DevOps started, as all good things do, with people yelling at a tech conference. Patrick Debois and a small group of like-minded rebels decided they were tired of the siloed misery between developers and operations teams. They threw the first ever "DevOpsDays" in Ghent Belgium in 2009. I wasn't there, but the excitement about these ideas rippled through the systems administrator community at Penn State where I managed Linux systems, by hand, providing services for 40,000+ faculty students and staff. By 2011, I had moved across the country to Portland Oregon, home of Reductive Labs to work as a professional services engineer to help teams automate and collaborate by (in part) using tools like Puppet.
I'm not embarrassed to say DevOps was akin to personal liberation for me, and the movement transformed my life. Helping others experience the joy of fewer fires, better services, and happier customers became my life's work. I went on to serve as a product manager for Puppet's module ecosystem (Forge), its commercial product, and my fair share of good and bad ideas. During these years, Puppet developed annual "State of DevOps" reports that attempted to capture a sample of what was happening, how it was going, and whether work was getting better as a result. I didn't directly contribute to these reports, but I had field seats while experts in this space did top-notch research. With the help of ChatGPT sifting through the insights from 10 years of PDFs, here's my brief summary of the DevOps movement, as seen through Puppet's annual reports.
The DevOps Movement (2015-2017)
In the early years, DevOps was all about proving that IT could do more than just keep the lights on. The 2015 report came in hot, showing that high-performing IT organizations were deploying 30 times more frequently, had 200 times shorter lead times, and were recovering from failures 168 times faster than their less fortunate peers. The message was clear: DevOps wasn't just a buzzword—it was making a real impact on speed, stability, and quality.
The cultural practices that led to these high-performing outcomes included fostering a high-trust, blame-free environment, encouraging collaboration across teams, and investing in transformational leadership that supported continuous learning and experimentation. Tooling choices focused on automation tools that reduced manual work, CI/CD pipelines that enabled faster feedback, and monitoring systems that improved reliability. Delivery processes emphasized lean management, frequent iteration, and a shift-left approach to security and testing, all of which enabled faster and more reliable software delivery.
In 2016 and 2017, the State of DevOps Reports focused on the human impact of DevOps practices, emphasizing the importance of employee engagement, diversity, and leadership in fostering high-performing teams. The reports highlighted that DevOps wasn't just about deploying faster; it was about creating work environments that valued collaboration, reduced stress through automation, and empowered individuals to take ownership of their work. These years underscored that transformational leadership, where leaders support and inspire their teams, was critical in building high-trust cultures that drove performance and satisfaction. Notably, high-performing organizations were 2.2 times more likely to recommend their workplace and achieved 24 times faster recovery from incidents compared to their lower-performing counterparts.
A DevOps Maturity Model & Platform Engineering (2018-19)
By 2018, DevOps practices had gained broader industry acceptance, which Puppet categorized into five distinct stages of DevOps maturity: foundation building, which involves laying down the basic DevOps practices and culture; normalizing technology stacks, where organizations standardize their tools and practices; reducing variability by creating consistent processes and environments; automating infrastructure delivery to improve speed and reliability; and providing self-service capabilities, empowering teams to manage and deploy resources autonomously.
My observation is that the transition between these last two stages, automating infrastructure and providing self-service capabilities, is where SODOR was seeing platform engineering take off. By 2019 we had the concept of a platform team socialized in the book "Team Topologies" and all the major tech companies had well established internal developer platforms. While DevOps focuses on bridging the gap between development and operations by improving collaboration and automating workflows, platform engineering focuses on how integrated self-service capabilities can scale and standardize developer work. Cultural change led to reduction of snowflake tech stacks which reduce variation and firefighting, enabling automation to flourish which made it possible for companies to build self-service platforms. It's great when a plan comes together.
The Secure Platform
From 2020 to 2024, the State of DevOps Reports (with DORA/Google authoring in 2021 & 22) consistently painted a picture of an industry steadily maturing in how it handled security—moving from ad-hoc practices to fully integrated, proactive security measures. The journey started with a focus on internal platform teams driving security adoption. These teams were pivotal in providing standardized tools and practices that made it easier for developers to follow security guidelines without disrupting their workflow. By incorporating automated compliance checks and security scanning into CI/CD pipelines, security evolved from a bottleneck into a catalyst for faster, safer software delivery. This shift was underpinned by a high-trust culture, empowering developers to share ownership of security.
The transformation continued as organizations began to view security as a shared responsibility. By 2023, 75% of high-performing organizations had integrated security into their development processes, supported by cultural practices like blameless postmortems and open communication. Platform capabilities automated much of the routine security work, freeing developers to focus on building features while maintaining strong security standards.
By 2024, the most mature organizations had fully embraced platform engineering with integrated security measures as a core part of their development processes. High-performing teams used self-service tools with built-in security guardrails, making secure development the default rather than an additional hurdle. Security champions were embedded within teams to foster a culture of proactive security, while automation handled routine compliance checks, ensuring that security did not slow down innovation. These organizations demonstrated that the combination of DevOps practices, platform engineering, and a proactive approach to security could create an environment where productivity and security truly thrived together, resulting in fewer incidents, faster recovery, and more reliable software delivery.
You can find the archive of State of DevOps reports on Puppet's website
What's next?
I wasn't there, but it seems like all of these evolutions of process and technology was a lot of work. If you're in one of those high-performing shift-left teams who have it all figured out, you're awesome! You're a testament to the power of collaboration, automation, and continuous improvement. I suspect that many more teams are struggling to reach the self-service phase of the maturity model, and many teams may have gone straight to automation without first reckoning with the necessary culture transformation and individual empowerment necessary for DevOps to work.
Generative AI is a wild card being tossed into the mix. The super power of large language models is transforming information from one format to another. General purpose tools like ChatGPT can create decently accurate CloudFormation from a sentence, transform it into mostly correct Terraform, and then translate that into a whiteboard diagram of rough AWS solutions architecture. They can make you feel like you have super powers, and as a force for automation, they might reduce a lot of the toil of the DevOps movement. But... they also might help teams fall into a trap of just throwing automation at the problem without any of the cultural change.
I'll be exploring the intersection of generative AI, DevOps, and tech culture. Join me in search of the DevOps singularity.
You can also listen to an experimental AI generated podcast based on the State of DevOps reports on Spotify, and wherever you get your podcasts.
