Improving DevSecOps at the GSA

September 05, 2019 By Derek Weeks

3 minute read time

The U.S. General Services Administration has a number of roles in the U.S. government. For instance, the GSA is the world’s largest landlord. It administers all of the civilian federal government buildings.

Lesser known is GSA's stated mission:

“Improve the way federal agencies buy, build and use technology. We will lead the charge to modernize government's approach to technology products and services. We will guide agencies through innovative and efficient technology deployment to meet their missions and fulfill the needs of Americans in a rapidly evolving and complex world.”

This brings us to DevOps and the U.S. government.

Navin Vembar was GSA's CTO when he spoke at the All Day DevOps conference about the agency's journey to DevOps. The GSA is leading the government’s transition to more industry-standard software development methods and practices.

For example, the GSA uses APIs, flexible contracting tools, and open source components. The agency is well-versed in Agile and DevOps practices, too. The GSA also offers intra-agency consulting through 18F, to streamline development. 

GSA is one place in government that encourages experimentation with new technology and processes.

However, modernizing is a work-in-progress. Individual programs adopt technology, processes, and culture in pieces. Other agency programs use more traditional approaches to software delivery, ranging from how they plan to how they capture needs and requirements. The conglomerate nature of the GSA means that different business lines and internal leadership do not always share the same approaches with technology.

As CTO, Navin wanted to set a "new normal" for collaboration using DevOps across the organization. To start, he needed to find an agency level baseline so they could measure progress. So they set out to find out what the DevOps maturity was at the GSA. Next, they wanted to find the successes and spread them. GSA also sought to identify the opportunities for improvement and follow-through, and get cross-organizational involvement and buy-in on changes.

They talked to people at different levels in different business units, sitting down with them to understand where they thought they were. What were a department's challenges? Successes? How could teams find opportunities, train people, champion successes, and measure again to capture progress?

One decision was to openly share the GSA's progress as it unfolds. You can follow along and read their latest guides. Watch Navin’s full presentation to emulate their efforts in your own organization. 

Interested in more DevOps? Register today for the next All DayDevOps, November 6, 2019. It will be a day to discuss security, CI/CD, cloud native infrastructure, cultural transformation, site reliability engineering, and other interesting topics.

Tags: government, devsecops, Devops adoption, DevSecOps in Government, Devops maturity, devops in government, Post developers/devops

Written by Derek Weeks

Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.