Six key things to know about DevSecOps
The concept of DevSecOps has taken on added impetus now that Katie Arrington, the DOD’s chief information security officer at the office of assistant secretary of defense for acquisition, said the department should step up its efforts to change workforce culture around it.
PEO EIS already has made strides in this area with Applied Cyber Technologies’ (ACT) recent integration of DevSecOps methodologies in its developmental DRUID (Defense Cyber Operations Resource for Updates, Innovation and Development) technology. To help better educate the EIS workforce about DevSecOps, ACT invited Donny Davis of ORock Technologies to discuss the concept and its application to DRUID at an October 22 lunch and learn presentation.
Following are six key things to know about DevSecOps based on that session:
-
It isn’t a technology. It’s a model, process or way of doing things and finding technologies that do the things you want.
-
It’s first and foremost about people. The first step is to get everybody on board and effect a culture shift, so everyone understands the desired outcomes and how to get them. Competing priorities need to be worked out during this stage. “This is not a spectator sport; you have to be actively engaged,” says Davis.
-
It’s important to address the “5W1H” questions. DevSecOps is a shift in process designed by people, so you need to agree on what output is desired, what teams should be involved, who the customer is, how they will consume the process, etc.
-
Technology is the last thing for discussion and procurement. “People create a process; process drives technology; technology drives the pipeline,” says Davis.
-
Metrics are an important output to consider. Among other things, it’s helpful to find out how long it takes to do a build and how long to iterate until you have useful results.
-
Hybrid solutions may be best for DOD organizations. If you have a web app that’s consumed on a DOD network, it may be better to have a combined cloud/on-premise solution instead of going all-in with cloud. “Hybrid allows you to provide highest levels of access and to spread resources to people who otherwise couldn’t access them,” says Davis.
For more information on ACT’s experience with DevSecOps, contact Fianna Litvok at Fianna.R.Litvok.ctr@mail.mil.
Related News
-
PEO EIS holds final change of charter for Defensive Cyber Operations
July 24, 2023Program Executive Office Enterprise Information Systems (PEO EIS) held a change of charter ceremony July 21 for its Defensive Cyber Operations (DCO) project management office. -
PEO EIS welcomes David Waisanen as new product lead, Allied Information Technology
February 10, 2023PEO EIS’ Defensive Cyber Operations (DCO) held an assumption of charter ceremony Jan. 12, welcoming David Waisanen as the new product lead for the Allied Information Technology (AIT) product office. -
Linda Jones thrives on change, mentoring and hybrid Agile
January 30, 2023In her six-and-a-half years with PEO EIS, Linda Jones has made the move from contractor to civilian, served in three different portfolios (Army Data and Analytics Platforms, Integrated Enterprise Network and Defensive Cyber Operations) and become known for her mentoring skills and expertise in Scrum, which is an Agile framework that helps teams deliver value collaboratively in an incremental way.
Work for Us
Join a winning team! Search for job opportunities with PEO Enterprise.
Work with Us
Help support important missions. Explore ways your company can work with PEO Enterprise.