What Making Coffee Taught Me About The Art and Science of DevSecOps Automation

Back in the day at Starbucks…

Over two decades ago during my sophomore year in college, I got a job as a barista at the Starbucks in Malibu, California.  Back then, everything was done manually – grinding coffee and brewing the perfect 20 second espresso shot, steaming the milk while carefully watching the analog thermometer to ensure you steamed the milk to 160 degrees and never over 190 (where the milk would explode like a small lactose bomb), and mixing the multiple components of a drink to produce the customer’s desired beverage.  Oh, and never let those shots sit past 10 seconds – they go rancid fast!

The challenge with all of these manual processes is, in order to meet the standards of service Starbuck’s customers demanded, baristas needed to spend months learning how to operationalize all of this quickly, and very rarely did you find folks who could master it all.  We had to perform ongoing daily maintenance to make sure things were calibrated.  Training was required and unending.  The standards always evolved.  It all got very inconsistent.

Then came about the “Verisimo” – a push button automated machine that replaced all the manual processes above.  Whereas before it took two people operating one machine, now one person could operate two different machines, doubling your capacity and ensuring consistency.

With those changes and gains in efficiency, however, came an opportunity – how now do we redeploy the time baristas used to spend on these repetitive tasks and focus them on the customer experience?

Starbucks made several choices:  1) they increased the focus on customer interactions – smiling, knowing names, etc. as part of the “legendary service” Starbucks promised and, 2) they increased the diversity and expanse of their product lineup – including complicated Frappuccino, warmed pastry items and sandwiches, and hand-shaken beverages that needed to be custom mixed.

Those that work at Starbucks might argue things have gotten more difficult for the baristas, even while consumer choice and consistency has improved. (FYI: no one appreciates the Unicorn Frap)

So what does this story have to do with DevSecOps Automation?

I start the blog post this way because whether we are taking about machine-based process automation, or automating our SDLC, CI/CD, infrastructure provisioning, or security and compliance checks, the same questions exist:

What am I going to automate and in what priority order?
Questions to ask: Where are my biggest time gaps?  Where am I least efficient?

What will I gain from automating those tasks/operational processes?
Questions to ask: What are the business priorities I have ignored or given less priority to and how will I invest in them?

What will I do with the efficiency I have gained?  How will I redeploy my time and resources?
Questions to ask:  How do I make the most of the great team I have?  What do I do to capitalize on this?

These questions alone can be hard to answer, but getting your team onboard with projects focused on automation, relinquishing operational process control, or using tools to augment areas requiring deep subject matter expertise like compliance and security can be seen as:

  • Threatening – if you automate key processes currently executed manually by a staffer, will that position go away, thus endangering a job?
  • Overpromising – automation is rarely a “turnkey” or “flip the switch” effort. Automation requires groundwork to understand the operational processes and match those with supporting technologies.  Do you have the teams and expertise to understand what needs to be automated?
  • Causing Uncertainty – if jobs are not on the line, is there a career path / focused redeployment of those resources in the works? Can you build upon existing skills to redeploy those resources effectively as automation comes online?

DevOps automation is a competitive advantage, not disadvantage – but a challenge nonetheless

As I wrote about in “Let Developers be Developers” though, there is another way – through automation, by democratizing core development and operational processes using no-code approaches, and by focusing on building skills versus eliminating operating expense, you can increase the competitive footprint of your business and deploy more towards innovation and development that will ultimately define your success.

Join us on August 26th for another roundtable/AMA with DevSecOps experts focused specifically on “Automation, Security, and Compliance – Facts, Myths, and Questions” where we’ll be bringing together another great group spanning four companies to discuss these things and, as always, answer your questions.

Register here:  https://go.shuttleops.io/august2020-ama

Related Posts

SOC2 Compliance Best Practices with Chef...

Agentless and Agent-based Scanning Solutions A Compliance Agent is software provided by a Security Vendor in order to supplement...
Continue reading

ShuttleOps Introduces Enhanced Visibility to...

It’s frustrating when critical information is not available at your fingertips. For DevOps teams, having the right information available...
Continue reading
ShuttleOps No-Code blog

DevSecOps and the power of efficiency!

As the Head of Sales at ShuttleOps, my job isn’t to hard sell you anything. As cliché as it...
Continue reading