Over the course of my career in the industry, I’ve worked with a number of companies that have applied a Centers of Excellence (COE) model in different departments. I created a Center of Excellence in SOA when I was working as an architect for Agile teams and I'm now trying to enable the same mindset in the QA team for Agile on performance and security. My experience is with COEs that were very well-resourced with multiple dedicated full-time functional or subject matter experts. There were also others who were cobbled together through a combination of standards, and they leveraged resources to do the work of the COE in addition to their day-to-day jobs.
COE is not for doing the work; COE is for enabling the work. This is what my company Vice-President always says to me (well, sometimes yells at me). Now, the trend is changing from Center of Excellence to Center of Enablement. In Center of Excellence, a set of people will do the job and also enable the environment. In Center of Enablement, it's not a set of people; all the Agile teams will have a part and be involved in the work. For example, performance testing and security testing will be part of Sprints. Teams should run automated performance core cases and automated burp suite scanning every day. This will be enabled by Center of Excellence (or Center of Enablement team).
Ask about the purpose, goal, and vision. This leads to Continuous Delivery and Continuous Integration.
Long story made short, when it comes to COEs, there does not appear to be a standard model, and although I have personal preferences, the reality is that different models can be effective based on the context and working culture. In today's world, most of the developers are not willing to accept the COE model. However, I am quite sure that if you fast forward to 10 years from now, every developer will have hands-on development, performance testing, and security testing. Of course, at the end of the day, performance and security testing require developing scripts because they're a part of development.
That being said, even though the model tends to be variable across companies, the work of the COE tends to be quite similar and relates to how I am enabling this in our company. My tasks include (but aren't limited to):
Defining a common set of best practices and work standards for performance and security.
Assessing (or helping others to assess) the maturity of their scripts and validating their scripts.
Enabling the performance lab and security lab for testing.
Training and coaching the dev teams on performance and security from a COE perspective.
I hope that in future, the name "Center of Excellence" will be changed to "Center of Enablement" or "Center of Enablers," and that every team member will be part of that irrespective of his role.