In order to reap the benefits of the DevSecOps (Development, Security, and Operations) technology systems design discipline, experts recommend that DevSecOps teams build a collaborative culture to break down silos, and prevent those silos from reemerging.
At Carahsoft’s DevSecOps Conference in Washington, D.C. on Aug. 17, Federal and industry officials shared their secrets to success in building a collaborative work culture.
“I think it’s bringing in people who have a very collaborative spirit and who focus on going and talking to other groups and understanding their pain points and understanding why they do things the way they do,” said Andrew Fichter, deputy director of the Department of Veterans Affairs’ (VA) Lighthouse Application Programming Interface (API) program. “But, talking to them in a way that builds trust, where they want to come along with you and help make things better,” he added.
“It’s very challenging, it’s a hard problem,” Fichter continued. “We’ve had varying degrees of success of talking to different folks within VA, and getting that collaboration. But I really think that’s the only way to do it.”
Similarly, James “Guideaux” Crocker – the chief technology officer (CTO) for the U.S. Air Force’s Cloud One, data fabric, and ICAM efforts – stressed the importance of building a culture that allows early-career DevSecOps employees to fail.
“One of the things that we looked at early on is just how do we harness the power of this fresh blood that came in and is doing things differently? And one of the things that we did is, we worked through not just the empowerment of them, but the enablement – because the empowerment without enablement is a failure of leadership,” Crocker said.
“So, we started building leaders that had a safety net to kind of move forward, and we gave them clear guidance,” Crocker added. “We worked through some of the hurdles that were leveraged, we found solutions, and then broadcast them out. This resulted in airmen coming up with things that then changed DoD policy and changed the way we had entire app structures.”
As for the contractor perspective, David Sperbeck, DevSecOps capability lead at GDIT, explained that it’s important to find common ground.
For example, if an agency is looking to implement zero trust, Sperbeck said to look for “anything that you can do to find common ground where you can collaborate on how to achieve that,” such as securing your Kubernetes infrastructure.
“I would say as a contractor coming into an environment, you need to find common ground,” Sperbeck said. “[Look for] things that they want to collaborate directly with you on a common goal – something that’s going to help achieve their mission.”