DevSecOps – Defined by DoD CIO DevSecOps is an organizational software engineering culture and practice that aims at unifying software development (Dev), security (Sec) and operations (Ops). The main main characteristic of DevSecOps is to automate, monitor, and apply security at all phases of the software lifecycle: plan, develop, build, test, release, deliver, deploy, operate, and monitor. In DevSecOps built simultaneously. Key Measures Mean-time to production: the average time it takes from when new software features are required until they are running in production. Average lead-time: how long it takes

Myth—DevOps is Just “Infrastructure as Code” or Automation: g. Myth—DevOps is Only for Open Source Software: 2. Foreword xix 3. Imagine a World Where Dev and Ops Become DevOps: a. THE CORE, CHRONIC CONFLICT The result is long lead times and poor quality 3. Consider when we have an annual schedule for software releases, where an entire year’s worth of code that Development has worked on is released to production VALUE STREAM 1. In the book Implementing Lean Software Development: From Concept to Cash, Mary and Tom Poppendieck describe waste and hardship in the software development stream as anything that causes

process. Brining Lean Principles to Software Development: Kanban is David Anderson’s approach to bringing Lean principles into software development while driving fear out of the transformation with desired outcomes as requirements is Gojko Adzic’s Impact Mapping: Making a Big Impact with Software Products and Projects.  The age of IT organizations hiding behind requirements—“just tell me what of Theseus’s ship. A Better Way – The Strangler Pattern: Theseus’s activities fall into what the software world now calls the strangler pattern: a way to incrementally modernize a legacy system as defined

uncertainty by planning and analysis. Agile teams tend to drive out uncertainty by developing working software in small increments and then adjusting.  Waterfall plans are made at the moment of greatest uncertainty—the If there is a backlog in exploratory testing, people who normally do development will help test. Software engineers will oversee their code in production and help make changes to the infrastructure if pager”), then everyone should share in that responsibility.  Focus of roles is changing: The software engineer role is increasing in importance. Tests and infrastructure are now both represented in

Agile Framework (SAFe): Dean Leffingwell - Agile Software Requirements: Lean Requirements for Teams Programs and the Enterprise (2011) and Scaling Software Agility: Best Practices for Large Enterprieses execution  Alignment  Transparency House of Lean: "We need to figure out a way to deliver software so fast that our customers don't have time to change their minds" - Mary PoppendieckTeam -> Program

critical areas. ii. Michael Nygard, author of Release It! Design and Deploy Production-Ready Software, “If you do not design your failure modes, then you will get whatever unpredictable—and usually ii. Public knowledge versus private knowledge from emails b. AUTOMATE STANDARDIZED PROCESSES IN SOFTWARE FOR RE-USE i. Don’t store standards and processes in Word or non-actionable documents; leads to All created packages should be signed and hash recorded for auditing h. ENSURE SECURITY OF OUR SOFTWARE SUPPLY CHAIN i. Were often assembling applications from third-party components and integrating

than project proposals  Start small, be brave quickly  Seize opportunitiesGreat, you're now a software company. Now what? Patrick Lightbody (New Relic)  Monitoring evolved from servers and networks

Thinking & Organizational Tools for Large-Scale Scrum, Craig Larman  Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation, Jez Humble and David Farley  The Phoenix

Not When We Are Paid to Do Them  Example: AARP, Employer/Employee Relationships, Open Source Software  Observations: o “we live simultaneously in two different worlds – one where social norms prevail

AND FILL ANY TELEMETRY GAPS i. Expand metrics from business, application, infrastructure, client software, and deployment pipeline levels 1. With every production incident identify missing telemetry that