 Hello, amazing. Great. Hi everyone. My name is Chris Houd. Welcome to this session best practice in delivering successful open source engagement in organizations. It sounds more professional and corporate than it probably is. It's going to be far more informal and more about an opportunity to share, but it's great to see some of you here today. I'm the open source lead at E-PAM a digital transformation consultant. I'm also an open UK ambassador and you might have noticed there in the corner over there promoting the three opens in the UK. I would really encourage you to go and have a chat if you're not familiar with them. And I also sit on the Finos D&I special interest group as the community partnerships lead. Anyone who is interested in pursuing an engagement there do try and find me later over a drink or lunch. Thank you. Ysgol ym Mhwylwyr Epan erbyn rhoi cyfnodd yn y brifnwyr ym ni, mae'r penderfyn fydd yma, yw'r pryd o'r rhan o'r sryf yn ymwylwyr. Mae'r penderfyn sy'n mynd i wneud ymwylwyr, a'r penderfyn sy'n mynd i'r penderfyn i'r penderfyn sy'n mynd i'r penderfyn ymwylwyr. Ond yna'r penderfyn sy'n mynd i'r penderfyn ymwylwyr eich cyfnodd ymwylwyr, gan helpu'n eu gwirioneddau sy'n penderfyn ym Mhwylwyr Epan, a hynny'n dweud i gyfnodol o'r ddechrau o'r ddweud i gweithio yng nghymru ar y dweud yng Nghymru, ac o'r ddweud i gweithio'r ddechrau o'r ddweud i gweithio'r ddweud i gweithio'r ddweud. Ac rwy'n gofio'n gweithio'r ddweud am y gwaith cyflym yn ei fom. Mae'r amser yn ylleno ar gyfer llef, ac mae'r bwysig yna i'r gweithiol. them一次 without you the front telling us about best practice. Well, hopefully this kind of sets the scene a little bit. So we're super proud of kind of our reputation within open source and certainly some of the key metrics you can see there as well as our contributions. So certainly through the kind of opportunities that present towards if it kind of engaged with our clients or the organizations, we've really been able to kind of quantify our outfits on our kind of skillset here around why we feel we can perhaps share some of our insight in open Cymru i'r gwaith ymlaen nhw'n nhw'n ystod, ond dim bydd yma. Mae'n gweithio bod yn fawr yn eu bod yn dweud, ac yn fawr i'r rhan o'r ymlaen ymlaen, yn y fawr yn gweithio bod ymlaen yn gwyfodol. Mae'n gweithio bod wedi bod yn eich cyffredinidd. Mae'n gweithio bod yn eich cyffredinidd, i'r dda'r fawr i'r cyffredinidd, i'r dweud ar y cyfroddau ac mae nesafoddau, yn cyfrannu, nesafoddau, nad oesoddau. gan gwith. We're not going to go super technical sales pitch here. It is if you like just some things that I like, this set of practices that perhaps we've borrowed from organisations who are doing great things in open source as well as perhaps some of the processes we've introduced into our own organisation. In the spirit of open source, lots of the stuff we're going to talk about today, is available and out there online. Things like the Linux Foundation, inner source commons,pacedammeding, blog resource, numerous groups out there have fantastic resources that I did really encourage you to pick up and say, what we do in what we're engaging with our clients is share that messaging too. As well, of course there many of that I mentioned it do have with the NEPAM and that's kind of why we're here today to share that but for us, innovation in open-source strategy is really pivotal to pushing forward. When we see new initiatives being piloted or new opportunities that other organisations are trying we absolutely jump onto that helped the team to try to include some of those more kind of ground breaking initiatives within this. So we're going to approach this through kind of two things when we heard this reference this morning, so consumption and contribution, so consumption as we're aware that's around the practices, the ideas associated with adopting open source solutions and then contribution. Pen nesaf yw'r sydd wedi'u gwybod i'w cyfeirio'r awdurdod yr awdurdod, ac saeth i'r gwneud yma ein bod yn blodd yn yfodol. Felly mae hynny'n cyhoedd bob gwbl cwm heddiw wedi'u cyfrifwyr itai yn gwneud o bethau sydd wedi bod i'n gallu cyfrifwyr itai yn ymwys Commanderaidd, ac yw berthyn nhw'n iaith pawb i'r cafod yn eu cyfrifwyr itai yn ymwysgol i'r arw авwyr tynnu am ynegol, Mae'r rhannu'r cyfath o'r ffordd, ac yn gweithio'r ffwrdd gwrs gwaith, yn ymd ei wneud hwnnw, byddwch yn gweithio'r ffwrdd, a'r gwath iawn yn fawr i'r cymddiadu o'r opusau yn eithaf yn benedig. Felly nesaf, y ddweud eich ffordd yn ysgrifennu. Mae'r rhai ffordd yn ymdill. Felly, mae'r unrhyw i'r bobl ar y cwm ymdill yn ysgrifennu, rydyn ni'n gweithio'r ffordd, Mae'r cymryd hwn yn gweithio'r cyfrannu ofyniadol yw'r cymryd yw'r gweithio'r ymddangos? Yn cael hynny'n ddim yn ei dyn ni'n dda, ond yw'r cyfrannu gweithio'r cyfrannu? Mae'n ddweud y gwestiad sy'n gweld o'r antherwyddau cyffredinigau'r cyfrannu? Dwi'n cael ei ddweud i fynd i gweithio'r gweithio'r gweithio, ymddangos yma ymlaed, ymddangos ymdweith, ymdweithiant gweithio'r cyfrannu ofyniadol ymdweithio? If you are new to the company, a new developer, a new engineer, whoever this happens to be, can they Google or search open source within your organisation to find where that single source of truth is, that one point of reference? And how do those engineers even know what you're engaging in within open source if you don't have a single point of reference where you're talking about it? How does anyone know if you have any policies or strategy? All of these useful documents that we're all familiar with or indeed we allude to, where are they living within the organisation? Super important to find that. So it does cover lots and lots of areas. Things like onboarding, policy, charters, et cetera. A client we were working with, a large automotive company, they actually built into their entire onboarding process and a single module on open source. That's about the benefits of open source, licence considerations into their entire IT policy onboarding. This impacted every single individual in the organisation. So they were learning about how that was a core part of their activity just by that onboarding process to the organisation. And that's not applicable to everyone. It doesn't work for every organisation. But if you're making a strategic decision to bring open source into the forefront of your business, then obviously it makes critical sense to include that in your onboarding material. Policy as well. Now, we can all get held up on policy and there's loads of guidance out there and we can have massive documents, tiny documents, small things, bullet points, et cetera. I really encourage you to look at the to-do group. They have some really great frameworks on this. They have a model strategy document. But also to go back to that point about point of reference, don't make employees search for this. This should be readily available and accessible for all in the organisation. At EPAM what we have is something called a charter. So this is our open source charter and it basically is an agreement. Employees don't opt into it. It's there by virtue. If you're an employer of EPAM you've agreed to this charter by receiving a salary at the end of the month, I suppose. But it says you can use our equipment, you can use our email address, you can even use your time within the company as long as your project manager approves. But please just don't disclose any confidential information. And more importantly, don't open source something that perhaps a client paid us to build again. That probably doesn't make quite sense. But for us it's a super accessible charter, five or six bullet points, and it says explicitly, you can do this. It's much easier, no one needs to send emails, difficult things, I want to focus on this. And we found that that's been a really, really valuable one for our engineers who perhaps don't want the rigmarole of having to get delivery manager approval, seat compliance, questions, et cetera. But a big one within this scope of awareness, for me, is leadership. And this is more and more we heard this morning around the idea of chief open source officers. This is around getting that executive awareness and support. So we can have business leaders who might be open source advocates, and I certainly lead the open source office. But I really leverage our CTO or CIO, for example, to have those hard hitting home messages, that kind of business cases that they need to push forward. That's invaluable for me. I'm an element of a figurehead in the organisation, but when our CTO is championing open source and really selling that messaging to the wider organisation, as well as externally, that has so much more power behind it. But also how can you make your employees champions of open source? And culture, of course you wouldn't mention that one. Who are the blockers to open source engagement? The question I always ask here is this is not about shifting and designing a brand new culture, although there's value in that. It's instead finding who are those people that are restricting or the reluctance to change of that culture and then shifting their perception. What are their misunderstandings, their misconceptions around the risks of open source? And how can we as open source champions and advocates change that and shift that idea? That's a really interesting thing and there's some great thought leadership out there as well. We all know the risks associated, but it's about educating the people that perhaps are a little more naive for want a better term. Next, freedom to engage. I think this is super important and many of our engineers really, really are on the ball with this. This is what extent of freedom do employees in the organisation have to bring open source solutions into the organisation. This is not contributing, this is around I want to use this library, I want to use this accelerator. Can I bring that in and what's the process I have to follow? Well this is around what approvals, gateways, hurdles need to be overcome, if any. And there are some great organisations out there who've managed to narrow that down to just a few box ticking exercises. But on the other side of the spectrum there are organisations out there who've got to sing documents, sign off processes, approvals, which has a time and a place. So it's about asking yourself, are we really doing this for the sake of it or is this an unnecessary challenge that our developers are facing? Additionally, who's checking this? What tools are we building? What processes is? There's some clients out there who've got automated compliance checks, audit logs, lots of clever stuff doing that, some AI. At the same time, there's one client of ours who's got a wiki page. It's 300 rows of open source solutions and tools that have been approved, signed off the agreement. Any developer can go on to that page and say, are we using this library? Are we using this dependency? And it's there available. It's not very fancy, it's not exotic. But it shows, yes this was approved in 2016, go ahead and use it. There's no need to pursue that avenue anymore. And that's really, really valuable. And of course there's nothing wrong with a wiki page once in a while. And we saw this morning as well in the report. There's some really high percentages around that lack of support or provision within the financial services at the moment for consuming open source. So we should be asking ourselves as leaders or advocates of open source, what's blocking that behaviour? Is it going back to that education piece? Are there misunderstandings? What can we be doing to really give this freedom to those individuals to engage? And we don't have one in EPAN and we don't necessarily provide this consultancy opportunity to many of our clients, but open source review boards are a really good start. So I'm going to read this out because the to-do group defined it a bit better than me, but the OSRB is in charge of creating an open source compliance strategy and a set of processes that determine how a company will implement these rules on a daily basis. Well, that goes back to the idea around approvals or its re-approvals. If you can have a small team who are dedicated to that function to being able to review those processes, provide that approval, and that's their core kind of momentum, then absolutely let's empower them to bring that process through Streamline as possible and really enable people to adopt and consume open source within your organisation. But at the same time, it shouldn't be a cumbersome process. An analogy that I like, it's better to be streamlined and lean and get 100% of your engineers following that process than perhaps only get the 50% because the other 50% are cutting corners or avoiding that process because they don't necessarily want to go through all of those hurdles. So lean and small is efficient and great and has some value. I appreciate there's audit and governance and compliance issues, but we don't want something super big because then we run the risk of losing developers and engineers who don't want to go through that process. So talking about developers or wider contributors, because of course we keep hearing it's not just about engineers within open source, brings me to the area that I'm super interested in, and that's recognition. So this is finding and celebrating those who are contributing to open source in your organisation, and that for me doesn't have to be organisation specific. This should be related, in my opinion, to open source in any element outside of the organisation, outside of that delivery project. And if you ask me what would be the one thing we've transformed at EPAM, I would say this is how we recognise our contributors to open source and continue to do so in the organisation. So more and more companies, I believe, are recognising that contribution to personal projects irrespective of the value to the organisation is a great thing. It's about being a good open source citizen, and there's a real talent kind of retention, acquisition value in that, and I'd really celebrate organisations that are recognising that. But more importantly what comes with recognition is reward. And it's surprising how many organisations actually don't track contributors in their organisation. They've got little to no idea who is contributing to open source, and let alone what they're contributing to or how they're contributing. So it's impossible, therefore, to reward them and the risk of not rewarding them where open source is such a big factor of their organisation is the attrition. So it's really important to get that monitoring piece in place. Now this could be a simple metric versus a very complex system, and it's not just about enabling those who lead the OSPO to then recognise how many contributors they've got. It's going back to that first slide, the one I said I wouldn't mention again, to have that opportunity to say, well, this is what we're doing, this is how many contributors we've got, this is how many push events our commits our solutions. And a quick win might just be linking the GitHub ID to your HR system, something like Workday SAP. If you link that up immediately you know, okay, yes it's a narrow function, but we've got this many contributors and we can see this number and it's growing as we're on board more and more talent. But it could also be about inviting employees perhaps to put their open source projects on their internal CVs or your resourcing tools. That's something they're proud about and celebrating. Why do we not bring that into that internal hiring and retention piece as well? At EPAN we built and we maintain a tool called the Open Source Contributor Index and it's available at opensourceindex.io, and that tracks contributors globally in terms of their active contributors. We then took that a step further and we enhanced that to be an internal tool and we now, which we love and I spend a lot of time on it, have a tool that tracks us in real time all of our contributors in the organisation, the repos they're contributing to, the frequency, the push events, the geographies, lots of exciting data that we've then been able to match of our HR systems to get some kind of demographic and DNI piece. But as I said at the beginning this isn't consultancy, but if you've got questions on what that tool looks like then let's have a conversation at the end of the day. But also perhaps why not include things like open source engagement in end of year reviews or award badges or whatever gamification techniques you have in your organisation. Those small tiny steps to recognise that open source activity that your colleagues and employees are doing does have an absolute positive impact on them enjoying their place of work. Finally, if you've got some big names or some big maintainers in your organisation then provide them a platform, give them a forum to talk about that. It doesn't look just great for your organisation being a champion of that and an advocate, but it also allows you to celebrate their successes and what they're contributing to within the open source world. So thinking about what those contributors are doing therefore brings us on to releases. So this is something we do a lot and we're really, really proud of this and many of the member organisations that are here today as well is about releasing those internal solutions out to the wider world. And it's great to have people like Finos and people like Gav and Mao et cetera holding our hands when we're contributing solutions inwards to Finos and that's fantastic, but as we heard from Deutsche Bank this morning for example lots of those solutions also go elsewhere. So this is not just about solutions going into the Finos ecosystem. So what channels therefore exist to get that innovation and that ployy ideas out to the world? Well, there are some really successful release processes in organisations around open source but at the same time there are probably equal if not more terrible ones. And for me it's really important that these processes are transparent and accessible for all so going back to that idea of a single point of truth. There really shouldn't be any surprises in a release process and in engineers who hit one of those hurdles the worst thing to do is then drop off and we lose that solution. That could be something that's going to be the diamond that changes the financial services industry tomorrow. So we want to make sure that that release process is a streamline and as efficient as possible with just the right amount of legal and governance which you'll come to. But our release process is visible for everyone. It's not a case of asking a question, you can log on, you can see the process and you can also see every solution that's gone through that. Whether you can see their communication deck or their kind of product brief you can see the questions that were asked, the pushback that came from compliance the challenges that came from legal and you can see the email threads that were born out of that. So if you really want to jump in and you say okay we've had these problems with this licence or moving from this library dependency all of that details there and for us that's really really valuable because it empowers those individuals to start to make their own decisions around release processes pushing things out. It removes anonus on us, we still have some foresight but it empowers them to feel passionate about this is my solution, I get what the challenges are and I'm going to make this recommendation. Now of course if you have a review board et cetera we can jump in and we have an extent of auditing at the same time but it's really really important to empower them to feel like they can push their solutions out. And as I say here as well it's about stripping out those unnecessary stages so having someone within that process who can take a lead on topics of legal and governance is much more valuable in my opinion than not having someone available to hand hold over those topics. So there's certain things we can empower engineers and developers to go forward and move on, licence choices, dependencies, security audits to an extent but if we have someone within the organisation and I'll talk about that in a second who's really knowledge about the legal and the governance compliance pieces then that's the opportunity at that stage where they can guide them through that process and say this is a concern, this is not et cetera. And as an OSPO lead of course there's value for example in me knowing about licence considerations but at the same time I really believe there's value in allowing someone or a tool to specialise in that perhaps automation. I can have the awareness but I think there's much more better people out there or better opportunities out there for specific details around those and use those to your advantage and benefit. And for us what's had massive value and certainly when we talk to some of our clients in particular the automotive one I referred to having someone within the global legal function and in this benefit, in this case one of the global council members was specifically engaged with open source provides such a level of reassurance of a simple kind of yes proceed than it does for a junior developer to have to write an email considering the legal complications et cetera. And finally on this topic FAQs, don't undermine FAQs so when you've got that giant long email thread of everything that's discussed and finally you get the answer you're looking for at the top then turn that into a learning exercise so take that email thread don't just pop it into your outbooks wherever it happens to be your forwarding outlook take that, turn it into an FAQ pop it onto an accessible page and then you're slowly building your own live your own knowledge base of all of those challenges and we found that super useful. And finally, well how long does this process take? Well in EPAM it takes about two weeks to get something from initial product brief or communication deck as we call it through to getting its own repo and get hub and us being able to shout about it but it's some organisations two to three days. It's an aspiration perhaps there's some complications there I know financial services has a bit more of a compliance and governance complications to it but yeah this is, it can be done and it's super exciting to see organisations really enabling that activity to happen. So it wouldn't make sense today to not talk about community and event like today. Now there's internal community that we've just alluded to and recognition of contributors and external communities such as FINOS, Apache, Drupal et cetera and we saw again in the report this morning lots of percentages around lower numbers of external contributions from financial services and I really think that's where organisations like FINOS and those external engagements provide an opportunity to educate those decision makers, those business leaders on why we should be contributing more to open source. So maintaining that awareness around what the industry is doing, having that finger on the pulse but also being a key player in setting the roadmap, the transformation and the kind of route as to what that solution is changing in. Take an example like Drupal for example, defining the backlog, taking ideas, steer, being instrumental in that process provides an awful lot of weight and value for those business makers to say okay we were part of this process. So there's lots of advice out there on how you might be able to perhaps convince those stakeholders, those business owners and of course more than happy to pick that up but in terms of community as well the ideas of goals, objectives, forums and working groups. One of these innovative things I've seen recently are kind of open source PI planning so in the scope of kind of agile and safe ways of working, the PI planning so it's about providing a forum to build a roadmap of features, of objectives, things you want to achieve within your open source program office but also having everyone in the room that idea of a big room to kind of put forward ideas, challenges a bit of a working group almost how are you communicating that roadmap how are you setting the business context of where I don't know, EPAMs going in terms of our open source engagement and now FINOS are amazing at this, they are always on my case around using the issues function on GitHub to talk about what's going on, assign actions tag people etc and I love that idea but even me trying to get my own team and developers on board to do this has had some challenges so there's work to do that absolutely and I'm really keen to hear maybe there's some success stories around how we've done that because I would love to see more open source organisations being externally kind of honest and transparent in terms of what they're doing in that space and particularly a point on this it's taking a step back and saying where does open source sit within the organisation, is it a silo is it a stream, is it an umbrella across that, does it sit like it does at EPAM underneath the CTO function or is it a facet of engineering excellence make sure that you're aligning open source activity with organisation objectives and goals and what makes sense for your overall kind of road map and business goals anyway, town halls any excuse to talk about open source take them and if we increase that awareness then we in turn increase the chance of engagement so I appreciate absolutely that we've covered a lot and certainly I've made lots and lots of questions and made some observations I did promise there wouldn't be any diagrams or frameworks just a kind of text based slides but it has been a real pleasure to share with you some of those insights and I think at conferences like today we hear lots of kind of lessons learned messages etc and lots of interesting things I've already heard but as I said right back at the beginning there's so many resources out there already that I would really encourage people to just get on Twitter get on to some of those blogs, podcasts and listen into those feel free to follow me on Twitter engaging me that way maybe even ask me some questions about consultancy but it's been a real pleasure to speak to you today, thank you