Tutorial F

Agenda Tutorials

Tutorial F

DevOps / DevSecOps


$50 USD each


Wednesday – February 23, 2022


11:00 AM – 1:30 PM PT


An overview of DevSecOps and how it is different from Agile practices but compliments them. This tutorial will review the terms, concepts, and processes behind DevSecOps which form the basis of the Enterprise Software Factory. The second half will focus on what contracting and acquisition considerations need to be examined before undertaking this type of development effort. Adoption of DevSecOps brings many benefits and efficiencies to the development process that far exceed those of regular agile programs including:

  • Enables rapid prototyping for any Business and Weapons system. Ending in deployment in production
  • Enables learning and continuous feedback from actual end-users(warfighters).
  • Enables bug and security fixes in minutes instead of weeks/months.
  • Enables automated testing and security.
  • Enables continuous Authorization to Operate (ATO) process for rapid deployment and scalability. Authorize once, use many times – Deployed on any DoD-approved Cloud
  • Brings a holistic and baked-in cybersecurity stack, gaining complete visibility of all assets, software security state and infrastructure as code.
  • Provides hardened containerized software stack to be reused across Services.

The 2nd half of this tutorial will focus on highlighting those changes to the Acquisition process required including:

  • Review recent changes to the NDAA (Sec 873/874)
  • Review and discuss required changes in Acquisition Mindset
  • Review contracting language and best practices that can be reused to ensure software acquisition can be Agile or DevSecOps.
  • Standardize metrics and define acceptable thresholds for continuous ATO

Note this tutorial assumes basic knowledge of Agile Development terms and concepts.

Instructors Brook Cavell and Nell Finigan, The Aerospace Corporation


Brook Cavell is a PMI Agile Certified Practitioner (PMI-ACP®) and a Project Management Professional (PMP). Brook had started as an agile developer doing extreme programming then later on being the product owner for multiple projects.

Nell Finigan is a Certified SAFe Scrum Master and has participated in Agile teams for the past 3 years. Nell has previously been a scrum master for hardware and software prototyping teams, and has experience with writing proposals for Agile programs.

Description of Intended Students and Prerequisites

Geared toward individuals with moderate agile experience. No previous DevOps or DevSecOps experience is assumed.

What can Attendees Expect to Learn

Key principles of DevOps/DevSecOps and how it compliments Agile methodologies. What contracting, and acquisition considerations need to be examined before undertaking this type of development effort.