DevOps Institute

Highlights from Straight Talk for Government

DevOps Basics, DevSecOps and Cybersecurity

By Jaida Olvera 

September 14, 2021

On September 9, 2021, DevOps Institute and MediaOps joined forces to present Straight Talk for Government – a virtual summit bringing together government, industry, and academia to explore and expose the real challenges and opportunities across the spectrum of people, processes, policy, culture, and of course, a little bit of tech! 

All the Straight Talk for Government sessions are now available to view on demand, but you must be registered to gain access!

Straight Talk for Government

The one-day virtual conference explored the impacts of software modernization and DevSecOps on the people, process, culture, and technology aspects of IT. The day featured sessions from speakers Tracy Bannon, Dawn Bontempo, Mitch Ashley, Dr. Mark Smiley, Captain Jazmin Furtado, Chris Hughes, Major Austen Bryan, Neelan Choksi, Branden Wood, Aaron Swain, Lonye Ford, Donald Fischer, George Cross, Jim Tyrrell, Ryan O’Daniel, Steve Pereira, Tom Suder, Ben Chicoski, Katy Craig, Dr. Mark Peter, Bryan Finster and Hasan Yasar.

In addition to a full day of sessions, the event offered yoga, a leaderboard challenge, a networking lounge, exhibit hall, resource library, and even a DevOps-inspired mixology class!

If you missed Straight Talk for Government, we’ve got you covered with a quick round-up of the top themes that emerged from the sessions and conversations around the importance of the topic.

Why Devote a Full Day of Learning to Industry, Academia, and Government IT Initiatives?

Government and Industry have different imperatives that require recognition of natural diversity and areas of sameness.

Government, like industry, has the same generalized needs: streamlining process, continuously inserting innovative technology, upskilling people, and building a lasting culture. From policy, to value streams, to meaningful metrics, to relevant training, to automation, to unique operation environments, coming together and sharing experiences is a must.

Speakers covered several trending themes, including introducing various aspects of government IT and real-life use cases and experiences. Below we look at key discussion points from the day.

Opening Keynote

DevOps Institute Ambassador Tracy Bannon of the MITRE Corporation kicked off the day with a welcome keynote. Her session set the context for the day touching on a series of topics – highlighting the parallels and nuanced divergence between government and commercial/industry. 

Bannon explained that Straight Talk is essential to bring together industry, academia, and governments to jointly solve the world’s biggest and most complex challenges. She emphasized that recognizing the differences, unique challenges, and context of public/defense sector DevOps sets a stronger foundation driving the solution diversity needed in this domain. Topics include thirst for innovation, problem space (greenfield/brownfield), government’s traditional role as oversight only, acquisition, workforce nuances, global applicability of Conway’s law, and more.

In the next session, “It’s Not About Tools!,” Bannon interviewed Major Austen Bryan of USAF Platform One. In this interview, viewers learned about the real challenges facing DevSecOps and Software Modernization for Government including personnel, acquisition, and leadership style. Bryan explained that the tools and processes are enablers and to really make lasting changes, it’s the other challenges that need to be addressed. 

Scale-out, Cloud-Native NoSQL Database Built on Apache Cassandra

George Cross of DataStax delivered the session, “Scale-out, Cloud-Native NoSQL Database Built on Apache Cassandra.” Cross shared how DataStax delivers an open, multi-cloud data stack built on Apache Cassandra™– the world’s most scalable database. The company’s marquee offering is Astra DB, the industry’s first open, multi-cloud serverless database. Built on a modern, Kubernetes-based architecture, Astra DB provides an unprecedented combination of pay-as-you-go data, simplified operations, and the freedom of multi-cloud and open source. 

DevOps Impact on Governance, Risk and Compliance (GRC)

Mitch Ashley of Accelerated Strategies Group (ASG) shared key insights during the session, “DevOps Impact on Governance, Risk and Compliance (GRC).” Ashley explained that traditional audit and compliance practices are challenged to keep pace as businesses increasingly depend on speed and agility from their software teams. He proposed that DevOps, automated workflows and toolchains, and telemetry data present a unique opportunity to meet compliance requirements through collaboration with auditors. He then shared insight into the ASG research program to examine how adopting DevOps and DevOps automation tools across the end-to-end application delivery impacts organizations’ ability to respond to Governance, Risk and Compliance (GRC) assessments.

Incident Detection, Response and Forensics in a Cloud-Native World

Branden Wood of Sysdig shared real-world examples during the session, “Incident Detection, Response and Forensics in a Cloud Native World.” He noted that The United States Computer Emergency Readiness Team (US-CERT) requires all departments and agencies to detect, examine and notify any cyber security incidents within seven days. Attendees learned how legacy tools are no longer up for the challenge in a containerized environment, and how you can regain control of incident detection, response and forensics for your cloud native workloads.

Cloud Native Compliance and Benchmarks

Ryan O’Daniel of Sysdig shared practical advice and tactical tips during the breakout session, “Cloud Native Compliance and Benchmarks.” O’Daniel explained that compliance in the cloud is a whole new set of conditions. Attendees had the opportunity to learn about the (NIST) compliance standards relevant to government organizations, the requirements and security measures to meet them, and the bottom line on setting up and maintaining a compliant, cloud-native environment.

Panel Discussions

Chris Hughes of Aquia, Dr. Mark Smiley of MITRE Corporation, Lonye Ford of Arlo Solutions, and Dr. Mark Peters of Novetta joined together for an expert panel moderated by Hasan Yasar of Carnegie Mellon University to discuss, “Continuous Authority to Operation (CATO): Myth or Reality?” Continuous ATO is another overloaded term that folks really don’t fully understand. From cyber requirements to automations to process repeatability, the panel discussed how CATO can be achieved if organizations understand what’s involved.

DevOps Institute Ambassadors, Neelan Choksi of TaskTop and Steve Pereira of Visible, joined together for an expert panel moderated byTom Suder of ATARC to discuss, “Happiness, Quality, Effectiveness.” They discussed making time for real innovation and improvement, getting everyone aligned to make a difference, building strategic commitment from leadership and getting from where you are to your next performance target. Topics also included mapping techniques and models to build clarity, alignment, and confidence in teams using a combination of collaboration, visibility and measurement. Choksi and Pereira also touched on the Flow Framework® and Value Stream Management to up-level the principles of Agile and DevSecOps to meaningful, actionable and relevant information.

Valuing Failure in Zero Defect Environments

Katy Craig of Deloitte presented the session, “Valuing Failure in Zero Defect Environments.” Government and military organizations are traditionally zero-defect cultures. A zero-defect culture is not one conducive to failing fast, and definitely not failing often. She emphasized that developing and nurturing psychological safety and trust in teams is critical to success yet remains largely unaddressed in DevOps transformations.

Navigating the Federal Government

Donald Fischer of Tidelift shared unique insights during his session, “Thinking Upstream about White House Cybersecurity Executive Order 14028.”

A few months ago, the U.S. White House released cybersecurity executive order 14028, an attempt by the United States government to use its purchasing power to create positive changes to the way cybersecurity is addressed around the world.

Fischer briefed attendees on the key issues addressed by the executive order, including software bill of materials (SBOM), supply chain security, and provenance requirements. He then outlined the gaps that most organizations will need to close in order to stay in compliance. Finally, he shared a proactive approach to addressing open source software supply chain health and security upstream.

12 Ways to Bake Security Into a DevOps Transformation

Dawn Bontempo of The MITRE Corporation also presented insights into federal operations during her session, “Navigating the Federal Government.” Bontempo shared a high-level overview of the basic federal government budget process including who decides how tax dollars are spent and why this is important for DevOps. She then explored federal acquisitions discussing how the DevOps idea (and better yet, the funding) make the journey from the agency to civilians. 

Aaron Swine of VMware Tanzu then shared insight into some of Tanzu’s outcomes in the public sector as well as an overview of how they do it.

10 Design Tips for MicroServices Developers

During his session, “10 Design Tips for MicroServices Developers,” Jim Tyrrell of RedHat shared practices and patterns for creating better microservices that are simpler to test, write, and deploy. Tyrrell emphasized that developers spend a great deal of time writing software for consumption by humans, but don’t necessarily consider humans in the process.

He then shared how to avoid the depths of any particular technology stack and instead focus on human-centered technology needs that are universal to all of us as humans and transcend any technical choice. Tyrrell indicated that being aware of these needs will ultimately make you a better developer no matter what kind of development you do.

He also presented how to compliment your development and deployment efforts with human considerations using the 5Es (Entice, Enter, Engage, Exit, and Extend) to design compelling microservices experiences as well as how to overlay them with the nine principles of “The SaaS-Ment” to identify typical friction with microservices creation.

What’s Next?

There are plenty of events, opportunities and fresh content in the pipeline. Click here to register for SKILup Day: Observability on September 23, 2021.

View upcoming MediaOps events here.

Stay up to date on the latest from DevOps Institute, including professional membership, learning opportunities, special offers and more by joining the Humans of DevOps Community. Become a member today!

Summer Savings 50 off membership promo 2021

Membership at DevOps Institute

related posts