FNN Expert Edition: How to
Scale DevSecOps

FNN Expert Edition DevSecOps cover
In this ebook, we share insights from both government and industry leaders about how to successfully move from pilots and limited agile programs to full-blown agencywide DevSecOps implementations. We hope the lessons learned and the pointers in the pages ahead will be valuable in your own efforts to establish standardized DevSecOps programs across your agency. Featuring insights from government agencies, including:
  • Army begins to scale DevSecOps pilot projects
  • GSA 10x puts ‘moonshot’ pitches into practice with agile development
  • CISA pushes tech buyers to seek ‘secure by demand’ products
  • As USCIS expands into the cloud, automation helps it securely manage ‘explosion’ of data

The push is on. Agencies across the federal government increasingly are scaling up their development, security and operations programs.
Interestingly, the coalescence of multiple governmentwide technology initiatives appears to have helped pave a path toward agile development and the broadening implementation of DevSecOps.
Both the expansion of cloud adoption and the push toward zero trust have prompted agencies to fully define and begin scaling up DevSecOps policies and practices.
The Army and U.S. Citizenship and Immigration Services are prime examples. As Young Bang, principal deputy assistant secretary of the Army for acquisition, logistics and technology, said of the service’s Defensive Cyber Operations pilot: “That set us on a journey beyond just going to agile and to get to continuous integration, continuous delivery.”
And at USCIS, the move of its primary infrastructure to the cloud created the opportunity to meet the zero trust mandate to stand up a secure CI/CD pipeline, explained Chief Information Security Officer Shane Barney.
“Zero trust does require some new initiatives in that space that are really important. And in fact, the most recent one … added was the change to how you deploy code, automating your pipeline deployments into production,” he said. “When we first started cloud, we weren’t able to do that. And we just didn’t do it. And so we kind of got into a practice of not doing it.”
That’s changed now, Barney said.
And the Army and USCIS are not alone in efforts to standardize around DevSecOps.

Vanessa Roberts
Editor, Custom Content
Federal News Network

Download the full report to learn how DevSecOps can enable your agency to streamline and secure production. Featuring insights from DevSecOps leaders at SecondFront, Red Hat, Venafi and VMware.

View and download complete report below.

By supplying my contact information, I authorize Carahsoft and its vendors and partner community to contact me with personalized communications about their products and services. Please review our Privacy Policy for more details or to opt-out at any time.