What role does continuous delivery play in the financial services sector, and how is this role evolving in the wake of COVID? Tune into this panel discussion moderated by MediaOps Chief Content Officer Charlene O’Hanlon and featuring Tracy Ragan, CEO of DeployHub + CDF Board Member, Dan Garfield, Chief Technology Evangelist at Codefresh and Brian Dawson, Director and DevOps Evangelist at CloudBees.
This panel will cover topics such as:
- The impact of COVID-19 on application development and delivery
- How cloud-native technologies (Kubernetes) have transformed continuous delivery
- How next-gen CD is helping shape the fintech world

In this talk, Jon will share lessons learnt the hard way in supporting organisations to deliver Better Value Sooner Safer Happier. This is based on learnings from previously leading Ways of Working across a 330 year-old, global, Financial Services organisation with 80,000 people in multiple business lines, and now working with a range of organisations, across industry sectors on the topic of Business Agility. There are approaches that give you a headwind, making a hard job harder and there are approaches which give you a tailwind, making a hard job ever so slightly less hard!

This presentation is intended to guide organizations on implementing an automated process for tracking governance throughout the deployment pipeline; by providing a reference architecture to help guide organizations on how to design and implement automated governance throughout the delivery pipeline. A sample use case is also provided to further enforce these best practices. Ultimately, a DevOps automated governance process can give organizations the assurance that the delivery of their software and services are trusted.

Rapid iterations of DevOps, along with a host of new tools, can make an application security program seem like a square peg in a round hole as enterprises try to push Sec into the middle of DevOps. At the same time, modern applications rely on a more dynamic environment that can introduce new security challenges, particularly as they scale.

In this session, we will explore:

- Best practices for making security and compliance ubiquitous, to reduce risk and cost.

- Security challenges of a changing software development lifecycle and of next-gen software.

- Automating and monitoring secure development practices.

After attending, you will be prepared to identify gaps in your security program with pragmatic advice for how to reduce your risks.

To stay compliant and secure, you need to go faster. You may be wondering — how is that possible? Governance, Risk and Security are generally bottlenecks for most of the Banks/Financial Institutions undergoing DevOps transformations. As we step into the eleventh year of the term “DevOps," it is now mainstream in most organizations. It makes its way into the Strategy & Board meetings, CIO presentations, press releases and success parties.

As most organizations are just scratching the surface, there is a lot to take on when it comes to DevOps Transformation. The traditional Command & Control Governance model, afterthought Security discussion with your InfoSec big brothers, answering endless questions with your Risk line and auditors — How to fit in with our transformation?

BMK inspires you to have courageous conversations with your Governance, Compliance, Risk & Security folks and establishes the understanding that it is a two-way road in which all of the parties must explore, learn, adapt and practice.

His talk will cover and help you to explore:

- From Centralized Committee Governance — Decentralized Automated Governance

- From Compliance tick-box exercise to Compliance as Code

- From faking the security audit to baking them into delivery pipelines

- From “No” to tedious audits to “Yes” to automated evidence/digital attestations

This talk will cover:

- Cultural divide between DevOps and security teams

- Federated responsibility model for AppSec

- The challenges of implementing this model in real life

- Quick look at how ZeroNorth’s platform can enable organizations to start to address these challenges

Tired of slides? Watch this hands-on demo with Viktor Farcic to see how to create a full lifecycle of applications in production using the GitOps. See how a GitOps workflow is ideal for high-security environments and establish auditing trails and how it might change the way we define application lifecycle pipelines.

IBM Z has remained the backbone of the Financial Services Industry for its qualities of security, reliability, and availability. Now with OpenShift integration and DevOps capabilities, IBM Z continues to be a strategic component of your digital transformation. Join Rosalind as she talks about the latest enterprise technologies of Hyperprotect Virtual Servers, Confidential computing, and open CI/CD toolchains to support agility and cyber resiliency in your hybrid cloud environments.

DevOps teams are being asked to move at break-neck speeds to deliver new and engaging customer experiences. You rely on automated software pipelines to deliver cloud applications fast and secure. But
one of these things is not like the others. Enterprise security is lagging, still trying to use people and outdated processes to govern continuously changing and fast-moving public clouds.

Traditional security and governance approaches break in the cloud. To operate their businesses successfully in the cloud, Financial institutions must rethink security governance. Join Don Duet, CEO and Founder of Concourse Labs and former Goldman Sachs CIO to learn what changes are required for effective cloud governance so that you can safely achieve digital transformation at scale.

How can financial companies create the experiences that customers expect when they are sitting on decades-old technology? OutSystems provides proven ways of delivering web & mobile applications, integrations, and new tech like chat bots, AI, and ML all on one platform. During this session, Keith will explain how established financial institutions are adopting low-code solutions in order to catch up to the fintech disruptors and provide examples of proven results.

Capital One has been on a technology transformation journey for more than five years. It has been the first bank to exit data centers and move onto the public cloud. In this talk I will share a high level view of the transformation journey. I will also discuss some of the challenges that we faced and how we overcame them.

As financial institutions are adopting DevOps best practices to speed up application delivery the database remains the stumbling block causing delays, introducing risks, slowing down release cycles and wasting valuable internal resources. At the same time, compliance and audits are managed manually, complicating the process even further.

It is time to bridge the gap between the database and the CI/CD process in order to achieve faster release cycles and simplify compliance, security and auditing.

To thrive in the new world, we require a thoughtful redefining of what is a humane and effective enabler of transactions. The financial industry's digital transformation has accelerated at an unprecedented pace due to COVID-19. Over the past 7 months, we have seen the digital adoption in areas like everyday banking and e-commerce that would have been expected to take 7 years.

We are in the business of trust. That's why our teams must adapt quickly with innovative solutions to meet rapidly changing consumer and human needs.

While we adapt by increasing the speed of digitization and technology transformation, we must step back and ask ourselves whether we are transforming in a way that engages those human needs and builds authentic connections with the customers and communities that we serve.

Join my session to learn how TD Bank is tackling these challenges while positioning ourselves to be the better bank of the future.

Auditors want proof that only the right people did what they were supposed to do, when they were supposed to do it. And they want that information now. Developers run for cover whenever release managers show up with an audit request in their hands. Audit-ready pipelines address both these problems.

At the same time, DevSecOps requires several core building blocks in order to become a reality: multiple connected tools, using only immutable objects managed by automated approval gates, all governed by centralized RBAC and end-to-end visibility and data (from code commit to production deployment.) In other words audit-ready release pipelines.

In this session, attendees see examples of what an audit-ready release pipeline looks like and how they can placate auditors quickly and not bring fear to your development teams.

Join us for this DevOps game session where Kevin Behr, co-author of The Phoenix Project will play the role of Bill Palmer and John Willis, co-author of The DevOps Handbook will be playing Eric Ried. They will be reimagining how these conversations would be different now in 2020. The session should be fun and informative, and insightful seeing how two leaders in the DevOps community look at the next 10 years of DevOps, DevSecOps, and Digital Transformation.

With digital transformation in the financial service sector accelerating faster than ever, securing the leading edge of technologies and methodologies has never been more important.

Join financial services security leaders Andreas Wuchner, Group Head IT & Risk Governance at Credit Suisse, Upendra Mardikar, Chief Security Officer at Snap Finance (formerly with American Express, Visa, and PayPal), and Jyoti Bansal, Founder & CEO Traceable, AppDynamics, Harness, and Unusual Ventures.

This session will cover:

- What the current security stack is, and where are the gaps are with regards to protecting new architectures

- How and why security leaders need to foster partnerships with their development and DevOps teams

- What the role of security automation and emerging technologies are to enable that, and how to make existing personnel more efficient

With 40 million developers, 300,000 of open source projects, 500 billion open source package downloads annually -- what could go wrong? Or better yet, what could we get more right? As the financial services industry relies more and more on open source to innovate, it’s crucial to answer these questions.
In a two year long collaboration with Gene Kim and Dr. Stephen Magill, we objectively examined and empirically documented software release patterns and cybersecurity hygiene practices across 30,000 commercial development teams and open source projects. At the heart of our endeavor we looked at: what attributes can we use to identify the best open source project behaviors, what behaviors have been adopted by the best development teams relying on those projects, and what practices would produce the best security and productivity outcomes.
From yuan to the euro, everyone has security requirements. The players in the global financial services industry may differ in currency units, but share a common goal: software security. In 2017, it took three days for adversaires to exploit new vulnerabilities discovered in open source components resulting in the infamous Equifax breach. Since then, companies have made significant investments to not become the “next Equifax”. Eager to identify their next attack vector, adversary strategies have shifted ‘upstream’ to next generation software supply chain attacks where they can infect a single component that can be quickly distributed ‘downstream’ to hundreds or millions of unsuspecting developers. Their exploits are now achieved in seconds.
In this session, we’ll share the practices and outcomes we discovered that differentiate the low performers from the peak performers. You’ll understand how open source projects with 1.5x more frequent releases and 530x faster open source dependencies upgrades harness this speed to dramatically improve security within their code. You will also learn how high performance enterprise software development teams at some of the largest financial institutions are simultaneously boosting productivity and security - achieving 15x faster deployments and 26x faster remediation of application security vulnerabilities.
Finally, I’ll shed light on how we can all apply these exemplary practices to stay a step (or more) ahead of our adversaries. Don’t be afraid to upgrade your perspectives on application security and be sure to join this session.

In decades gone by the financial sector was seen as one of the pinnacles of software innovation. With the rise of technology giants e.g FAANG [Facebook, Amazon, Apple, Netflix, Google], the ability to be agile and move quickly has shifted public perception of innovation to high tech sector companies. With mottos such as “move fast and break things”, in the financial sector breaking things can have a grave impact on the financial markets and confidence.

To stay competitive and address customer needs and attract and retain modern development talent, financial services firms have been adopting Continuous Delivery. Not only for technology and business to consumer firms, Continuous Delivery is a spectrum that many financial service firms are on the journey to adopt. Learn in this talk about ways that financial service organizations can embrace the motto “move fast and don’t break things” with Continuous Delivery.

Three Take-a-ways:

1. Balance of innovation vs control is always being fine-tuned.

2. Any improvement is an improvement and you don’t have to be deploying every 12 seconds like Amazon.

3. We judge confidence in people, process, and technology. Start incremental where it is easier than address the other points.

Most cloud security solutions are not capitalizing on the great advancements that have taken place in the cloud-native deployments. This means the overhead of running these solutions is going to add huge costs to the overall compute and operational costs of the Kubernetes environment - Cluster Economics! A true cloud-native security approach should take full advantage of the cloud platform and its available controls. Learn how leveraging the cloud-native controls can help you save massive expenses.

Is your organization ready for the next big change? The COVID-19 pandemic wasn’t the first major economic disruptor and it certainly won’t be the last, so how can you make sure your teams are prepared to adapt and embrace change?

In this panel discussion, leaders in the DevOps and banking industries will discuss how to use DevOps to not only manage change, but stay ahead of the competition. Learn the strategies and systems you need to put in place now to be ready for the next big financial shift. Hear case studies of how financial institutions have used continuous delivery and value stream management to navigate disruption. We can’t predict the future, but we can use DevOps to set ourselves up for success in the face of new circumstances.

TBD

Managing costs shifting from onsite data centers to the cloud is only the start of FinOps management of cloud resources. Seemingly every aspect of the business is using multiple cloud services from product teams in business units, IT and 3rd party software development efforts, and end user cloud-based productivity services. But FinOps is much more than just managing costs differently. Costs are variable, often hidden or undefined based upon a multitude of factors. Join Mitch Ashley, former CIO and CTO, to discuss an approach CFOs and C-levels can use to align cloud activities with measurable business outcomes.

The most difficult part of a digital transformation is getting people to invest in needed improvements and embrace new ways of working. It is all about organizational change management. Digital transformation leader, analyst, consultant and author, Gary Gruver, shares his experience with vital change management anti-patterns. Gary also builds from the work of Wharton School of Business professor and author, Jonah Berger.

Everyone needs an application delivery platform that provides the right developer experience for your application delivery teams. Whether you acquire an integrated platform or build one by integrating a set of tools, you need to craft the platform in a way to allow it to be scalable for the enterprise, and provide curated experiences for the myriad developer types, across the various technology stacks you have. This requires an underlying architecture that addresses all the four ‘layers’ of the platform ‘cake’. Namely - Environments, Software delivery lifecycle tools, Data, and Security and Compliance. Each layer is essential. Each layer is complex. Each layer is builds on the ‘flavor profiles’ of the other layers. Let’s learn how to bake this cake.

Sanjeev Sharma, author of the bestseller ‘The DevOps Adoption Playbook’ will share his lessons learned from his experience in the Financial Services sector that includes working in senior leadership designing, deploying and running successful Hybrid Cloud, DevOps, and DataOps driven transformations at several of the largest, most strategic banks and financial services organizations globally.

Sanjeev is currently the Head of Platform Engineering at Truist. Sanjeev is a former Distinguished Engineer at IBM, the former field CTO at Delphix, and a former principal analyst at Accelerated Strategies.