DevSecOps (also known as DevOps) is a set of practices that combines software development and IT operations. It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. At its core, DevOps is a cultural and fundamental change in the way business is done; increasing productivity while reducing risk. Commercially, DevOps has been practiced for about a decade and has become prominent within the Intelligence Community (IC) and the Department of Defense (DoD) within the last five years. But due to the nature of the space, challenges often present themselves when shifting to a DevOps mentality and DevOps best practices. Because of this difference, agencies have matured at different rates and are at different points of their DevOps road map.
On USGIF’s GEOConnect Series Main Stage Wed. Dec 9, Chris Ashworth, Executive Vice President and Chief Information Officer, NetServices Inc. moderated a discussion with Alex Loehr, acting Chief Technology Officer, National Geospatial-Intelligence Agency (NGA) and Christine Goodwin, Chief Executive Officer, Banduri, about how the IC is developing and adopting agile processes over the traditional waterfall method for software development.
Key Challenges for Successful DevOps Implementations
As a coder by trade, Goodwin has seen unnecessary constraints, specifically where DevOps is concerned, when people develop and test in environments that don’t mirror the targeted operational environment.
“Use a virtual environment and configure it so that it is targeting the operational environment. If you do this, you avoid finding out 60 days before a release date that what you are building won’t work in the operational environment,” said Goodwin. This, she added, is seen a lot with tactical systems, and is an unnecessary delay.
Other challenges agencies face when implementing DevOps are the constraints that come from outdated policies. According to Goodwin, there are instances where outdated policies define how to address DevOps to support the development, testing, integration, and deployment of a capability.
“There is a workforce education effort we need to undertake to help inform how these policies may be changed, so that everyone can move more smoothly,” she said.
NGA’s DevOps Journey and Workforce Development
At NGA, according to Loehr, “there are amazing people who continuously push to do the right thing and have the technical skill set to do so. But it is often difficult for them because they don’t have the tools they need, or the processes set up to help them succeed. But the agency is trying to change that.”
Technology has been—and will continue to be—increasingly fundamental for NGA to achieve its strategic goals. In June, NGA released its first ever Technology Strategy, which charts a course for where the agency is headed in the future. NGA’s pivot to a more consistent DevSecOps experience for builders and makers will significantly improve its ability to design, develop, and deliver applications that support current and future GEOINT capabilities. The premise is that NGA is a software and data enterprise.
“This is a provocative statement to some, but it frames how we think about what we do. At NGA, software and data are central to being able to successfully deliver on our mission, and we need to treat them as strategic assets,” said Loehr. And the path to get there is by empowering the builders and makers of geospatial technology, he added.
NGA has also made moves to create more balanced teams by growing skill sets such as software engineering. The agency’s workforce development focus is on growing their data and technical literacy.
“It’s about bringing together the right skill sets and getting those people closely connected to mission problems. We have to make sure we bring together balanced teams with diverse backgrounds, and this is something that we are really pushing for at NGA,” Loehr said.