Military IT Leaders Explain the Benefits of DevSecOps

As applications have become mission-critical to military operations, the military has embraced a similar iterative, Agile approach to application development as the private sector. Instead of focusing efforts on producing robust and complex systems from the onset, they are shifting their focus to the development of 1.0 versions of capabilities, and then continuously expanding on them in small increments as mission requirements change over time.

During a recent Federal News Network event, Future Proofing Government with Agile: Unveiling Benefits and Overcoming Challenges, software development experts from Sigma Defense and CACI, along with military IT leaders from the U.S. Air Force and U.S. Transportation Command (TRANSCOM) convened to unpack the successes of their Agile and DevSecOps journeys and explore how they addressed the challenges they met along the way.

The event kicked off with the panelists giving updates on where their organizations currently stand in embracing and adopting iterative development approaches. According to Mike Howard, TRANSCOM’s Engineering and Digital Transformation Division Chief, TRANSCOM has been slowly maturing its Agile framework while also prioritizing DevSecOps.

“Our enterprise, as a whole, is pushing towards Agile,” explained Howard. “We’re really leaning towards tracking and leveraging performance in the Agile space, specifically in innovation. And as we transition into DevSecOps, we understand that it’s a core foundation for us. It’s essential to establishing containerization, microservices, a true baked-in software development lifecycle, and a modern runtime environment like Kubernetes and continuous monitoring.”

As for the U.S. Navy, Manuel Gauto, Director of Engineering for Sigma Defense – and a key player in the Navy’s Black Pearl program – reports that there has been major progress made on the Agile and DevSecOps fronts.

“We are reaching a critical mass of understanding in terms of what it means to reapproach software development from a more flexible, iterative type of methodology,” said Gauto.

“As for DevSecOps…we are cresting the hill in terms of…starting to see real change in velocity, flexibility, and how quickly we’re delivering capability. We’re starting to see real capabilities getting delivered, instead of people just talking about delivering through this process.”

The enthusiastic embrace of iterative software development within the Navy was just one of several wins reported during the panel discussion. Recent Congressional policy changes around software acquisition were also viewed as a victory, with Capitol Hill signaling a prioritization of iterative software development and DevSecOps for federal government and military programs.

“Congress, through the software NDAA, allowed us to do the software acquisition pathway and has enabled the overarching acceptance of that in the Department of Defense,” said Col. Richard Lopez, Senior Material Leader of the Air Force’s Kessel Run program. “That is really where the magic is. The fact that we were allowed to move in that direction legally and policy-wise has been a tremendous help.

As for the challenges that were discussed at the event, some of the panelists reported experiencing roadblocks to reaching a cultural embrace of iterative software development approaches at an institutional level. They agreed that the first crucial step to inspiring institutional change and breaking down organizational silos is to encourage collaboration across different teams.

“The key is to lay down a prescriptive set of capabilities that one team could be doing, and then integrate key members of other employee teams to build trust and confidence,” explained Howard.

Gauto agreed with Howard’s assessment but also believes that the fear of failure and repercussions has played a role in the hesitancy of an overall embrace by the workforce. “I think trust is key,” he said. “It’s trust in the other teams, but also trust in the system that they won’t be punished for failure. [At Black Pearl] we’ve been trying to figure out how we can provide an environment where people feel comfortable trying new things.”

According to Gauto, once teams reach that level of collaboration and are comfortable with the process, they will be better positioned to deliver capabilities and prove that an Agile approach can work. “Showing a true win is how you build faith in the approach and in the system,” he said.

Jimmy Norcross, Senior Vice President of Agile Digital Solutions at CACI, attested to the fact that having wins under teams’ belts also contributes to greater commitment to iterative development approaches. “Institutionalization comes from the success of meeting mission needs,” he said.

Norcross also cites the fact that Agile and iterative software development approaches help foster a stronger and – seemingly – content workforce. “Our teams who run programs that are implementing Agile have lower attrition, high retention, and are easier to recruit,” said Norcross. “This is because people have autonomy…It’s that continuous, iterative approach that really works well for the process, the mission, and also for the people.”

Equipping the military with the ability to accelerate the software development process while simultaneously shifting security to the left would be a critical win for the DoD’s CJADC2 initiative. Software plays a key role for the DoD, as it can be the connective tissue between the Department’s disparate hardware systems that can ultimately unify communications and provide faster, more informed decision-making for CJADC2.

Leveraging an Agile approach to software development, and incorporating security at the top of the process, ensures the fastest delivery of secure, mission-critical capabilities and applications into the hands of the warfighter.