DoD’s IT acquisition challenges, but offers a set of principles that can help reduce cycle times and risks to deliver IT in a complex environment. “The US joint force will be smaller and leaner. But its Program supports a critical mission in which defects may result in loss of life or high security risks. Industry has relevant domain experience and Agile development expertise. Developer Expertise must determine the optimal timelines for releases and sprints on the basis of various constraints, risks, and factors. The primary drivers include how frequently the operational community wants and can

waiting to apply each skill set sequentially.  Security risks of the underlying infrastructure must be measured and quantified, so that the total risks and impacts to software applications are understood Mesh 3. Program-specific artifact repository 4. Runtime Behavior Analysis Artificial Intelligence (AI) service 5. DCAR for the hardened containers 6. Common Vulnerabilities and Exposures (CVE)Service

environment. Helps identify compensatory behaviors and workarounds driven by un/usability ii. Same benefits applies with internal customers (infrastructure, operations, etc.) iii. Gene Kim – “One of the requests – sufficient detail on why the change is made, how the change was made, and identified risks and resulting countermeasures j. FEARLESSLY CUT BUREAUCRATIC PROCESSES i. Adrian Cockcroft – “A

process involve project sponsors (1) developing a formal proposal that incorporates estimated benefits, risks, and resource requirements and (2) submitting the proposal to decision makers who select

transformation, when we see them as tightly integrated into an EA, and when we realize that the costs and risks of custom development have been radically reduced, the economics often now favor custom development potential risks, actively working to prevent them, and, if necessary, building slack into the plan to manage the potential impact of the risk on schedule.  Such an approach assumes that the risks are bounded bounded and can be itemized, that we can know the risks in advance, and that we have a way to (try to) control them.  The relationship between uncertainty, risk, and change is far too complicated for

Third Way is about creating a culture that fosters two things: continual experimentation, taking risks and learning from failure; and understanding that repetition and practice is the prerequisite to allocating time for the improvement of daily work, creating rituals that reward the team for taking risks, and introducing faults into the system to increase resilience. Four Types of Work 1. Business projects

 What are the key risks to delivery? What assumptions are contained in the plans? How will the team move quickly to test those assumptions and gain information to manage the risks? I want to understand

quality and safety problems ii. high-trust culture 1. we are all lifelong learners who must take risks in our daily work 2. we learn from our successes and failures, identifying which ideas don’t work

AND COMPLIANCE INTO CHANGE APPROVAL PROCESSES i. Effective change management recognized different risks associated with different types of changes, to be handled differently 1. Standard changes: lower-risk

iii. DevOps goal – shift reliance from separate groups to other control mechanisms to mitigate risks more effectively using 1. Automated testing 2. Automated deployment 3. Peer reviews iv. 2013 State