In 2017, I took a very hard look at the issue we caused for Quality Assurance teams I worked with. By automating many Operations tasks, we did not speed up the whole development effort of the projects we worked on. The flow of work through an entire system is the only metric that matters to project leaders and clients, not that one particular piece is better. We had unintentionally created a new, bigger bottleneck by not supporting our QA team properly with what they needed to succeed.
DevOps often gets billed as a mashup between just development and operations teams, but it is more complicated than that. Dev really equates to a Business+User Experience+Development alignment and Ops is more like a combination of Operations+Quality Assurance+Information Security. So we really had turned BizUXDev|OpsQASec into BizUXDevOps|QASec (the pipe being a wall that stops flow of work and creates a bottleneck). QA work was occurring after the fact, in a condensed timetable, and without automation. Teams face these problems with this happens:
- New bugs introduced late into projects
- Uneven development effort during the project timelines
- Excessive hours and budget burned closer to launch
I see organizations do at least these two things to support QA teams and prevent the headaches caused by not including them in the project life-cycle. Firstly, there are QA testers that are a part of the regular team efforts for a single project. They sit near/by/with the developers and create the tests as needed during the the project sprints. Secondly, a subset of the QA team does more than just test, they architect the automated solution hand in hand with the Operations team, creating a suite of automated systems and tools that can be used by any tester.
These same tools to automate QA testing and be used as the framework for InfoSec as well. Testing happens while work occurs and prevents the same “end of project” headaches when quality metrics like security are ignored until development is “done”. Now, we flip around the order a bit. BizUXQADevSecOps looks more like the flow of work and automation is prevalent through the process. This automation-first mentality eases the effort, rather than manual work causing a backlog at what should be the end of a project.