Air Force Chief Information Officer Lauren Knausenberger said she’s changing minds by demonstrating utility to the warfighter.
Cultural barriers within federal agencies and government entities as well as the difficulties associated with obtaining authorities to operate in a timely manner limit information technology modernization efforts that would move government toward innovative practices like DevSecOps, according to a recent survey.
Fifteen percent of survey respondents—which includes federal agency employees as well as state and local employees—said cultural resistance to change is the top factor holding back agencies from modernizing IT, according to a survey from the Advanced Technology Academic Research Center on the federal DevSecOps landscape. ATARC conducted the survey in partnership with the Air Force.
“I will say that we still have to fight with the cultural mindset that anything we do in DevSecOps or technology writ large is an additive cost,” Lauren Knausenberger, the Air Force’s chief information officer, said during an ATARC DevSecOps event Tuesday. “A lot of people that are closer to technology see the immense trade space there, but not everyone does. Not everyone kind of understands how important it is to the warfighter.”
Knausenberger said the Air Force is trying to push past cultural resistance by incorporating the voices of end-users.
“We're doing more to get the warfighter voice in there to share, on one hand, how crappy some of our apps are today, and then just how good they could be,” she said.
As the home of Platform One, the Defense Department’s designated DevSecOps enterprise services team, the Air Force is at the forefront of the DevSecOps conversation. The DevSecOps methodology moves away from older strategies like waterfall to a model of continuous development that wraps in security at every stage of the process.
The second major IT modernization challenge, per the survey, is the ATO process. Nearly half of respondents said it usually takes more than four months for their organizations to grant an ATO application. DOD employees made up 40% of the survey respondents.
Platform One avoids the ATO issue—it has a continuous ATO, which allows users to push code to production multiple times a day where needed. The idea is to be able to fail fast so that developers can learn fast. Only 11% of respondents said they deploy to production at least once a day, according to the ATARC survey.
Over the next year, the Air Force aims to drive more adoption of Platform One, Knausenberger said.
“That's kind of obvious, you know, moving toward the enterprise services,” Knausenberger said. “But I'm really hoping that we're pushing our secret environment to be a little more DevOps-friendly.”