In order to launch a robust DevSecOps (Development, Security, and Operations) effort, Department of Defense (DoD) leaders agree that organizations need to undergo a culture shift and learn to be comfortable with the uncomfortable to achieve the best results.

During a virtual summit held by ATARC on August 31, DoD officials agreed that a cultural component needs to be in place so that employees can work towards a common goal when utilizing DevSecOps.

“There is this culture component of the people element that has to be in place, it really comes from the trust, the collaboration, and the communications that have to be put in place for this to work,” said Daniel Corbin, deputy CIO and technical director of Command, Control, Communications and Computers at the U.S. Marine Corps.

“Do you have the skilled team members, do you have the authorities in place to do it, do you have the system engineering processes that are necessary to be able to support this… and most importantly, is everybody in the entire ecosystem working against a common goal to deliver the capability and support the mission,” he added.

In the DevSecOps environment, culture allows employees to be comfortable with failure, something that is usually not celebrated, according to Nickolas Case, agile coach at the U.S. Air Force.

“Nobody wants to fail, nobody really, and with the Agile in the DevSecOps environment, you are allowed to fail,” Case said. “People don’t understand that you learn when you fail. If all the time you’re succeeding, you don’t really know where your metrics are, you don’t know how fast you can go or what you can do. So, with the DevSecOps, you’re able to fail fast, learn, and then ultimately succeed faster.”

When leading a DevSecOps organization, “you have to focus on culture, process, and technology,” according to Austen Bryan, chief operating officer at DoD Platform One, U.S. Air Force. However, Bryan said leaders often put too much of a focus on technology and not enough of a focus on process and culture.

“The biggest thing is just having the courage to take real risks,” Bryan said. “A lot of times, it’s very easy to talk about, but… it takes a lot of courage to not follow the trends.”

MerITocracy
Critical issues that sit at the nexus of policy and technology. Learn more.

“I think if you’re if you have leadership that’s supportive or you can win over some leadership that’s supportive to give you enough air space to maneuver a little bit, there’s an opportunity to make a lot of positive change,” Bryan added. “I think the movement across the DoD is growing this entire DevSecOps mindset – much more of a culture and process, again more than technology.”

Bryan encouraged military leaders to train other leaders to focus on “controlled and smart risk-taking and smart failure.” Although adopting those mindsets take a lot of courage, Bryan said it will ultimately speed up an organization’s success.

“I think looking at how we recruit and retain and develop people that understand this skill set is really where the biggest fundamental problems are for the DoD at least right now,” he added.

Candaice Deloach, senior scientific technical manager for warfare systems software science and technology (S&T) and development at the Naval Surface Warfare Center Dahlgren Division, agreed that courage is key to that necessary culture shift. Adopting a new mindset with DevSecOps is not something leaders are typically comfortable with, but that uncomfortable space is where leaders will find the most success, according to Deloach.

“My biggest thing is I want people – and especially those that I’m working directly with – I want them to be comfortable with being uncomfortable,” Deloach said. “We’re thinking about culture and people, whatever you’re doing day to day and your facilitation of DevSecOps and adoption of DevSecOps, if you’re comfortable in what you’re doing, if you’re comfortable with what you’re executing, then I’d say you’re not on the right track.”

“We should be uncomfortable with the amount of change that we’re taking on, we should be uncomfortable with how we continue to shift, but that means to me that we’re on the right track,” Deloach added. “I always encourage those around me to think bigger and to and to always question what’s in the realm of possible.”

Read More About
About
Grace Dille
Grace Dille
Grace Dille is MeriTalk's Assistant Managing Editor covering the intersection of government and technology.
Tags