join a future version of Pete’s videos? Platform Engineering With Daniel Bryant (ADO Episode)

Sonia Gupta and Corey Quinn - Embarrassingly Large Numbers: Salary Negotiation for Human Talking pay in the public square

Kafka Connect tool Metadata parser Francesco’s SOFT blog post

ADO Episode - Platforms with Kelsey Hightower and Andrew Clay Shafer Daniel’s Kubecon talk Daniel’s blog/tweet thread the kicked off his interest in Platform Eng Spotify golden paths Crossing the Chasm - Technology Adoption Lifecycle Backstage project Backstage as a service

VOID The Verica Open Incident Database (VOID) makes public software-related incident reports available to everyone, increasing understanding of software-based failures in order to make the internet a more resilient and safe place. After scrutinizing nearly 10,000 incidents, one thing is crystal clear: Resilience saves time. Taking the time to understand how to better respond when something green turns red—learning from the people, the processes, and the systems—will make your next incident smoother. 2022 VOID Report “Taylorism is a corporate disease that we haven’t developed a vaccine for yet” - Courtney

Jess and Roni talk about what continous feedback: where it came from, what it looks like in the context of a dev proces, and the benefits it can bring to engineers and developers. They also discuss Roni’s observability project, Digma.ai… and his other passion, complicated board games.

linkedin.com/in/dagnabieda www.themindfuldev.com How Dagna works with her clients https://www.arresteddevops.com/principal-engineer/

Breaking Down Gates with Tim Banks (previous episode with Tim)

One of the most innovative and popular virtual conferences of 2020 was Deserted Island Devops. The event was back again in 2021, and Matty chatted with organizers and speakers about what made this event so special.

Favorite Episodes Drawing DevOps with Ashton Rodenhiser Multicluster Service Mesh With Phillip Gibson and Annie Wang Brigade With Kent Rancourt Most Popular Episodes Most listened-to episode in 2021 was All Things Docker Second most listened-to episode in 2021 was Foundational Practices With Johan Abildskov Number three was Doing Releases Right With Scott Hain Pet photos! Moxie Nimoy and Ripley

Emily’s book ProAgile Emily’s blog Emily’s github Approval testing tools mentioned https://approvaltests.com/ https://github.com/texttest/texttest

Matty’s dog on Twitter Shifting Left Securely (Matty’s talk at devopsdays denver 2017) Steve’s “Collaboration over competition” talk Trivy Checkov from bridgecrew Cosecast Pushing left with Tanya Janca (ADO episode) Cosecast with Tanya Janca We Hack Purple Security Chaos Engineering With Aaron Rinehart (ADO epsiode)

Bridget chats with Kent Rancourt about Brigade, a tool for running scriptable, automated tasks (in Kubernetes). Brigade website Brigade GitHub org Brigade blog Brigade v2 docs Brigade on Kubernetes slack Brigade art by Ronan Flynn-Curran

The Best DevOps Blogs (the review giving ADO 5 out of 5) DevOps For Dummies

Previous ADO episode about service mesh with Michelle Noorali and Delyan Raychev Annie’s blog post about Multicluster Service Mesh Service Mesh Interface specification Open Service Mesh Service Mesh Comparison art credit: “Spiral” by roland - CC0 1.0

The Art of Learning: An Inner Journey to Optimal Performance “Zone of proximal development”

(episode art by Ashton Rodenhiser) Ashton’s ignite at devopsdays Texas Mike Tozer’s talk at DevSecCon Visual Communication Method - ebook by Ashton

In this episode, Jess talks with guest Cat Swetel about her career, writings, and thoughts on DevOps. Jess: “Cat is known internationally for her Penguin Power Stance and for standing on the edge of now!” Cat: “I like working with things on the edge of now. So that’s either things that shouldn’t exist anymore or shouldn’t exist yet.” Jess and Cat talk about projects that fit Cat’s definition of the edge of now. Cat: “I do believe that DevOps is inherently feminist, because it puts the emphasis on that maintenance and reproductive work rather than producing working software.” Jess brings up Eric Evans’ concept of software as gardening. The panel discusses reproductive vs productive work. Cat talks about what she sees in healthy DevOps teams. Jess and Cat talk about the challenges of working with legacy systems. The panel discusses metacommunication and Gregory Bateson. Cat: “In that situation, everyone is operating as specified but it’s still not working! So that’s when it becomes necessary to not have so much of that transactional interaction…It has to be something more generative.” Cat and Jess talk about the ethics of “care vs fair”. Cat dives into how feminist theory has impacted her thinking on DevOps and systems. Cat: “If we valued caring for the systems and caring for each other, rather than thinking fair or unfair…Let’s check, are we caring for these systems, are we being mindful? Then rad, let’s keep going.”

Does tech ask more from its community than other industries? What does it mean to be part of a community and what is expected of us?

Docker Public Roadmap DockerCon CFP open until March 15th - How to Write a Great Talk Proposal for DockerCon LIVE 2021 Docker Career Openings Docker Hub Experimental CLI tool

Learning Stuff With Ali Spittel - ADO Episode Managing Your Mental Stack - ADO Episode Mindset: The New Psychology of Success Sasha Rosenbaum’s talk about Mindset Lichtenbergianism: procrastination as a creative strategy

Sources differ on where this started, but Kurt Vonnegut posited that there are basically six story types. Matt wondered if there was similarly only six stories that are told on tech Twitter. Guests Sasha Rosenbaum, Kat Cosgrove, Quintessence Anx, Aaron Aldrich, and Jeremy Meiss dig into this as well as discuss the ups and downs of tech Twitter culture.

Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — System and software quality models Operationalised Product Quality Models and Assessment: The Quamoco Approach

Favorite Episodes Matty “Breaking Down Gates” with Tim Banks “Deserted Island DevOps” with a cast of thousands Trevor “DevOpsDays Chicago 2020” Jessica “Don’t Worry, Do Care” With Aaron Blohowiak Bridget “Tea and Anarchy” With Alice Goldfuss and Ian Coldwater Jeff “DevOpsDays Chicago 2020” What happened in 2020? Trevor A year of PM land Streaming fun with Shuffleboard (and a little DevOps). Check out the Royal Palms Shuffleboard Shufflinsanity, or look at some shuff.io livestreams. Virtual conferencing! A doggo (Friday) Jessica Jessitron, LLC Cut my hair Last Keynote Codebeam March 7&8 last talk with Avdi systemsthinking.dev Bridget I planned to travel less. Sorry for causing (points to everything). Fewer events but playing with the pre-record format Jeff Got a new gaming table Wrote a book! Operations Anti-Patterns, DevOps Solutions Matty Last in-person conference was DevOpsDays NYC New job at Red Hat! DevOps Party Games Took over from Bridget as global chair for devopsdays Did “less” speaking this year (“only” 9-10 talks) 90s Sci-Fi Roundup Joe’s Babylon 5 talk at DevOpsDays Madison 2016 Joe’s Top Babylon 5 Episodes Season 1, ep 3: Born to the Purple, Great Londo episode. Season 2, ep 20: The Long, Twilight

Texas Chili Parlor in Austin Chili John’s - the chili place Matt’s friend brought him to in California Gatekeeping and the DevOps Revolution: We Haven’t Always Known Everything - Kat Cosgrove at All Day DevOps 2020 Lending Privilege - Anjuan Simmons levels.fyi/ Shout-out to Matt’s friend Marcelo for the link for Chili John’s (and for taking Matt there so many years ago)

Matt’s blog post about “howto” Rich Burroughs’s wrapup post https://matty.wtf/yak-wtf https://twitter.com/SoSplush Love, Yaktually video Recording of the event livestream

Image credit: Tea and Anarchy, modified from Anarchist Revolt Font: 1403 Vintage Mono Pro by Jeff Kellem

Snyk’s State of Open Source Security report SnykCon is coming on Oct 21-22! Register now! Guess what you can threat model in devsecops! More about threat modeling in Pushing Left With Tanya Janca Alyss’s awesome t-shirts

Alex’s book - Implementing Service Level Objectives: A Practical Guide to SLIs, SLOs, and Error Budgets

Cost Compression Aaron discusses the three big projects he’s working on. The first is cost efficiency, or, as Netflix thinks of it, “cost compression.” Jessica: “Oh, so you have to achieve cost compression without telling engineers not to spend money.” Aaron: “If you don’t believe you can predict very well, then what you should do instead is get really good at reacting.” The panel discusses the difference between autonomy and agency. The panel talks about the utility of data dashboards. Aaron: “The dashboards are more like cost debugging ultilities.” Access Isolation Aaron talks about his second big project, “a unified strategy for access isolation.” Jessica: “You want the cells to have access to the other cells in the same muscle tissue, but if they need a nerve ending they have to say so!” Regional Growth and Availability Aaron explains the third big project he’s working on, “Netflix’s regional growth and high availability story.” Aaron talks about how Netflix produces original content all over the world, and the coordination required to serve all the computation needs of the various projects in different places. Shared Reading List Ecology, the Ascendent Perspective Thinking in Systems Aaron’s blog post, The Sufficiently Smart Engineer

SMI Open Service Mesh OSM logo art credit: @flynnduism

The Web We Want Webhint tool Designing For Crisis - Eric Meyer talk FrontCon - upcoming speaking appearance for Stephanie Stephanie’s current and past talks Stephanie’s talk on web controls Go to Stephanie’s YouTube channel for past talks!