and technologically advanced. That is the force for the future.” - Secretary Panetta, Defense Security Review, 5 Jan 12iii Foreword Department of Defense (DoD) program managers and executives have evolve over time. Subsequent strategic, high-level planning sessions focus on the release and sprint levels. They outline the intent of a release, not a formal commitment. A release backlog typically comprises Criticality Program supports a critical mission in which defects may result in loss of life or high security risks. Industry has relevant domain experience and Agile development expertise. Developer

Agile c. Myth—DevOps is incompatible with ITIL d. Myth—DevOps is Incompatible with Information Security and Compliance: e. Myth—DevOps Means Eliminating IT Operations, or “NoOps” f. Myth—DevOps is Just performing work in small batch sizes. 2. Large batch sizes result in skyrocketing levels of WIP and high levels of variability in flow that cascade through the entire manufacturing plant. The result to production deployment. Like in manufacturing, this large batch release creates sudden, high levels of WIP and massive disruptions to all downstream work centers, resulting in poor flow and poor quality

expected iv. Great Amazon Reboot of 2014 – 10% of Amazon EC2 servers had to reboot for Xen emergency security patch. At Netflix, zero downtime, no one actively working incidents. They were at a Hollywood party infrastructure, and environments 2. Deployment tools 3. Testing standards and tools, including security 4. Deployment pipeline tools 5. Monitoring and analysis tools 6. Tutorials and standards ii hours ii. Google Testing Grouplet and Testing on the Toilet periodical 1. Started Test Certified Levels for teams and products to measure themselves against 2. Provide Test Certified Mentors and Test

that we can confirm that is it operating as designed and outcomes are being achieved. iii. Logging Levels 1. Debug – anything that happens in the program 2. Info – user driven actions or system specific 5. Fatal – forces a termination iv. Examples of potentially significant events (Gartner’s GTP Security & Risk Management group) 1. Authentication/authorization decisions 2. System and data access Expand metrics from business, application, infrastructure, client software, and deployment pipeline levels 1. With every production incident identify missing telemetry that could help detect and recover

Respect the current process, roles, responsibilities, and titles 4. Encourage leadership at all levels Planning Espousing the Wrong Values: The real reason we should reject the plan-driven approach AWS he was the CIO of US Citizenship and Immigration Service (part of the Department of Homeland Security), CIO of Intrax, and CEO of Auctiva. He has an MBA from Wharton, a BS in Computer Science from

aims at unifying software development (Dev), security (Sec) and operations (Ops). The main characteristic of DevSecOps is to automate, monitor, and apply security at all phases of the software lifecycle: DevSecOps, testing and security are shifted to the left through automated unit, functional, integration, and security testing - this is a key DevSecOps differentiator since security and functional capabilities continuous monitoring approach in parallel instead of waiting to apply each skill set sequentially.  Security risks of the underlying infrastructure must be measured and quantified, so that the total risks

speed, data integrity, and support for distributed, non-linear workflows https://try.github.io/levels/1/challenges/1 https://www.atlassian.com/university From: www.atlassian.com Mapping out Agile

engaged organization  Organizational Structure: Coach should have ability to interact freely with all levels of an organization Coach to your own strengths  Three primary categories from the Agile Coaching

Installations  Route Adds – requires heightened security access  Database Data Script Execution  Load Balancer Node Disablement  OS and Security Patching  Requesting access to technology specific

Agile Principles 0 Nick Tuck XP Prctices 1 Shawn Stumme Continuous Delivery 4 Josh Wade Cyber Security through Agile 2 Nick Tuck Maximizing Retrospectives 2 Ray Page Open Agile Topics 0 Jason Beranek 3 Josh Sagucio Collaborative Work Environments 3 Nick Tuck Assuring Quality 3 Josh Wade Cyber Security through Agile 2 Nick Tuck Maximizing Retrospectives 2 Nick Wenner Clean Code - Book Overview