The Defense Department (DoD) is truly one of a kind. Unlike other agencies, the DoD oversees national security and the U.S. armed forces. The DoD’s status as the world’s largest employer, meanwhile, also makes it unique. On Wednesday, for example, one DoD official estimated his agency has over 200,000 acquisition and engineering professionals alone.
How does an organization as large and important as the DoD innovate? The secret may be DevSecOps. DevSecOps mixes IT operations, software development and security into one organizational philosophy; once implemented, DevSecOps can continuously develop high-quality software. DevSecOps can also make agencies more agile, boosting their flexibility and improving their resilience.
According to Sean Brady, DoD Senior Lead for Software Acquisition, Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD (A&S)) and the Office of Acquisition Enablers, other agencies can learn from his agency’s DevSecOps successes. Bill Bensing, Software Factory Lead, Managing Architect and John Willis, Senior Director, Global Transformation Office at Red Hat, an open-source software provider, also described how DevSecOps can help agencies imitate private-sector companies like theirs.
On Wednesday, the trio appeared during GovLoop’s latest virtual summit. All three men detailed how DevSecOps can fuel powerful innovation at agencies:
1. Start With People
Agencies will struggle with DevSecOps if they do not change their culture first. For instance, cybersecurity personnel can make security stronger at their offices. Without eliminating silos between their various teams, agencies will not see DevSecOps’ best results.
“If you don’t address the culture part and the people part, things can collapse,” Brady said. “It starts with the leadership. Show some early victories and build some trust.”
2. Make Personal Contributions
Regrettably, DevSecOps’ agencywide impact can convince individuals they cannot contribute to realizing it. According to Bensing, every employee can do their part to ensure DevSecOps takes root at their agency.
“If you want to start doing this and you’re running into hurdles, look inward,” he said. “What can you do to be more collaborative?”
Take team meetings. By including personnel from every department in these huddles, agencies can obtain the cooperation needed for DevSecOps.
3. Collect Feedback
Humans are often creatures of habit, so many government workers may be reluctant to abandon their routines. Should hesitation set in, Willis recommends collecting feedback from people impacted by DevSecOps.
“Treat it like research,” he said. “That’s the only way you’re able to get past the problem.”
Why does this matter?
Agencies serve citizens, and DevSecOps can help them do just that with greater speed and flexibility. In the future, more agencies may embrace DevSecOps once they realize how it can score more mission wins.
“We have to be absolutely dominant in DevSecOps,” Brady said of the DoD’s plans. “As we look to the next decade, that is going to be increasingly important.”
This online training was brought to you by: