DevSecOps
USCIS, Air Force Leaders Share Insights Into DevSecOps Adoption
Leaders from the U.S. Citizenship and Immigration Services and the U.S. Air Force, along with industry officials, shared insights into successful DevSecOps adoption during a virtual event hosted by GovernmentCIO Media & Research.
Matthew Huston of the Air Force said DevSecOps requires constant improvements and that organizations should understand what is required of them to deliver value to end users, GovernmentCIO Media & Research reported Thursday.
“Once you start delivering value, then you can iterate on that to ultimately secure your environment. You don’t have an end point in mind, but recognize that there will always be change,” he said.
Huston is the chief information officer and chief information security officer of the Air Force’s DevSecOps platform called Platform One.
The platform is designed as a cloud-agnostic software environment that offers managed services to the entire Department of Defense enterprise. It manages software factories for development teams, allowing them to focus on building mission applications.
According to Huston, Platform One now fully supports remote operations, enabling DOD to increase its workload with greater access to engineers and product managers on a nationwide basis.
On its end, USCIS has adopted a Team Managed Deployment strategy, which, according to Chief Technology Officer Rob Brown, has facilitated the modernization and migration of legacy systems. The strategy has enabled teams to meet the team-managed deployment approval step for a continuous integration/continuous delivery.
When embracing DevSecOps, Brown said organizations’ platforms and frameworks should have openness and transparency.
DevSecOps has also been embraced in the Navy. The service branch launched its own DevSecOps platform called Black Pearl to allow coders to bake built-in security into new software.
Anthony Ortega, vice president of agile software implementation with Appddiction Studio, considers fatigue as the biggest barrier to DevSecOps. He said adopting DevSecOps is a journey that may be difficult for some leaders to embark on.
Category: Digital Modernization