William Collins • 00:08
Hello, everyone, and thank you for joining. With me, I have Holly Holcomb, Program Director for Strategic Accounts at Itential. And this webinar is going to really build on the first two webinars that we did. Where we, in the first one, we covered the invisible issues that kind of kill automation programs on arrival. And the second webinar, we swam in the deep end with configuration consistency. Kind of like why it’s hard and also why it’s so important to tackle. And, you know, different options for how to tackle it. And today’s webinar is all about continuing that story with building a program for diverse contributions that, you know, maybe spans, you know, multi-team, multi-vendor environments.
William Collins • 01:02
So, excited to be here to talk through this. How’s it going, Holly?
Holly Holcomb • 01:06
Hey, not too bad. How about you?
William Collins • 01:09
Really good, really good. It’s raining here, but hey, besides the rain, everything is awesome. No cooking analogies in this one, I promise.
Holly Holcomb • 01:19
I was waiting for it on the intro. I was like, when’s the pizza coming? I am really excited to talk about contributions and building a program that can help customers scale. It is a conversation that is probably not the first one that we have with our customers when we start working with them, but later down the line when they reach a point where they need to scale and need to grow the footprint of their overarching orchestration program, this topic comes up really, really frequently. So, I am excited to dig in and to talk more and get your insight and feedback on it, too, and see what we talk about.
William Collins • 02:03
Awesome. And you have written, actually, a ton, and you have spoken out a lot, really, about how Automation, it doesn’t fail, you know, because you don’t have like all the right tooling and all the right things and all the right checkboxes checked, you know, it kind of fails from lack of participation, which is kind of where the idea came, you know, for this webinar in particular, you know, as it were, this is kind of like a team sport, when you think about it, you know, which I think is spot on. So just out of the gate, like, why, why is this contribution thing such a hard problem to solve, especially at scale for larger organizations?
Holly Holcomb • 02:50
I think that what we see most frequently in the industry is that each team has their preferred tooling and method for producing automation, based on, you know, effectiveness in their domain, based on what they’re comfortable with. And so it is really challenging to try and get all of those teams to collaborate and engage and also kind of create a holistic or cohesive orchestration strategy that can handle that diversity under the hood of the way that customers like to work and way that teams like to work. So I think that oftentimes, finding a way that you can create the structure that’s going to help make the organization scale and be more effective is something that customers are constantly asking about. They’re trying to figure out what the, what the magic combination and structure looks like to be more effective and to get everybody engaged in the goals of the program.
William Collins • 03:55
Yeah, I love that. And it’s kind of funny because when I think of contributions like this, I spent a lot of time towards like the middle part of my career on the security side of the house a little bit. And this whole aspect of contributions really, I think shares a lot of similarities with security. And, you know, when you think about it, security teams can’t just say, Hey, you know, don’t hard code your secrets. That’s bad. You’re on the naughty list. You know, no Santa for you this year. Yeah, usually it’s on the security side of the fence to provide pre configured, like vault integrations or hardened container images or up, like golden templates of some sort that follow security and compliance standards, and they have like the guardrails associated with them. And, you know, so that it’s easier for the consumer to actually do the right thing, to be secure. And, you know, I think that’s, you know, a lot of times in the same lens of automation, you have to provide a framework or, you know, some sort of scaffolding, it has to be structured, you know, for those companies that do want this contribution to happen. And, you know, you need contribution guidelines, you need GitFlow standardization, you know, moderators that approve pull requests. And, you know, even some companies might accept contributions outside of their company, like in the landscape of like open source as such. And I’ve heard many times, like, oh, these few cyber teams, they just throw it over the wall and make it hard. You know, they make our lives miserable. Everything’s hard, hard, hard. You know, and I think a lot of times this happens in automation as well. At the end of the day, there is a balance to be found that lives sort of at that intersection of user experience, scale, and security, which I think is something that as an industry, when we talk about these technologies, we just have to consider.
Holly Holcomb • 06:02
Yeah, I love that. What I hear you saying is, one, we have to know what is expected in order for a contribution to be accepted. So specifically, if I have something that I want to be a part of the orchestration program, that I want to get promoted to production so that we can all start seeing the benefits of it, I have to know how to do it. You know, I have to know what the criteria are, what needs to be submitted with my contribution, is there documentation that’s required, should it pass any kind of test, who’s responsible for that testing. All of that needs to be clearly outlined somewhere so that I kind of understand what the goal looks like from a contribution perspective. I think we’ve seen that with a lot of our customers, that oftentimes there is an expectation that other teams contribute, but maybe the process isn’t super clear on how to contribute and what they expect them to contribute. In addition to the automation asset itself, what else is needed? So I think another thing that I really appreciate about what you said about the cyber team analogy is that in addition to telling them what the framework and what expectations you have around the contribution from like a functional or technical requirement perspective, there’s also the notion that if there are certain expectations that you want baked into your framework, make those easily accessible, make examples of those, make it something that they can just plug their contribution into to make sure that they’re adopting the best practice that you see out within the organization and their standards and security standards. So I love that.
William Collins • 07:50
Yeah, you just mentioned another few good points there, but it’s almost like having… Like I bought this gigantic, metal, crazy swing set for my kids a few years ago, and I went and I opened up this box and the instruction manual looks like it was back from the 80s, like it was so hard to follow, there was a lot of things that were incorrect with it. I tried. I did and then I tried doing it without the instruction manual with this thing had like a thousand pieces and What did I do? I went online and I found a newer better modern Instruction manual that you know somebody outside of this company had put together To build this thing and I ended up using that one because it was clear You know all the nonsense and all the things that I didn’t need were not present Like it had what I needed and then it had examples and then it had a link it had a QR code to a YouTube video to this per person’s YouTube channel and It was phenomenal saved me a ton of time and I was a happy camper it made it easy for me to put this thing together and and not break it in the process for just Lack of you know, whatever anger and everything else Well the next topic that we usually hear from our customers when it comes to a contribution Strategy is all around right tool right job. When should I be using Python? When should I be using ansible?
Holly Holcomb • 09:14
When should I use open tofu? What makes the most sense? When should I use attentional? What makes the most sense? And how do I know? What a best practice looks like around using the right tool for the right job William you’ve been in this game for a really long time. What are your thoughts?
William Collins • 09:35
Oh, such a good question, such a hot and heated question a lot of times, and also kind of a funny question. So again, kind of going off, hopefully not on a rant here, but if you think about when you’re doing anything new, anybody in the world that’s either building something new or they’re getting into a new space and technology and they see this a thousand tools, the logical thing to do, like in your brain, you’re thinking like, okay, I want to not waste a bunch of my time is a better than B or how does A and B compared using C and D, et cetera. But this creates challenges. So the more that you learn about these things, of course, the more wisdom that you, you get over time. And the funny thing about all this is like, I hear it so much is like, why is this open tofu or terraform thing better than the sands of old thing? And why is hands a little better than this Python thing and what have you? And let me, let me ask you this.
William Collins • 10:40
Why is a Phillips head screwdriver better than a flathead? Or I just recently did drywall, but you know, why is a one and a one and a quarter, I think is the default size for drywall screw. So why is that one and a quarter drywall screw better than a four inch wood screw? Why is that one and a quarter? Why is that one and a quarter? Like that is that is like now in 2025 when someone says is Ansible better than open tofu I hear why is a Phillips head screwdriver better than a flathead you know and someone in another trade like in construction say they presented on this at a conference that they left all the way out to the parking lot you know and I recently had a conversation with Yvonne Peplniak on the podcast I host and he made this incredible analogy with furniture building and you know basically why would a contractor get caught up on this tool versus that tool the customer wants the wardrobe to hang their clothes do you think they care you know and that’s where using the right tool for the right job comes in and you know you don’t want to go out and purchase every tool under the sun but these tools live in very different parts of your tech stack. You know a lot of times, and it also depends on your operational processes and how you procure artifacts, so say that you’re
William Collins • 12:04
building in cloud. You’re building, you have these hardened images, like say you’re using like, I don’t know, HashiCorp’s Packer, and you’re building these images, but you’re doing it at build time. So you’re not deploying the VM and then configuring it, you’re actually in your build pipeline, you’re you know, procuring this image, and then you’re configuring it with something like Ansible for your configuration management. And then when you have that artifact and it’s completely intact, okay, then you’re using something, your stateful tool, like OpenToad for a Terraform, to deploy that infrastructure intact into the wild. So a lot of it, too, is depending on what you’re doing, you have to decide, okay, hey, what’s happening at build time? What’s happening at run time? You really have to think through the whole thing to really inform, hey, is this tool better for this part of my tech stack for this process? Not start with, hey, is this tool better than that tool? Okay, how am I gonna, like, hammer that into this process I’ve already built? And how do I force everybody to use that same tool? Yes, like, okay, we’re going to use Terraform for everything.
Holly Holcomb • 13:18
All things.
William Collins • 13:19
We’ll see what happens. That’s going to be fun. What about you, Holly? I mean, you’ve talked to a lot of big companies that are going through a lot of these challenges, you know, that are still trying to figure out, you know, basically the way that makes sense for them to do it. But have you noticed any patterns?
Holly Holcomb • 13:39
I think that the patterns that we’ve noticed is that the trend is that customers need a solution that’s going to give them the flexibility to be able to accept different types of contributions based on different tooling and based on what the teams know how to do best and how they think they can be more effective at creating automation for their job and their very specific goals. So from what we’ve seen, I think there’s a ton of debate out there on which tooling is the best for specific areas of the business. And our goal is always to say that’s, you know, if that’s what makes the most sense for this domain and with this team, how can we build a framework around that that’s going to enable you to bring those assets and contributions into the fold of orchestration and get more value out of them.
William Collins • 14:36
I love that and I mean one of the things I love about sort of the way I tensile the way we do orchestration and some of the value we provide is You can have I mean the bigger the company and the longer they’ve been around They usually have a lot of stuff laying around they have a lot of tools You know that may be power some older environments, so they may have outdated tooling That’s just kind of like sitting there and managing some infrastructure for the time being but they also have greenfield environments Going and they have new stuff. So when you look at the whole Picture of hey, I’ve got this old stuff. We can’t just flip a light switch and get rid of it It’s got to remain out there because this is important, but we also have this bleeding-edge stuff We’re you know, we’re doing AI things or something AI infrastructure and we’re being we’re modernizing in these areas of the business Well, we we can basically take whatever tools that you have and we can orchestrate them We can put together that whole picture at least so you have visibility and you have that control To apply some level of automation process automation across all these distinct components, whether it’s brownfield, you know or greenfield
Holly Holcomb • 15:49
Absolutely. It’s all about getting the biggest bang for your buck. If you’ve got assets that exist that do a very disparate activity, that if plugged into an overarching orchestration that helps you accomplish the rest of the business process, the idea of throwing away these things that are functional and useful today just so that you can iterate on it and build something that does almost identical functionality but requires you to build it over the course of a week or something like that, I think that we’re missing the mark.
William Collins • 16:19
I love that, that’s excellent. A hundred percent.
Holly Holcomb • 16:24
Well, William, I’m gonna switch gears for a moment and I’m gonna use the G word. Anytime we have conversations with our customers around governance, there’s always that one person in the room that is like, oh God, you can see the exasperation on their face about not wanting to have this discussion. Usually when people talk about governance, the first thing that comes to mind is something that’s static or outdated or is overbearing and impeding progress. And when we look at best practices and what we see in functional and high-performing orchestration programs, it is anything but static, it’s anything but overbearing. It’s really fine-tuned to make sure that the program itself is as effective as possible. So I would love to hear your feedback on governance and when you think that governance is meeting the mark and when it’s failing.
William Collins • 17:25
I always, so when I was on the enterprise side of the house, I had this trick that I would use where a lot of times I would have something given to me by usually someone in security, and they’d say, hey, you got to do this. And sometimes they were things that were perfectly spot on, but sometimes you have things come in and, you know, they just made like no sense. And I would present a question back to them and say, okay, where is this in writing? Can you show it to me? And they’re like, no, it’s just a security policy. I’m like, well, if it’s policy, it’s in writing, let’s see it.
William Collins • 18:01
Because I don’t think that this is right, and we want to do what’s best for the business. We need to revisit it. And we need to look at it so we can understand it. This actually happened quite a few times. And you know, that’s one thing is if you have to sit there and ask, where is this thing in writing? Or where do I go? Like, where is it documented?
William Collins • 18:20
What does it mean? Like, if you find yourself asking these questions, as it relates to governments, then something’s wrong, and it’s time to try to fix it. It’s hard because big companies, they’re big and they have a lot of stuff, they’ve been around for a while, and you have all these policies and all this, you know, a lot of old stuff that like never gets revisited and never gets thrown out. So then you have new things on top of it, and then you just have a ton of stuff. And hey, the more things you have, you know, it’s like me with my kids, like they all talk to me at like the same time, and it goes in one ear and out the other. I don’t know what’s going on. You know, it’s really hard.
William Collins • 19:03
So you have all these processes, and eventually you get confused, and what that leads to is really, you know, big opportunities for security in an organization to fail. So another way, okay, don’t go on a rant, but if you look at like how some of these big tech companies have evolved, not only do customer needs change, but the technology landscape changes. So if you look at AWS, they didn’t start with the complex enterprise features we see today. So back in, oh, 2006, I think, AWS launched, and they just had three services, Holly, they had three simple services, they had like S3, SQS, and EC2. And yeah, very basic, very simple. But as enterprise customers started adopting cloud, AWS had to evolve their governance model and their service offerings.
William Collins • 20:05
So in the way back machine in the early days, AWS’s approach was essentially, hey, here’s some virtual machines, here’s some storage buckets, figure that out. And you know, that worked for like, startups, and, you know, tech savvy companies, you know, but when large enterprises with like very complex brownfield tech, compliance requirements, multi multi account structures, you know, very sophisticated and complex networking, all this stuff started to happen, AWS really had to rethink their platform. And they, they introduced things like VPCs for network isolation and transit gateways for, you know, these complex networking requirements. And now the list goes on, they had to pivot. And the key insight is that AWS didn’t try to predict every enterprise requirement upfront, they listened to their customers and in the pain points, and evolved accordingly with those requirements, you know, and you know, with the change in pace of technology. And that kind of reinforces to the furniture, assembly analogy as well, like, you know, AWS is architects, the early architects were brilliant, but they hadn’t assembled that furniture yet of running enterprise workloads at scale until their customers actually started doing it. So I don’t know if that completely answers the question. But that’s kind of my view on and one. So one final observation, and then my rant will be complete is A lot of times, the cooks in the governance kitchen in these big companies are very far removed from the boots on the ground. They aren’t in the weeds of, you know, just kind of like understanding the actual technology. You know, they’re in the paper references, in the best practices. They’re not in the nuances of deploying the complicated infrastructure.
William Collins • 22:03
So again, to the furniture, you know, it’s oftentimes the folks that have like never assembled the furniture that are putting together the blueprint or the plans for people to follow that are actually doing the building. And this might work in some cases, but a lot of times it just doesn’t work well. The results are gonna be very mixed.
Holly Holcomb • 22:24
I was waiting for food to make its formal entry into this webinar, and I’m happy that it’s here. I couldn’t agree more with what you just said. The piece that really sticks out to me is the notion that as technology evolves, governance has to evolve with it. And there is no such thing as a one-size-fits-all. Trying to apply the degree of governance that you would apply to a team that maybe is building with one tool suite versus another team with a different tool suite, there has to be some degree of understanding the nuance and difference between the two and building governance that really is focused on, again, what is the outcome, what is the output that we’re trying to target, and how do we make sure that we do our best to provide guardrails and examples of best practice without creating a really overbearing or burdensome set of guardrails that are going to slow everybody down and may or may not be effective towards the actual outcome to your security example earlier.
William Collins • 23:32
I love that and that ties to a lot of the good tidbits. We talked about with config consistency, too we’re like getting this part right and Getting your hands around it is like one of the key contributors to having a good good health Organizational health around configuration consistency like multi-domain. So yeah, excellent points So another thing that you’ve mentioned a bit and you’ve talked about Holly is that you know contribution Isn’t just about writing some code I mean if it was always a just a technology problem and it was just lines in code we wouldn’t have any problems because technology is rarely the The problem factor and a lot of these scenarios It’s it’s about repeatable value and which is something you’ve harped on a lot, which I love What are in and another thing too is like a lot of times even though every organization is different they have different challenges and So forth it’s good to have like maybe a North Star of what? success actually looks like like what are some of the different forms that contribution can take and This in a well-designed framework. So what do you think about that? Yeah
Holly Holcomb • 24:54
Yeah, I think what I’ve seen personally with customers is that at the orchestration layer, there’s the standardized units around things like updating tickets or updating sources of truth. And like we talked about previously, there are those reusable assets that help you do that activity in the best practice way around like, you know, vault integration and things like that. And then, at the automation layer, to the conversation we just wrapped up a little while ago around right tool for the right job, it’s finding out what is most effective from a contribution perspective, talking to the teams, understanding what their tooling of choice is, whether it’s Python, whether it’s any of the tools that we’ve covered so far. And then also, we can’t ignore the fact that skills play a really big part in defining what makes the most sense for a contribution at the automation layer. In some situations, it’s going to be working with the API for a controller, understanding what the controller is going to do as a part of the automation. In other situations, the team might really prefer to lean into Python. They might really prefer to use OpenTofu to accomplish their goals.
Holly Holcomb • 26:10
So I think from what we’ve seen, the teams that have the right skill set, that want to use their very specific automation to do, you know, to throw an example out there, for teams that are trying to manage their, like, VM infrastructure, for example, or they’re trying to push config, maybe they think Ansible is the right tool for them. They’ve got the skill set. They know it’s effective at what it does. There’s another team that’s actively working on standing up infrastructure, you mentioned, like with OpenTofu or Terraform. that is the right tool for that team. And contributing at that level, the things that they’ve already built, the things that are functioning and offering value to the organization today, finding a way to seamlessly put those into an orchestration framework so that it has all of the audit and tracking and also our back on top of it to make sure that it’s executed in a way that aligns with the security standards, with the organizational standards, that I think is, those are kind of the attributes of success that I’ve seen for organizations that have really tried to take the best of what exists today, both from an asset perspective, from a skillset, from a team perspective, and find ways to pull them into their digital transformation that is going to involve engagement and adoption from all parts of the organization. It can’t be a single team making this happen.
Holly Holcomb • 27:45
It has to happen across the organization. And if you can find a way to pull those teams in and show them what contribution looks like in an effective way. reap the benefits of pulling all of the value that they’ve gotten those existing assets but then putting some guardrails around it so that everybody can benefit from it not just a single person or a single team.
William Collins • 28:10
I love that that was almost poetic just off the top of my head one thing I would add to is like companies and then Leadership and then teams and directors down the managers and then to the boots on the ground they get kind of stuck in is A lot of times they try to go too fast and they try to actually execute work when you know the cars kind of still getting put together and then you end up with something that’s out of compliance that you have to go and remediate and One of those things that and now it’s really hard to do you know, you’re a big company and you have funding for a program and you have eight months left in the year and You got to get it done but going and rushing Before a lot of these details or even thought through or considered it is really gonna hurt you in the long haul So I’m not saying like go really slow But you know taper that Wild West, you know put those spurs away and and take it a little bit slower and Just think through Hey, we I want this to be bigger than myself. I want it to be bigger than my team I want it to be bigger than our department. Like this is this impacts all of us. So let’s let’s get it, right So one thing, you know as we were kind of getting to the point where we’re gonna wrap up You But one thing that just sticks out in my mind, and I know this is like a really hard question that I have to ask, you’ve probably seen many things done very well and maybe some that struggled a little bit. But what do the most successful automation leaders out there that you’ve worked with do differently to sort of scale this idea of participation? Like I can imagine culture’s got a ton to do with it, but what about processes, the technology, you know, just what are some of those lessons earned or observations there?
Holly Holcomb • 30:16
Ooh, yeah. I think about all of the… all of the different things that we’ve seen implemented in different customers, there are aspects that are culture, like you mentioned, there’s aspects of that building a culture around collaboration is not something, I think it’s something that we take for granted a lot of times. Teams are very siloed, success criteria and metrics are oftentimes siloed as well. So I think that oftentimes it really does take a transformational leader that is going to try and wrap metrics around the team at large. So it being really specific and direct about what success looks like within the organization and that should encompass some degree of collaboration. In terms of an actual framework and process and program structure, again, there has to be communication that is seamless and is constantly happening and iterations on the framework that are constantly happening to say, you know, this was really effective when we had technology that did X, Y, and Z, but now with the current tooling that we have in place with the technology that we have in place today, we need to make sure that all of the governance that is in place around contributions and engagement with all of the different teams and the technologies that they’re leveraging today, that everything is still up to date, that it’s still effective. It’s that constant review and evaluation of the framework that says, you know, this was here for a reason. The reason was because there was a problem 20 years ago around this type of issue. Is that still relevant for us today?
Holly Holcomb • 32:10
So, I think part of it is culture and building a culture around collaboration and encouraging more teams to work together. I think part of it is program process. some of it and this is probably going to be like not a super popular opinion, but some of it is being specific about What your expectations are and having those published in a way that is self-service so that you’re not having a conversation to understand what do I have to do to make sure that my asset gets to production like I don’t maybe I don’t want to talk to William every time I have something that needs to go into production Like I maybe it should just be something that I can go and read some guidelines and say Okay, this thing is really important to the to the organization. I need for it to get to production Let me go check the guidelines and understand what’s going to be required for me to get it there I think all of those factors, you know come together to create really effective programs as a whole and you know a lot of it is a Lot of is a mixture of all of them and also cultural based on the organization I love that. You said you said a few really important things in there and I think one of the things was
William Collins • 33:31
and knowing what success looks like and having that clearly defined, but then how do you know if something was even successful? You have to understand how to measure it. And you can’t build a bunch of stuff and then look back and say, oh, was that successful or was it not? Oh, let’s throw some KPIs on there and call it a day. You want to think about those things up front as you begin building. I think that’s just super great, great points. Great points.
Holly Holcomb • 34:01
All right, William, I know that we’re wrapping up and had a lot of really great conversation about play sets and of course food as always. I guess in terms of closing things out, if you and your organization are interested in looking for a platform that is going to offer the type of flexibility and a diversity of contribution type like we’ve talked about today, we definitely encourage you to take a look at iTential and we’d also love your thoughts on what are the right tools for the right job for your organization or what’s worked best for you in terms of governance. Feel free to let us know on LinkedIn and otherwise we will see you next time.
