Bottom Line Up Front: The commercial-industry software environment known as DevOps will be part of the new DoD contracting world.
Where We Left Off
We’re making our way down an article written by Defense acquisition boss Ellen Lord. Yesterday we saw that she’s had legislation passed to create an entirely new way for the Pentagon to buy software. The intent is to allow the military to adopt the best software purchasing and contracting rules from private industry.
Introducing DevSecOps
Adopting yet another software practice from private industry, the military will adopt a practice known as DevSecOps. In her own words:
Alongside DoD’s chief information officer (CIO), Research and Engineering department, and the services, we are laying the foundation for modern software development and deployment enterprise infrastructure. Our collaboration has already led to the initial publication of the DoD DevSecOps Reference Design as well as a department-wide policy memorandum favoring DevSecOps as the default and preferred approach to DoD software development.
The DoD DevSecOps Reference Design document is here.
The DevSecOps memo is in the Air Force home of DevSecOps here.
So What Is DevSecOps?
In Ye Olden Dinosaur Days, a team of Developers would spend years creating a piece of software, and then, when they were done, it would be packaged up and shipped out to the customer. It then became the responsibility of another group, the Operations people, to do support, handle customer issues, and generally fix problems that arose when the final product hit the end consumer.
The current practice in the commercial world is to merge those things together. Development and Operations blend into one another into what’s known as DevOps. The idea is that freshly finished bits of software get deployed over the internet and immediately monitored so that the cycle of develop-ship-customer-feedback is greatly shortened. For example, today’s smartphones automagically have new software versions installed overnight, and if consumers find problems, a patch is pushed out a few hours later. That’s DevOps in action.
The “Sec” part stands for “Security.” You can imagine how serious cybersecurity is for the military, especially if they’re sending Secret or Top Secret classified information. This “Sec” has to be super, super secure.
So, blending “Development,” “Security,” and “Operations” becomes “DevSecOps.”
But Remember: UX Is The Point
Just like before, don’t imagine that just telling your programmers to deploy nightly and adopting Kubernetes fulfills what the Pentagon wants. It does not.
The reason for the entire build-deploy-monitor cycle is to make the soldier happy. Their user experience must be fantastic.
Silicon Valley didn’t adopt all of these expensive practices because they’re super fun to do. They adopted them because if the customer is not pleased, the company goes bankrupt. They must make sure the software is continuously refined and perfected because if they don’t, their competition will and, once again, their company goes bankrupt. DevOps is an enabler that facilitates the real purpose behind all of this: to monitor and perfect the user’s experience.
The real winner in that equation is the consumer. And the Pentagon wants that winner to be the soldier too.
Don’t Screw Up Who Your “Customer” Is
Your “customer” is not the Program Office.
Your “customer” is not your corporate executives.
Your “customer” is not some Colonel or General.
Your new customer is the soldier.
Your new goal is to perfect their user experience.
That grunt that has to carry your product overseas and drag it around in the dirt? That person? THAT is your customer. And what they want is the best possible experience with the software you built.
The top-level purpose of all the new Pentagon rules is to shift the focus onto the real user: the soldier in the field.
Never, ever make the mistake of thinking that some executive or some officer is your “customer.” In the new world, when you hear Pentagon reformers talk about the “customer,” they are talking about the soldiers. Your new focus is them.