DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Culture and Methodologies
  3. Agile
  4. From 0 to Accredited in 23 Days

From 0 to Accredited in 23 Days

Even outside the civilian world, government entities can benefit from the rapid deployment from DevOps.

Derek Weeks user avatar by
Derek Weeks
·
Apr. 29, 19 · Analysis
Like (3)
Save
Tweet
Share
6.94K Views

Join the DZone community and get the full member experience.

Join For Free

Did you know there is a place at the U.S. Department of Defense (DoD) that is tasked with deploying technology capabilities in 0 to 2 years? For the DoD — or government in general — that is impressive. But, what if you knew that they are averaging 23 days for an accredited capability?

The DoD's Joint Improvised Threat Defeat Organization (JIDO), J6, has that task, and their Chief Technology Officer talked about his organization's transformational journey at one of our previous ADDO conferences. Leonel Garciga (Leo) shared how they get requirements deployed faster and more robust at scale and within a secure perspective: we thought it was worth revisiting.

For anyone that has worked in defense, you know everyone works to support the mission, whether they are on the front lines or processing contracts at the Pentagon. Leo knew it was critical that they get everyone on the same page from a mission perspective of they were going to deliver secure, accredited capabilities at an accelerated pace.

Besides being focused on the mission, everyone needs to know who their customer is — and that varies depending on their role. For development, the customer is the end-user, and they need to focus on the user, not goals within the development cycle. However, for operations and information assurance, the development team is their customer.

With the team focused on the mission and customers, they need the right tools. They invested in software delivery and make sure everyone uses the same tool for consistency and reliability. This meant that sometimes they need to connect legacy capabilities to leverage what they have. Along those lines, Leo advised:

"Adaptability Is Greater than Correctness."

While you might have to work with legacy systems, you can't stop looking to innovation, and, in government, they have to look at industry and the national labs to see what they are doing and adopt it where it makes sense. They can't become insular or arrogant.

Of course, this all sets the foundation for the work, but what guides the day-to-day? As you might guess: DevOps. Leo mentioned that anyone that knows him at work has heard him say:

"DevOps is awesome!"

He embraces it, and looks to its full potential. He mentioned that most government implementations fall short of true DevOps as their value chain stops at staging. But Leo knows that isn't DevOps. To be DevOps, the value chain has to go all the way through to production.

They also try and automate everything in the pipeline to reduce human error and provide an audit trail. Their goal is: no manual and human review gates. And, because DevOps allows for an auditable track to show what you are doing and how you got there, this is how they get true, ongoing authorizations.

During his talk, he presented the formula for maximum agility:

Secure Agile + DevOps + Continuous Monitoring = Ongoing Authorization.

Automation mitigates risk because it allows for the following to be enforced in the development process:

  • Code supply chain management;
  • Container scanning for critical vulnerabilities;
  • Automated testing;
  • Test-driven development and code-level unit test coverage;
  • Static code analysis;
  • Penetration testing;
  • Requirements management system;

In the end, Leo presented why having a DevOps pipeline is a CIO/CISO's imperative:

  • Single pane of glass for capability delivery and risk assessment so you can have a better sense of the risk you are putting onto the network.
  • Baked in regulatory and auditing functions.
  • Real-time visibility into assessing risk and continuous monitoring.
  • Real-time visibility into project status and automated documentation.
  • Repeatable processes with metrics.
  • Standardized deployment and mitigation methodology.
  • Transparency out to the customer.
DevOps unit test Leo (text editor) Test-driven development agile Requirements management End user security

Published at DZone with permission of Derek Weeks, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Handling Automatic ID Generation in PostgreSQL With Node.js and Sequelize
  • The Enterprise, the Database, the Problem, and the Solution
  • How to Configure AWS Glue Job Using Python-Based AWS CDK
  • How to Cut the Release Inspection Time From 4 Days to 4 Hours

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: