Tutorial H

GSAW 2020 Tutorials

Tutorial H
DevOps/DevSecOps and Agile

Length

 Half Day

Fee

 $225

Time

 1:00 – 4:30 P.M.

Overview

 An overview of DevSecOps and how it is different from Agile practices but compliments them. This tutorial will review the terms, concepts, and processes behind DevSecOps which form the basis of the Enterprise Software Factory. The second half will focus on what contracting and acquisition considerations need to be examined before undertaking this type of development effort. Adoption of DevSecOps brings many benefits and efficiencies to the development process that far exceed those of regular agile programs including:

  • Enables rapid prototyping for any Business and Weapons system. Ending in deployment in production
  • Enables learning and continuous feedback from actual end-users (warfighters).
  • Enables bug and security fixes in minutes instead of weeks/months.
  • Enables automated testing and security.
  • Enables continuous Authorization to Operate (ATO) process for rapid deployment and scalability. Authorize once, use many times – Deployed on any DoD-approved Cloud
  • Brings a holistic and baked-in cybersecurity stack, gaining complete visibility of all assets, software security state and infrastructure as code.
  • Provides hardened containerized software stack to be reused across Services.

The 2nd half of this tutorial will focus on highlighting those changes to the Acquisition process required including:

  • Review recent changes to the NDAA (Sec 873/874)
  • Review and discuss required changes in Acquisition Mindset
  • Review contracting language and best practices that can be reused to ensure software acquisition can be Agile or DevSecOps.
  • Standardize metrics and define acceptable thresholds for continuous ATO

Note this tutorial assumes basic knowledge of Agile Development terms and concepts.

Instructors

 Supannika Mobasser, Curt Holmer, and Brook Cavell, The Aerospace Corporation

Biographies

 Brook Cavell is a PMI Agile Certified Practitioner (PMI-ACP®) and a Project Management Professional (PMP). Brook had started as an agile developer doing extreme programming then later on being the product owner for multiple DHS projects.

Curt Holmer is a Certified SAFe® Program Consultant (SPC), a PMI Agile Certified Practitioner (PMI-ACP®) and a Project Management Professional (PMP). Curt has participated, led and coached agile projects in both the federal and corporate arenas.

Dr. Supannika K. Mobasser is a certified Scrum Master, a certified Product Owner, and a certified SAFe® Agilist. Supannika has participated in several Agile programs both in the commercial and government settings. Her research interest areas are Agile and Lean Software Development, Expediting Systems Engineering, Software Process Improvement, Software Process Quality Assurance, and Software Metrics and Measurement.

Description of Intended Students and Prerequisites

 Geared toward individuals with moderate agile experience. No previous DevOps or DevSecOps experience is assumed.

What can Attendees Expect to Learn

 Key principles of DevOps/DevSecOps and how it compliments Agile methodologies. What contracting and acquisition considerations need to be examined before undertaking this type of development effort.
GSAW 2020 Tutorials