AI for DevOps Workshop

Workshop Title

DevOps, AI, and Agents: Practical Adoption with Guardrails (Vendor-Neutral, No Labs)

Format: Full-day, interactive (mini-lectures + guided discussion + scenario exercises + group design work)
Time: 9:00 AM – 4:30 PM
Who it’s for: DevOps / SRE / Platform Engineers + Developers already using CI/CD who want to adopt AI and agents safely and effectively
No tooling required: Bring your brain, your real-world constraints, and your opinions.

Why John Willis (Botchagalupe) should teach this

AI is changing how work gets done—but in delivery systems, speed without governance can lead to chaos. John Willis has spent decades helping orgs improve flow without breaking reliability and security.

  • Co-author of The DevOps Handbook — foundational work on modern delivery, reliability, and operating models.
  • Rebels of Reason book on AI — focused on how AI changes delivery and operations, and what responsible adoption actually looks like in real systems.
  • Known for translating “big ideas” into practical, opinionated patterns teams can apply immediately—without vendor hype.

Why take this workshop

If your teams are experimenting with copilots, chat tools, or “agentic” workflows, you’re probably seeing the same tension:

  • Greater change velocity → review, security, debugging, and ops become the bottleneck
  • Tools can “do more,” but permissioning, auditability, and blast radius get scary fast
  • Everyone is talking about agents, but few can clearly explain:
    assistant vs agent vs orchestration, and what should be allowed where

This workshop gives you a clear mental model, a use-case map, and ready-to-deploy guardrail patterns so you can move faster without losing control.

Who should attend

Ideal attendees include:

  • DevOps / SRE / Platform Engineering leaders and practitioners
  • Developers working in mature CI/CD environments
  • Security / DevSecOps partners supporting delivery tooling
  • Engineering managers responsible for delivery speed + risk
  • Anyone evaluating or rolling out AI coding assistants, CI agents, ops assistants, or internal copilots

Best fit if you already have: CI pipelines, infrastructure-as-code, standardized workflows, and real operational responsibilities.

What you’ll learn (Outcomes by the end of the day)

Participants will be able to:

  • Distinguish assistant vs agent vs orchestration (and why it matters)
  • Spot high-value AI/agent use cases across the DevOps lifecycle (SDLC to operations)
  • Design an agent-assisted workflow with guardrails (tests, policy, approvals, audit trails)
  • Apply a practical security + governance checklist for agent tooling and autonomy

Key takeaways (What you’ll leave with)

By the end of the day, you’ll have:

  • A ranked shortlist of AI/agent use cases for your org (impact vs risk vs feasibility)
  • A reusable Agent Task Spec format to make agent work deterministic and reviewable
  • An Autonomy Ladder for deciding “suggest-only vs execute-with-approval vs autonomou.s”
  • A baseline Agent Security & Governance Checklist (permissions, secrets, supply chain, logging, approvals)
  • A concrete 30–60–90 day adoption plan with ownership + metrics

AI Governance Workshop Agenda 

9:00 – 9:15 | Opening & Framing

  • Welcome + objectives
  • Workshop flow: Authority → Risk → Control
  • Set participation model (interactive, discussion-driven)

Anchor:

  • “You are onboarding a digital workforce.”

9:15 – 10:30 | Session 1 – Authority Shift

Assistants → Agents → Autonomy

  • Assistants vs Agents vs Autonomy gradient
  • Authority = Action-space × Autonomy
  • HITL → HOTL transition
  • Amplification principle (Deming lens)

Outcome:

  • Shared language + authority mental model

10:30 – 10:45 | Break

10:45 – 11:30 | Red Bead Game – Agentic Edition

(Experiential System Failure Exercise)

  • Map Deming’s Red Bead → AI Agents:
    • Workers = Agents
    • Beads = Prompts / Inputs
    • System = Tools / Data / Policies

Flow:

  • Round 1: “Optimize outputs.”
  • Round 2: Introduce hidden system constraints
  • Round 3: Add agent autonomy (remove human gate)

Debrief:

  • Why agents “fail correctly.”
  • System vs individual blame
  • Governance ≠ training problem

Anchor insight:

  • “A bad system will beat a good person every time.”

11:30 – 12:15 | Session 2 – Risk Surfaces

Where AI Becomes Real Risk

  • Three surfaces:
    • Read (influence)
    • Write (state mutation)
    • Execute (consequence)
  • Taint propagation:
    • Read → Write → Execute
  • Failure cases:
    • Vault exposure
    • Git rewrite
    • Agent outages

Anchor:

  • “This is an authority pipeline.”

12:15 – 12:30 | Transition / Setup for Lunch

12:30 – 1:00 | Lunch + Book Signing

  • Informal networking
  • Book signing session (moved here)

1:00 – 1:45 | Tabletop Exercise (Breakout)

Authority → Risk Mapping

Setup:

  • Self-organized groups
  • Assign:
    • Facilitator
    • Note-taker

Exercise:

  • Identify:
    • Where authority exists without constraint
    • Where taint enters the system
  • Map:
    • Read / Write / Execute surfaces
  • Discuss:
    • Where failure propagates

Rules:

  • Chatham House Rule
  • Light Robert’s Rules (facilitated flow)

Goal:

  • Make invisible governance gaps visible

1:45 – 2:45 | Session 3 – Governance Architecture

Orchestration as the Control Plane

  • Orchestration = enforcement layer
  • Controls by surface:
    • Read → retrieval policy
    • Write → logging + replay
    • Execute → tool gating
  • Six governance domains:
    • Tools, Identity, Memory, Retrieval, Logging, Replay

Anchor:

  • “Orchestration is the policy enforcement layer.”

2:45 – 3:00 | Break

3:00 – 3:40 | Case Study — “Chocolate Rain” + Tool Instability

  • Structured hallucination problem
  • Tool-calling inconsistency
  • Netflix architecture response:
    • Schema enforcement
    • Dedicated agents
    • Deterministic orchestration

Key insight:

  • Move control out of the model

3:40 – 4:10 | Governance Design Exercise

Audit Your Coverage

  • Map organization to:
    • 6-layer governance stack
  • Identify:
    • Gaps (especially Retrieval + Execution)
  • Introduce:
    • MER (Machine Execution Ratio)
    • GCR (Governance Coverage Ratio)

Outcome:

  • Governance becomes measurable

4:10 – 4:30 | Closing Synthesis + Open Discussion

Key Takeaways:

  • Authority shift
  • Risk surfaces
  • Asymmetric risk
  • Orchestration enforcement

Final Questions:

  • Where is governance real vs suggested?
  • What breaks first at machine speed?
  • Who owns the context boundary?

Included templates (No-labs friendly handouts)

Agent Security & Governance Checklist
Identity model, least privilege, secrets handling, policy gates, approval triggers, supply chain controls, auditability, and IR considerations.

Agent Task Spec (one-pager)
Goal, context, scope, acceptance criteria, required checks, constraints, artifacts, risk flags, escalation.

Autonomy Ladder Worksheet
Suggest-only / Execute with approval / Autonomous; environments; permissions; evidence; logging; rollback.

Instructor

John M. Willis

John M. Willis is a pioneering voice in DevOps, co-author of “The DevOps Handbook,” and a recognized expert in IT management and automation. With decades of experience spanning systems management, cloud computing, and organizational transformation, John brings unique insights into how AI is reshaping modern software delivery and operations.