While the movement away from the traditional waterfall approach to application development and towards the DevSecOps approach to application development does involve a large change in an organization’s culture and operations, it also is a shift that is facilitated by innovative new tools, platforms, and technology solutions.
Although culture plays a large part in ensuring the success of any organization looking to embrace DevSecOps, identifying and provisioning tools and solutions that meet the organization’s requirements is also essential. Whether they are platforms that can help automate processes and application deployment, or static analysis tools that can improve the security of code and reduce vulnerabilities, tooling and solutions play a massive role in helping government application development teams move at the pace of innovation.
But how can government agencies and military organizations identify the best tools that can help them expedite their software development lifecycle (SDLC)? What are these organizations looking for in solutions? And how can the provisioning and acquisition process be improved to make these solutions more readily available for government application development teams?
In the latest episode of the ContinuousX Podcast, hosts Mike Fitzurka and Rick Stewart pose these and other questions to Kaitlin Bulavinetz, Chief of Staff to the Chief Software Officer of the U.S. Air Force.
Click the play button to listen to their conversation, or read the transcript of the podcast below.
Transcript: ContinuousX Podcast (Season 2, Episode 4) with Kaitlin Bulavinetz of the U.S. Air Force
Rick Stewart: Welcome back to our discussion with Kaitlin Bulavinetz, Chief of Staff to the Chief Software Officer of the U.S. Air Force, as we doggedly try to pursue and “Solve for X in the SDLC equation.” Kaitlin, do you have any suggestions as to how the provisioning of tools and services can be improved or expedited to keep up with the accelerated pace within the U.S. Air Force?
Kaitlin Bulavinetz: Yeah, it’s a great question. I think enabling automation wherever possible, is very important. That’s a key component of DevSecOps. And when you’re looking at how to move faster, that’s really going to be what makes a big part of the difference.
I think when you’re looking at provisioning IT infrastructure, infrastructure-as-code is really important because it makes it possible to automate and then you’re managing and provisioning infrastructure through code instead of a manual process. So, that would be the key way, I think.
Michael Fitzurka: Is there something that can be done also … I mean, part of the DevSecOps approach is to experiment with different provisioning, with different tools and different technologies. But sometimes that can be hampered by purchasing cycles and getting that. Is there something to address that as well? Are we looking at that at the Air Force?
Kaitlin Bulavinetz: Yeah, I think when it comes to buying tools and the purchasing cycles, that’s where agile contracting and that’s where buying capacity of work, instead of buying requirements is a key part of it. Because you are not saying we need this specific tool, or we need this specific thing, and we are not deviating from that at all.
It enables you to be more flexible. So that, as you keep going through the work, eventually you’re going to need to make some adjustments. That’s just life! So, it gives you that ability to make those adjustments and to work with the vendors who are part of the team so that you’re able to leverage their expertise and you’re able to use different capabilities.
Yeah, so it’s a big piece of it. Flexibility is huge.
Rick Stewart: And I think the need to have the vendors continuously improve their products and innovation based on discussions and interaction with your agency personnel in order to make their product or service even better.
So, it benefits both; obviously the agency and the vendor themselves. And not just, get into a pit and compete, but to collaborate and search for the actual need in the service as opposed to just trying to compete and win an award.
Kaitlin Bulavinetz: Yeah, it’s very true. Again, it’s a different way of looking at things. I think it’s exciting because in the private sector, you see companies teamed together all the time because we recognize that one company might be stronger at X, and they’re stronger at Y, and together they’re able to get what it needs to be done. So, it’s really just enabling teaming in real time so that you’re not forced to make those … to be locked into those decisions right off the bat, that maybe it looks like it’d be the best idea at the very, very beginning but as you get further and further into the project, well, you need to bring in another team, you need to bring in another teammate.
You don’t want to get … it can take a long time to make those contractual changes. When you’re trying to move at the speed of relevance, sometimes you just don’t have that luxury of time. So, having that flexibility in the contracts that give the guidance but also enable the vendors to really do what they do best. Everybody can contribute with their best work.
Rick Stewart: There’s enough work out there to everybody.
Kaitlin Bulavinetz: Yes, there’s a lot there. Yeah.
Rick Stewart: Well thank you, Kaitlin. And I think we can all agree that this topic in particular from the DLT perspective and other service providers is the Rosetta Stone in terms of dealing with the public sector and it’s very refreshing to hear the innovator approach that the U.S. Air Force is taking.
We’re trying to provide the tools and the playing field for people to compete and also contribute to the overall success of your mission. Which is the biggest goal that everyone has as a U.S. taxpayer is to make sure that the Air Force is successful in achieving their mission and we do it cost effectively and we do it for the right reason.
So, thank you for all your time. And thank you for all of the previous episodes that we’ve had with ContinuousX and we’d like to thank our listeners for their time and attention as we continuously strive to “Solve for X in the SDLC equation.”
