ICE WARS: A DevOps Story

Bottom Line; Up Front

BLUF

YES, any Agency can do DevOps, at scale!

NO, DevOps does not solve all of your IT management

problems.

YES, DevOps is hard work and requires smart people.

NO, You will most likely not be able to do things exactly

the same way with your organization.

What is DevOps

or DevSecOps for that matter…

While mostly associated with automating manual processes,

DevOps is the culture of increasing collaboration and decreasing

boundaries between the traditionally stovepipe roles of

Development, Operations, Security and QA (Quality Assurance,

a.k.a. testing).

Why should you care about DevOps?

IT isn’t getting easier….

Cost Reduction and Operational Efficiency

Flat is the new up

“Hard”ware is hard to automate.

Cloud is natively enabled for automation

Cybersecurity

Open Source shouldn’t mean open vulnerability

What’s your threat vector, Victor?

Death by 1,000 POA&M’s

Why should you care about DevOps?

We need to move faster

Deliver at Mission Speed

Deliver faster

Deliver more often

Faster time to recovery (MTTR)

Change is the new normal

What Leadership see’s

If industry can do it….

What we see

The 4 horseman of the apocalypse

Federal Acquisition Regulation (FAR)

Federal Information Security Management Act (FISMA)

Federal Risk and Authorization Management Program (FedRAMP)

Federal Information Technology Acquisition Reform Act (FITARA)

What we see

I’m getting dizzy….

Cloud

DevOps

Agile

DevOps alone wont work

There is more?

DevOps is the glue between Cloud

and Agile.

HOW DO WE SOLVE THIS

PROBLEM?

Waterfall Order.

JOIN THE DEVOPS REBELLION

Make an Impact

Help the huddled masses

The 80%

Taking an Enterprise Approach

Time to tame the Wild West

Manage TEAMS, not PROJECTS

Promote Agile and DevOps best practices through actually practicing

Agile and DevOps

Provide standard DevOps toolchain building blocks

Improve communication

Empower effective teams to make their own security, architecture, and

implementation decisions

Go to the Cloud FAST!!!

Accept no substitute

Contract

Connect

Compliance

Capitalize

Switching to Team Management

Because people get stuff done..

Vs

Vs

Vs

Vs

Vs

Completing requirements

Temporary team

External dependencies

Hand-Off

Documents

Building and managing products

Persistent dedicated team

Internal dependencies

Support and Grow

Builds and Shares Knowledge

PROJECT BASED TEAM BASED

Define Agile and Technology Maturity

What does good look like?

Define Teams and Maturity

Assess Maturity Regularly

Coaching vs. IV&V

Continuously Improve

Involve your customers and product owners

An informed customer is a happy customer

Agile orientation training

Product Owner training

User Story workshops

Product owner coaching

Communicate, communicate, communicate

Create Enterprise toolchain

Manage the common utilities

Project Management

Collaboration & Communication

Version Control

Orchestration & Automation

Configuration Management

Artifact Repository

Make security everyone’s responsibility

Help out your ISSO’s

Automate common ISSO tasks

Static Code Analysis

Scanning early and often

Embed security into sprints

The communication breakdown

It's always the same

55 Distinct

Communication Paths

Centralized and

Decentralized

6 Communication

Mechanisms Email

ITSM Tool

Meetings

…

Decentralize Decision Making

And automate points of trust

Does this gate still make

sense?

Can it be Automated?

Get rid of itNO

YES

Automate IT

YES

NO

Is the gate a result of

product quality issues

Establish thresholds for

self-managed

YES Are there external

dependencies?

NO

Decentralize to

portfolio or system

NOWe Keep It as is

YES

Results

Put your money where your mouth is….

Doubled our Agile Team Maturity

Implemented enterprise toolchain leveraged by almost

every system

Reduced lead and delivery time on provisioning new

infrastructure by 99%

On average, increased deployment frequency by 50%