Adrien Thebo

Title: Everything is Terrible: Three Perspectives on Building, Configuring, and Securing Software


Developers, operations, and security all have differing agendas and benchmarks for success. One is tasked with building new features, the next with delivering and making them available, and the third is tasked with mitigating the risks associated with the previous two.

Core to the DevOps movement is the idea of building empathy with people in other teams in order to align for business success. Expanding this idea to Dev, Ops, and Security, three engineers who have each lived primarily one of these will be providing their perspective in working collaboratively to try not to kill each other. They will talk about their backgrounds, provide practical examples from daily experiences, and share suggestions on building common tooling that minimizes friction and enhances collaboration.

This talk will discuss

  • The misalignment of priorities that organisations often force upon these groups
  • Struggles with collaboration and working cultures
  • Common bottlenecks associated with release cycles and security processes
  • Building empathy and optimizing for communication that doesn’t involve fisticuffs (or other 19th century combat styles)

The audience will come away with:

  • Ideas for handling these complicated situations
  • Approaches for building workflows and possible tooling suggestions to minimize the tire fires
  • A new appreciation for those on the other sides of the silo walls


Adrien Thebo

Adrien Thebo


Adrien is a software engineer at Puppet. He started in IT Ops in 2005 and started writing code to automate everything, inadvertently becoming one of the earliest devops hipsters (he did devops before it was cool). Adrien joined Puppet in 2011, first on the Operations team where he helped cause frequent outages, and then transferred to the Engineering team in 2013 to where he helped break the build. The original author of r10k and other client tools for Puppet, these days Adrien works on the security development team yelling at openssl documentation and refining ways to protect systems and infrastructure.