The U.S. Air Force and Department of Veterans Affairs have a lot in common when it comes to DevSecOps practices — including how vital knowledge sharing has been to successful adoption across the agencies.
Preexisting IT modernization steps has been important for VA to develop agile methods, noted Deputy Assistant Secretary for DevSecOps Todd Simpson at GovernmentCIO Media and Research's Infrastructure: Foundations of the Future virtual event this week.
“I draw on my previous experiences in building out the cloud and understanding the challenges that were there in getting an established cloud platform that could be leveraged for a DevSecOps rollout. Without the cloud, it’s a non-starter,” he said.
DevOps within the federal government has been especially comprehensive across the Air Force, with the service's Chief Software Officer Nicolas Chaillan noting particular success in accelerating the authorization to operate (ATO) process necessary for launching new capacities.
“We created this concept of the continuous ATO where we could release the software as many times as needed multiple times a day," he said at the event. "We have teams pushing code 20 to 40 times a day now. This is pretty impressive to see for something that used to take eight to 12 months, maybe even 18 months for some ATOs."
While recognizing the wide-reaching technical benefits of DevOps implementation, Simpson acknowledged the importance of facilitating a concurrent cultural shift within organizations looking to more comprehensively adopt DevOps within their IT management.
“I’m slow to do reorganization or realignment out the gate. I have experience with that before, and it doesn’t go well. You’ve got to take the time to really get to know the environment. But I am making some small tweaks in the organization that will lead to more delivery and more awareness and more visibility into what’s going on,” Simpson said.
Simpson emphasized that training, knowledge sharing and adoption of successful proven methods from other agencies are vital to fostering this broader organizational shift.
“I’ve organized a training session that is about 40 seats and a DevOps leadership certification program where I’ve asked all my peers and even the CIO to attend," he said. "Even some of my peers from neighboring organizations have been invited to attend to help staple in this cultural change by learning what DevOps really is."
Chaillan made similar observations about the importance of continuous learning and knowledge adoption within the Air Force. He noted it to be a process integral to both DevOps adoption and its application to new capacities.
“I’m starting to realize the next way to measure efficiency and success of organizations will be their ability to continuously train their people. One time of sending people to training in three to four weeks is just not the right approach. Things are moving too fast, and it has to be continuous and it has to be self-taught,” he said.
Simpson noted that even the VA’s relatively incipient DevOps adoption has already provided dividends for the agency’s pace and scope of digital modernization, a particular boon that has allowed the VA to more rapidly adapt to and overcome many of the challenges presented by the COVID-19 pandemic.
“Proof of how our customers are embracing it and how our engineers are embracing it can really be seen in some of the stuff that was done during COVID. With the telehealth rollout and some of the really rapid development and deployment of applications like VA Text for the veterans to get text updates about COVID. And we have an application that allows us to pre-screen that allows us to enter facilities by answering all those questions in advance," he said. "A lot of those tools were brought into play in a matter of days by applying DevSecOps principles."