Advancing speed of deployment through DevSecOps and automation

BAE Systems develops Agile software product that will support the U.S. Air Force’s ICBM mission with improved efficiencies.
Advancing speed of deployment through DevSecOps and automation
 
BAE Systems delivers innovative software solutions using a development, security, and operations (DevSecOps) methodology that provides an agile and open process, and enhances collaboration capabilities among teams and across the development pipeline. DevSecOps results in more efficient, secure, and timely software; reduces risk; improves performance; and reduces deployment times to operational environments. 
 
While DevSecOps is a relatively new method for government programs, BAE Systems project manager Jeremy L. and a 15-person product development team are leading the way in creating software on U.S. Air Force networks using Amazon Web Services (AWS) for GovCloud (US). This Integration Support Contract (ISC) team is working alongside the Air Force to combine and integrate DevSecOps into the software development lifecycle. In Utah, they support the Air Force’s Intercontinental Ballistic Missile and Ground Based Strategic Deterrent program. Moreover, the team recently received the first “Certificate to Field” issued by the government to an industry contractor – for a software program that is now on its way to Platform One.  
 
Jeremy said the team is using Agile with DevSecOps, not traditional waterfall, as the new standard for software development. “This allows us to continually integrate security and assure quality as we move applications from development to production and sustainment. Security and compliance are not afterthoughts nor is security tacked on at the end of a development project. We are delivering better, more secure, and efficient products to our customer faster and we’re seeing a lot of mission success,” said Jeremy. 
 

DevSecOps enables enhanced collaboration

 
DevSecOps methodology allows the flexibility for teams to make changes or pivot during the software or application development process, especially if mission needs change during that phase. With the DevSecOps approach, developers focus on quality, compliance, and resolving any issues as they arise through enhanced collaboration capability. Additionally, after the application is operational, if a customer needs further updates or features, the app will not see any down time – updates can be made and pushed directly to ops without noticeable impact to the end user.
 
DevSecOps thrives on collaboration. Jeremy said his team has an unwritten rule that if one person is working more than 45 minutes on a problem in code, then they must initiate a conversation with someone else to come up with a solution. Additionally, he said, “Terminals are set up for paired programming, where one person will drive and the other will navigate. Our environment also allows for hands-on training for junior developers, who are paired with senior staff. Resolution wraps up faster and collaboration enables us to weigh pros and cons throughout the dev pipeline.”
 
Waterfall is an inferior methodology, said Jeremy. “A linear approach is no longer effective. Using waterfall, if you have a security issue with your code, you might not see it until the end, and then at that point having to go back to fix it would be detrimental to the entire program.”
 
Jeremy said that with increased pressure from adversaries, whom are using DevOps to deploy products at speed, mission-focused teams just don’t have the time or resources to be operating in waterfall anymore. He said, “The future of maintaining a competitive advantage is with DevSecOps, where we can write code and collaborate with others efficiently in real time as we develop, secure, and push software to the end user. We also use automation to check for security flaws throughout the process and improve speed of delivery.”
 
DevSecOps is an agile process and takes advantage of automation features like Robotic Process Automation, artificial intelligence, and machine learning. Because of this, our team has the ability to meet with customers as needed to track progress or make any adjustments that they may require.  “We are realizing the Department of Defense initiative to provide higher quality software, faster and more securely, to U.S. warfighters,” said Jeremy.
 

Working for a Top Workplace in Utah

 
With 15 years of software development experience, Jeremy has progressed in responsibilities over the past five years of working for BAE Systems. Previously, he was a lead developer on the company’s Epiphany solution, an advanced automation-based application and intelligence framework designed to increase efficiencies and productivity across an enterprise. He has also developed a virtual reality training application. Today, he builds and improves software functionality with his team. He said, “I can confidently say I love working for a ‘Top Workplace’ in Utah. Working with BAE Systems has been a fantastic experience. As we use DevSecOps and cutting-edge technologies, we’re seeing firsthand how we are accelerating and moving our customer’s mission forward.”
 

Proven DevOps Competency through AWS

 
BAE Systems is an AWS DevOps Competency Partner. The company has proven capabilities and demonstrated expertise in supplying mission-enabling DevOps solutions on AWS for GovCloud (US).
 
“We’re focused on supporting our customers’ missions and we do this through a quick, controlled, and secure-delivery DevOps practice,” said Ellery “Don” DeSanto, strategic partnerships director for BAE Systems Intelligence & Security. “We rapidly deliver solutions with rigor, clarity, and reliability to our customers. Our software engineering teams also use AWS DevOps services to create and maintain infrastructure and complex systems while implementing automation to improve efficiencies throughout the product lifecycle.” 
 
For more information, on our DevSecOps and software-as-a-service capabilities, reach out to DeSanto at ellery.desanto@baesystems.com.