appears to offer predictability, control, and efficiency, the key values of the contractor-control model. But it doesn’t. Requirements: Requirements are a way of controlling the development team by constraining Characteristics of an Agile governance and oversight model: Before we dive into an Agile governance and oversight model, let’s think about what characteristics such a model should have in order to both take advantage the investment decision and the oversight process would form a seamless continuum wherein the execution of the initiative would yield valuable information by which the governance decision could be adjusted

decisions under uncertainty, and then have the courage to face the consequences. In the plan-driven model, quality was easier to understand.  We specified what the system should do, and then measured quality that, either.  We are constantly making quality decisions, especially in a Continuous Delivery model, as we decide whether the quality of each individual feature is adequate for the feature to be deployed that we have not yet learned to take advantage of, caught up as we are in the contractor-control model of IT. Shadow IT is what happens when the IT organization is unable to meet the needs of a part of

greatest? Business value is destroyed only when we substitute extensive planning for execution and when we substitute execution according to plan for thinking and adapting. A Better Way to Plan: Nevertheless

delivery for large numbers teams Core values:  Code quality - can't scale crappy code  Program execution  Alignment  Transparency House of Lean: "We need to figure out a way to deliver software so

Application Installations  Route Adds – requires heightened security access  Database Data Script Execution  Load Balancer Node Disablement  OS and Security Patching  Requesting access to technology

delivered requirements within the entire development period of performance.  During the program execution phase, a high-level program estimate undergoes refinement to create detailed release and sprint-level

emulation of common infrastructure components to achieve consistent and predictable resultConceptual Model DevSecOps LifecycleDevSecOps Pillars DevSecOps EcosystemDevSecOps Software Factory DevSecOps MVP correlated and centralized logs, container security, east/west traffic management, a zero-trust model, a whitelist, Role-Based Access Control (RBAC), continuous monitoring, signature-based continuous

typically structured as:1. Standardized Model – where routine and systems govern everything; including strict compliance with budget and schedule 2. Experimental Model – every day every exercise and new piece

into Our Daily Work a. INTRODUCTION i. Jez Humble, “The most inefficient way to test a business model or product idea is to build the complete product to see whether the predicted demand actually exists

right” 2. Type 2 – System of Engagement – “Doing it fast” ii. DevOps helps reject the bi-modal IT model and lets you do both c. START WITH THE MOST SYMPATHETIC AND INNOVATION GROUPS i. Chrossing the Chasm