When Lendlease, a $6 billion (AUD) multinational real estate company, needed to facilitate a culture change in their software development teams, they turned to GitLab and its DevSecOps platform.
That’s the message Ciaran Hennessy, chief software architect for Lendlease Digital, a business unit of Lendlease, shared in an on-stage interview at the Melbourne, Australia, stop of GitLab’s DevSecOps World Tour. By beginning to eliminate a complicated toolchain with an end-to-end platform, the Sydney-based organization has been able to fuel collaboration, increase visibility, and make everyone responsible for security.
“We were breaking the old models of culture and teams,” said Hennessy, a self-described “uber nerd” with 23 years of experience in the tech industry. “Especially after COVID permanently transformed the working environment, we needed to create cohesion in teams when you can't have them all in the same room. And that gave us the opportunity to make other changes to the way we handle security, visibility, and managing our legacy technology.”
In an interview with Craig Nielsen, vice president of enterprise sales at GitLab, Hennessy also talked about pushing legacy technology into pipelines, and how he expects generative artificial intelligence (AI) will come into play.
Let’s jump into what Hennessy had to say.
Gaining “radical visibility”
When the COVID pandemic pushed businesses toward hybrid work structures, Lendlease saw it as the perfect time to change the way people not only get their jobs done but how they see their role and responsibilities inside a DevOps team, according to Hennessy. The challenge was to figure out how to give everyone from executives to coders and security specialists visibility into how projects were progressing, where stumbling blocks were popping up, and what solutions worked best.
Using a single platform gave them what Hennessy called “radical visibility.”
“We have no walls between our teams anymore,” he told the DevSecOp World Tour audience. “Everybody can see everything. We’re empowering people to look at everything and learn about other parts of a project. It enables people to say, ‘Oh, I also had that problem. Let me help you solve that.’ And people aren’t spending their time asking, ‘Does anybody know where this code is?’ or ‘Does anybody know who worked on this last time?’ Everybody can track all of the work.”
Hennessy called this level of visibility a “game changer” for Lendlease.
Fostering collaboration
With that transparency into projects and workflows, it simply was much easier and more natural for teams to work together. And since the company’s software development organization is spread from Australia to Singapore, the U.S., and the U.K., team members needed a way to work together that went beyond instant messaging and phone calls.
“We gained shared knowledge and context,” said Hennessy. “The platform enabled people to contribute to what others were working on and it means an individual is able to produce more easily what they need to.”
He added that being able to see what’s happening with a project from start to finish enables managers to act as mentors and teachers, guiding DevOps workers and helping them learn new ways to do their jobs. “I tell people that visibility doesn’t mean you’re the cop,” he added. “You’re the ones sitting on the edge cheering everybody on to do a good job. With a single platform, you’re creating those opportunities. This is where GitLab is really useful.”
Sharing security responsibility
When Lendlease was considering adopting GitLab, a big part of the attraction was the fact that security was “baked into” the app, said Hennessy. With the GitLab DevSecOps Platform, security is pushed left, meaning developers start thinking about security when they begin planning new features or projects. And everyone can participate in securing code, so features or products aren’t left to only be tested right before production, stalling work and slowing releases.
“Security is not an afterthought. It's part of the culture that we brought in,” said Hennessy. “Security is not useful in your software development process unless everybody is a security person. Everyone is responsible for security and with a platform that works.”
He noted that before using a platform, a developer might spot a vulnerability in his code but not fix it because he figured someone at the end of the process would deal with it. “Now, with the shift left, nobody is intentionally letting a security vulnerability go through into their product,” said Hennessy. “Someone might have created 20 vulnerabilities in their code, but it's fine because they were aware and acted responsibly, so the flaws never got through into a working environment.”
Adapting for the future
A 65-year-old company, Lendlease has decades worth of legacy code. One challenge with that is some junior developers may not have experience working with older programming languages. However, it can still play a valuable role in the tech ecosystem. By taking a thoughtful and strategic approach to integrating legacy tech, the business is able to leverage its full technological capabilities while also prioritizing the needs of teams and stakeholders.
So how will they update or integrate this older tech?
“There is so much value companies have invested in classic technology,” Hennessy explained. “We had applications running that no one had touched for 15 years. It's really hard to get people to work on that stuff because it's not cool and exciting. Try and give a mainframe application written in Modula-2 to a 23-year-old developer just out of university and see what happens.”
However, using GitLab’s platform, Hennessy’s teams push legacy code into pipelines and containerize it. By creating container images that mimic the company’s current environments and dependencies, new developers can use that to work on and test the applications, applying new methodologies and best practices.
“Good code never dies. It just becomes legacy,” said Hennessy. “We gave it new value.”
Adding muscle with generative AI
Hennessy is welcoming of generative AI, noting that he’s not really concerned about the technology replacing software developers’ jobs. He does, however, wonder how it will affect how, and how much, coders learn.
“The bit I'm worried about is the loss of the foundational skills that good software developers have,” he explained. “AI will provide a lot of acceleration to get them past the things they might need to learn through time and experience, and doing stupid things and working through it. We could have a generation of software developers who know how to do all the top-layer stuff but they won’t know the foundational things of how it all works.”
Despite those concerns, Hennessy told the Melbourne audience he expects using generative AI will be like adding extra hands to his DevSecOps teams.
“The thing I find really interesting about it is you get a resource that you can use to help you create new value,” he said. “I’m really interested in how we can use it to massively accelerate creation.”
Lendlease is a globally integrated real estate group. Its core capabilities are reflected in three operating segments — investments, development, and construction. The combination provides them with the ability to deliver innovative integrated solutions for its customers.
Read more GitLab customer stories on our customers page.
