Bottom Line; Up Front
BLUF
YES, any Agency can do DevOps, at scale!
NO, DevOps does not solve all of your IT management
problems.
YES, DevOps is hard work and requires smart people.
NO, You will most likely not be able to do things exactly
the same way with your organization.
What is DevOps
or DevSecOps for that matter…
While mostly associated with automating manual processes,
DevOps is the culture of increasing collaboration and decreasing
boundaries between the traditionally stovepipe roles of
Development, Operations, Security and QA (Quality Assurance,
a.k.a. testing).
Why should you care about DevOps?
IT isn’t getting easier….
Cost Reduction and Operational Efficiency
Flat is the new up
“Hard”ware is hard to automate.
Cloud is natively enabled for automation
Cybersecurity
Open Source shouldn’t mean open vulnerability
What’s your threat vector, Victor?
Death by 1,000 POA&M’s
Why should you care about DevOps?
We need to move faster
Deliver at Mission Speed
Deliver faster
Deliver more often
Faster time to recovery (MTTR)
Change is the new normal
What we see
The 4 horseman of the apocalypse
Federal Acquisition Regulation (FAR)
Federal Information Security Management Act (FISMA)
Federal Risk and Authorization Management Program (FedRAMP)
Federal Information Technology Acquisition Reform Act (FITARA)
Cloud
DevOps
Agile
DevOps alone wont work
There is more?
DevOps is the glue between Cloud
and Agile.
Taking an Enterprise Approach
Time to tame the Wild West
Manage TEAMS, not PROJECTS
Promote Agile and DevOps best practices through actually practicing
Agile and DevOps
Provide standard DevOps toolchain building blocks
Improve communication
Empower effective teams to make their own security, architecture, and
implementation decisions
Switching to Team Management
Because people get stuff done..
Vs
Vs
Vs
Vs
Vs
Completing requirements
Temporary team
External dependencies
Hand-Off
Documents
Building and managing products
Persistent dedicated team
Internal dependencies
Support and Grow
Builds and Shares Knowledge
PROJECT BASED TEAM BASED
Define Agile and Technology Maturity
What does good look like?
Define Teams and Maturity
Assess Maturity Regularly
Coaching vs. IV&V
Continuously Improve
Involve your customers and product owners
An informed customer is a happy customer
Agile orientation training
Product Owner training
User Story workshops
Product owner coaching
Communicate, communicate, communicate
Create Enterprise toolchain
Manage the common utilities
Project Management
Collaboration & Communication
Version Control
Orchestration & Automation
Configuration Management
Artifact Repository
Make security everyone’s responsibility
Help out your ISSO’s
Automate common ISSO tasks
Static Code Analysis
Scanning early and often
Embed security into sprints
The communication breakdown
It's always the same
55 Distinct
Communication Paths
Centralized and
Decentralized
6 Communication
Mechanisms Email
ITSM Tool
Meetings
…
Decentralize Decision Making
And automate points of trust
Does this gate still make
sense?
Can it be Automated?
Get rid of itNO
YES
Automate IT
YES
NO
Is the gate a result of
product quality issues
Establish thresholds for
self-managed
YES Are there external
dependencies?
NO
Decentralize to
portfolio or system
NOWe Keep It as is
YES
Results
Put your money where your mouth is….
Doubled our Agile Team Maturity
Implemented enterprise toolchain leveraged by almost
every system
Reduced lead and delivery time on provisioning new
infrastructure by 99%
On average, increased deployment frequency by 50%