Build resilient systems at scale
October 12–14, 2015 • New York, NY

DevOps for Finance

9:00am–5:00pm Monday, 10/12/2015
Tutorial
Location: Rhinelander South

The last decade has seen an investment by a wide variety of financial organizations—stock marketers, corporate dealers, traders, fintech companies, traditional banks—in technology at an unprecedented pace. The volume and velocity of financial systems only continues to increase, paired with consumer demand for speed and reliability. And few industries are as inherently complex (and risk-averse, in general) as finance. We are reaching an inflection point where the level of complexity is outpacing many organizations’ ability to deal with it, especially for those with older, legacy systems.

On a parallel timescale, the web has thrown both startups and traditional businesses alike into a similar world of complex, distributed systems. In particular, companies that started solely on the web were forced into dealing with these systems in unique ways—developing methodologies, approaches, and technologies that are beginning to reach an early level of maturity. Perhaps most transformative has been their approach to failure. No longer do we believe we can engineer it away—no matter how many servers or people you throw at the problem, they only increase the complexity which simply leads to more failure. Failure is inevitable. In the words of Zoran Perkov, “Failure is a feature of complex systems.” The NYSE outage on Wednesday, July 8 exemplifies how complex systems can fail, how we should expect failures instead of focusing on preventing them fully, and how important the people in those complex systems are at recovering from such failures.

Velocity is the place where web practitioners have come for almost a decade to openly discuss how they tackle problems of complexity, of the need for speed, scale and resilience simultaneously, and how they plan for and deal with failure. And now, it is the place for web and finance technical practitioners to come together and share their stories and practical advice for building and managing complex, resilient systems. This fast-paced day will include focused panels and talks from a number of financial organizations that have taken web-scale approaches to dealing with testing, security, compliance and planning for failure.

Presentations

Note: Additional talks to come.

The chronicles of the lion
Ingrid Algra (ING) and Jan-Joost Bouwman (ING)

After Agile/Scrum as our development methodology, we made the transition to DevOps, with joint responsibility for production together with a representative of the business. The next step is to transform our entire organisation into tribes, squads, and chapter leads. Business and IT are now very close to each other. How will they cooperate?

Transforming testing in finance
Oksana Sokolovsky (ROKITT)

QA in the typical Wall Street firm continues to be cost inefficient, resource heavy, complicated, and slow. Defects with significant impact on production happens too often. While code creation is becoming increasingly agile, testing is struggling to make progress towards continuous integration. The presentation provides an action plan for how finance application testing should be transformed.

Breaking things on purpose
Jeremy Edberg (Independent)

This talk will cover the latest in availability and chaos initiatives, including a lot of examples from my experience at Netflix. Programs with names like FIT, NTS, Blue, and Chaos Engineering.

I’ll dive into things you can do to make sure your system just works. I’ll cover not only what to do, but why you do each one; the motivation for each specific system; what kinds of outages, problems or theories led to each system; and what each one tests and how.

Too big to test: Breaking a production brokerage platform without causing financial devastation
Kyle Parrish and David Halsey (Global Financial Services and Brokerage Firm)

How do you stress test a brokerage system in production if you can’t risk orders processing, trades executing, or violating regulatory obligations? The answer used to be, “we don’t.” But the flash crash and other market anomalies exposed the risks inherent in not testing production. Hear what we learned as we built a way to do what had been written off as “too big to test.”

Chaos monkey on your laptop: How to simulate harsh infrastructure conditions in your local tests
Matthew Campbell (Thomson Reuters)

Many of us are familiar with Netflix’s Chaos monkey, where they randomly kill the process of their servers. On our financial instant messenger, we needed to simulate server failures and network disconnects/splits. We developed a strong method of doing integration tests locally with VMs and Docker to simulate these conditions.

PCI compliance, DevOps mindset, and lean teams. Striking a balance while delivering on budget and on a deadline
Nathan Duthoit (Wave Accounting)

PCI is critical if you wish to process payments for customers. Sadly, compliance can be especially onerous to achieve while retaining agile, lean teams with DevOps mindsets. In this session we will examine how a small team was able to leverage AWS, automation, infrastructure as code, and SaaS platforms to achieve PCI compliance on time, on budget, and without discarding our DevOps culture.

Panel: Finance, security, and modern IT infrastructure
Courtney W. Nash (O’Reilly), Jamesha Fisher (CloudPassage Inc), Elizabeth Lawler (Conjur Inc ), and Zane Lackey (Etsy)

For web-first companies, the old infosec models of simply locking everything down have fallen by the wayside in favor of new approaches that allow businesses to move quickly and improve their security practices simultaneously. Where standard security measures and compliance and audit practices used to impede progress from product design through development and deployment, they are now folded into agile processes, Devops approaches and tooling, and continuous delivery pipelines. This might all seem like fantasy and vaporware for financial organizations, but it is happening there, too, albeit at a slower pace. This panel brings together security startups and veterans to discuss the challenges and opportunities facing financial organizations in this new landscape.

Trust, but verify – A rational approach to workload security
Sam Bisbee (Threat Stack)

Workload and code lie at the intersection of today’s buzziest topics such as Cloud, DevOps, and Software Defined Everything. While the buzz has kept pace with their rate of adoption, traditional security mechanisms like NIDS and governance haven’t. Luckily, everything being a workload grants the opportunity to verify both system and user behavior with a single point of view, even in an aaS world.

Security with the speed of continuous delivery
Tapabrata Pal and Ty Sbano (Capital One)

DevOps has arrived at large enterprises and security often gets left in the dust. It is always challenging to embed security in the delivery pipeline for a large regulated enterprise like Capital One. In this session, we will review the tools, automation, collaboration between organizations, and feedback mechanisms that Capital One has implemented to enable secured Continuous Delivery.

Stay Connected

Follow Velocity on Twitter Facebook Group Google+ LinkedIn Group

Videos

More Videos »

O’Reilly Media

Tech insight, analysis, and research