Sunday, June 1, 2025

DevOpsDays Singapore 2025: A Decade of DevOps Evolution and the AI Revolution



DevOpsDays Singapore 2025 celebrated its 10th anniversary with the theme "DevOps Meets AI"

As the DevOps community in Singapore celebrates a significant milestone, the 10th anniversary of DevOpsDays Singapore, this year's event brought together over attendees for two days of insightful discussions, workshops, and networking opportunities. Held on May 14-15, 2025, at the Stephen Riady Auditorium @ NTUC, the conference centered around the theme "DevOps Meets AI: Transforming Engineering with Generative AI Tools."


This landmark edition marked a decade of DevOps evolution in Singapore, bringing back the workshop track to commemorate the occasion. The event, organized in partnership with TTAB (Tech Talent Assembly), an association for ICT professionals in Singapore, offered a comprehensive exploration of how artificial intelligence is reshaping DevOps practices and engineering workflows.

In this blog post, I'll take you through the highlights of DevOpsDays Singapore 2025, covering the keynotes, expert talks, workshops, and open space discussions that made this anniversary edition particularly memorable. From AI-savvy operating models to practical implementations of AI agents, the conference provided valuable insights into the intersection of DevOps and artificial intelligence, addressing both the opportunities and challenges in this rapidly evolving landscape.


The integration of DevOps and AI was a central theme throughout the conference


Personally this was also a reunion with my good friend Santosh Dhuraij, and of course beautiful SIngapore.



DevOpsDays Singapore 2025 – Where DevOps Meets AI

The first day of DevOpsDays Singapore 2025 began with an enthusiastic welcome address by Desmond Tan,Deputy Secretary General, NTUC. Senior Minister of State, Prime Minister’s Office setting the stage for the anniversary celebration and introducing the conference theme. Tan highlighted the significance of reaching the 10-year milestone and emphasized how the return of the workshop track would provide hands-on learning opportunities for attendees.


The 10th edition of DevOpsDays Singapore was more than a milestone celebration — it marked a pivotal shift from traditional DevOps practices to the strategic integration of artificial intelligence across engineering workflows.

AI as a Strategic Force in DevOps

A recurring theme throughout the event was how AI is no longer just another tool but a fundamental force reshaping DevOps at the organizational level. The message was clear: effective AI adoption requires a rethinking of how teams are structured, how work flows, and how decisions are made.

Rather than rushing into advanced automation or agentic AI, speakers emphasized the importance of building a strong foundation — including high-quality data, responsible governance, and cross-functional collaboration. Organizations need to evolve from static operating models to AI-aware, continuously adaptive structures.

Prompt Engineering and LLMs: Emerging Skills for Engineers

With the rise of generative AI, prompt engineering was positioned as a core capability for future DevOps professionals. Hands-on workshops showed how to craft effective prompts for large language models (LLMs), using techniques like few-shot learning and chain-of-thought prompting.

Beyond prompts, sessions also explored how to build production-grade LLM applications using retrieval-augmented generation (RAG), vector databases, and observability patterns. The focus was on turning LLM prototypes into reliable, maintainable services integrated into real-world DevOps pipelines.

DevSecOps in the Age of AI

AI is transforming DevSecOps by both introducing new tools and creating new risks. On the one hand, machine learning enhances vulnerability detection, compliance checks, and threat modeling. On the other hand, AI-generated code, autonomous agents, and model hallucinations introduce new attack surfaces.

Security-focused sessions, including interactive workshops, reinforced the need for security-by-design in environments where AI is embedded deeply in workflows. As DevOps shifts left, security must keep pace.

On-Prem and Edge AI: Beyond the Cloud

While much of the AI conversation centers around cloud platforms, several talks focused on scenarios where internet access is limited or prohibited — such as defense, healthcare, or financial services. Presenters shared techniques for deploying AI systems in air-gapped environments, including offline model updates and secure data pipelines.

Edge AI was another focal point, with lightweight Kubernetes distributions enabling inference and decision-making close to data sources. These solutions are critical for real-time, low-latency AI workloads in constrained environments.

Infrastructure for AI Workloads

Supporting AI means rethinking infrastructure. From smart Kubernetes resource management using predictive algorithms to scalable distributed storage using Ceph, the sessions underscored that platform engineering must adapt to AI’s unique demands.

Infrastructure-as-code practices were also revisited — showcasing how tools like Terraform and AWS CDK can be combined using AI to streamline infrastructure provisioning and improve security configurations.

Community-Driven Collaboration and Open Spaces

True to the DevOpsDays spirit, open space discussions provided some of the most dynamic and relevant exchanges. These sessions reaffirmed the maturity and collaborative nature of the DevOps community in Singapore — curious, hands-on, and willing to tackle emerging challenges together.


Final Reflections

DevOpsDays Singapore 2025 wasn’t just a celebration of the past 10 years — it was a blueprint for what’s next. The convergence of DevOps and AI is already happening, and this community is leading the charge with a combination of strategic vision and practical experimentation. The future of DevOps is not just faster and more secure — it’s smarter. 

As DevOpsDays Singapore looks ahead to its next decade, the 2025 edition demonstrated that the community remains vibrant, engaged, and committed to sharing knowledge and advancing practices. The integration of AI into DevOps represents both a challenge and an opportunity—one that the Singapore DevOps community is well-positioned to navigate based on the insights and connections fostered at this milestone event.

For those who couldn't attend or who want to revisit the content, many of the presentations and workshop materials will probably be available on the DevOpsDays Singapore website in the coming weeks. The conversations started at the conference will continue in local meetups and online communities, ensuring that the learning and collaboration extend well beyond these two days in May 2025. I sure hope to be there in 2026.  Together with Santosh, we finalized the day with a visit to Zuhlke Engineering, to follow some interesting lectures around security, before I took off to the Netherlands again.

Thanks to all the organizers and in special Sergiu Bodu!

Saturday, February 8, 2025

DORA explained

Where DORA meets DORA: DevOps and Security 


In the DevOps world, the acronym DORA refers to two critical yet distinct concepts:

  1. DevOps Research and Assessment (DORA) Metrics – A set of key performance indicators (KPIs) used to measure software delivery performance.
  2. Digital Operational Resilience Act (DORA) – A regulatory framework introduced by the European Union to strengthen the operational resilience of financial institutions.

Both are crucial for organizations that want to achieve high-performance software delivery while ensuring security, compliance, and resilience in their operations. In this article, we’ll explore both meanings of DORA, their significance in the DevOps ecosystem, and why organizations should adopt them.


DORA Metrics: Measuring DevOps Performance


What Are DORA Metrics?

DORA Metrics were developed by the DevOps Research and Assessment (DORA) team, founded by Dr. Nicole Forsgren. These metrics are used to measure software delivery performance and operational efficiency in DevOps teams.

The four key DORA Metrics are:

  1. Deployment Frequency (DF): How often code is deployed to production. High-performing teams deploy multiple times a day.
  2. Lead Time for Changes (LTC): The time it takes for a code change to go from commit to production. Shorter lead times indicate efficient workflows.
  3. Change Failure Rate (CFR): The percentage of deployments that result in failures, such as incidents or rollbacks. Lower rates mean more stable releases.
  4. Mean Time to Recovery (MTTR): The time it takes to recover from failures. Fast recovery improves reliability and user trust.

These metrics help organizations evaluate their DevOps maturity and optimize software development and deployment processes.








Why Should DevOps Teams Adopt DORA Metrics?

  • Data-Driven Decision-Making: Helps teams identify bottlenecks and inefficiencies.
  • Improved Software Quality: Reduces failures and enhances customer satisfaction.
  • Faster Time-to-Market: Shorter lead times enable faster innovation.
  • Operational Resilience: Ensures teams can quickly recover from incidents.

By continuously measuring and improving these metrics, DevOps teams can enhance their agility and reliability.



DORA: Digital Operational Resilience Act


What is the Digital Operational Resilience Act (DORA)?


The Digital Operational Resilience Act (DORA) is a European Union (EU) regulation designed to improve cybersecurity and operational resilience in the financial sector. It applies to banks, insurance companies, fintech firms, and third-party IT service providers.

The act was introduced in response to the increasing threats posed by cyberattacks and IT failures, ensuring that financial institutions can withstand, respond to, and recover from operational disruptions.








Key Requirements of DORA

  1. ICT Risk Management: Organizations must implement strong IT security measures to protect critical systems.
  2. Incident Reporting: Mandatory reporting of major cyber incidents to regulators.
  3. Operational Resilience Testing: Firms must conduct regular stress testing and cyber resilience exercises.
  4. Third-Party Risk Management: Financial institutions must assess and manage risks from external vendors and cloud providers.
  5. Information Sharing: Encourages collaboration among financial entities to share threat intelligence.

Why Should DevOps Teams Care About DORA?

For DevOps teams working in the financial sector, compliance with DORA is essential to ensure their systems are secure, resilient, and compliant with EU regulations.

  • Enhanced Security: Aligns DevOps practices with robust security measures.
  • Resilience by Design: Promotes secure software development and operational resilience.
  • Regulatory Compliance: Avoids legal penalties and ensures business continuity.
  • Risk Mitigation: Reduces vulnerabilities from third-party dependencies and IT failures.

By integrating DORA compliance into DevOps workflows, teams can improve both their software delivery capabilities and their ability to withstand cyber threats.



Why DevOps Should Adopt Both DORAs 


Although the two concepts of DORA in DevOps are different, they complement each other. Adopting both helps organizations achieve high-performance software delivery while ensuring security and compliance.


  1. Measuring and Improving Performance: DORA Metrics help teams optimize their software delivery pipelines.
  2. Enhancing Security and Compliance: DORA (the regulation) ensures that teams develop secure, resilient, and compliant systems.
  3. Reducing Downtime and Failures: A focus on both operational resilience and DevOps performance minimizes disruptions and improves service reliability.
  4. Future-Proofing Digital Services: As cyber threats increase, integrating DORA regulations into DevOps protects businesses from operational risks.


By adopting both DORA frameworks, organizations can create a robust, efficient, and resilient DevOps culture that drives innovation while ensuring security and compliance.



Conclusion

In the DevOps landscape, DORA Metrics provide a framework for measuring and improving software delivery performance, while the Digital Operational Resilience Act (DORA) ensures that organizations are prepared for operational and cybersecurity risks.

For DevOps teams—especially those in financial services and regulated industries—adopting both DORA approaches is crucial for building a secure, high-performing, and resilient digital ecosystem.

By leveraging DORA Metrics for efficiency and complying with DORA regulations for security, organizations can achieve the perfect balance between speed, reliability, and compliance in their DevOps practices.



 

Sources:

https://dora.dev/

https://www.eba.europa.eu/regulation-and-policy/operational-resilience

DevOpsDays Singapore 2025: A Decade of DevOps Evolution and the AI Revolution

DevOpsDays Singapore 2025 celebrated its 10th anniversary with the theme "DevOps Meets AI" A s the DevOps community in Singapore c...