How to Promote Adoption of DevSecOps Culture

How to Promote Adoption of DevSecOps Culture

The Air Force, VA and NASA encourage communication, training and empowerment to better adoption of agile software development methods.

As federal agencies approach DevSecOps adoption in their organizations, IT leaders across the government are encouraging a variety of approaches to change the cultural mindset behind the transformation. 

For the historically siloed Department of Veterans Affairs, developing a model to break down those silos and developing a strong communications line around the new Agile cultural mindset has been essential for change, VA Enterprise Program Management Office Acting Associate Deputy Assistant Secretary Daniel McCune said during GovernmentCIO Media & Research’s Disruptive DevSecOps event Wednesday.

“Culture is the hardest problem to solve, and you’ve got to start early," McCune said. "We looked at two things: one is more of a functional model that got us our of that traditional pillar approach, and the other is really communication, and we had to establish kind of a drum beat early and often and consistently, just shape the culture, shape the narrative, shape the vocabulary."

Having strong communications channels are also important, said Air Force Chief Data officer Eileen Vidrine, adding that it’s important to create a culture that empowers any team member to offer ideas.

“When anybody at any level can generate a great idea that matriculates up to the top, very quickly to streamline and fast track those really important opportunities — I think the communications piece is critical to making that happen,” Vidrine said.

On top of building a culture that fosters communication, NASA Applications Associate CIO Shenandoah Speers said training can also be valuable in getting teams on the same page. 

“Training is vital to any Agile, DevSecOps transformation, or any transformation really, because … we’re asking people to change the way they’ve operated for many years, and so having a training plan is absolutely necessary,” Speers said. “We’ve adopted a framework called Scaled Agile Framework for Lean Enterprises, or SAFe, and within that framework it has a training plan that is outlined, so we have been following that training plan, both in adoption of our Agile, as well as DevSecOps culture and the mindset.” 

As the VA moved to product line management at the VA, McCune said his organization adopted training measures similar to SAFe, tailoring training for the VA’s own environment and emphasizing mentoring and coaching as critical to getting teams to work together with a new mindset. 

Vidrine also said while coaching and mentoring are key, giving teams the space to organically work together to solve business process problems has also been successful. The Air Force held a virtual "Datathon" that enabled teams to solve a schedule problem set, and the event yielded promising solutions.

“Over three days we virtually put people into teams that have never worked together before, and the winning strategy actually came up, took a very problematic business process and optimized it, automating it with a 92% accuracy rate, and that capability’s in production today,” Vidrine said. “But it wasn’t just about the winning solution. There were other interesting capabilities with that, and we packaged those up, sent it to our MIT AI accelerator in Cambridge, Massachusetts, and we continue to iterate to perfect that business process.”

As part of team empowerment, enabling and embracing failure as a leader is also important.

“Allow [your team] to hypothesize and test things and be okay with failure,” Speers said. “Let them know that you are there with them as you go through this transformation. It’s okay that you don’t have all the answers. It’s okay that things don’t work out the way you think they’re going to work out at the beginning. As long as you learn from that failure. That’s the important thing, is learning from your failure, dust yourself off, reevaluate, and try again."

 
Standard