Getting started in DevSecOps
Swish Cheat Sheet
Become part of the community
Do all three
- Join the NoVA DevSecOps meetup
- Join the NoVA DevSecOps online learning community (coming soon from Swish)
- Join the DoD Enterprise DevSecOps Community of Practice and attend (virtually) the monthly sessions by forwarding your name and contact info to Christopher Downey (firstname.lastname@example.org and/or Matt Sladky at email@example.com) in order to get added to this distribution list.
Identify your goal
Pick just one
- Migrate a legacy application to the cloud
- Write a new cloud-native application
You can’t manage what you can’t measure.
Talk to us about measuring full stack performance of applications prior-to, during, and after migration. (Email Matt Sladky at firstname.lastname@example.org)
Prepare yourself first
Learn from others in the NoVA DevSecOps online discussion community.
Create your braintrust and learn from them as much as you can (no less than 15-30 minutes daily). Start with:
- DoD Enterprise DevSecOps training
- Martin Fowler (explore his website to become familiar with his work; you will soon discover him all over the place on your journey)
- The Phoenix Project (a great story that many in IT can relate to, it will provide vivid context for you – the audio version is excellent)
- Continuous Delivery (first read Martin’s explanation, then the book) – at the very least read the first two chapters. Chapter 2 provides critical understanding of what is meant by “configuration management” and why this is the very first thing that you have to get right.
- Accelerate (you really want to read this as you’re moving into culture change)
Prepare your team
Technology is the easy part; people and process is much, much harder. You will need patience and perseverance.
Avoid the biggest possible mistake you could make at this point: do not drop new processes on top of your team. Agility cannot be mandated.
With you team, examine everything you’re doing and ask: do we have to do it this way? Work this question on a regular basis for a few months while learning to embrace agile.
- YES, we do. Why so?
- No, we don’t! What could be better?
Does your team have the necessary skills to start? Git is the foundational skill that all developers must have.
Does your team have the necessary tools to start? Or too many tools to deal with to not get bogged down?
Who on your team doesn’t have the necessary attitude? You need the right people to be successful. It isn’t uncommon to need to replace 50% of a legacy/waterfall group.
If you are migrating an application, is it the best one to start with?
It can take 9-12 months to have a team that is ready. You will need patience and perseverance.
- Learn to get agile right.
- Continuously improve your team’s skillset.
- Learn to push out secure code.
- Automate that ability.
- Work towards continuous ATO.
Next Action To Take
Email me directly at email@example.com if you’d like to discuss your specific software development challenges.